Smart Anti-Malware Protection

Smart Anti-Malware Protection Description

Screenshot

There is Nothing Smart About Using Smart Anti-Malware Protection

If Smart Anti-Malware Protection is installed on your computer system, it is important that you remove Smart Anti-Malware Protection immediately. This is because Smart Anti-Malware Protection is a rogue anti-malware application; that is, a fake security program that, rather than protecting your computer from malware, is actually trying to scam you. Rogue anti-malware programs like Smart Anti-Malware Protection are designed to inundate their victims with no ending error messages and scary security alerts that attempt to induce the computer user to acquire a registration code for a useless 'full version' of the rogue anti-malware program. ESG security researchers report that, despite its convincing interface and numerous claims, Smart Anti-Malware Protection has without question no anti-malware features. This program is designed for two things only: to display constant error messages and to direct its victim to the Smart Anti-Malware Protection website so that the victim can enter a credit card number there. Smart Anti-Malware Protection should be removed with a legitimate anti-virus application (using the add/remove panel in the Control Panel will do nothing to uninstall Smart Anti-Malware Protection from your computer system). Since Smart Anti-Malware Protection will almost never attack alone, it is highly likely that running a full scan of your hard drive you will find various other malware infections as well.

How Smart Anti-Malware Protection May Have Entered Your Computer System

Smart Anti-Malware Protection is installed through a Trojan infection, usually some variant of the Zlob, Vundo, or the Fake Microsoft Security Essentials Alert Trojans. These will then install another Trojan, such as the FakeVimes Trojan, which is the malware component behind Smart Anti-Malware Protection's disguise.

Smart Antimalware Protection has numerous clones that include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Most of the time, these Trojan infections come from a corrupted online download. The two most common ways in which Smart Anti-Malware Protection spreads is through fake video codecs and malicious email attachments. In the case of fake codecs, these can usually be found on websites with pornographic videos or pirated movies as well as bundled with fake popular movie downloads on peer-to-peer or torrent networks. The Trojan behind a Smart Anti-Malware Protection infection may also be acquired through a compressed folder attached to an unsolicited email message. ESG security researchers strongly advise being especially careful with what you download onto your hard drives, thoroughly researching any potential downloads before letting them into your system. While a reliable security application is important in order to prevent a Smart Anti-Malware Protection infection, being careful when going online is even more essential.

Aliases: Suspicion: unknown virus [AVG], Riskware/EoRezo [Fortinet], EoRezo Adware [Sophos], Adware.Eorezo.a (v), Trojan.Malware.Win32.xPack.m, Win32/Adware.EoRezo.E [NOD32], Adware-Eorezo [McAfee], Generic_r.FJ [AVG], Adware/Gaba [Fortinet], not-a-virus:AdWare.Win32.Gaba [Ikarus], Trojan.Win32.Generic.12C07F37, AdWare.Gaba.niz, Adware/Win32.Gaba [AhnLab-V3], AdWare/Gaba.ayv and Adware/Rogue.421888 [AntiVir].

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Smart Anti-Malware Protection infects a computer.

Smart Anti-Malware Protection Video

Smart Anti-Malware Protection Image 1 Smart Anti-Malware Protection Image 2 Smart Anti-Malware Protection Image 3 Smart Anti-Malware Protection Image 4 Smart Anti-Malware Protection Image 5 Smart Anti-Malware Protection Image 6

File System Details

Smart Anti-Malware Protection creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Microsoft\Windows\AdvService.exe 421,888 b8aa527c20fd1a6a40fb43d02ef66ab7 81
2 %TEMP%mama.exe 491,520 07a8a3dfe4e53f65dab43c5077028598 55
3 C:\MrtTool\MrtService.EXE 116,736 2d1d52bb1f634e62d9c5940c94a10530 20
4 %LOCALAPPDATA%\GameMill Entertaiment\tncsedbh.dll 796,400 e8fdc66b7e707239296d60645faebdcd 20
5 %APPDATA%AcroIEHelpe205.dll 198,200 fed1faf78e669054e49d80603c97b972 15
6 %PROGRAMFILES%\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe 552,960 0854e7fc7375175d3598815242e0f6aa 11
7 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\us.exe 137,216 76315677eb12c5d30ffb51b2d9fc8fd4 9
8 %LOCALAPPDATA%\WideSearch\wsearch.exe 1,327,104 64284646cfdd7615cab0afe15c74917c 8
9 %WINDIR%\system32\rpcnet.exe 1,092,608 99f6b8a83bb84cc5e4433b36ee13d343 5
10 %USERPROFILE%czu1sgadva.exe 20,936 03c10a9e81cccba3efc4c8bb97e82c2b 4
11 %SystemDrive%\Users\Elena Van Dyke\AppData\Local\Temp\firefox.dll 139,264 4a70c4880dd340c21d5e29e827c94b3c 4
12 %ALLUSERSPROFILE%\Application Data\d4855\SA454.exe 6,373,376 20decd92e59f465a85db3facde1999d6 3
13 %APPDATA%\Nbt\nbt.exe 696,320 c9412a7d818995b1b8136068cd7406de 3
14 %SystemDrive%\Users\Marjo\ttcbnzmo.exe 176,128 d979831f5137e3836c748c22ec319bfe 3
15 %USERPROFILE%\Desktop\uTorrent Serenity x8.exe 363,181 eeaed86e5b285dc8dc1e889a023a3123 2
16 %USERPROFILE%mqerhajyqbas.exe 87,040 89992c24991aebfa0d5f2f24c9680f9f 2
17 %PROGRAMFILES%\SelectRebates\SelectRebates.exe 874,058 ed9cbe1838f3bbcdfd0657d849f636ec 2
18 %PROGRAMFILES%\OApps\bho.dll 92,160 89206a62feded977cada91b410c9f671 2
19 %PROGRAMFILES%\Film X XX\Updating System Now.exe 1,795,934 745e4fd107823fba24d812ce5668887d 1
20 %APPDATA%53.exe 1,586,176 a683b2e63538f0934dde0216ddccb1d8 1
21 %SystemDrive%\RECYCLER\S-1-5-21-1390067357-73586283-1177238915-1003\$7d3c0486a89a76e96f2700e03114fd3c\n. 74,752 97843b9c3ceed27959f5a499cb39e532 1
22 %SystemDrive%\Documents and Settings\Garth\Application Data\kqpq.exe 450,560 8532e5e75a35b11256f3c01cbc7623ac 1
23 %CommonAppData%\79b35\SAa76.exe N/A
24 %UserProfile%\Recent\eb.dll N/A
25 %AppData%\Smart Anti-Malware Protection\ScanDisk_.exe N/A
26 %CommonAppData%\79b35\mozcrt19.dll N/A
27 %UserProfile%\Recent\ddv.exe N/A
28 %UserProfile%\Recent\PE.sys N/A
29 %CommonAppData%\79b35\sqlite3.dll N/A
30 %UserProfile%\Recent\ANTIGEN.exe N/A
31 %UserProfile%\Recent\kernel32.sys N/A
32 %CommonAppData%\79b35\SAMP.ico N/A
33 %StartMenu%\Smart Anti-Malware Protection.lnk N/A
34 %CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk N/A
35 %CommonAppData%\79b35\Quarantine Items\ N/A
36 %UserProfile%\Recent\CLSV.drv N/A
37 %AppData%\Microsoft\Internet Explorer\Quick Launch\Smart Anti-Malware Protection.lnk N/A
38 %AppData%\Smart Anti-Malware Protection\Instructions.ini N/A
39 %CommonAppData%\[RANDOM CHARACTERS]\ISG.ico N/A
40 %StartMenu%\Programs\Smart Anti-Malware Protection.lnk N/A
41 %CommonAppData%\79b35\BackUp\ N/A
42 %CommonAppData%\79b35\SAMPSys\ N/A
43 %CommonAppData%\SAPPKIDMP\SAQNMP.cfg N/A
44 %UserProfile%\Recent\SICKBOY.tmp N/A
45 %AppData%\Smart Anti-Malware Protection\cookies.sqlite N/A
46 %CommonAppData%\79b35\367.mof N/A
47 %CommonAppData%\79b35\ N/A
48 %Desktop%\Smart Anti-Malware Protection.lnk N/A
49 %CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk N/A
50 %CommonAppData%\SAPPKIDMP\ N/A
51 %UserProfile%\Recent\PE.drv N/A
52 %AppData%\Smart Anti-Malware Protection\ N/A

Registry Details

Smart Anti-Malware Protection creates the following registry entry or registry entries:
Directory
%AppData%\Smart Anti-Malware Protection
RegistryKey
HKEY_CLASSES_ROOT\SAaa1_7.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Anti-Malware Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" ="msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "88880584903"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Anti-Malware Protection" "%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe" /s /d
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Version/12.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... any many more Image File Execution Options entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe

More Details on Smart Anti-Malware Protection

The following messages associated with Smart Anti-Malware Protection were found:
Attention! xx infected files detected!
Scan Result: Your computer is infected!
Recommended: click “Remove All” button to erase all infected files and protect your PC
Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.
System Message
Your PC may still be infected with dangerous viruses. Malware Protection Center protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
Warning! Access conflict detected
An unidentified program is trying to access system process address space.
Warning! Identity theft attempt detected
Recommended: Please click "Remove All" button to erase all infected files and protect your PC.
Address space conflict
Warning! Spambot detected!
Attention! A spambot sending viruses to your e-mail contacts has been detected on your PC.
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.
Warning! Virus Detected
Threat Detected: Trojan-Spy.HTML.BankFraud.ra
Recommended: Please click “Remove All” button to erase all infected files and protect your PC.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.