Smart Anti-Malware Protection

Smart Anti-Malware Protection Description

Screenshot

There is Nothing Smart About Using Smart Anti-Malware Protection

If Smart Anti-Malware Protection is installed on your computer system, it is important that you remove Smart Anti-Malware Protection immediately. This is because Smart Anti-Malware Protection is a rogue anti-malware application; that is, a fake security program that, rather than protecting your computer from malware, is actually trying to scam you. Rogue anti-malware programs like Smart Anti-Malware Protection are designed to inundate their victims with no ending error messages and scary security alerts that attempt to induce the computer user to acquire a registration code for a useless 'full version' of the rogue anti-malware program. ESG security researchers report that, despite its convincing interface and numerous claims, Smart Anti-Malware Protection has without question no anti-malware features. This program is designed for two things only: to display constant error messages and to direct its victim to the Smart Anti-Malware Protection website so that the victim can enter a credit card number there. Smart Anti-Malware Protection should be removed with a legitimate anti-virus application (using the add/remove panel in the Control Panel will do nothing to uninstall Smart Anti-Malware Protection from your computer system). Since Smart Anti-Malware Protection will almost never attack alone, it is highly likely that running a full scan of your hard drive you will find various other malware infections as well.

How Smart Anti-Malware Protection May Have Entered Your Computer System

Smart Anti-Malware Protection is installed through a Trojan infection, usually some variant of the Zlob, Vundo, or the Fake Microsoft Security Essentials Alert Trojans. These will then install another Trojan, such as the FakeVimes Trojan, which is the malware component behind Smart Anti-Malware Protection's disguise.

Smart Antimalware Protection has numerous clones that include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Most of the time, these Trojan infections come from a corrupted online download. The two most common ways in which Smart Anti-Malware Protection spreads is through fake video codecs and malicious email attachments. In the case of fake codecs, these can usually be found on websites with pornographic videos or pirated movies as well as bundled with fake popular movie downloads on peer-to-peer or torrent networks. The Trojan behind a Smart Anti-Malware Protection infection may also be acquired through a compressed folder attached to an unsolicited email message. ESG security researchers strongly advise being especially careful with what you download onto your hard drives, thoroughly researching any potential downloads before letting them into your system. While a reliable security application is important in order to prevent a Smart Anti-Malware Protection infection, being careful when going online is even more essential.

Aliases: Suspicion: unknown virus [AVG], Riskware/EoRezo [Fortinet], EoRezo Adware [Sophos], Adware.Eorezo.a (v), Trojan.Malware.Win32.xPack.m, Win32/Adware.EoRezo.E [NOD32], Adware-Eorezo [McAfee], Generic_r.FJ [AVG], Adware/Gaba [Fortinet], not-a-virus:AdWare.Win32.Gaba [Ikarus], Trojan.Win32.Generic.12C07F37, AdWare.Gaba.niz, Adware/Win32.Gaba [AhnLab-V3], AdWare/Gaba.ayv and Adware/Rogue.421888 [AntiVir].

Do You Suspect Your Computer May Be Infected with Smart Anti-Malware Protection & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Smart Anti-Malware Protection as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Smart Anti-Malware Protection infects a computer.

Steps to Find and Remove Smart Anti-Malware Protection

Smart Anti-Malware Protection Image 1 Smart Anti-Malware Protection Image 2 Smart Anti-Malware Protection Image 3 Smart Anti-Malware Protection Image 4 Smart Anti-Malware Protection Image 5 Smart Anti-Malware Protection Image 6

File System Details

Smart Anti-Malware Protection creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\EoRezo\EoRezo\SoftwareUpdateHP.exe 728,688 29b5117c0d0944090531af477bbebadc 98
2 %APPDATA%\Microsoft\Windows\AdvService.exe 421,888 b8aa527c20fd1a6a40fb43d02ef66ab7 81
3 %TEMP%mama.exe 491,520 07a8a3dfe4e53f65dab43c5077028598 55
4 C:\MrtTool\MrtService.EXE 116,736 2d1d52bb1f634e62d9c5940c94a10530 20
5 %LOCALAPPDATA%\GameMill Entertaiment\tncsedbh.dll 796,400 e8fdc66b7e707239296d60645faebdcd 20
6 %APPDATA%AcroIEHelpe205.dll 198,200 fed1faf78e669054e49d80603c97b972 15
7 %PROGRAMFILES(x86)%\Total Uninstall 5\Tu.exe 45,568 04b1eea8216225f0b71c195fda4069c3 15
8 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\us.exe 137,216 76315677eb12c5d30ffb51b2d9fc8fd4 9
9 %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQSDF9NK\FinalMediaPlayer2012Setup.exe 1,635,520 854c9d07142913b039397b4782bbccb1 8
10 %LOCALAPPDATA%\WideSearch\wsearch.exe 1,327,104 64284646cfdd7615cab0afe15c74917c 8
11 %WINDIR%\system32\rpcnet.exe 1,092,608 99f6b8a83bb84cc5e4433b36ee13d343 5
12 %USERPROFILE%czu1sgadva.exe 20,936 03c10a9e81cccba3efc4c8bb97e82c2b 4
13 %SystemDrive%\Users\Elena Van Dyke\AppData\Local\Temp\firefox.dll 139,264 4a70c4880dd340c21d5e29e827c94b3c 4
14 %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU8SZRS7\freeopener_715.exe 1,650,880 31838684e16dd1abd41371c4c102ca3f 4
15 %ALLUSERSPROFILE%\Application Data\d4855\SA454.exe 6,373,376 20decd92e59f465a85db3facde1999d6 3
16 %APPDATA%\Nbt\nbt.exe 696,320 c9412a7d818995b1b8136068cd7406de 3
17 %SystemDrive%\Users\Marjo\ttcbnzmo.exe 176,128 d979831f5137e3836c748c22ec319bfe 3
18 %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV4HON0J\xmastree.exe 1,650,880 17ef9dc67976e9c68fe21ec2fdd07920 3
19 %USERPROFILE%mqerhajyqbas.exe 87,040 89992c24991aebfa0d5f2f24c9680f9f 2
20 %PROGRAMFILES%\SelectRebates\SelectRebates.exe 874,058 ed9cbe1838f3bbcdfd0657d849f636ec 2
21 %PROGRAMFILES%\OApps\bho.dll 92,160 89206a62feded977cada91b410c9f671 2
22 %PROGRAMFILES%\Film X XX\Updating System Now.exe 1,795,934 745e4fd107823fba24d812ce5668887d 1
23 %APPDATA%53.exe 1,586,176 a683b2e63538f0934dde0216ddccb1d8 1
24 %SystemDrive%\RECYCLER\S-1-5-21-1390067357-73586283-1177238915-1003\$7d3c0486a89a76e96f2700e03114fd3c\n. 74,752 97843b9c3ceed27959f5a499cb39e532 1
25 %LOCALAPPDATA%Guffins Installer(69825b24).exe 96,296 243ecb7a697894aa963b595041921565 1
26 %SystemDrive%\Documents and Settings\Garth\Application Data\kqpq.exe 450,560 8532e5e75a35b11256f3c01cbc7623ac 1
27 %CommonAppData%\79b35\SAa76.exe N/A
28 %UserProfile%\Recent\eb.dll N/A
29 %AppData%\Smart Anti-Malware Protection\ScanDisk_.exe N/A
30 %CommonAppData%\79b35\mozcrt19.dll N/A
31 %UserProfile%\Recent\ddv.exe N/A
32 %UserProfile%\Recent\PE.sys N/A
33 %CommonAppData%\79b35\sqlite3.dll N/A
34 %UserProfile%\Recent\ANTIGEN.exe N/A
35 %UserProfile%\Recent\kernel32.sys N/A
36 %CommonAppData%\79b35\SAMP.ico N/A
37 %StartMenu%\Smart Anti-Malware Protection.lnk N/A
38 %CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk N/A
39 %CommonAppData%\79b35\Quarantine Items\ N/A
40 %UserProfile%\Recent\CLSV.drv N/A
41 %AppData%\Microsoft\Internet Explorer\Quick Launch\Smart Anti-Malware Protection.lnk N/A
42 %AppData%\Smart Anti-Malware Protection\Instructions.ini N/A
43 %CommonAppData%\[RANDOM CHARACTERS]\ISG.ico N/A
44 %StartMenu%\Programs\Smart Anti-Malware Protection.lnk N/A
45 %CommonAppData%\79b35\BackUp\ N/A
46 %CommonAppData%\79b35\SAMPSys\ N/A
47 %CommonAppData%\SAPPKIDMP\SAQNMP.cfg N/A
48 %UserProfile%\Recent\SICKBOY.tmp N/A
49 %AppData%\Smart Anti-Malware Protection\cookies.sqlite N/A
50 %CommonAppData%\79b35\367.mof N/A
51 %CommonAppData%\79b35\ N/A
52 %Desktop%\Smart Anti-Malware Protection.lnk N/A
53 %CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk N/A
54 %CommonAppData%\SAPPKIDMP\ N/A
55 %UserProfile%\Recent\PE.drv N/A
56 %AppData%\Smart Anti-Malware Protection\ N/A
More files

Registry Details

Smart Anti-Malware Protection creates the following registry entry or registry entries:
Directory
%AppData%\Smart Anti-Malware Protection
RegistryKey
HKEY_CLASSES_ROOT\SAaa1_7.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Anti-Malware Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" ="msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "88880584903"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Anti-Malware Protection" "%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe" /s /d
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Version/12.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... any many more Image File Execution Options entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe

More Details on Smart Anti-Malware Protection

The following messages associated with Smart Anti-Malware Protection were found:
Attention! xx infected files detected!
Scan Result: Your computer is infected!
Recommended: click “Remove All” button to erase all infected files and protect your PC
Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.
System Message
Your PC may still be infected with dangerous viruses. Malware Protection Center protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
Warning! Access conflict detected
An unidentified program is trying to access system process address space.
Warning! Identity theft attempt detected
Recommended: Please click "Remove All" button to erase all infected files and protect your PC.
Address space conflict
Warning! Spambot detected!
Attention! A spambot sending viruses to your e-mail contacts has been detected on your PC.
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.
Warning! Virus Detected
Threat Detected: Trojan-Spy.HTML.BankFraud.ra
Recommended: Please click “Remove All” button to erase all infected files and protect your PC.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.