Removing Virus Heat And Smitfraud-c, What A Pain In The ...!

Posted by Steve McGrath

What is Virus Heat? Virus Heat is a fake anti-spyware giving false virus result. Many popups will open mentioning that you are at risk, infected... It's very annoying. Also, Internet Explorer has it's home page changed to go to their homepage. How I was introduced to Virus Heat? My father told me his computer was infected. At first, I used Adware and then Spybot Search & Destroy. Spybot almost removed it but it was still there. So, I searched a little and found some things here and there on how to remove it manually. I expected to go in Safe Mode anyway. But beware, some solution that I found were selling another software solution. Who can you trust in that case? I tried to find reputable sources but that was harder. At least, most mentioned the same files. I was able to remove Virus Heat 3.9.exe and it's parent folder(C:\Program Files) of the same same. But when I started to search for iinqyl.dll, it was no where to be found. The same was for ecxwp.dll and tvtpwp.dll. Only wuuawkz.dll was found in the C:\WINDOWS\SYSTEM32. But in Safe mode, I was not able to unregistered it because it was in use or not in the registry. That's way I think that Spybot Search & Destroy removed part of it. Smitfraud-c appeared but was not removed. So, I had to reboot in Safe mode with Command Prompt. There, I finally deleted wuuawkz.dll. I scanned again using Spybot Search & Destroy again and Smitfraud-c was still there. What is Smitfraud-c? I thought that Smitfraud-c was part the Virus Heat but it's a trojan that downloaded the Virus Heat or other fake spyware. Yes, when I removed Virus Heat, I had another one. Often, it's downloaded when you go see a video on the web and it ask to download a "special" codec to see the video. My father is using Firefox and the sites when it appeared was about tv actors and he did not used Internet Explorer. So, I don't know how exactly he got infected. I did not want to revisit the sites just in case. I told him to go on imdb.com instead next time. I had to use AVG free(anti-virus) to remove Smitfraud-c and it found C:\Program Files\NetProject\wamdl.dll that was infected. Because I did not know what Netproject was about, I renamed it just in case. Other files included in the folder were: scm.exe, waun.exe, ot.ico, scu.exe, scit.exe. Then I use again Spybot Search & Destroy. Smitfraud-c was still found in the registry. After rebooting, I scanned the computer with Spybot and AVG. That's was for being sure that no residual traces were left in the registry or files. Solution In short, scan with AVG first, scan with Spybot Search & Destroy and reboot and scan again. If you have Windows Defender or other software, it won't hurt to scan with it too. Steps(free way):
  1. Open AVG free and make sure it's up to date
  2. Scan with AVG
  3. Open Spybot(free) and make sure it's up to date
  4. Scan with Spybot
  5. Restart the computer
  6. Scan with other anti spyware if you got one
  7. Redo from step 2, skip 3 to make sure that all were removed
If the solution worked great for you, why not Scratch my back (see sidebar) ? It's way cheaper than what it would had cost if you took your computer to the shop . Plus, you get some publicity in return. ;) If you are not sure or the solution did not worked, just buy PC Tools Spyware Doctor(download, 3 PCs) or PC Tools Spyware Doctor(Box) from Amazon.com. With the latter, you will some money but you must be patient while you wait for the box. Read further below about the review is got from PCMag. I also created a "super folder" on the desktop and move all shortcuts in it. So, if my dad see another icon on the desktop, he will know something fishy is going on. I will try that for a time.Otherwise, I will have to create a new account with restricted privilege forcing my dad to login each time. The computer is already slow to boot with one account gaving him time to do other stuff while it was booting. ;) Conclusion Virus Heat was a pain to remove from my dad's computer. Plus, I had Smitfraud-c to deal with at the same time making it harder. But, I did not have to buy any new software. I lost many hours on this and hope you won't by reading this. Reading recent computer magazine sites like PCMag, PC Tools Spyware Doctor(download, 3 PCs) was highly recommended because it was the best to find them. But when I started to read the comments(link above on Amazon) on Spyware Doctor by users, it seemed to slow down the computer. My advice would be to buy it if you want but not install the resident in memory if possible. So, if you think you are infected, just scan the computer or do a scan with Spyware Doctor weekly instead for prevention. Edit 1: AVG has updated the virus signature to better detect Smitfraud-c. The filed in folder(netproject) that I had renamed are now being seen as infected. So, I deleted them. I also, made the instruction more clear now.
Keywords: Internet, Software, Spyware, Virus, Vista


39 Comments

bloggingzoom.com
Removing Virus Heat And Smitfraud-c, What A Pain In The …! | McGrath Dot Ca...

infected
removing viruses and computer parasites that are pretty new is always a painful task, because you either have to wait till security tools make needed updates or you have to remove things manually. virus heat removal is great, however inexperienced users may do more damage than good while removing things manually.

Steve McGrath
Yes it's true that users may make the computer worst and that is why I sent people to Amazon.com to buy the software instead. They will save money while being sure it's from a reputable source. :D

Shaukat Ali
Sir,

Steve McGrath
Hi,

DM Renaud
I followed the instructions and I think everything's fine now, except my toolbar has an icon on it (I believe the windows defender icon) that flashes between red with an X and blue with a ?. Before, if I clicked on it, it would run Virus Heat. Now, it opens internet explorer and goes to the Virus Heat web page. Any suggestions?

Steve McGrath
Did you delete/rename the files(netproject too)? Because I seem to recall having the same troubles at first.

DM Renaud
I woke up this morning planning on saying that Spybot hadn't found the last little bit and I'd have to get Spyware Doctor, but I'm looking down at the toolbar and the little icon is gone. I'm running Spybot again just to check, but it or AVG must of found it while my wife was on last night.

Steve McGrath
Thanks!

Sandy
I bought Norton 360 version 2 yesterday for almost $100. This did not remove the virus heat icon on my computer. I then spent all day Sunday chating on live with the help desk. they of course wanted me to pay another $136 to have it removed. I just wnted to warn everyone not to bother with these overated programs! i still have the problem. I am about to try AVG and Spybot. I will let you know how I go.

Steve McGrath
Sandy, too bad for you. I used to be a big fan of Norton but stopped in 2002-3. It's was slowing down my computer too much.

Sandy
Hi there Steve! Im glad to say that spybot and AVG worked!! the icon has finally gone! It found lots of nasty trojan, smitfraud,virus heat and the list goes on. Spybot removed all but now I have an even bigger problem, my computer is running really slow. Im not sure if the virus has damaged some files. it takes about 15 - 20 mins to boot up and shut down. all programs are running slow too. I have also noticed at start up a pop up in a black screen saying System32/cmd.exe along the top and in the box the following message appears: cannot find file specified. Then it disapears and continues as normal. another message appears too saying spybot changed system start up... not sure what to do?

Steve McGrath
Glad you were able to remove it. Not glad you have problem.now :(

Bryan
Hello Steve

Lily T
Hello Steve,

Steve McGrath
Great!

Steve McGrath
Brian: Try to download avg from a friends/work computer. Did you try Spyware Doctor?

Cptn Pike
"Hello Steve

Steve McGrath
Cptn Pike: Check comment 13. Try to run AVG in safe mode if possible. If not, try with Spyware Doctor(see original post)? It may remove the spyware part thus giving you a chance with AVG if your lucky.

cpt pike
ok i got rid of it. i got rid of it — finally.

Steve McGrath
cpt pike: I would be careful to run such programs. You could be infected by something else. It may not be in this case here but...

Court, Vic, Griz, X Are Full Of …
[...] and TrustURL(short URL service to hide affiliates id too). Not only that, he helped 7000+ people remove Virus Heat from their infected computers for free, has a funny sense of humor and second handily won the HD [...]

jay
thank you guys all of this helped me to get rid of virus heat

OneMansGoal.com Sold For 10K: The Good, The Bad And The Ugly
[...] the whole truth about traffic. My organic traffic increased in the last 3 months because of my Removing Virus Heat post but my Alexa [...]

yea
ty ...your post was extremely helpful (even though i got suckered by an old spyware...o well )...

Steve McGrath
No trouble and glad it worked for you. :D

yea
Well im not really sure if i removed it all the way. i have not gotten a pop-up like that in a while. I ran spyware (s and destroy) and AVG twice. (about the run a third time)...is there anything else that I should do?..or should i run around my house screamin hallelujah now?

Steve McGrath
Close the computer off(not in stand by) and redo the test one last time. You will then be okay. Besides, the 2 applications has to be updated by now.

Steve McGrath
Glad it helped you get rid of SmitFraud-C.

Jeff
I too was the fortunate recepient of a nasty case of SmitFraud-C. McAfee (7.1) detected a file for the Vundo virus and deleted it, but did nothing against SmitFraud-C (didn't even detect it) nor any of the other malware downloaded. Spybot detected it, but couldn't get rid of it completely. Just as I was deleting obvious virus files by hand, I came across your website. I loaded AVG and it found and removed the remainder files that I had already suspected to be SmitFraud-C and it's cohorts. I immediately uninstalled McAfee and am leaving AVG running. So far, so good. Thanks for the advice on AVG !!

Steve McGrath
phantasma: I did not see that happening so far so you might try to do the steps one more time to removed it.

phantasma
hi i got these virus heat today because my brother accydently downloaded it and i already scaneed whit Spybot S&D and when i was removing the spyware the program crahed and i had to run it again and thats what i am doing right now but the virus heat icon changed to a interogation sinal i am going ok or have i donne something i should not?

phantasma
well i scaned again whit spybot S&D and it did not crashed and removed most of the spyware but some he could not and he told me to made a reset to scan again and remove and that what i did and the icons gone and everything is working so far but there is a prosses called "inactive prosses"(note:my windows is in portuguese so i thought that this is the best translation to english of its real name)thats is using always like 90 or 97 of my CPU and i canot end it.anyway i am scaning again whit avast antivirus if you have any info on how to delet the prossess plz tell me

Steve McGrath
"System Idle Process" is normal. That's mean the computer is doing nothing. If you open Firefox or another program, it will decrease while the programs (Firefox) use the CPU.

Don’t Trust Unknown Anti-Virus And Google Reaction!
[...] will react like this 1-2 times a year but it’s free. I do like AVG because it was able to remove smitfraud-c where others and more bigger software(detected only) could not remove it according to comments left [...]

Removing Downloader-UA.h (Fake MP3 or MPG file)
[...] first so it’s the safer bet for now. You may also try the free method I used while removing Virus Heat with AVG just in case it works for you. If it does, please leave a comment. It may help [...]

natalie
norton 2008 got rid of this stupid virus just fine on my computer. i just made sure i ran live update on norton first, and then all of a sudden it was gone -- without me even having to request it to do so. i ran a norton scan first to see if it would find it, and it didn't - which i thought odd. so i checked the quarantined items and it was already in there and removed!

Steve McGrath
Hi Natalie,

natalie
hello,

Comments

Name:
Email:
Website URL:
Message:
Enter Captcha:
Case Sensitive Captcha Image
Note: The Captcha Image Is Case Sensitive