Privacy & Security
Roguefix
Plague of the rogue scanners
Antispyzone, AntiVirGear, AntispyStorm, SpyLocked, SpywareLocked, Security toolbar, Surf sidekick, TitanShield Antispyware, TrustCleaner, VirusProtectPro, WebSpyShield, XP antivirus and many others ..... Roguefix detection and removal script to clean computers with the Windows XP operating system that are infected with fake security warnings from a family of rogue scanners, Desktop/Homepage hijackers, their installing/accompanying trojans and 'partner' programs.
If you do not want or need the information about the infection and just want to go straight to the removal tool Click Here
These infections have acquired a generic term of smitfraud. In fact, its only connection with the Smitfraud infection (a phishing trojan that attempts to steal passwords of Smith Barney financial company clients) is one of the early variants gave a fake warning that the PC was infected with the smitfraud trojan. Despite there being many variants released since, each giving a different fake warning, the name smitfraud appears to have stuck.
This tool will scan for,
Rogue
scanners |
Desktop/Homepage
Hijackers |
Trojans
|
Codec's
|
Accompanying
Malware |
AdwareDelete
Adwarepunisher
adwaresheriff
Alphacleaner
Anti-Leech
AntispyStorm
AntiSpywareBot
AntispywareSoldier
AntiSpywareSuite
Antispyzone
AntiVermeans
AntiVerminser
AntiVermins
AntiVerminsPro
AntiVirGear
Antivirus Gold
Antivirus Golden
AntiVirusPCSuite
AntiWorm2008
BraveSentry
BreakSpyware
ContraVirus
ErrorSafe
Error Safe Free
ExpertAntivirus
MalwareAlarm
MalwareStopper
Malwarewipe
MalwareWiped
malwarewipeds
MalwareWipePro
Malwarewiper
MrAntispy
PCTurboPro
PestCapture
PestTrap
popupwall
PrivacyKit
PrivacyProtectorFree
Protection Bar
RegistryCleaner
RegistryCleanerXP
RemedyAntispy
Safety Bar
SecureMYpc
security toolbar
searchspy
SpyAway
spyaxe
SpyBrowser
SpyCrush
SpyDawn
Spyfalcon
Spyguard
SpyHeal
SpyHealer
SpyHeals
spykiller
SpyLax
SpyLocked
Spy officer
SpyQuake2
Spysheriff
Spy-Shield
SpyShield
SpyShield Demo
SpyShredder
Spyspotter
Spywareaxe
SpywareBot
SpywareHeal
SpywareLocked
SpywareStrike
SpywareSoftstop
SpywareQuake
spywarewall
Spyware Wizard
SystemDoctor 2006
TitanShield Antispyware
Trust Cleaner
Trustin bar
Ultimate Defender
virusblast
VirusBlasters
Virusburst
Virusburster
Virusbursters
Virus-bursters
VirusLocker
VirusProtectPro
VirusRescue
WebSpyShield
XP antivirus |
alloversafety.com
antispylab
antispynet
antispywarebox
asafetyproject.com
asecuritydesktop
bestsecurityguide.com
bestsafetyguide.net
dns404.net (404 errors)
guarduptodate.com
needupdate.com
onlinesecurityguard.net
Onlinesecurityworld.com
onlinestability.com
perfectedsecurity
privacy_danger
securitycaution.com
safetydefender.com
www.security-look.cc
safetyuptodate.com
securitybulletin
securityfeature.com
securitysafeguards.net
Security Troubleshootin
syserrors.com
www.syssecuritysite.com
systemwarning.com
www.theguardservices.com
topantispyware
topsecuritysite.com
updatescenter.com
updatesearches.com
updateyoursystem.com
Windowssecuritycenter.com
yoursystemupdate.com |
Agent.yf
Alemod
Bizves
Cimuz
DcomSrv
Delf
dflnl
DHIJACK
Dloadr-DM
DNSCHANGER
EMediaCodec
Fake-Alert
FAKEALE
Fakespy
Fakevir
Favadd
flush
harnig
lowzones
loxoscam
newdial
Nsaq
proxy fz
puper
small
Startpage
Spywad
Vixup
Win32.Renos
Win32.VB.vc
Zlob |
AviCodecEX
Brain Codec
Codec Pack - All In 1
DVDCodec
eCodec
elitecodec
emediacodec
FreeVideo
Gold Codec
icodecpack
Image ActiveX Object
HQ_codec
HQvideoCodec
icodecpack
image access activex object
image ax object
IntCodec
IVideoCodec
JPEG Encoder
KeyCodec
Key Generator
media-codec
MMediaCodec
mpvideocodec
NewMediaCodec
online video add-on
Pcodec
Perfect Codec
powercodec
QualityCodec
Silver Codec
Softcodec
StrCodec
Super Codec
sv-codec
svideocodec
TrueCodec
VAX codec
vcodec
vidcodecs
Video Access ActiveX Object
Video ActiveX Object
Video AX Object
VideoBox
VideoCompressionCodec
video icodec
VideoKeyCodec
VideosCodec
WinMediaCodec
XXXAccess
xxxVideo Access ActiveX Object
zipcodec
|
Adbreak
AzeSearch
BestOffersNetworks
Browserad(TX-4)
Crystalys Media
Daily Weather Forecast
DigiKeygen
digipass
DollarRevenue
IEhelper
iwatchnow
Locksky(worm)
Need2find
Netpumper
Oemji toolbar
MediaTickets
My Pass Generator
Perflog (keylogger)
PornMagPass
mirrarsearch
moneygainer
Search Maid
surf sidekick
Virtual Maid |
Examples of the fake warnings generated-
These can be in the form of a balloon from an icon near the clock, an alert box, your Internet Explorer home page or your desktop background. They can have the appearance of being from the Windows Security Centre or the Windows operating system and claim your PC is infected with any of the following.
- System Performance monitor: Warning
- Critical system error
- Adware.W32.ExpDwnldr
- PSW.x-Vir trojan
- Trojan.W32.Looksky detected on you machine
- trojan-spy.win32@mx
- Spyware.CyberLog-X
- iworm_attck_v122.02a
- Trojan TJ/BZ
- Trojan.Virus.Z.32.exe
- C:\windows\system\keylogger.exe#CR#
- W32sinika.A
- OHPE ver.4.12_23/
- Trojan-Spy.HTML.Smitfraud.c
- W32Myzor.FK@yf
- Networm-i.Virus@fp
- spy-win32@mx
- Internet attack attempt detected...
- Credit card hijacking attempt detected...
- DETECTED SPYWARE! SYSTEM ERROR #384
- Alert: You are receiving spam!
- Danger! Spyware activity detected on your computer...
- Warning! Your computer is not protected against spyware...
- Your data is being transmitted to another computer...
- Warning: Your security and privacy are at risk!
- Danger: Potential spyware operation!'
- Somebody's trying to gain access to your PC using DATA MINER program.
- Your computer is working slowly!'
- System alert:'
- Windows had detected spyware infection
- Alert! A minimum of 7 spyware entries found
- The page you are looking for is blocked by spyware
- Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).
- "Microsoft windows - security alert", "SERIOUS SECURITY VULNERABILITY HAS BEEN FOUND!".
These trojans sneak into your computer by-
- WMF exploit. An image vulnerability in un-patched Windows systems
- Codec. Codecs usually for Windows Media player to allow a short movie clip.
- DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed
- Java exploit. A vulnerability in out dated versions of Java software.
- Visiting cool web search web sites
- P2P file sharing programs
- Deceptive advertisements and Sponsored ads displayed on Search engine results.
Other side effects may include
- Windows features disabled.
- Security settings lowered or disabled.
- Pop ups for sub-standard security products, gambling or Adult websites
.
Notice
It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive images claiming them to be of people who expose his plagiarism.
He displays ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted.
|
To clean an infected computer (Windows XP only)1)Download Roguefix.bat from HEREand save it to your desktop.
(Click Saveon the 'File download' box, then select Desktopin the box marked Save in)
This tool is regularly updated, current version 2.98(updated 18th October 07)
Note -Some users are reporting seeing a text page as opposed to the download box when using this link, (particularly with Firefox browser) if this happens to you, try one of the following -
-Click your browsers back button and try again,
-Use different browser e.g. Internet Explorer,
-Right click the 'download link, select Save Asfrom the drop down list and Save to your desktop.
2)A new feature of the Zlob trojans seen with the Antivirgearvariant is that it hooks into the Layered service Provider (LSP), this requires a special tool to repair as improper removal can cause problems with connecting to the internet, download LSPFix.exefrom here http://cexx.org/lspfix.htmand save it to your desktop to use if prompted by Roguefix
3)A disk and registry cleaner, I recommend either of the applications below-
Ccleaner, A variety of free cleaning utilities
Ace Utilities, a comprehensive disk and registry cleaner. (Free trial)
Removal procedure
a)Set Windows to 'Show hidden files and folders How to.
b)Restart your PC in Safe Mode How to.
c)Double click on the roguefix.baticon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be given the option of resetting your Desktop background and your Homepage back to the Windows default settings.
 d)If prompted, remove laf1.dll(note, the number 1 could be any number between 1 and 5) with LSPfix by highlighting the item in the left panel, use the >>button to move it into the right panel and click the Finish button.
DO NOT SELECT ANY OTHER ENTRY FOR REMOVAL
 
Close LSPFix to allow Roguefix to continue and complete its functions.
e)Restart your PC in 'normally' (not in safe mode).
To complete the clean up of your pc, run the registry cleaner you downloaded earlier, and whilst Roguefix targets the Rogue scanners and their installing trojans, it is likely other malware will present in your system, download, update and run one of the following-
AVG Anti-spyware, a free version is available.
Superantispyware, a free version is available.
And run one of the following online scans-
Panda Active scan
Trendmicro
To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update
The Nextbutton will take you to our Clean up after a malware infectionpage.
You are welcome to send comments. Feedback@internetinspiration.co.uk
Still having problems after this clean up process?
Roguefix is protected against Piracy for profit or reputation by Intellectual property rights and privileges.
Copying, in full or part and unauthorised distribution is strictly prohibited.
If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
|
Privacy & Security
Information
E-mail
Viruses
hackers, crackers & firewalls
Trojans
Spyware
Keyloggers
Cookies
BHO's & Hijackers
Drive by downloads
diallers
Scams & Hoaxes
Hijack this-
automatic analysis
Free pest scan
Unwanted processes
How to-Tutorials
Clean up/repair after malware infection
Prevent malware installing
Install Hijackthis
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
Kill E2Give
Kill MySearch
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
Kill Winfixer2005
Kill SysProtect
News/Articles
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software
|