SmitFraudFix, Zlob Removal and Vundo Fix
Updated August 8, 2008 - Scroll down for Zlob Removal and Vundo Fix
This tool will remove Desktop hijacking malware.
Firstly, download the removal tool by Right Clicking Here and select Save and save it to your desktop
If your download does not start click here: Download Here
Disconnect from the internet to stop it from trying to reload itself on to your system.
Double-click SmitfraudFix.exe to run the first stage of the program.
On the first screen select 1 and hit Enter, this will create a report of the infected files.
The report can be found at the root of the system drive, which is usually located at C:rapport.txt
Secondly, reboot into Safe Mode, keep tapping F8 key before Windows splash screen.
Double click the Smitfraudfix.exe and on the screen that opens type in 2 the hit Enter to delete any infected files.
You will then be prompted with ‘Do you want to clean the registry?’ Type Y and again hit Enter to remove the Desktop background and clean any registry keys that are associated with this infection.
The tool will then check to see if winnet.exe is infected. If it is you will be asked if you want to replace infected file? Type Y and again hit Enter to restore a clean file entry to the registry.
You may be required to reboot after the cleaning process, and you can then reconnect to the internet. A full report can be found on your root drive, usually C:rapport.txt
Another option is to restore Trusted and Restricted sites, type in 3, hit Enter. I would advise that you use this option.
You will then be prompted with ‘Restore Trusted Zone?’ Type Y, hit Enter.
Some anti-virus programs detect process.exe as a ‘risk’. It is NOT a virus, it is a program used to stop system processes.
Zlob Removal
Download this file to your desktop:
http://www.mvps.org/winhelp2002/DelDomains.inf
Close all browsers, right-click and select: Install
Disconnect from the internet.
This program doesn’t really install, it just clears all sites in the Domains and Ranges keys.
Afterwards you will need to immunize again in SpyBot S&D and re-protect again with SpywareBlaster or re-install iespyadds if it’s installed, then the file itself (DelDomains.inf) can be safely deleted.
Simply use the Search or Find utility to locate it and delete it.
When your machine is clean, ensure that your Anti-Virus is up to date, I recommend that you use Spybot Search & Destroy, CCleaner, and Malwarebytes Anti-Malware or Superantispyware.
VISTA users, please use this tool instead
Rogue Remover now incorporated into Malwarebytes Antimalware
Please download Rogue Remover and save it to your desktop.
Vundo Fix
Signs of Vundo are constant popups created by various fake anti-malware programs such as DriveCleaner, ErrorSafe, WinFixer and many more. These fake scans will inform you that you have several infections and that the only way to fix them is by purchasing their software. This rogue software will only make matters worse.
Firstly, you need to ensure that all patches and updates are applied to your machine. Also remove all old Java applications through the Add/Remove Programs applet in Windows Control Panel and install the latest version by clicking here.
Download VundoFix here and save it to your desktop.
Double click to run and when it opens, click the ‘Scan for Vundo’ button. When the scan has completed click the ‘Remove Vundo’ button and you will be asked if you want to remove the files found, select ‘Yes’. At that point your desktop will go blank as the tool starts the removal process and when complete you will be prompted to reboot.
For full details or further assistance please go here to VundoFix by Atribune
Also perform a scan with Superantispyware and Malwarebytes Antimalware
Surf Safer, Surf with WOT - Click Here or the links below
Web of Trust for Internet Explorer
Web of Trust for Firefox
Web of Trust for Google Chrome
Free PC Security, Lavasoft AdAware2008, SmitFraud Removal, Zlob Removal, FreeTools, HowTo, FreeTools, Vundo Fix
