Removing Virus Heat And Smitfraud-c, What A Pain In The …!
- 39 Comment
Enter your name and email only to get information
What is Virus Heat?
Virus Heat is a fake anti-spyware giving false virus result. Many popups will open mentioning that you are at risk, infected... It's very annoying. Also, Internet Explorer has it's home page changed to go to their homepage.
How I was introduced to Virus Heat?
My father told me his computer was infected. At first, I used Adware and then Spybot Search & Destroy. Spybot almost removed it but it was still there. So, I searched a little and found some things here and there on how to remove it manually. I expected to go in Safe Mode anyway. But beware, some solution that I found were selling another software solution. Who can you trust in that case? I tried to find reputable sources but that was harder. At least, most mentioned the same files.
I was able to remove Virus Heat 3.9.exe and it's parent folder(C:\Program Files) of the same same. But when I started to search for iinqyl.dll, it was no where to be found. The same was for ecxwp.dll and tvtpwp.dll. Only wuuawkz.dll was found in the C:\WINDOWS\SYSTEM32. But in Safe mode, I was not able to unregistered it because it was in use or not in the registry. That's way I think that Spybot Search & Destroy removed part of it. Smitfraud-c appeared but was not removed.
So, I had to reboot in Safe mode with Command Prompt. There, I finally deleted wuuawkz.dll.
I scanned again using Spybot Search & Destroy again and Smitfraud-c was still there.
What is Smitfraud-c?
I thought that Smitfraud-c was part the Virus Heat but it's a trojan that downloaded the Virus Heat or other fake spyware. Yes, when I removed Virus Heat, I had another one. Often, it's downloaded when you go see a video on the web and it ask to download a "special" codec to see the video.
My father is using Firefox and the sites when it appeared was about tv actors and he did not used Internet Explorer. So, I don't know how exactly he got infected. I did not want to revisit the sites just in case. I told him to go on imdb.com instead next time.
I had to use AVG free(anti-virus) to remove Smitfraud-c and it found C:\Program Files\NetProject\wamdl.dll that was infected. Because I did not know what Netproject was about, I renamed it just in case. Other files included in the folder were: scm.exe, waun.exe, ot.ico, scu.exe, scit.exe.
Then I use again Spybot Search & Destroy. Smitfraud-c was still found in the registry. After rebooting, I scanned the computer with Spybot and AVG. That's was for being sure that no residual traces were left in the registry or files.
Solution
In short, scan with AVG first, scan with Spybot Search & Destroy and reboot and scan again. If you have Windows Defender or other software, it won't hurt to scan with it too.
Steps(free way):
- Open AVG free and make sure it's up to date
- Scan with AVG
- Open Spybot(free) and make sure it's up to date
- Scan with Spybot
- Restart the computer
- Scan with other anti spyware if you got one
- Redo from step 2, skip 3 to make sure that all were removed
If the solution worked great for you, why not Scratch my back (see sidebar) ? It's way cheaper than what it would had cost if you took your computer to the shop . Plus, you get some publicity in return. 
If you are not sure or the solution did not worked, just buy PC Tools Spyware Doctor(download, 3 PCs) or PC Tools Spyware Doctor(Box)
I also created a "super folder" on the desktop and move all shortcuts in it. So, if my dad see another icon on the desktop, he will know something fishy is going on. I will try that for a time.Otherwise, I will have to create a new account with restricted privilege forcing my dad to login each time. The computer is already slow to boot with one account gaving him time to do other stuff while it was booting.
Conclusion
Virus Heat was a pain to remove from my dad's computer. Plus, I had Smitfraud-c to deal with at the same time making it harder. But, I did not have to buy any new software. I lost many hours on this and hope you won't by reading this.
Reading recent computer magazine sites like PCMag, PC Tools Spyware Doctor(download, 3 PCs)
Edit 1: AVG has updated the virus signature to better detect Smitfraud-c. The filed in folder(netproject) that I had renamed are now being seen as infected. So, I deleted them. I also, made the instruction more clear now.
Related post:
39 Comments on this post
Trackbacks
-
infected said:
removing viruses and computer parasites that are pretty new is always a painful task, because you either have to wait till security tools make needed updates or you have to remove things manually. virus heat removal is great, however inexperienced users may do more damage than good while removing things manually.
February 13th, 2008 at 7:37 am -
Steve McGrath said:
Yes it’s true that users may make the computer worst and that is why I sent people to Amazon.com to buy the software instead. They will save money while being sure it’s from a reputable source.
Btw, I left your link in your comment and it’s up to people to use it or not.
February 13th, 2008 at 7:51 am -
Shaukat Ali said:
Sir,
Few days ago when i was browsing Internet. A software named “Virusheat” automatically installed in my computer. then I tried to remove the software by using Add/remove program. But I could not remove this software. Please advise or send a antivirus software to get rid of this crutial virus. I shall be very thankful to you for your kind support and assistance.
Have a nice weekend.
Regards.
SHAUKAT ALI
February 16th, 2008 at 5:42 am -
Steve McGrath said:
Hi,
You can get the software in the links above(AVG, Spybot). The links are green with a line “- – - – “. 1 Cool File is my own download site.
February 16th, 2008 at 8:27 am -
DM Renaud said:
I followed the instructions and I think everything’s fine now, except my toolbar has an icon on it (I believe the windows defender icon) that flashes between red with an X and blue with a ?. Before, if I clicked on it, it would run Virus Heat. Now, it opens internet explorer and goes to the Virus Heat web page. Any suggestions?
Thank you,
DavidFebruary 29th, 2008 at 3:36 pm -
Steve McGrath said:
Did you delete/rename the files(netproject too)? Because I seem to recall having the same troubles at first.
After that, try to change the home page in IE to see if it will be hijack again. If not hijack, it’s okay. Otherwise, you will be one of the few to keep getting infected. In both cases, I would redo all the steps and if that did not worked, I would get PC Tools Spyware Doctor.
Update me when you have removed it(with or without the Doctor
).Good luck!
February 29th, 2008 at 3:49 pm -
DM Renaud said:
I woke up this morning planning on saying that Spybot hadn’t found the last little bit and I’d have to get Spyware Doctor, but I’m looking down at the toolbar and the little icon is gone. I’m running Spybot again just to check, but it or AVG must of found it while my wife was on last night.
Thank you, you’re a lifesaver.
March 3rd, 2008 at 1:19 pm -
Steve McGrath said:
Thanks!
Great and cross your fingers.
So far, no one had to use Spyware doctor options or at least left a comment here.
March 3rd, 2008 at 1:28 pm -
Sandy said:
I bought Norton 360 version 2 yesterday for almost $100. This did not remove the virus heat icon on my computer. I then spent all day Sunday chating on live with the help desk. they of course wanted me to pay another $136 to have it removed. I just wnted to warn everyone not to bother with these overated programs! i still have the problem. I am about to try AVG and Spybot. I will let you know how I go.
March 16th, 2008 at 1:46 am -
Steve McGrath said:
Sandy, too bad for you. I used to be a big fan of Norton but stopped in 2002-3. It’s was slowing down my computer too much.
Commercial program often give you more features than their free counterpart.
I only recommended Spyware Doctor(pay) because it was one of the best rated. Sandy, no product is 100% against spyware or virus. That’s why you need a few in your toolbox. Next time, it may be Norton that save you or Spyware Doctor or Spybot.
For example, I made another post where the solution above did not work but with another virus/spyware similar to the above. But using Spyware Doctor, it finally worked.
Hope it worked better for you.
March 16th, 2008 at 10:43 am -
Sandy said:
Hi there Steve! Im glad to say that spybot and AVG worked!! the icon has finally gone! It found lots of nasty trojan, smitfraud,virus heat and the list goes on. Spybot removed all but now I have an even bigger problem, my computer is running really slow. Im not sure if the virus has damaged some files. it takes about 15 – 20 mins to boot up and shut down. all programs are running slow too. I have also noticed at start up a pop up in a black screen saying System32/cmd.exe along the top and in the box the following message appears: cannot find file specified. Then it disapears and continues as normal. another message appears too saying spybot changed system start up… not sure what to do?
March 17th, 2008 at 8:49 am -
Steve McGrath said:
Glad you were able to remove it. Not glad you have problem.now
You may try to load in Safe mode to see if it’s the same thing. Fewer programs will load. When it boots, press F8 before Windows load. You will see the choice available to you.
In safe mode or not, if you do Control-Alt-Delete, the “Window Task Manager” will appear. Click the “Process” tab and click on CPU column(2 times). Do you see a task that is 50-98%. “System Idle Process” don’t count
If you have a task that use a lot of the CPU, then that will be the reason. Try to see what it does(not Windows related). Type the Image name in Google to help you. You could “End the process”. The worst is that it will hang the computer so don’t open other documents.
Good luck!
March 17th, 2008 at 11:33 am -
Lily T said:
Hello Steve,
I, unfortunately had caught that “wonderful” virus as well. But I put my computer on system restore, a week before I downloaded this and poof it was gone. I double checked with AVG Anti-virus and Norton and successfully the virus was gone.Thanks for your post!
March 18th, 2008 at 9:21 pm -
Steve McGrath said:
Great!
I’m not a fan of System Restore but at least it served you. You could do a windows update to make your system is up to date and scan with Spybot to make sure the spyware part is gone.
What version of Norton do you have? Just to compare notes with Sandy above(Norton 360 v2). It may help others that have Norton.
March 18th, 2008 at 9:42 pm -
Bryan said:
Hello Steve
I have the same virus on my computer too. I have Norton but i did not get rid of the problem. I tried to download avg and and the virus would not let me. I was wondering if you have any suggestions.
Thanks
March 19th, 2008 at 12:07 am -
Steve McGrath said:
Brian: Try to download avg from a friends/work computer. Did you try Spyware Doctor?
P.s. Sorry to reply to you late
March 21st, 2008 at 9:05 am -
Cptn Pike said:
“Hello Steve
I have the same virus on my computer too. I have Norton but i did not get rid of the problem. I tried to download avg and and the virus would not let me. I was wondering if you have any suggestions.”
======
Same here. When I run avg and it gets to the offending file(s), it goes to a blue screen and shuts down! What a virulent virus. Please help!
March 21st, 2008 at 5:54 pm -
Steve McGrath said:
Cptn Pike: Check comment 13. Try to run AVG in safe mode if possible. If not, try with Spyware Doctor(see original post)? It may remove the spyware part thus giving you a chance with AVG if your lucky.
Keep us an update if it works or not.
Btw, yes, it’s virulent virus with 6100+ views so far. If I would had get $50 for resolving 99% of them, I would had made $300,000+. Imagine the number of people that had to take their computer to the shop because they did not do a search. Wow! That’s a lot of money.
March 21st, 2008 at 6:59 pm -
cpt pike said:
ok i got rid of it. i got rid of it — finally.
and i cant tell you how it worked.
i downloaded this free program
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
then ran it, clicked 1, clicked 2, then restarted and that virus heat system tray icon was gone.
i just learned a valuable lesson — you can get a virus from auto behaviors! hope this helps someone.
March 22nd, 2008 at 12:41 am -
Steve McGrath said:
cpt pike: I would be careful to run such programs. You could be infected by something else. It may not be in this case here but…
I would scan again the computer with Norton, AVG, Spybot and Spyware doctor just too make sure. Also, make sure you have the latest definition of each programs.
March 22nd, 2008 at 6:57 am -
jay said:
thank you guys all of this helped me to get rid of virus heat
April 11th, 2008 at 7:31 pm -
yea said:
Well im not really sure if i removed it all the way. i have not gotten a pop-up like that in a while. I ran spyware (s and destroy) and AVG twice. (about the run a third time)…is there anything else that I should do?..or should i run around my house screamin hallelujah now?
April 16th, 2008 at 5:30 pm -
Steve McGrath said:
Close the computer off(not in stand by) and redo the test one last time. You will then be okay. Besides, the 2 applications has to be updated by now.
April 16th, 2008 at 5:50 pm -
yea said:
ty …your post was extremely helpful (even though i got suckered by an old spyware…o well )…
im just happy i can use my computer again lol
April 16th, 2008 at 9:21 pm -
Steve McGrath said:
No trouble and glad it worked for you.
You may send this URL to others even if they are not infected. They may have other stuff on their computer and still use the same tools including Spyware doctor(better protection). Think of it as prevention for them. I should had tell others to do the same. A few minutes could save them from an headache and hours of lost time.
April 16th, 2008 at 10:09 pm -
Jeff said:
I too was the fortunate recepient of a nasty case of SmitFraud-C. McAfee (7.1) detected a file for the Vundo virus and deleted it, but did nothing against SmitFraud-C (didn’t even detect it) nor any of the other malware downloaded. Spybot detected it, but couldn’t get rid of it completely. Just as I was deleting obvious virus files by hand, I came across your website. I loaded AVG and it found and removed the remainder files that I had already suspected to be SmitFraud-C and it’s cohorts. I immediately uninstalled McAfee and am leaving AVG running. So far, so good. Thanks for the advice on AVG !!
April 22nd, 2008 at 9:47 am -
Steve McGrath said:
Glad it helped you get rid of SmitFraud-C.
You are the first that had issues with McAfee, at least in the comments.
April 22nd, 2008 at 9:58 am -
phantasma said:
hi i got these virus heat today because my brother accydently downloaded it and i already scaneed whit Spybot S&D and when i was removing the spyware the program crahed and i had to run it again and thats what i am doing right now but the virus heat icon changed to a interogation sinal i am going ok or have i donne something i should not?
May 5th, 2008 at 4:26 pm -
Steve McGrath said:
phantasma: I did not see that happening so far so you might try to do the steps one more time to removed it.
If you still see it after that, the last resort would be to buy Spyware Doctor. It’s not free but it has more chances of working(better in the field). Make sure you update the software after purchasing it. Or, you could reinstall XP/Vista if it’s possible but it’s more time consuming.
Good luck and please, leave a comment here to update others that might have the same problems as you(thanks) with the solution you took.
Good Luck!
May 5th, 2008 at 5:31 pm -
phantasma said:
well i scaned again whit spybot S&D and it did not crashed and removed most of the spyware but some he could not and he told me to made a reset to scan again and remove and that what i did and the icons gone and everything is working so far but there is a prosses called “inactive prosses”(note:my windows is in portuguese so i thought that this is the best translation to english of its real name)thats is using always like 90 or 97 of my CPU and i canot end it.anyway i am scaning again whit avast antivirus if you have any info on how to delet the prossess plz tell me
and thx a lot for all your help you made my day shine again May 5th, 2008 at 5:40 pm -
Steve McGrath said:
“System Idle Process” is normal. That’s mean the computer is doing nothing. If you open Firefox or another program, it will decrease while the programs (Firefox) use the CPU.
You should not have any false icon near the clock and Internet Explorer home page should be normal again.
One more check won’t hurt a bit
May 5th, 2008 at 6:20 pm -
natalie said:
norton 2008 got rid of this stupid virus just fine on my computer. i just made sure i ran live update on norton first, and then all of a sudden it was gone — without me even having to request it to do so. i ran a norton scan first to see if it would find it, and it didn’t – which i thought odd. so i checked the quarantined items and it was already in there and removed!
June 1st, 2008 at 10:08 pm -
Steve McGrath said:
Hi Natalie,
You might not have noticed but this post was made on Feb. 11. I would expect by now that Norton could handle it after a live update.
I suspect that you did not have Norton on your computer since you were infected in the first place.
I used to be a big Norton fan(recommended to clients) a few years ago but it turned into a resource hog and slowed the computer. I hope for you that 2008 has been updated to be more lean and in line with the competition in terms of performance.
Anyway, other that have a previous version of Norton will know that it’s possible with the 2008 version.
Thanks for the feedback.
June 1st, 2008 at 10:35 pm -
natalie said:
hello,
i actually did have norton, but it was the last version – hadn’t updated to 2008 — why? because i’m lame and keep forgetting!
did not notice that the post was from february – thanks for trying to help us out!
June 2nd, 2008 at 10:35 am
Removing Virus Heat And Smitfraud-c, What A Pain In The …! | McGrath Dot Ca…
Yesterday, I was planning to relax when my dad mentioned he had something weird on his computer. A new program called Virus Heat was giving him false information. He did not installed Virus Heat. Thinking he was infected with a spyware, I started to r…
[...] and TrustURL(short URL service to hide affiliates id too). Not only that, he helped 7000+ people remove Virus Heat from their infected computers for free, has a funny sense of humor and second handily won the HD [...]
[...] the whole truth about traffic. My organic traffic increased in the last 3 months because of my Removing Virus Heat post but my Alexa [...]
[...] will react like this 1-2 times a year but it’s free. I do like AVG because it was able to remove smitfraud-c where others and more bigger software(detected only) could not remove it according to comments left [...]
[...] first so it’s the safer bet for now. You may also try the free method I used while removing Virus Heat with AVG just in case it works for you. If it does, please leave a comment. It may help [...]