DriveCleaner - why?

Browntoa

no, you should be able to run both in safe mode ??

try this first

http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/81/

How to remove Smitfraud Trojans

Credits: S!Ri

You can download the "Plain Text Smitfraud Instructions" by right-clicking the attachment at the foot of this page and choosing "Save as" or "Save link as" depending on your browser.


Download SmitfraudFix by S!Ri from either of these mirrors to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
http://siri.geekstogo.com/SmitfraudFix.zip

Right click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd




Select option #1 - Search by typing 1 and press "Enter".




A text file will appear
Save this report somewhere convenient


After saving the Option 1 log file, please restart your computer in Safe Mode by doing the following:


Once in Safe Mode, open the SmitfraudFix folder on your desktop and double-click smitfraudfix.cmd again.

Select option #2 - Clean by typing 2 and pressing "Enter" to delete the infected files.

You will then receive the following prompt:

"Registry cleaning - Do you want to clean the registry ? (y/n)"

Type Y for yes and press "Enter" to remove the Desktop background and clean the associated registry keys for this infection.

The tool will then check if the file wininet.dll is infected.

You may be prompted to replace the infected file with another copy from your machine (if found):

"Replace infected file ? (y/n)"

Type Y for yes and press "Enter" to restore a clean copy of the file on your machine.

Restart your computer to complete the removal process.

A log file of the fix can be found at the root of your system drive, usually at C:\rapport.txt

andyrules

browntoa thank you for being patient. I got as far as registry cleaning, but when I clicked y/enter a message came up saying administrator cant open registry (or something similar). btw, I ran the avg spyware on ordinary anyway, but did no good! the bl**y drivecleaner thing is still there!
cheers

Browntoa

I take it you have an adminstrator user profile ??

try logging on to the admin user that appears when you log on to safe mode

andyrules

Good evening Browntoa

I've just logged onto safemode using administrator, and the smitfraud folder isn't on the desktp! I checked back in ordinary mode and tried to copy it across, but it won't work. How can I get the folder there? It's there when I log on as homeuser, but administrator won't let me proceed.
Thank you

Browntoa

save te file to a location you know , my documents or soemthing, then navigate to the file to run it

can you run spybot or anything from Admin ??

andyrules

I'm not sure if spybot was there, I'll check when I go to safemode. Do i have to shut down for 30 secs every time I use safemode? Can I open my docs from safemode then?

Browntoa

yes, you can navigate like normal but you cannot access the internet etc

no need to wait 30 seconds

andyrules

Do I need to unplug? the plug is only JUST in my reach behind the desk!!

Browntoa

no need to unplug

andyrules

Well, I got as far as clean registry again, no admin message so I did that right (!) but then after I clicked enter nothing happened. It seemed like everything froze. Shut down and started again, still wouldn't do it. I did get a strange little window saying it was checking for space on c drive, but i got rid of that. I'm following these instructions really carefully. Can you help any more browntoa? please? btw spybot wasn't on desktop, avg was. i think i saw spybot somewhere whilst i was looking for the smitfraud.