internetinspiration logo
             
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
Roguefix

Plague of the rogue scanners
Antispyzone, AntiVirGear, AntispyStorm, SpyLocked, SpywareLocked, Security toolbar, Surf sidekick, TitanShield Antispyware, TrustCleaner, VirusProtectPro, WebSpyShield, XP antivirus and many others ....

. Roguefix detection and removal script to clean computers with the Windows XP operating system that are infected with fake security warnings from a family of rogue scanners, Desktop/Homepage hijackers, their installing/accompanying trojans and 'partner' programs.

If you do not want or need the information about the infection and just want to go straight to the removal tool Click Here

These infections have acquired a generic term of smitfraud. In fact, its only connection with the Smitfraud infection (a phishing trojan that attempts to steal passwords of Smith Barney financial company clients) is one of the early variants gave a fake warning that the PC was infected with the smitfraud trojan. Despite there being many variants released since, each giving a different fake warning, the name smitfraud appears to have stuck.

This tool will scan for,
Rogue
scanners
Desktop/Homepage
Hijackers
Trojans
Codec's
Accompanying
Malware
AdwareDelete
Adwarepunisher
adwaresheriff
Alphacleaner
Anti-Leech
AntispyStorm
AntiSpywareBot
AntispywareSoldier
AntiSpywareSuite
Antispyzone
AntiVermeans
AntiVerminser
AntiVermins
AntiVerminsPro
AntiVirGear
Antivirus Gold
Antivirus Golden
AntiVirusPCSuite
AntiWorm2008
BraveSentry
BreakSpyware
ContraVirus
ErrorSafe
Error Safe Free
ExpertAntivirus
MalwareAlarm
MalwareStopper
Malwarewipe
MalwareWiped
malwarewipeds
MalwareWipePro
Malwarewiper
MrAntispy
PCTurboPro
PestCapture
PestTrap
popupwall
PrivacyKit
PrivacyProtectorFree
Protection Bar
RegistryCleaner
RegistryCleanerXP
RemedyAntispy
Safety Bar
SecureMYpc
security toolbar
searchspy
SpyAway
spyaxe
SpyBrowser
SpyCrush
SpyDawn
Spyfalcon
Spyguard
SpyHeal
SpyHealer
SpyHeals
spykiller
SpyLax
SpyLocked
Spy officer
SpyQuake2
Spysheriff
Spy-Shield
SpyShield
SpyShield Demo
SpyShredder
Spyspotter
Spywareaxe
SpywareBot
SpywareHeal
SpywareLocked
SpywareStrike
SpywareSoftstop
SpywareQuake
spywarewall
Spyware Wizard
SystemDoctor 2006
TitanShield Antispyware
Trust Cleaner
Trustin bar
Ultimate Defender
virusblast
VirusBlasters
Virusburst
Virusburster
Virusbursters
Virus-bursters
VirusLocker
VirusProtectPro
VirusRescue
WebSpyShield
XP antivirus
alloversafety.com
antispylab
antispynet
antispywarebox
asafetyproject.com
asecuritydesktop
bestsecurityguide.com
bestsafetyguide.net
dns404.net (404 errors)
guarduptodate.com
needupdate.com
onlinesecurityguard.net
Onlinesecurityworld.com
onlinestability.com
perfectedsecurity
privacy_danger
securitycaution.com
safetydefender.com
www.security-look.cc
safetyuptodate.com
securitybulletin
securityfeature.com
securitysafeguards.net
Security Troubleshootin
syserrors.com
www.syssecuritysite.com
systemwarning.com
www.theguardservices.com
topantispyware
topsecuritysite.com
updatescenter.com
updatesearches.com
updateyoursystem.com
Windowssecuritycenter.com
yoursystemupdate.com
Agent.yf
Alemod
Bizves
Cimuz
DcomSrv
Delf
dflnl
DHIJACK
Dloadr-DM
DNSCHANGER
EMediaCodec
Fake-Alert
FAKEALE
Fakespy
Fakevir
Favadd
flush
harnig
lowzones
loxoscam
newdial
Nsaq
proxy fz
puper
small
Startpage
Spywad
Vixup
Win32.Renos
Win32.VB.vc
Zlob
AviCodecEX
Brain Codec
Codec Pack - All In 1
DVDCodec
eCodec
elitecodec
emediacodec
FreeVideo
Gold Codec
icodecpack
Image ActiveX Object
HQ_codec
HQvideoCodec
icodecpack
image access activex object
image ax object
IntCodec
IVideoCodec
JPEG Encoder
KeyCodec
Key Generator
media-codec
MMediaCodec
mpvideocodec
NewMediaCodec
online video add-on
Pcodec
Perfect Codec
powercodec
QualityCodec
Silver Codec
Softcodec
StrCodec
Super Codec
sv-codec
svideocodec
TrueCodec
VAX codec
vcodec
vidcodecs
Video Access ActiveX Object
Video ActiveX Object
Video AX Object
VideoBox
VideoCompressionCodec
video icodec
VideoKeyCodec
VideosCodec
WinMediaCodec
XXXAccess
xxxVideo Access ActiveX Object
zipcodec
Adbreak
AzeSearch
BestOffersNetworks
Browserad(TX-4)
Crystalys Media
Daily Weather Forecast
DigiKeygen
digipass
DollarRevenue
IEhelper
iwatchnow
Locksky(worm)
Need2find
Netpumper
Oemji toolbar
MediaTickets
My Pass Generator
Perflog (keylogger)
PornMagPass
mirrarsearch
moneygainer
Search Maid
surf sidekick
Virtual Maid

Examples of the fake warnings generated-
These can be in the form of a balloon from an icon near the clock, an alert box, your Internet Explorer home page or your desktop background. They can have the appearance of being from the Windows Security Centre or the Windows operating system and claim your PC is infected with any of the following.

  • System Performance monitor: Warning
  • Critical system error
  • Adware.W32.ExpDwnldr
  • PSW.x-Vir trojan
  • Trojan.W32.Looksky detected on you machine
  • trojan-spy.win32@mx
  • Spyware.CyberLog-X
  • iworm_attck_v122.02a
  • Trojan TJ/BZ
  • Trojan.Virus.Z.32.exe
  • C:\windows\system\keylogger.exe#CR#
  • W32sinika.A
  • OHPE ver.4.12_23/
  • Trojan-Spy.HTML.Smitfraud.c
  • W32Myzor.FK@yf
  • Networm-i.Virus@fp
  • spy-win32@mx
  • Internet attack attempt detected...
  • Credit card hijacking attempt detected...
  • DETECTED SPYWARE! SYSTEM ERROR #384
  • Alert: You are receiving spam!
  • Danger! Spyware activity detected on your computer...
  • Warning! Your computer is not protected against spyware...
  • Your data is being transmitted to another computer...
  • Warning: Your security and privacy are at risk!
  • Danger: Potential spyware operation!'
  • Somebody's trying to gain access to your PC using DATA MINER program.
  • Your computer is working slowly!'
  • System alert:'
  • Windows had detected spyware infection
  • Alert! A minimum of 7 spyware entries found
  • The page you are looking for is blocked by spyware
  • Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).
  • "Microsoft windows - security alert", "SERIOUS SECURITY VULNERABILITY HAS BEEN FOUND!".


  • These trojans sneak into your computer by-
  • WMF exploit. An image vulnerability in un-patched Windows systems


  • Codec. Codecs usually for Windows Media player to allow a short movie clip.

  • DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed


  • Java exploit. A vulnerability in out dated versions of Java software.


  • Visiting cool web search web sites


  • P2P file sharing programs


  • Deceptive advertisements and Sponsored ads displayed on Search engine results.


  • Other side effects may include
  • Windows features disabled.
  • Security settings lowered or disabled.
  • Pop ups for sub-standard security products, gambling or Adult websites


  • .

    Notice
    It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive images claiming them to be of people who expose his plagiarism.
    He displays ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted.

    To clean an infected computer (Windows XP only)

    1)Download Roguefix.bat from HEREand save it to your desktop.
    (Click Saveon the 'File download' box, then select Desktopin the box marked Save in)
    This tool is regularly updated, current version 2.98(updated 18th October 07)

    Note -Some users are reporting seeing a text page as opposed to the download box when using this link, (particularly with Firefox browser) if this happens to you, try one of the following -
    -Click your browsers back button and try again,
    -Use different browser e.g. Internet Explorer,
    -Right click the 'download link, select Save Asfrom the drop down list and Save to your desktop.

    2)A new feature of the Zlob trojans seen with the Antivirgearvariant is that it hooks into the Layered service Provider (LSP), this requires a special tool to repair as improper removal can cause problems with connecting to the internet, download LSPFix.exefrom here http://cexx.org/lspfix.htmand save it to your desktop to use if prompted by Roguefix

    3)A disk and registry cleaner, I recommend either of the applications below-
    Ccleaner, A variety of free cleaning utilities
    Ace Utilities, a comprehensive disk and registry cleaner. (Free trial)


    Removal procedure

    a)Set Windows to 'Show hidden files and folders How to.

    b)Restart your PC in Safe Mode How to.

    c)Double click on the roguefix.baticon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be given the option of resetting your Desktop background and your Homepage back to the Windows default settings.

    d)If prompted, remove laf1.dll(note, the number 1 could be any number between 1 and 5) with LSPfix by highlighting the item in the left panel, use the >>button to move it into the right panel and click the Finish button.
    DO NOT SELECT ANY OTHER ENTRY FOR REMOVAL



    Close LSPFix to allow Roguefix to continue and complete its functions.

    e)Restart your PC in 'normally' (not in safe mode).

    To complete the clean up of your pc, run the registry cleaner you downloaded earlier, and whilst Roguefix targets the Rogue scanners and their installing trojans, it is likely other malware will present in your system, download, update and run one of the following-
    AVG Anti-spyware, a free version is available.
    Superantispyware, a free version is available.

    And run one of the following online scans-
    Panda Active scan
    Trendmicro

    To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update

    The Nextbutton will take you to our Clean up after a malware infectionpage.

    You are welcome to send comments. Feedback@internetinspiration.co.uk
    Still having problems after this clean up process?


    Roguefix is protected against Piracy for profit or reputation by Intellectual property rights and privileges.
    Copying, in full or part and unauthorised distribution is strictly prohibited.


    If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security

Information

E-mail

Viruses

hackers, crackers & firewalls

Trojans

Spyware

Keyloggers

Cookies

BHO's & Hijackers

Drive by downloads

diallers

Scams & Hoaxes

Hijack this-
automatic analysis


Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings


Kill E2Give

Kill MySearch

Kill Sdbot-ADD / lockx.exe

Kill seeve.exe / mediamotors pop ups

Kill Winfixer2005

Kill SysProtect

News/Articles

New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favourites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.