Symptoms:
fake security warnings popup in the bottom right of screen. Examples:
“Your computer is working slowly!”
“Alert! You are receiving spam!”
“Warning! Your security and privacy are at risk!”
“You computer is not protected against spyware!”
“Danger! Spyware activity detected on your computer!”
“Alert! A minimum of 7 spyware items found!”Explorer opens to about:blank and displays a Windows Security Center (remove spyware alert) & link directs to http://www[dot]antispywarebox[dot]com/index2.php?aff=0&wd=C:/WINDOWS
For fix your problems, make follow steps:
Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
Download CCleaner. Double click on the file for install.
Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, Download, install, and update the free version of Ewido security suite:
1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
2. Run Ewido.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display “Update successful”)
5. Exit Ewido. DO NOT scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
Reboot your computer again in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Start HijackThis.
Click “Do a system scan only.” and put a checkmark next to the following items:
O2 – BHO: (no name) – {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} – (no file)
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.
Run Ewido
1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.
3. When the scan finishes, click on “Save Report“. This will create a text file. Make sure you know where to find this file again.
Run CCleaner.
Click Analyze button. After scan your system, click Run Cleaner.
Restart your computer in normal mode.
Run the Panda online virus scan.
– Once you are on the Panda site click the Scan your PC button
– A new window will open…click the Check Now button
– Enter your Country
– Enter your State/Province
– Enter your e-mail address and click send
– Select either Home User or Company
– Click the big Scan Now button
– If it wants to install an ActiveX component allow it
– It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
– When download is complete, click on Local Disks to start the scan
– When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
If after that you have a problems, then please post a new HijackThis log, the Ewido log, the Panda ActiveScan log to the Spyware Removal Forum.
