science animation games
The Knowledge Makers

Go to item :

.Home | Products | Subscribe | Downloads| Register | My Account    
|Site Map |FAQ | Announcement | Articles |About Us |Contact Us | Login |
MathematicsPhysics -  Heat, Light, atomic, General Chemistry - Physical,Analytical, Organic, Inorganic ChemistryBiology - Botany, Zoology, Microbiology,ImmunologyHuman Body system : Circulatory, Peripheral,Nervous,Mascular, sexual
Articles

Search Us with google:              Go back to articles list

 
Web www.goalfinder.com
 

   New User Register


   Login Member:
Email:
Password:

   Site Search
b
   Advance Search
 
Other animations
b

Science and tech animation catalog in flash Animation product List
b
    education animation online in flash Row view of animated science  Row format
    physics, chemistry, biology animation Grid format of education animation  Grid format
    educational animation link  List format of educational animation  List format



 

Revenge on the malware Smitfraud -C and Virtumonde - Amit K. Kulshreshtha    (June 2007)

 

malware, spyware, worm , smitfraud, virtumonde   adware, smitfraud, virtumonde, remove
  Symptoms of Smitfraud trojan and Virtumonde Spyware  
- Pop up Ads - shown by Smitfraud - C – urging you to buy PestCapture, WinAntivirus Pro 2007 - DO NOT click on these ads
- Browser behaves erratically
- Abrupt browser and windows explorer shut down
- Slowing down of applications
- Freezing of Applications or browsers
- Instability of operating system
- Unaccounted for Internet activity
- Regular requests for DLL installations ( if you have SpyBot Teatimer running)
malware, worm, trojan, smitfraud   worm, adware, spyware, virtumonde

malware, spyware, worm , smitfraud, virtumonde   adware, smitfraud, virtumonde, remove
  Pinpoint the source  
- Run SpyBot Search and destroy, it will bring them up in its window, click on the plus icon against each name for more information about Smitfraud -C and Virtumonde worms and the files and registry entries created by them.
smitfraud trojan and virtumonde spyware adware are malicious software
malware, worm, trojan, smitfraud   worm, adware, spyware, virtumonde

malware, spyware, worm , smitfraud, virtumonde   adware, smitfraud, virtumonde, remove
  Removing Smitfraud - c trojan and Virtumonde adware - What works!  

Removing Virtumonde

- Use Spbot to remove registry entries for virtumonde
- Files infected in Windows/ system32 folder are awvvv.dll and fccdaxu.dll, these CANNOT be deleted no matter how much you try (later we discovered many more were infected)
- Use Vundofix from Atribune - the only software that works 100% - instructions are there on the site, we are putting them here also - Download it from here
vundofix virtumonde spyware and trojan removal software
  • Double-click VundoFix.exe to run it.
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Scan again on reboot and remove

Removing Smitfraud - C

Many solutions are there on the net, none of them work except this
- Use Spybot to remove all registry entries of smitfraud-C
- files infected are rpcc.dll - this CANNOT be deleted / renamed no matter how much you try
- Shut down computer
- Insert Windows XP CD and Reboot from Windows XP CD
- Let it on load on all files and once it comes to the interface of installing or repairing windows - Choose repair ( press R)
- Type your administrator password
- In the command prompt use cd.. to go back the root
- Type cd windows
- Then type cd system32
- Then type del rpcc.dll
- Then type exit
- Windows will reboot normally
- Run Spybot again to remove registry entries note rpcc.dll does not show up.
- You might have to delete this registry entry once or twice till it clears from temp files -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc

malware, worm, trojan, smitfraud   worm, adware, spyware, virtumonde

malware, spyware, worm , smitfraud, virtumonde   adware, smitfraud, virtumonde, remove
  What did not work and tools you should have :  
- For virtumonde - Symantec cure FixVundo.exe did not work, it took two hours to scan all my disks and finally declared " No virtumonde found"
For virtumonde and smitfraud-c -- Deleting awvvv.dll and fccdaxu.dll or rpcc.dll ( smitfraud file) by deleting or renaming them in windows explorer,
or using command prompt and deleting them,
or starting windows in safe mode and deleting
or renaming them,
or closing all services and deleting them,
restarting windows in diagnostic mode and deleting them did not work ( same for smitfraud - c rpcc.dll)

- Smitfraud - c -
SmitRem by NoahdFear - trojan removal software did not work in our case as it could not find the files to be run in safe mode
SmitFraudFix - tool to remove Rogue applications installed with SmitFraud - did not clean - except that it started disc cleaning service, after failed cleaning operation, I stopped it coz it was taking too long.
killbox.exe : Was unable to delete the dll files
Tools you can use (For diagnosis and cleaning temporary files)
HijackThis 1.99.1 -
Great tool for finding spyware, virus, trojan, and other problems CCleaner- Free tool for removing temporary files, cookies, history, and cleaning up registry problems, only check install on desktop option, otherwise embeds itself everywhere
malware, worm, trojan, smitfraud   worm, adware, spyware, virtumonde

My Story :


I had been noticing that my home computer running Windows XP was getting a tad irritating to work on, it had been a good boy for last 1 year, performing like a workhorse but lately it seemed lazy and laid back, maybe age had caught up with it, I thought.

Internet explorer would frequently perform an error and close down with the comforting message flashing in my face; something like "This application has performed an error and will be shutdown, inform your friendly neighborhood B. Gates about it" , windows explorer would at times freeze, and turn white or blank - kind of a look that I frequently see on my Boss's face when I explain my ideas to him.

The buttons on the status bar would either hang or keep flashing in their fancy hot orange color no matter how much I clicked, and switching applications would take a long time, long enough for me to twiddle my thumbs or drum with fingertips on the table; it was becoming hard to constrain the animal in me to lash out at the screen. I was fast evolving into an application psychopath with CTRL + ALT + DELETE becoming my favorite weapon to kill everything that hang and froze. My SpyBot teatimer regularly pestered me with requests for DLL installation. The Sherlock Holmes in me put it down to few reasons

1) I had become more impatient - Ruled out, I had become a patient (nut case) but definitely not impatient, didn't I watch the defragmentation colors bars sorting themselves out so lovingly for 45 minutes. But Defragmenting the hard drive did not help much, yes some programs did speed up.

2) Computer had become slow - but Why? Even re-installing windows XP as an upgrade only marginally improved the performance

3) Virus attack - could be, but then what was AVG doing - making friends with it or what?

4) Malware - Yeah this could be , wait but which one ? There had been only an occasional ad embedded in internet explorer coaxing me to buy Windows Anti Virus.

What did I do to identify the sneaky pests ?

Spybot search and destroy malware, worms, trojans smitfraud and vertumonde

I wanted to put a name to these culprits so that I could research them on the internet. SpyBot 1.4 it was, first I updated and immunized it, then searched the root directory and lo and behold some exotic tongue twisters like Smitfraud and Virtumonde tumbled out of hidden lair. Great! now SpyBot could easily swat them Correct? Wrong, Spybot could only delete their registry entries. It could not delete some files and wanted me to restart it again on reboot, I did and even after the reboot, it could remove only the registry entries but not the dll.
smitfraud trojan and virtumonde spyware adware are malicious software

I tried a number of programs, including HijackThis, Trend's online virus scanner, Panda Software's online virus scanner, Symantec's FixVundo.exe and manual instructions but to no avail! Even SpyBot Search and Destroy's software, 1 occurrences of the VirtuMonde when actually there were 16.

So now was the time to swallow my pride as a self proclaimed computer genius and cry "HELP", and so I searched all over the net, downloaded solutions, studied forums, side tracked many websites offering a quick fix till finally I could find the right cocktail to banish these two to computer hell (they come from there anyway). I have up put a series of steps above and have given more stuff on these two below. Enjoy your killing!

More on VirtuMonde :


VirtuMonde was first reported in May of 2004. VirtuMonde is an adware program. Adware is a software that shows advertisements. It is resilient and widespread so much that three years later it is still infecting computers and that too with latest anti virus and spyware detection installed.

Virtumonde monitors your web browsing activities and then downloads and displays popup advertisements taking into account your surfing habits. VirtuMonde is a key logger and log every keystroke you type and also randomly displays advertisements. It will create a DLL (Dynamic Link Library) to record the keystrokes and send it to a parent site, putting ones personal and financial information at risk. VirtuMonde is also known as Virtumonde.C.

Virtumonde also attaches to explorer.exe, goes memory resident. If for some reason Virtumonde is stopped, the memory resident program will regenerate it.

Additionally, Virtumonde registers itself as LSP (Layered Service Provider), in order to harvest users' information about their connection, such as Internet usage, pages viewed, phone connection details, inventory of the applications installed in the computer.

Adware VirtuMonde also tries to reset your homepage inside your browser to some type of advertising page or portal. VirtuMonde then modifies the browser's code, trying to remove the 'General' tab in Internet Explorer to prevent you from reversing the changes.

In a nutshell
VirtuMonde is Adware or malware
VirtuMonde shows unsolicited advertisements
VirtuMonde may install with freeware or even spyware
VirtuMonde regenerates itself
VirtuMonde is difficult to uninstall
VirtuMonde monitors all searches and visited links.

More on Trojan Smitfraud


It is a Malware ("malicious software") and endangers the security of  individual PCs and networks. Smitfraud is a Trojan and is installed under deceptive pretenses without the user's full knowledge and consent. Smitfraud downloads rogue security products and changes the user's desktop to display false warnings that the computer is infected with spyware in order to frighten the user into paying for the program.

Smitfraud shows excessive pop-up messages, the creator of each popup is an affiliate, so each time an unsuspecting user purchases the advertised program in hope of removing the Trojan, the person behind the attack gets paid.

Smitfraud puts up ads for purchasing anti-spyware software, such as Adware Delete, PS Guard, AntivirusGold or Spy Sheriff, that supposedly detects adware on your computer but in turn are a malicious spying software. Furthermore, Smitfraud replaces some Windows critical components with own infected files. Smitfraud is a malicious spyware and may cause serious system instability issues.

This program installs itself through the Internet and creates new desktop wallpaper. This wallpaper looks like a Windows 98 / 2000 / XP blue screen and contains a warning that the computer is infected with viruses, that one should download run a virus scanner and that the computer wouldn't work in normal mode. In addition to this one gets a desktop icon leading to a pretended anti virus application named PS Guard. Scanning the computer with this software will return a virus found (that was installed by this software itself). In order to remove this virus one has to download the full and paid version.  

Another unpleasant effect of Smitfraud-C. is that some configuration options in the Control Panel will no longer be available. This way it stops the user from changing the wallpaper and forces him to keep the blue screen. Overall Smitfraud-C is a very sneaky software trying to sell PS Guard by frightening less experienced users.

 

What do malware do ?


Slow down computer : If your PC takes longer than usual to reboot or if your Internet connection is unusually slow, think malware

Add new desktop shortcuts or homepages: Malware can add new desktop shortcuts. Malware can redirect your default homepage to another web site.

Continuous pop ups : Offline or online Malware bombardment of popup ads continue . Malware track your financial and personal information.

 

A brief look at Malware / Spyware / Adware / Worm / Trojans


Adware is software designed to promote advertisements. Adware acts without your authorization or knowledge. Often, free utilities may install hidden adware, sometimes to earn money for the author to recover development costs. While adware is not always malicious, it can track your Internet activity and send this and other personal information from your computer to advertisers. When advertisers get this information, you may be a target for pop-up/pop-under advertisements, web browser toolbars, and spam.

Some adware may also fall under the category of spyware. Spyware or Trojan  is any software or malware (”malicious software”) used to spy or track your computer activity. While some spyware is legitimately and intentionally installed by parents or employers to monitor Internet activity on a computer, spyware may be installed maliciously. Often spyware may come bundled with downloads of free software or come in the form of a cookie via a web site, and this spyware may track your Internet activity or may steal secret account usernames and passwords, credit card numbers, and other personal and financial information. They may also open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware.
Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior. They may also severely degrade the performance and stability of your computer

 

How can you get Infected with VirtuMonde / Smitfraud?

Web browser’s security settings may be set much too low,
You may not follow safe web browsing and email habits
You may not be regularly using a good anti-spyware application.
You might be downloading and installing Freeware or Shareware or Peer-to-Peer Software.
You might be visiting a web site that’s of questionable nature, fishy and phishy websites are swarming with Trojans, spyware, and adware, that may be automatically downloaded and installed onto your computer.


 
Home | Products | Subscribe | Downloads |Register | My Account |
Site Map
| FAQ | Articles | Announcements |About Us | Contact Us | Login |
Copyright ©2007 Goalfinder.com All rights reserved. Copyright | License | Privacy policy | Contact us |