Privacy & Security. Roguefix detection and removal script to clean computers with the Windows XP operating system that are infected with fake security warnings from a family of rogue scanners, Desktop/Homepage hijackers, their installing/accompanying trojans and 'partner' programs.
Plague of the rogue scanners
Antispyzone, AntiVirGear, AntispyStorm, SpyLocked, SpywareLocked, Security toolbar, Surf sidekick, TitanShield Antispyware, TrustCleaner, VirusProtectPro, WebSpyShield, XP antivirus and many others ....
If you do not want or need the information about the infection and just want to go straight to the removal tool Click Here
These infections have acquired a generic term of smitfraud. In fact, its only connection with the Smitfraud infection (a phishing trojan that attempts to steal passwords of Smith Barney financial company clients) is one of the early variants gave a fake warning that the PC was infected with the smitfraud trojan. Despite there being many variants released since, each giving a different fake warning, the name smitfraud appears to have stuck.
This tool will scan for,
Error Safe Free
dns404.net (404 errors)
Codec Pack - All In 1
Image ActiveX Object
image access activex object
image ax object
online video add-on
Video Access ActiveX Object
Video ActiveX Object
Video AX Object
xxxVideo Access ActiveX Object
Daily Weather Forecast
My Pass Generator
Examples of the fake warnings generated-
These can be in the form of a balloon from an icon near the clock, an alert box, your Internet Explorer home page or your desktop background. They can have the appearance of being from the Windows Security Centre or the Windows operating system and claim your PC is infected with any of the following.
- System Performance monitor: Warning
- Critical system error
- PSW.x-Vir trojan
- Trojan.W32.Looksky detected on you machine
- [email protected]
- Trojan TJ/BZ
- OHPE ver.4.12_23/
- [email protected]
- [email protected]
- [email protected]
- Internet attack attempt detected...
- Credit card hijacking attempt detected...
- DETECTED SPYWARE! SYSTEM ERROR #384
- Alert: You are receiving spam!
- Danger! Spyware activity detected on your computer...
- Warning! Your computer is not protected against spyware...
- Your data is being transmitted to another computer...
- Warning: Your security and privacy are at risk!
- Danger: Potential spyware operation!'
- Somebody's trying to gain access to your PC using DATA MINER program.
- Your computer is working slowly!'
- System alert:'
- Windows had detected spyware infection
- Alert! A minimum of 7 spyware entries found
- The page you are looking for is blocked by spyware
- Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).
- "Microsoft windows - security alert", "SERIOUS SECURITY VULNERABILITY HAS BEEN FOUND!".
These trojans sneak into your computer by-
- WMF exploit. An image vulnerability in un-patched Windows systems
- Codec. Codecs usually for Windows Media player to allow a short movie clip.
- DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed
- Java exploit. A vulnerability in out dated versions of Java software.
- Visiting cool web search web sites
- P2P file sharing programs
- Deceptive advertisements and Sponsored ads displayed on Search engine results.
Other side effects may include
- Windows features disabled.
- Security settings lowered or disabled.
- Pop ups for sub-standard security products, gambling or Adult websites
It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive images claiming them to be of people who expose his plagiarism.
He displays ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted.
To clean an infected computer (Windows XP only)1)Download Roguefix.bat from HEREand save it to your desktop.
(Click Saveon the 'File download' box, then select Desktopin the box marked Save in)
This tool is regularly updated, current version 2.98(updated 18th October 07)
Note -Some users are reporting seeing a text page as opposed to the download box when using this link, (particularly with Firefox browser) if this happens to you, try one of the following -
-Click your browsers back button and try again,
-Use different browser e.g. Internet Explorer,
-Right click the 'download link, select Save Asfrom the drop down list and Save to your desktop.
2)A new feature of the Zlob trojans seen with the Antivirgearvariant is that it hooks into the Layered service Provider (LSP), this requires a special tool to repair as improper removal can cause problems with connecting to the internet, download LSPFix.exefrom here http://cexx.org/lspfix.htmand save it to your desktop to use if prompted by Roguefix
3)A disk and registry cleaner, I recommend either of the applications below-
Ccleaner, A variety of free cleaning utilities
Ace Utilities, a comprehensive disk and registry cleaner. (Free trial)
a)Set Windows to 'Show hidden files and folders How to.
b)Restart your PC in Safe Mode How to.
c)Double click on the roguefix.baticon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be given the option of resetting your Desktop background and your Homepage back to the Windows default settings.
d)If prompted, remove laf1.dll(note, the number 1 could be any number between 1 and 5) with LSPfix by highlighting the item in the left panel, use the >>button to move it into the right panel and click the Finish button.
DO NOT SELECT ANY OTHER ENTRY FOR REMOVAL
Close LSPFix to allow Roguefix to continue and complete its functions.
e)Restart your PC in 'normally' (not in safe mode).
To complete the clean up of your pc, run the registry cleaner you downloaded earlier, and whilst Roguefix targets the Rogue scanners and their installing trojans, it is likely other malware will present in your system, download, update and run one of the following-
AVG Anti-spyware, a free version is available.
Superantispyware, a free version is available.
And run one of the following online scans-
Panda Active scan
To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update
The Nextbutton will take you to our Clean up after a malware infectionpage.
You are welcome to send comments. Feedback@internetinspiration.co.uk
Still having problems after this clean up process?
Roguefix is protected against Piracy for profit or reputation by Intellectual property rights and privileges.
Copying, in full or part and unauthorised distribution is strictly prohibited.
If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security
hackers, crackers & firewalls
BHO's & Hijackers
Drive by downloads
Scams & Hoaxes
Free pest scan
Clean up/repair after malware infection
Prevent malware installing
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Removal tool for Rogue spyware removers & Fake Warnings
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software