Loading ...|
|
Tweet |  More |
Smart Anti-Malware Protection Description
There is Nothing Smart About Using Smart Anti-Malware Protection
If Smart Anti-Malware Protection is installed on your computer system, it is important that you remove Smart Anti-Malware Protection immediately. This is because Smart Anti-Malware Protection is a rogue anti-malware application; that is, a fake security program that, rather than protecting your computer from malware, is actually trying to scam you. Rogue anti-malware programs like Smart Anti-Malware Protection are designed to inundate their victims with no ending error messages and scary security alerts that attempt to induce the computer user to acquire a registration code for a useless ‘full version’ of the rogue anti-malware program. ESG security researchers report that, despite its convincing interface and numerous claims, Smart Anti-Malware Protection has without question no anti-malware features. This program is designed for two things only: to display constant error messages and to direct its victim to the Smart Anti-Malware Protection website so that the victim can enter a credit card number there. Smart Anti-Malware Protection should be removed with a legitimate anti-virus application (using the add/remove panel in the Control Panel will do nothing to uninstall Smart Anti-Malware Protection from your computer system). Since Smart Anti-Malware Protection will almost never attack alone, it is highly likely that running a full scan of your hard drive you will find various other malware infections as well.
How Smart Anti-Malware Protection May Have Entered Your Computer System
Smart Anti-Malware Protection is installed through a Trojan infection, usually some variant of the Zlob, Vundo, or the Fake Microsoft Security Essentials Alert Trojans. These will then install another Trojan, such as the FakeScanti Trojan, which is the malware component behind Smart Anti-Malware Protection’s disguise. Most of the time, these Trojan infections come from a corrupted online download. The two most common ways in which Smart Anti-Malware Protection spreads is through fake video codecs and malicious email attachments. In the case of fake codecs, these can usually be found on websites with pornographic videos or pirated movies as well as bundled with fake popular movie downloads on peer-to-peer or torrent networks. The Trojan behind a Smart Anti-Malware Protection infection may also be acquired through a compressed folder attached to an unsolicited email message. ESG security researchers strongly advise being especially careful with what you download onto your hard drives, thoroughly researching any potential downloads before letting them into your system. While a reliable security application is important in order to prevent a Smart Anti-Malware Protection infection, being careful when going online is even more essential.
Type: Rogue Anti-Virus Program
How Can You Detect Smart Anti-Malware Protection?
Download SpyHunter’s Detection Scanner
to Detect Smart Anti-Malware Protection.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
Smart Anti-Malware Protection Technical Report
As new Smart Anti-Malware Protection details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Smart Anti-Malware Protection:
The following fake error message(s) appears for Smart Anti-Malware Protection:
Attention! xx infected files detected!
Scan Result: Your computer is infected!
Recommended: click “Remove All” button to erase all infected files and protect your PC
Warning! Virus Detected
Threat Detected: Trojan-Spy.HTML.BankFraud.ra
Recommended: Please click “Remove All” button to erase all infected files and protect your PC.
System Message
Your PC may still be infected with dangerous viruses. Malware Protection Center protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
Warning! Access conflict detected
An unidentified program is trying to access system process address space.
Warning! Identity theft attempt detected
Recommended: Please click “Remove All” button to erase all infected files and protect your PC.
Address space conflict
Warning! Spambot detected!
Attention! A spambot sending viruses to your e-mail contacts has been detected on your PC.
Memory access problem
WindowsErrorForm has encountered a problem at address 0×1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.
‘How Smart Anti-Malware Protection Infects Your Computer’ Video
Smart Anti-Malware Protection Removal Details
Smart Anti-Malware Protection has typically the following processes in memory:
- %CommonAppData%\79b35\SAa76.exe
- %UserProfile%\Recent\eb.dll
- %AppData%\Smart Anti-Malware Protection\ScanDisk_.exe
- %CommonAppData%\79b35\mozcrt19.dll
- %UserProfile%\Recent\ddv.exe
- %UserProfile%\Recent\PE.sys
- %CommonAppData%\79b35\sqlite3.dll
- %UserProfile%\Recent\ANTIGEN.exe
- %UserProfile%\Recent\kernel32.sys
Smart Anti-Malware Protection creates the following files in the system:
- %CommonAppData%\79b35\SAMP.ico
- %StartMenu%\Smart Anti-Malware Protection.lnk
- %CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk
- %CommonAppData%\79b35\Quarantine Items\
- %UserProfile%\Recent\CLSV.drv
- %AppData%\Microsoft\Internet Explorer\Quick Launch\Smart Anti-Malware Protection.lnk
- %AppData%\Smart Anti-Malware Protection\Instructions.ini
- %CommonAppData%\[RANDOM CHARACTERS]\ISG.ico
- %StartMenu%\Programs\Smart Anti-Malware Protection.lnk
- %CommonAppData%\79b35\BackUp\
- %CommonAppData%\79b35\SAMPSys\
- %CommonAppData%\SAPPKIDMP\SAQNMP.cfg
- %UserProfile%\Recent\SICKBOY.tmp
- %AppData%\Smart Anti-Malware Protection\cookies.sqlite
- %CommonAppData%\79b35\367.mof
- %CommonAppData%\79b35\
- %Desktop%\Smart Anti-Malware Protection.lnk
- %CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk
- %CommonAppData%\SAPPKIDMP\
- %UserProfile%\Recent\PE.drv
- %AppData%\Smart Anti-Malware Protection\
Smart Anti-Malware Protection creates the following registry entries:
- HKEY_CLASSES_ROOT\SAaa1_7.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “4″ = “avgnt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “7″ = “avgfrw.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Smart Anti-Malware Protection”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “0″ =”msseces.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “11″ = “avgcfgex.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “14″ = “avgcmgr.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CURRENT_USER\Software\3
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “3″ = “egui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “6″ = “avscan.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “9″ = “avgtray.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “DisallowRun” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “10″ = “avgscanx.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “13″ = “avgchsvx.exe”
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “88880584903″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Smart Anti-Malware Protection” “%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” /s /d
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “2″ = “ekrn.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “5″ = “avcenter.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “8″ = “avgui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “Version/12.00007″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “1″ = “MSASCui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “12″ = “avgemc.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “15″ = “avgwdsvc.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “UID” = “7″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
- … any many more Image File Execution Options entries.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe
Important Article Disclaimer
Smart Anti Malware Protection
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.