Due to my own stupid browsing, I’ve gotten some malware that got past my antivirus systems. I apprantly have something called smitfraud. It has not only hijacked my browser, it has taken over my Start menu, so I can’t even access any files or programs. Help!!! Spybot can’t take it out, and neither can Spyzooka. Anybody got any ideas before I have to do a total reinstall of the OS?
I seem to recall running into that one once. A bit of googling around turns up this, which looks like it might be what I successfully used, though I don’t remember for certain. The nasty crap gets all into the registry and stuff so you need to do some rebooting into safemode and such.
Actually looking further I think it was this page’s instructions I used.
Thks! That took care of the smitfraud. Unfortunately, I still can’t get into the Start menu or find my documents folder. Spybot said I had (and couldn’t fix): fraud.antivirus2008, NMC.MGRS, smitfraud-c, and smitfraud-c.msvps. The last two are apparantly gone. Any suggestions as to thefirst two?
Superantispyware has lost some of its punch lately but still covers alot of ground.
With any deeply entrenched smitfraud variants SDfix is good for prying the little bastards out too.
We just came across one yesterday, the only thing that got it was Malwarebytes antispyware.
Also wherever posible scan in safe mode.
SDfix only works in safe mode.
I second Malwarebyte’s AntiMalware. It is my first choice for AntiVirus 2008 infections.
I dunno if it’s still as good as when I last used it, but I’ve had good results using HijackThis when nothing else would work; it creates a logfile that you can either auto-evaluate by pasting it into the textbox here, or ask for help in their support forums (probably to be recommended if you’re not entirely sure what you’re doing).
A few weeks ago, I had a similar, possibly identical, infection (which Norton was blind to!). In any case, the terrific program, AVG, found and fixed it without any problem. Even the free version is superior to most commercial antivirus programs (or so I’ve been told and have no reason to doubt). Definitely worth getting!
AVG.
silenus, are you browsing with IE? If so, I’d strongly suggest a change to Firefox!
Yep. Ie. But I have AVG installed. It didn’t catch it. Now I’m faced with IE7 shutting down every time I try to download something from MalwareBytes, for example. Any suggestions?
I don’t know how much AVG is going to protect you from browser hijacking. I know AVG 8.0 seems to do more than just anti-virus, but I would doubt that AVG can keep up with every web exploit of IE out there.
I’m trying as hard as I can not to say, “Get a Mac”…really. 
I don’t have any advice in the current situation other than to scrape and repaint, but after that I would go through and batten down any hatches that don’t absolutely have to be up. Give your normal user account minimal privileges, lock down the WinReg, limit file permissions on Programs to read only for users, and for Og’s sake, give IE the bounce like a bad check and load Firefox or another standards-compliant, security-conscious browser.
Give me a yell if you need help, although my experience with current Windows systems is as minimal as I can make it given my occasional administrative duties at work.
And I’ll try not to say, “This wouldn’t happen on Ubuntu,” “FreeBSD wouldn’t allow this,” “This never happens on OS X,” more than once every 94 seconds. Actually, I have some gripes about the default configuration of OS X, too, it’s not just bitching about Microsoft, but Gates and Co. don’t just leave the barn door open, they also put out big banners saying, “Lifestock to be had here, free for the taking; tell all of your carnivore friends!” shudder
Stranger
I am glad you didn’t say that, because that would constitute a jerkish comment. 
A few links about locking down Windows operating systems:
http://articles.techrepublic.com.com/5100-22_11-5270774.html
http://www.lockergnome.com/windows/2004/09/07/locking-down-your-registry/
http://www.stevetrefethen.com/blog/PoorMansGuideToLockingDownWindowsXP.aspx
From the last, an opening comment that made me laugh:
Stranger
I got a nasty one early last year pre-Mac that redirected IE to some porn site. That more or less forced me from IE to Firefox, even if I hadn’t already been using FF for certain extensions (FireFTP, for one).
I tried for months to get rid of the damn thing. My malware scanners could to nothing. Eventually my fried went in and deleted certain program components. He said, “You just have to know how these things think.” Arrgghh.
Silenus, I’d really suggest using FF or Opera or another browser to bypess your compromised IE and download/update the anti-malware programs. Then restart in safe mode without networking and run them.
Edit: On rereading the OP, sometimes wiping and reinstalling the OS is the easier way. Assuming your data is all backed up of course. But reinstalling your programs is always a pain.
Yeah, I have all the disks. Doing a reinstall is the last resort, of course. Not just for my own peace of mind, does somebody want to walk me through the process? If push comes to shove, that’s what I’ll do. It’s a reasonably new computer, so the backup was already made to transfer from the old one. I just don’t look forward to re-ripping all my CDs again.
Well you would first back up everything like Word documents, e-mail, photos, and music files.
Your computer may have come with a restore CD that will restore everything back to the way it came from the factory. But of course be sure you have everything backed up first.
Let me go back and ask a basic question; have you tried rebooting?
Coincidentally, I’m doing my annual “nuke the entire site from orbit” on my PC and am making fresh backups of my documents as I type. I’m just flagging this thread for Stranger’s links.