This is driving me nuts I have looked in the registry and everything and gone through my computer to get rid of this thing but it is still showing up in my system tray. Can anyone help?
2007-06-11 12:14:53 · 12 answers · asked by wreckseeee29 1 in Computers & Internet ➔ Security
What you did was to remove SOME of the spyware.
What you have is a classic Smitfraud infection which is caused when the Trojan Zlob gets downloaded to your computer and then Zlob "phones home" to download the phony alerts.
The standard tool to remove Smitfraud is a freebie called SmitfraudFix:
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
This should take care of the icon and remaining traces of the infection.
As a final step, scan for trojans and spyware and remove (free online scan, no download) with Ewido.
http://www.ewido.net/en/
This makes sure that the original Trojan Zlob, which caused all your misery in the first place, is totally removed. If Zlob remains, it can "phone home" again and re-infect your computer.
Best of luck.
2007-06-11 12:24:23 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Use this URL to download the latest version (the file contains both English and French versions):
http://siri.geekstogo.com/smitfraudfix.e...
Double-click smitfraudfix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click smitfraudfix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
2007-06-11 14:18:13 · answer #2 · answered by The Shoe 2 · 0⤊ 0⤋
Roguefix.bat
http://www.internetinspiration.co.uk/roguefix.htm#uninstall
Includes spycrush removal
This tool will scan for, Rogue scanners Desktop/Homepage
Hijackers Trojans Codec's Accompanying Malware
Per
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-053116-4623-99&tabid=1
Updated: May 31, 2007 7:05:59 PM
Type: Other
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Behavior
SpyCrush is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.
2007-06-11 12:33:54 · answer #3 · answered by Anonymous · 0⤊ 0⤋
SpyCrush is a Dangerous fake antispyware software and it is update version of SpyLocked. SpyCrush maybe a variant of Trojan.Zlob. SpyCrush display a fake warning message to purchase the paid version of SpyCrush.
SpyCrush also displays a fake warning alert with flashing icon on your system tray. A Pop up balloon warning messages claiming that your PC is infected. For example : "Critical System Error", "Your computer is infected", "System Alert", "Security Alert", Trojan-Spy.win32@mx", "Virus Alert", "Security Alert" or "Spyware.Cyberlog-X".
I got all these information from this site and you can also check it. There you can also get the complete manual and Automatic removal.
http://www.pcontech.com/SpyCrush-remove.htm
2007-06-15 04:58:20 · answer #4 · answered by garham g 3 · 0⤊ 0⤋
Your computer is infected with a trojan called Zlob. Zlob hijacks your homepage to some fake security website (like protectstand.com) and generates warning messages to try and get you to buy SpyCrush. Of course it is important to get rid of SpyCrush, but its just as important to also remove the Zlob Trojan that implanted it there. In my experience, a program called SpyNoMore is your best bet in removing the Zlob trojan. By removing this trojan, you will also get rid of SpyCrush. Another symptom of Zlob Trojan is that it generates fake warning messages like:
System Alert
Critical System Error
System Performance monitor warning
Security Alert: NetWorm-i.Virus@fp
Security Warning: SpyBot@MXt trojan
W32.Myzor.FK@yf
http://www.spynomore.com/spycrush.htm
http://www.spynomore.com/trojan-zlob.htm
2007-06-12 21:21:44 · answer #5 · answered by Anonymous · 0⤊ 0⤋
I had this same problem what i did was i restarted my computer right before the window page came up i hit f8. i hit safe mode. then the window page came up in safe mode. i went to start.
1 go to run
2. type msconfig
3. go to lauch system restore.
4 look for date before you installed spycrush.
5. click ok
after that windows will restart with out spycrush/
2007-06-14 18:03:09 · answer #6 · answered by Shalena B 2 · 0⤊ 0⤋
go to run,type msconfig.then,click on startup.then,choose anything u want to delete on ur system tray,then uncheck it.save it.and reboot
2007-06-12 00:28:01 · answer #7 · answered by Sundeep 2 · 0⤊ 0⤋
1st,turn off system restore. all programs--accessories----system tools--system restore--settings--drive ( c )--check OFF box and use slider to restore 10% memory to you by sliding it to left and stop at 3%.
control panel--internet options--general--temp files--delete.cookies--delete.history--delete and set days to keep to 0.privacy--advanced--override--allow 1st party--BLOCK 3rd party cookies.advanced--active x--uncheck unsafe or unsigned.
all programs--accessories--system tools--disk clean--drive ( c ),run and delete files.all programs--administrative tools--services--alerter and messenger services--right click--select properties--select disable from drop down menu. download/install/update/run protection programs in source link/s.
now return to system restore and click create new restore point. name it and you're clean and done !
http://browseraddons.friendpages.com
http://ieoptions.friendpages.com
http://cookiemanage.diaryland.com
2007-06-11 14:00:47 · answer #8 · answered by Anonymous · 0⤊ 0⤋
With difficulty if it is a trojan (a fake anti-spyware program).
Do a Google search to find out how to remove it.
Here's one I did earlier ...........
2007-06-11 12:23:57 · answer #9 · answered by Anonymous · 0⤊ 2⤋
http://www.xp-vista.com/category/spyware-removal/
'nuff said.
[this presumes that you are running Windows.]
2007-06-11 12:26:16 · answer #10 · answered by sirbobby98121 7 · 0⤊ 0⤋