As a result of Internet Explorer being hijacked I now receive a whole series of pop-up advertisements when using Internet Explorer. Running Norton Anti-Virus and Anti-Spyware, together with Spybot Search & Destroy, detects and removes the spyware (Smitfraud-C. toolbar888), but the spyware returns when the computer is restarted. The same occurs when running the utilities through Safe Mode. When searching Google for a solution the only fix I found was to purchase the SpyHunter software which claims to scan and then fix the problem. Is there a way to resolve the problem without paying for specialised software?

Any software which allows you to scan the computer for free, but you must purchase the product to fix any detected problems, should always be treated with a large degree of suspicion. The risk with such products is they are generating false positives to make it seem like the computer has problems (such as a virus or spyware infection) when in fact nothing is wrong. While I am not implying that SpyHunter may engage in such activity, since I have never used this product, from the reviews I have read about this product on the internet there seems to be a large difference of opinion regarding the effectiveness of this product in removing threats from the computer. In any case, you should be able to remove the Smitfraud threat from the computer without having to pay for software, since there is quite a large amount of free help available.

First, there is a free tool available called SmitFraudFix which can scan the computer for the Smitfraud threat, and remove the infected files. Visit siri.geekstogo.com/SmitfraudFix.php to download the utility, and then carefully follow the instructions. I suggest that you print the instructions prior to commencing the procedure, since you will need to reboot the computer into Safe Mode for some of the procedure (and thus will not have access to the website for instruction during this time). Additionally, the instructions provided on the website only provide an overview of the process, so I will provide some more comprehensive step-by-step instructions which you can follow.

After you have downloaded the SmitFraudFix utility (SmitfraudFix.exe) locate the file on the computer and then double-click to open. This will open the utility within a Command Prompt window, as the program is a DOS program and not a Windows application. The utility may take a few seconds to load and it reads configuration data from the computer. Press any key to accept the startup message, and then press 1 and [ENTER] to search the computer for signs of the Smitfraud infection. A report named ?rapport.txt? of all the infected files will be created, and usually stored in the root of the computer drive (e.g. C:rapport.txt). Once the utility has finished scanning the report should appear on screen, or you can manually open the report by opening Windows Explorer or My Computer then going to your hard drive and double-clicking on the report file. The contents of the report may not make much sense to you, but don’t worry!

The next stage of the removal process involves SmitFraudFix reading the ?rapport.txt? file and cleaning any identified infections. This must be done through Windows Safe Mode, as some of the files which SmitFraudFix needs to remove may be running in Normal mode, and thus cannot be deleted. To boot into Safe Mode, restart the computer and just before the Windows splash (logo) screen appears start tapping the F8 key. In the menu that appears, select “Safe Mode” and press ENTER. If the menu does not appear, but instead Windows starts loading, you were too late on the F8 key. In this case, restart the computer and try your luck again!

Once Windows has loaded into Safe Mode, run the SmitFraudFix utility. In the menu, press 2 and [ENTER]. This will delete any infected files on the computer. You will notice that all processes and programs on the computer close during this procedure ? don’t worry, this is normal. Once the infected files have been deleted a message will appear asking “do you want to clean the registry”?. Press Y (for yes) and then [ENTER]. If the Windows wallpaper disappears this is normal, so you also don’t need to worry about this occurring. Finally, the utility will scan to check whether any system files (in particular, the ?wininet.dll?) are infected. If you are prompted to replace the infected file, press Y and then [ENTER] and the file will be replaced with a clean copy. Finally, restart the computer back into Normal mode to finish the cleaning process. You don’t need to do anything special to start Windows into Normal mode, just restart the computer and it will automatically boot back into Normal mode.

Once the computer has restarted, there are a few final things you should complete to make sure everything is reset to normal. Open Internet Explorer and go to the “Tools” menu > “Internet Options”. In the window that appears, click the “Programs” tab and click the “Reset Web Settings” button at the bottom of the window. Click “Yes” in the confirmation box. It may also be worthwhile completing another scan using the Norton products and Spybot to ensure that the treat has definitely been removed from the computer.

Be aware, this utility will detect which files are infected and subsequently delete those files. Likewise, the utility also has the ability to repair the Windows Registry from the infection. As always, when deleting files or changing the Windows Registry there is a chance that things could go awry, resulting in important files being deleted or the registry becoming corrupted, and you being unable to boot Windows. Therefore, before embarking on this procedure I strongly recommend that you complete a full backup of any important data or information that you wish to keep, just in case things go bad and you cannot boot Windows.