Home » Knowledgebase » Spyware Removal

Smitfraud / VirusBursters Removal

Posted November 28th, 2006 by Chris

Hello everyone... this how-to has been mirror'd from BleepingComputer.com.

Good luck, and if you still can't get rid of it on your own, give me a call or send me an email.

Removal Instructions:

  1. Print out these instructions as we will need to close every window that is open later in the fix.
  2. Download SmitfraudFix.zip from here:

    SmitFraudFix.zip

    Confirm that the file SmitfraudFix.zip now resides on your desktop. The icon will look like the one below:

  3. Extract all of the files to your desktop. Instructions on how to extract files from a zip file can be found here:

    How to create and extract a Zip File in Windows ME/XP/2003

    How to create and extract a ZIP File in Windows 95/98/2000

    After you extract the zip file you should see an icon similar to the one below on your desktop.

  4. Next, please reboot your computer into Safe Mode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.
    5. When you are at the logon prompt, log in as the user your normally log in as.
  5. When your computer has started in safe mode and you see the desktop.

  6. Close all open Windows.
  7. Open the Smitfraudfix folder on your desktop and the contents of the folder will be similar to the image below.

    Double-click on the SmitfraudFix.cmd file, as shown in the image above, to start the removal process

  8. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
  9. You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

  10. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.

    This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.

  11. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
  12. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
  13. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.

Your computer should now be free of the SmitFraud infection.