These days many people run into this problem with new type of adware that will keep popping up warnings and notices (that look similar to the ones Windows OS has) that your computer is infected with trojans, malware, etc. And when you click any button, same web-site will pop-up telling you that you should buy Spy Away program to remove them. It will also disable your Task Manager access. Symantec Antivirus installed on my computer couldn’t prevent the infection.
I was also disturbed by them past weekend, but found the cure on the forums. The suggested method is to use SmitFraudFix tool (http://siri.urz.free.fr/Fix/SmitfraudFix.zip). I got cleaned my computer firstly by our security administrator, then I used SmitFraudFix, and finally I removed the application (don’t remember the name, but it tries to look like an AntiVirus Agent program) that was installed by this infection, I guess.
To use SmitFraudFix (as described here);
1. Extract the content (a folder named SmitfraudFix) to your Desktop.
2. Restart your computer in Safe Mode. (click F8 after memory check while starting)
3. Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 – Clean [type 2 and Enter]
4. You will be prompted: “Registry cleaning – Do you want to clean the registry?”; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
5. The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press “Enter”. (in my case it didn’t)
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
6. Restart in normal Windows.
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]
7. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
Also, in some other cases, people used ComboFix tool as discussed in anothertopic.
diractly i suggest nod 32 a.v.
Great and very useful information. Thanks