BlueChillies-All the spice none of the mind blowing heat!
BlueChillies-All the spice none of the mind blowing heat!
bluechillies does not host ANY software! This is a personal blog offering recipes, My thoughts, the shares from the groups I belong to and much more. You never know what will be posted because I love the internet and finding those niches that others leave unexplored.
I would love to hear your comments, thoughts & ideals to my posts.
Tutorial SmitfraudFix - Clean DesktopHijack-like infections under Windows XP or Windows 2000
SmitfraudFix, a tool for Windows 2000 and XP, has got 3 separate options:-
option #1 displays infected Smitfraudwise files (run option #2 in case of displayed files).-
option #2 deletes infected files and is to be run if option #1 showed their presence.This operation is to be performed in Safe mode.-
option #3 is independent and will be run to re-initialize the Trusted and Restricted Sites zones (O15 lines on a HijackThis log).This option must not be run by chance as protection information might be in this Restricted Site zone!
Given the recent random file names, this step must be part of an infected hard disk file removal procedure and a system cleaning by Ewido or similar.
Download SmitfraudFix. Extract all the smitfraudfix.zip archive.
Option 1 - Search:Double-click smitfraudfix.cmd Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.
Option 2 - Clean:Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually). Double-click smitfraudfix.cmd. Select 2 and hit Enter to delete infect files. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.
Option 3 - restore Trusted and Restricted site zone: To restore Trusted and Restricted site zone, select 3 and hit Enter.You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone (lines HijackThis O15).process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user (see Command Line Process Viewer/Killer/Suspender). http://www.beyondlogic.org/consulting/processutil/processutil.htm <---Command line process viewer/Killer/suspender--->
