Re: Another PSA....

Holy ***, that was nasty, man. Thanks for posting this--it was really
informative.

PsychoticBunyip wrote:
> Yo team
>
> I usually don't post this type of thing, but having spent the best part of
> 14 hours (up all night) fixing my PC, I feel the need to warn and rant.
>
> Jnr spent most of yesterday morning doing his online gaming thang. In the
> afternoon I'm getting weird Windows warnings about my PC being
> infected...and a 'new' anti-spyware prog (Spy-Axe) is sitting on my desktop
> and some new Windows Security Center icons? WTF???
>
> I have Norton, Ad Aware and Spybot which I run. 132 various trojans,
> malware, spyware. They pick up all the biz, but can't remove one of the
> nasties, Smitfraud-c. Spy-Axe says it can, but it's a demo and can't be
> activated to remove, only detect. The Windows warnings about the PC being
> attacked are still there. Not liking the idea of an uninvited visitor, I
> delete Spy-Axe and go looking for other resources.
>
> Windows Security Center icons seem like a good idea, and they offer a
> product that looks like a sound fix, so I buy it for around USD$50 via a
> secure server which recognises my bank etc. So far, so good. This product
> (Spy Trooper) detects the all the intruders and eliminates them. Great. I
> run Spybot just in case. WTF????? Smitfraud-c is back!!!!
>
> Cut a long story short, the Windows Security Center icons are fakes,
> propagated by the original Smitfraud-c. Spytrooper is itself malware and
> carries the original payload. A confirmation email arrives from Spy Trooper
> which carries a now-obvious warning about not disputing the bill etc etc.
> OK, can see where this is going. I ring the bank/credit card org and kill
> the card. This will be fun in a few weeks....
>
> A REAL fix for Smitfraud-c is not as easy. Google it and you get websites
> for so-called removal tools that are themselves more of the same!!!
>
> Who is friend and who is foe?
>
> The real fix is a convoluted process of changing to Safe Mode, downloading
> tools such as 'Hijack This' as zip files, extracting etc, then posting a log
> to a site where hopefully the techies can help you.
>
> There is another fix which is quicker.
>
> The link for the fix is at Short Media. and they too have a forum dedicated
> to posting logs for help.....
>
> http://www.short-media.com/forum/showthread.php?t=40094
>
> I'm pretty cautious about PC security but this threat was not even on the
> radar. The standard tools don't work and many of the recommended fixes are
> themselves scams. It's known as 'Scare-Ware' and it's the nastiest *** I've
> yet encountered.
>
> I hope you don't get it, but if you do, I've just saved you 12+ hours of
> misery :)
>
> PD

.