cancel
Showing results for 
Search instead for 
Did you mean: 

Did Smitfraud-C cause this .??

N/A

Did Smitfraud-C cause this .??

HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
---------------------------------------------------------------------------------------------------

I had an occasion yesterday when I found that a password to a website had been cancelled as the site said it had been used too many times,including in Japan and Germany .I got it reset altho' I hadnt been responsible as I am the only person using the PC.
I found that using Spybot S+D several instances of Smitfraud-C but Spybot wasn't able to delete them so i printed out the log..
I went in to Regedit and found a load of folders( about 45) mainly with porn related url's under the above key and deleted them all.I ran Spybot again and they were definitely gone.
I take it that there is a connection betwen the two things.the password useage and the Smitfraud-C instance.
i also use Norton Ant-Virus Internet Security/AdAware/Spybot and Spyspotter.

tia
Stuart
1 REPLY
N/A

Did Smitfraud-C cause this .??

This one seems to be a Keylogger, used to steal banking details to commit online fraud, only a few AVs (eg Kaspersky and McAfee) can deal with it:- http://www.virusbtn.com/perlbin/vgr...aud.c&product=0

You can find more info in this thread:- http://www.geekstogo.com/forum/Troj...udc-t16219.html

and here:- http://vil.nai.com/vil/content/v_127728.htm

It might be worth doing an online scan with F-Secure, because it uses the KAV engine (whether it has the sig or not I don't know):- http://support.f-secure.com/enu/home/ols.shtml

Other than that you could try Ewido:- http://www.ewido.net/en/

Or it could be

Trojan-Spy.HTML.Smithfraud.c is a phishing attempt where a fake login screen is presented to user, in an attempt to collect user account information.

Note: There is also a spying trojan that installs a fake warning message on computer screen saying

A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) +
00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

This trojan has nothing to do with Trojan-Spy.HTML.Smitfraud.c. More information is available here:

Check this page to see if its what you have got and how to remove it

http://kb.winantivirus.com/index.php?do=view_question&id=283