This post is pretty out of date, so I wouldn't use it now. SmitFraudFix is still around and updating, so you can still use that. Ewido got bought by AVG and was renamed AVG Antispyware, but it's mostly useless now. Most good antispyware programs will remove this now anyways.
If you have been getting a warning that says you have spyware or a virus from a pop up by the clock, then you have what is called Smitfraud. Your homepage is also likely to have changed to one that says spyware has been detected and you can't change it to what you want it to be. Maybe a new program called SpywareSheriff, SpywareQuake, SpyFalcon, or something you have not heard of before is now on your computer. If you have the following warning on your computer, then you are a victim of spyware. Here are a few other pictures of the desktopwarning and older pop up balloon.
Do not buy anything from the warnings on your computer because they are from the same people who put the spyware on your computer. This warning along with the fake alert on your homepage are just ways to trick you into buying something from the ones who put the spyware on your computer. All of the warnings on the page are either made up and not true, The easy and free way to get rid of this is to follow the removal instructions below.
There is a tool called SmitFraudFix that does most of the work for you. This tool is created by S!ri and is free to use. Yes, there is an exclamation mark in his name.
- Download SmitFraudFix from S!ri's website
- Download Ewido Anti-Spyware
- Read the instructions and make notes or print this page.
- Once you begin to use the fix, close all programs including Internet Explorer
Once you have downloaded both programs, find the SmitFraudFix file you just downloaded. It is a zip file, so you will need to extract it. For Windows XP, simply click the folder to open it. Once the zip folder has been opened, look to the left side of your screen and select "Extract All Files". You will be asked a few questions and then the files will be moved to a folder where you told XP to move it. If you have Winzip, then it will open when you click the SmitfraudFix file. Follow the instructions Winzip displays. If are not using XP, then you will need Winzip to open SmitFraudFix.
Before running SmitFraudFix, you will want to install Ewido Anti-Spyware. Once it is installed, open the program and check for updates. After Ewido is done updating, close the program for now. You will use it later.
To completely fix your computer, you will need to restart the computer into what is called Safe Mode. When you are in safe mode, you will not have access to the Internet. If you haven't already, copy or print these instructions so you have a guide to look at. To restart in Safe Mode, do the following:
- Restart your computer
- After hearing your computer beep once during start up, but before the Windows icon appears, press F8
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode
Once you are in Safe Mode, find where you extracted SmitFraudFix to. Open the folder and click on the SmitFraudFix.cmd icon. A window will open with a blue background and several choices. To clean your computer, type the number 2 and then enter. Your desktop will disappear except for the blue SmitFraudFix window. After a short period of time, you will be asked if you want to clean the registry. Select yes by typing Y and then hit enter. If you are asked if you want to replace the wininet.dll, choose yes to replace it.
SmitFraudFix will tell you when it is done and ask if you want to run the disk clean up utility. Please allow it to run. It may take a long time to finish and it may appear that it is doing nothing. It could take an hour to finish. The spyware that you have leaves many bad files in your temp directories which need to be deleted. When the clean up utility is done, delete all the files it finds. The files are safe to delete because they are temporary and some are bad files from the spyware. Close SmitFraudFix when you are done by entering Q in the options and hit enter to close it.
Once you are finished with SmitfraudFix, open Ewido and run a scan. You should still be in safe mode when doing this. When Ewido detects a malware infection, allow Ewido to remove it. When Ewido is finished, you should be free of your spyware problems. Restart the computer the way you normally do and you may see your desktop background is gone. All you need to do is select whatever wallpaper you were using before being infected to get back to normal.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
If this spyware caused you too much of your time and you would like to complain, please visit Malware Complaints. There are different sections for many counties. Find you country and then look for what the name of the spyware you had was. The spyware you just cleaned is called by many names such as SpyAxe, SpyFalcon, SpywareQuake, WinHound, Malware Wipe, or Pest Trap. If you don't know, then use the one called SmitFraud. Posting a complaint can help to stop spyware like this if enough people do it.
The above will work on removing VirusBurst, VirusRescue, SpyFalcon, SpywareQuake, SpyAxe, MalwareWipe, Pest Trap, WinHound, AntiVirusGold, SpywareSheriff, SpySheriff, and several others. This method will remove all of the known version that use the fake warning above the clock, but it isn't a cure for every type of spyware. So keep that in mind if you are trying this and you don't have any of the above programs or the warning by the clock.