Showing results for 
Search instead for 
Did you mean: 

Did Smitfraud-C cause this .??


Did Smitfraud-C cause this .??

HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

I had an occasion yesterday when I found that a password to a website had been cancelled as the site said it had been used too many times,including in Japan and Germany .I got it reset altho' I hadnt been responsible as I am the only person using the PC.
I found that using Spybot S+D several instances of Smitfraud-C but Spybot wasn't able to delete them so i printed out the log..
I went in to Regedit and found a load of folders( about 45) mainly with porn related url's under the above key and deleted them all.I ran Spybot again and they were definitely gone.
I take it that there is a connection betwen the two things.the password useage and the Smitfraud-C instance.
i also use Norton Ant-Virus Internet Security/AdAware/Spybot and Spyspotter.


Did Smitfraud-C cause this .??

This one seems to be a Keylogger, used to steal banking details to commit online fraud, only a few AVs (eg Kaspersky and McAfee) can deal with it:-

You can find more info in this thread:-

and here:-

It might be worth doing an online scan with F-Secure, because it uses the KAV engine (whether it has the sig or not I don't know):-

Other than that you could try Ewido:-

Or it could be

Trojan-Spy.HTML.Smithfraud.c is a phishing attempt where a fake login screen is presented to user, in an attempt to collect user account information.

Note: There is also a spying trojan that installs a fake warning message on computer screen saying

A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) +
00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

This trojan has nothing to do with Trojan-Spy.HTML.Smitfraud.c. More information is available here:

Check this page to see if its what you have got and how to remove it