Smitfraud Removal Guide

Do you have Smitfraud?

This “Smitfraud Removal Guide” article will show you how to identify and remove Smitfraud. This guide will be updated as more information is available.

Smitfraud Detection Test

Run SpyHunter’s Spyware Scanner to check for Smitfraud infections on your PC.

Smitfraud Description

SmitFraud (also known as W32/SmitFraud.A) is a malicious spyware application that may install itself secretly via adware. SmitFraud may also be brought into your computer bundled with a fake codec (that may include the following: BrainCodec, VideoKeyCodec or PCodec). SmitFraud is designed to inject a corrupt code in Windows DLL that usually results in Blue Screen of Death (a nasty desktop modification). SmitFraud may also generate misleading warning messages, in order to scare gullible computer users into buying fraudulent anti-spyware applications. It is strongly recommended to dispose of SmitFraud as soon as possible.

Parasite Type: Trojans

Smitfraud Method of Automatic Detection

The removal of spyware such as Smitfraud can be a difficult process. If you regularly run a spyware scan with a good spyware remover, you can automatically detect Smitfraud and other Spyware, Adware, Worms, Trojans and Browser Hijackers.

To quickly detect Smitfraud, follow the instructions below:

  1. Download SpyHunter’s Spyware Scanner Download SpyHunter’s Spyware Scanner.

  2. Select “Start Scan” to run a full system Smitfraud scan.

  3. Reboot your computer.

  4. Run another scan to pick up any remaining Smitfraud infections.

** SpyHunter’s Spyware Scanner only allows you to detect Smitfraud and other spyware. In order to remove Smitfraud, we advise you to buy the full-version of SpyHunter. Weekly Smitfraud file updates and technical support are available with SpyHunter’s spyware remover.

Smitfraud Manual Removal

Use Caution! Please read the instructions below carefully. Manual removal of Smitfraud is a delicate procedure. Proceed at your own risk. We advise you to backup your system before you manually remove Smitfraud.

If you are still having problems with Smitfraud after completing these instructions, we recommend you download SpyHunter’s Spyware Detection Tool to safely detect Smitfraud.

To manually remove Smitfraud, follow these removal steps:

Stop Smitfraud Processes

  1. To open Task Manager, use CTRL+ALT+DEL or CTRL+SHIFT+ESC.

  2. Go to Image Name to find “Smitfraud” processes by name.

  3. Find and stop the “Smitfraud” processes listed below.
    faceback.exe
    n2ewma1xxsv2234.exe
    retadpu1000106.exe
    retadpu.exe
    retadpu[2].exe
    retadpu[1].exe
    wjiio.exe
    retadpu21.exe
    arpl.exe
    retadpu77.exe
    drsmartload815a.exe
    drmv2clt.exe
    MTE3NDI6ODoxNg[1].exe
    MTE3NDI6ODoxNgnew.exe
    drsmartload44a[1].exe
    cproc.exe
    ntsystem.exe
    MTE3NDI6ODoxNg.exe
    drsmartload1.exe
    drsmartload95a.exe
    drsmartload849a.exe
    drsmartload46a.exe
    drsmartload45a.exe
    drsmartload100a[1].exe
    drsmartload849v.exe
    drsmartload46v.exe
    drsmartload45v.exe
    drsmartload849a8b5.exe
    drsmartload849a[1].exe
    drsmartload45a[1].exe
    loader[1].exe
    drsmartload46a[1].exe
    drsmartload849a7h.exe
    drsmartload46a7h.exe
    drsmartload45a7h.exe
    drsmartload.exe
    drsmartload849a7i.exe
    drsmartload46a7i.exe
    drsmartload45a7i.exe
    drsmartload192a[1].exe
    drsmartload849a849m.exe
    drsmartload46a46m.exe
    drsmartload45a45m.exe
    zloader3.exe
    wp.exe
    winstall.exe
    winhook.exe
    uninstiu.exe
    shnlog.exe
    popuper.exe
    ole32vbs.exe
    msole32.exe
    msmsgs.exe
    intmonp.exe
    intmon.exe
    hookdump.exe
    helper.exe
    bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exebsw.exe

Unregister Smitfraud DLL Files

  1. Go to Start > Run > type cmd and then press OK.

  2. To unregister “Smitfraud” DLL file, type in the exact directory path +
    regsvr32 /u + [DLL_NAME] (ex., :C\ Smitfraud \> regsvr32 /u Smitfraud.dll).

  3. Find and unregister “Smitfraud” DLL files listed below.
    gndarmblsnv.dll
    asgp32.dll
    dxpvqlmqng.dll
    dxpvqlmtqn.dll
    domnftwlvq.dll
    domnftwwrn.dll
    domnftwmnf.dll
    domnftwost.dll
    bndsrdkq.dll
    bndsrgxt.dll
    oembios32.dll
    vtursro.dll
    ssqnool.dll
    olnohdw.dll
    tazth.dll
    ixt2.dll
    winetn32.dll
    atmtd.dll
    oybgrql.dll
    dnr4019qe.dll
    oleadm32.dll
    oleadm.dll
    hhk.dll
    param32.dll
    wldr.dll

Delete Smitfraud Registry Values

  1. Go to Start > Run > type regedit and then press OK.

  2. To search for Smitfraud, press Ctrl + F and type Smitfraud to
    locate the key that has the value you want to delete.

  3. To delete “Smitfraud” value, right-click on it and select Delete.

  4. Find and delete “Smitfraud” registry keys listed below.
    82B07A2B-F0AF-45FC-BE44-18D83B01EAD9
    973ecdd8-1e81-4c28-b5a1-69966c0a2ce4
    4480F41F-F91F-4781-B1EA-30D261DA06AC
    BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED
    D878CD49-CE41-4434-831D-EFC15D06D25C
    8AC6FA22-65B6-41B0-B0BB-243F35B86E74
    EACC5636-980A-4D26-9250-1CF418E6D1D1
    9D2C4CFB-0C11-4658-9EF5-B05BED9CC447
    3808C05F-CFB0-4C9B-858D-851CC3EBB3BC
    5085333B-FD15-4754-A571-852F7077C5F2
    1AC7107A-938F-4347-864C-C51E49EC586E
    C4248759-304D-477D-A1B3-F706CF99756D
    87EF7048-8905-4E82-862E-65004D4DFA80
    6a307130-b248-4b23-b2b7-4498da8c977a
    C2DE4340-CB68-450F-90CD-9BE1A26739D7
    3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A
    AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236
    0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtursro
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnool
    FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F
    b292ec9f-a074-4115-8342-1f459702d8d2
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b292ec9f-a074-4115-8342-1f459702d8d2
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\instcat
    27321538-5739-4aa1-b84c-7d18e4383f1f
    5f938c17-fbc7-4a3c-8526-85e5b1a1f762
    Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\5f938c17-fbc7-4a3c-8526-85e5b1a1f762
    SOFTWARE\Policies\06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
    dfa61db1-388e-4c87-8d56-540fa229bcb4
    f31aee4a-1530-4fef-8537-79c6973bff9a
    Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f31aee4a-1530-4fef-8537-79c6973bff9a
    03413bf7-e34c-445b-bfc0-a2b127255871
    Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\incestuously
    19452E5B-963F-4886-766D-0526284B6F61
    Microsoft\drsmartload2
    64ba30a2-811a-4597-b0af-d551128be340
    aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
    ed39ecef-902e-4ed1-8434-71e8db89e5ca
    WMuse
    5839511e-ec1b-4f91-ace3-fb88e52f5239
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\64ba30a2-811a-4597-b0af-d551128be340
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\decorin
    f79fd28e-36ee-4989-aa61-9dd8e30a82fa
    D5BC2651-6A61-4542-BF7D-84D42228772Centry.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternetupdate
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchURL(Default)=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainLocalPage=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]
    HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]
    FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmsnmessenger
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFZ
    Search the Windows registry for {D5BC2651-6A61-4542-BF7D-84D42228772C} entry.HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFY
    HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallinternet update
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchURL(Default)=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchSearchAssistant=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchCustomizeSearch=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainLocal Page=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainSearch Page=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainSearch Bar=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainDefault_Search_URL=[site address]
    HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainDefault_Page_URL=[site address]
    HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
    HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunmsn messenger
    HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunWindowsFZ
    HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunWindowsFY

Smitfraud Symptoms

There are many signs that your PC has been hijacked and infected with Smitfraud or other spyware applications. To reduce the damage that can be done to your PC, start detecting Smitfraud symptoms on time. Below is a list of possible Smitfraud symptoms that your PC may have. Notice that certain spyware symptoms vary depending on upon the severity of the infection and other factors.

  • Installs without your knowledge or permission. Usually spyware such as Smitfraud may be installed from a website through an embedded script or program in a webpage. There are some malwares that install through web pop-ups or free software that require you to accept a downloadable file.

  • Tracks your surfing habits. Spyware applications such as Smitfraud are designed to track and collect details such as what websites you visit, what your usernames and passwords are and other sensitive information. Malware may even record and collect your login details for your online bank account.

  • Bombards your PC with popup ads. Some unwanted applications such as Smitfraud display annoying popups (often for adult or other objectionable web sites) while you are surfing the Web and even when your PC has been idle for many minutes.

  • Modifies or hijacks your homepage and displays new desktop shortcuts. Some spyware programs like Smitfraud add new unnecessary shortcuts on your desktop. Moreover, Smitfraud may actually change your default homepage to a different homepage. Sometimes Smitfraud won’t even allow you to change it back to your original homepage.

  • Slows down your PC’s performance. One of the most common spyware symptoms is when your system suddenly starts operating slower than usual. Spyware applications use a lot of your PC’s resources to deliver popup ads and send information to third-parties which can results in a slow computer performance and system crashes.

Smitfraud Method of Infection

One of the most common reasons for getting infected with Smitfraud or other types of spyware is because people do not apply safe Internet practices. It is important to learn how one gets infected with Smitfraud or other types of spyware. Once you know what not to do, you will be able to avoid falling victim to spyware.

Below we provide some possible reasons why you might have become infected with Smitfraud:

  1. You received an e-mail with an attachment from someone you don’t know and opened it. This is one of the most common ways for Adware, Viruses, or Spyware like Smitfraud to infect your PC. How do you know that the attachment is dangerous? It usually sends attachments that end with a .exe, .com, .bat, or .pif. Do not open email attactments if you don’t know who the sender is!

  2. You were surfing the Web and you clicked on a popup ad warning you that your PC is infected. You panicked and clicked on the ad’s OK button; thus you were directed to Smitfraud’s website and it tried to push a product on you. Ignore such messages! We recommend closing these windows by clicking on the X instead of the OK button.

  3. You visited a questionable website. A large amount of spyware is mostly pushed through adult sites. You might have accidentally clicked on a link that automatically installed unwanted software such as Smitfraud.

  4. You downloaded a freeware or shareware program. Some developers offer their software for free, but can come with other unwanted programs such as Smitfraud bundled with it. Do not install any free software without reading its EULA. By simply reading a program’s EULA, you can determine whether a program you are installing has spyware bundled with it.

  5. You downloaded a peer-to-peer (P2P) or shared network application. Very often peer-to-peer sharing programs are bundled with spyware similar to Smitfraud.

  6. You downloaded some program from Warez or Crack websites. The downloads from these websites are often overrun with dangerous infections such as Smitfraud.

Smitfraud Quick Prevention Tips

Follow the Smitfraud prevention tips below to avoid Smitfraud infections and other malicious software.

  1. Run Windows Updates regularly to ensure you have the most up-to-date and secure system. A good tactic is to set up your system to check for updates on a regular basis.

    To set up your system to access automatic updating services, follow these steps:
    Go to Start > Control Panel > System > Automatic Updates (XP) or Start > Settings > Control Panel > Automatic Updates (2000).

  2. Use a firewall. A firewall is a software or hardware that serves as a blockade to keep data secure and safe and unauthorized users off your computer or network. You can choose from a variety of firewalls that are designed to meet different needs.

  3. Firmly secure Internet Explorer settings. If you’re using Internet Explorer as your browser, change its settings to block spyware applications.

    To change Internet Explorer settings, go to Tools > Internet Options > Security > Custom Level.

    You will see a section near the top of the dialogue box devoted to Active X controls. There you should disable downloading of both signed and unsigned Active X controls and those marked as unsafe. Some Active X objects are spyware, and this action will block them.

  4. Install a good and reputable anti-virus program. Make sure that you install only reputable anti-spyware and anti-virus software like SpyHunter. Most reputable anti-spyware software programs today are also designed to identify known viruses, which could contain Trojan horses as well.

  5. Always keep your anti-spyware or anti-virus up-to-date with the latest malware definitions. The creators of anti-virus applications are constantly finding new security holes in their software and providing software updates. Therefore, it is important to make sure your anti-virus and anti-spyware programs are up-to-date. These updates are typically installed through an integrated update system.

  6. Practice safe Internet surfing habits. Stay away from any questionable sites, including pornography, gambling, hacking or other off-beat sites.

The purpose of this “Smitfraud Removal Guide” article is to describe the removal process of SpyLocked. The SpyLocked manual removal instructions are to serve as a guide. We do not guarantee that the manual removal instructions will completely remove Smitfraud. It is advised to use SpyHunter to safely remove SpyLocked.


ESG Support Center

« Zlob Removal Guide
How to Start a Remote Assistance with one of our Technicians »

This entry was posted by ESGI Advisor on Thursday, April 28th, 2005 at 10:27 pm and is filed under Spyware Alerts. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.