Results 1 to 14 of 14
  1. #1

    strange problem with windows

    Ok, I am not sure where to start. Last month I was infected with a spyware and used smitfraudFix to remove it(though it didnt help completely and had to install norton to remove the whole thing!!).After all this my son happened to sneak on me and play on the PC and ever since that smitfraudFix run's in the background. I mean after closing all applications, if i open the task manager, I can see SmitfraudFix running, and the strange thing is after i end process it starts again, because when i check the task which runs smitfraudfix it shows explorer.exe and that explains y it starts again!!. I am assuming that since sfF was on the desktop my son accidently did something that cause it to run with explorer??. Can anyone suggest what can be done to remove it?

  2. #2
    Join Date
    Oct 2002
    Location
    Under Your Skin
    Posts
    5,875
    Go to the control panel and remove the program...
    Windows 10 to Linux and Mac OSX: I'm PARSECs better than you. Eat my dust!!!

  3. #3
    Quote Originally Posted by hekwu View Post
    Go to the control panel and remove the program...
    No.. smitfraudFix is not a program that is installed. It is just an executable file which when clicked opens a window where we select the required action, like scan etc.

  4. #4
    Join Date
    Oct 2002
    Location
    Under Your Skin
    Posts
    5,875
    do a search for the .exe and delete it. You may have to download the program again if you don't remember what the .exe was...
    Windows 10 to Linux and Mac OSX: I'm PARSECs better than you. Eat my dust!!!

  5. #5
    Join Date
    May 2001
    Location
    HK
    Posts
    3,076

    Smile

    Not too familiar with SmitFraudFix, by just looking at the overview of the program, it is just an application and doesn't require it to be installed to run.

    Check your services and applications that start up
    Start -> Run -> msconfig

    Check the last two tabs (services and starts up) and see if there are anything related to smitfraudfix that cause it to run when computer starts up

    Sometime spyware places their tasks there to start running when your PC boots up

    That's the first place I check when I find anything suspicious running on my computer, if I can't find anything I would install some spyware or ad-ware or anti-virus tools to scan

  6. #6
    Join Date
    Oct 2002
    Location
    Under Your Skin
    Posts
    5,875
    Quote Originally Posted by YUPAPA View Post
    Not too familiar with SmitFraudFix, by just looking at the overview of the program, it is just an application and doesn't require it to be installed to run.

    Check your services and applications that start up
    Start -> Run -> msconfig

    Check the last two tabs (services and starts up) and see if there are anything related to smitfraudfix that cause it to run when computer starts up

    Sometime spyware places their tasks there to start running when your PC boots up

    That's the first place I check when I find anything suspicious running on my computer, if I can't find anything I would install some spyware or ad-ware or anti-virus tools to scan

    If I ever find spyware on my computer, the first thing I do is reinstall the entire computer. That is the only way to dump spyware. Luckily I've not had that issue... I use virtual pc and go anyplace on the net I want. lol...

    But most people don't want to format, they want to "fix" the issue... lol... like fixing a car flat with duck tape. It might hold, but it is not good.

    At any rate, I was going to suggest msconfig, but you can mess up some things going there... plus, instead of removing the program, you are only not allowing it to boot... which it could be starting not on boot, but other ways. Best to remove it.
    Windows 10 to Linux and Mac OSX: I'm PARSECs better than you. Eat my dust!!!

  7. #7
    Join Date
    Jan 2008
    Posts
    31
    I would just format my pc, install windows all over again and hope it doesn't happen again. Once those killer viruses are in, theres no running away from them.

  8. #8
    Join Date
    Oct 2002
    Posts
    5,177
    Those spyware programs can be removed using a boot CD. Booting off a CD renders the spyware helpless because it can't protect itself from being purged. I removed 10 different programs (including a couple root kits) from a machine last week. Didn't take all that long, either

  9. #9
    Join Date
    Nov 2004
    Location
    Tega Cay
    Posts
    763
    If you are comfortable with registry edits you may think about searching and deleting the SFF entries if there are any. I still prefer format myself though, got it down to a science using a sysprepped image.

  10. #10
    Thankyou all for the suggestions. I tried a search for .exe but couldnt find it and also in my msconfig the program name is not to be seen. Like many of you have suggested I guess formatting and reinstall would be the best option.

  11. #11
    Join Date
    Oct 2007
    Location
    Mississauga, ON
    Posts
    377
    If you're ending the process and it's starting again, it's either running as a service set to restart upon killing (you can check this with Start-Run-services.msc ; list them by status and see what's started, whether anything changes when you end the task in taskmgr), or it's got a helper app starting it back up again (check for services, check your Startup folder in the Start menu, and check the registry).

    To check what's starting up in your registry, go start-run-regedit, make sure all the entries in the left pane are compacted, click the My Computer entry, and hit Edit-Find, make sure ONLY "Keys" and
    "Match whole string only" are checked, type in "Run" as the search string, and run the search. Once it's found something, take a look at the entries, google them to find out what they're doing, and if you find the app, delete it. If you come up empty, hit F3 or go Edit-Find Next; that'll find the next Run key; you'll eventually come across all registry entries for apps that run at startup once you've gone through all the Run keys in the registry (most important one is either in HKCU or HKLM, not sure).

    If you find this app or its helper app in the Services list, simply doubleclick the service or right-click and Properties, set it to Disabled, and hit Stop to stop the service.

    Important: jot down the names of the exe's/entries you toy with; it'll enable you to fix any potential screwups, as well as enable you to perform the last step: find the file.
    This one's easy: go Start-run-find files or folders, make sure advanced options are checked and Windows is searching in all files and folders (System folders, you name it), enter the name of the exe, and delete it when you find it. You'll only be able to delete it if it's not running, so make sure you've killed off whatever's making it restart first.

    Best of luck; and if this doesn't work, there's always the reformat =)

  12. #12
    Join Date
    Oct 2002
    Posts
    5,177
    Quote Originally Posted by creativecraft View Post
    Thankyou all for the suggestions. I tried a search for .exe but couldnt find it and also in my msconfig the program name is not to be seen. Like many of you have suggested I guess formatting and reinstall would be the best option.
    If you're not comfortable with manual removal, yep.

    If you were curious where it was hiding, try using Rootkit Revealer to locate the hidden file: http://technet.microsoft.com/en-us/s.../bb897445.aspx
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  13. #13
    I did a fresh install..Things are much better.Love the fresh feeling.

  14. #14
    Quote Originally Posted by Mike V View Post
    If you're not comfortable with manual removal, yep.

    If you were curious where it was hiding, try using Rootkit Revealer to locate the hidden file: http://technet.microsoft.com/en-us/s.../bb897445.aspx
    I was curious but already did a fresh install. SO i guess now i will never know what caused it!!!
    Regards
    Creativecraft

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •