Roguefix - Rogue scanner & Fake warning removal tool

Privacy & Security
Roguefix

Plague of the rogue scanners
Antivirus 2008, Antivirus 2009, IE-Security, HomeAntivirus2009, malwareremovalbot, Antispyware XP 2009, Spyware Preventer, Perfect Defender 2009, Personal Antivirus (PAV), Spyware Guard 2008
System Guard 2009, XP antivirus, XP Police Antivirus and many others ....

. Roguefix detection and removal script to clean computers with the Windows XP operating system that are infected with fake security warnings and fake 'Blue screen of death' from a family of rogue scanners, Desktop/Homepage hijackers, their installing/accompanying trojans and 'partner' programs.

If you do not want or need the information about the infection and just want to go straight to the removal tool Click Here

These infections have acquired a generic term of smitfraud. In fact, its only connection with the Smitfraud infection (a phishing trojan that attempts to steal passwords of Smith Barney financial company clients) is one of the early variants gave a fake warning that the PC was infected with the smitfraud trojan. Despite there being many variants released since, each giving a different fake warning, the name smitfraud appears to have stuck.

This tool will scan for,

Rogue scanners	Desktop/Homepage Hijackers	Trojans	Codec's	Accompanying Malware
AdwareDelete AdWare Pro Adwarepunisher adwaresheriff Alphacleaner Anti-Leech AntiSpyCheck antispykit AntispyStorm AntiSpywareBot AntispywareSoldier AntiSpywareSuite AntispywareXP2009 Antispyzone AntiVermeans AntiVerminser AntiVermins AntiVerminsPro AntiVirGear Antivirus 2008 Antivirus 2009 Antivirus 2010 Antivirus 360 AntivirusBEST Antivirus Gold Antivirus Golden AntiVirusLab 2009 AntivirusMaster AntiVirusPCSuite AntivirusTrigger AntiWorm2008 Awola BraveSentry BreakSpyware ContraVirus DioCleaner ErrorSafe Error Safe Free ExpertAntivirus HomeAntivirus2009 IE AntiVirus IE Defender IE-Security Internet Antivirus InternetSecurityDeluxe MalwareAlarm Malware Bell MalwareCrush MalwareCore malwareremovalbot MalwareStopper MalwareWar Malwarewipe MalwareWiped malwarewipeds MalwareWipePro Malwarewiper MicroAntivirus 2009 MrAntispy MSAntivirus 2008 MultiDefender PCPrivacyToo PCTurboPro Perfect Defender 2009 Personal AntivirusPestCapture PestTrap popupwall Power-Antivirus-2009 PrivacyKit PrivacyProtectorFree Protection Bar Rapid Antivirus RegistryCleaner RegistryCleanerXP RemedyAntispy Safety Bar SecureMYpc security toolbar searchspy Smart Antivirus 2009 SpyAway spyaxe SpyBrowser SpyCrush SpyDawn Spyfalcon Spyguard SpyHeal SpyHealer SpyHeals spykiller SpyLax SpyLocked SpyMaxx Spy officer SpyQuake2 Spysheriff Spy-Shield SpyShield SpyShield Demo SpyShredder Spyspotter Spywareaxe SpywareBot Spyware Guard 2008 SpywareHeal SpywareLocked Spyware Preventer SpywareStrike SpywareSoftstop SpywareQuake spywarewall Spyware Wizard SysAntivirus2009 SystemDoctor 2006 System Guard 2009 TitanShield Antispyware Total Secure 2009 Trust Cleaner Trustin bar Ultimate Defender virusblast VirusBlasters Virusburst Virusburster Virusbursters Virus-bursters Virusheal Virus heat VirusLocker VirusProtect VirusProtectPro virusranger VirusRay VirusRescue VirusResponseLab 2009 VirusTrigger WebSpyShield windows antivirus 2008 XP antivirus XP Deluxe Protector XPPoliceAntivirus	alloversafety.com antispylab antispynet antispywarebox asafetyproject.com asecuritydesktop bestsecurityguide.com bestsafetyguide.net dns404.net (404 errors) guarduptodate.com needupdate.com onlinesecurityguard.net Onlinesecurityworld.com onlinestability.com perfectedsecurity privacy_danger securitycaution.com safetydefender.com safe-strip-download.com www.security-look.cc safetyuptodate.com securitybulletin securityfeature.com securitysafeguards.net Security Troubleshootin syserrors.com syshomepage.com www.syssecuritysite.com systemwarning.com www.theguardservices.com topantispyware topsecuritysite.com updatescenter.com updatesearches.com updateyoursystem.com Windowssecuritycenter.com yoursystemupdate.com	Adclicker Agent.yf Alemod Bizves Cimuz DcomSrv Delf dflnl DHIJACK Dloadr-DM DNSCHANGER EMediaCodec Fake-Alert FAKEALE Fakespy Fakevir Favadd flush harnig Koobface lowzones loxoscam newdial Nsaq proxy fz puper small Startpage Spywad Vixup Win32.Renos Win32.VB.vc Zlob	AviCodecEX Brain Codec Codec Pack - All In 1 DVDCodec eCodec elitecodec emediacodec FreeVideo Gold Codec icodecpack Image Add-on Image ActiveX Object HQ_codec HQvideoCodec icodecpack image access activex object image ax object IntCodec IVideoCodec JPEG Encoder KeyCodec Key Generator media-codec MMediaCodec mpvideocodec NewMediaCodec online video add-on Pcodec Perfect Codec powercodec QualityCodec RichVideoCodec Silver Codec Softcodec StrCodec Super Codec sv-codec svideocodec TrueCodec VAX codec vcodec vidcodecs Video Access ActiveX Object Video ActiveX Object Video AX Object VideoBox VideoCompressionCodec video icodec VideoKeyCodec VideosCodec WebMediaViewer WinMediaCodec XXXAccess XXXPlugin xxxVideo Access ActiveX Object zipcodec	404Search 7FaSSt AccessPlugin Accoona AceSpy Aconti dialer ActiveSearch ACXInstall Dialer Adbars AdBlaster Adbreak AdsInContext AsianRaw Dialer AzeSearch BestOffersNetworks Browserad(TX-4) CashDeluxe CnsMin Crystalys Media Daily Weather Forecast DealBar Deskwizz DigiKeygen digipass DollarRevenue EShopee ezPorn EZVideo IEhelper iwatchnow JustPorn KeyToPorn Locksky(worm) Need2find NetProject Netpumper LPVideoPlugin Oemji toolbar MediaTickets My Pass Generator MyGeek/CPVFeed Perflog (keylogger) PornMagPass mirrarsearch moneygainer RuPass Search Maid SearchPorn SelectiveAdmission surf sidekick VideoKey VideoPorn Virtual Maid WatchPorn

Examples of the fake warnings generated-
These can be in the form of a balloon from an icon near the clock, an alert box, your Internet Explorer home page or your desktop background. They can have the appearance of being from the Windows Security Centre or the Windows operating system and claim your PC is infected with any of the following.

Your computer has several fatal errors due to spyware activity

Warning! visiting this site may harm your computer

Spyware.Monster.FX (fake blue screen of death)

Internal conflict alert

Spyware activity alert

Privacy violation alert

System files modification alert

Attention, [name]! Some dangerous viruses detected in your system

(win)spy killer error - databases note found

PCMAV virus definitions is out of date

System Performance monitor: Warning

Critical system error

Adware.W32.ExpDwnldr

PSW.x-Vir trojan

Trojan.W32.Looksky detected on you machine

trojan-spy.win32@mx

Spyware.CyberLog-X

iworm_attck_v122.02a

Trojan TJ/BZ

Trojan.Virus.Z.32.exe

C:\windows\system\keylogger.exe#CR#

W32sinika.A

OHPE ver.4.12_23/

Trojan-Spy.HTML.Smitfraud.c

W32Myzor.FK@yf

Networm-i.Virus@fp

spy-win32@mx

Internet attack attempt detected...

Credit card hijacking attempt detected...

DETECTED SPYWARE! SYSTEM ERROR #384

Alert: You are receiving spam!

Danger! Spyware activity detected on your computer...

Warning! Your computer is not protected against spyware...

Your data is being transmitted to another computer...

Warning: Your security and privacy are at risk!

Danger: Potential spyware operation!'

Somebody's trying to gain access to your PC using DATA MINER program.

Your computer is working slowly!'

System alert:'

Windows had detected spyware infection

Alert! A minimum of 7 spyware entries found

The page you are looking for is blocked by spyware

Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).

"Microsoft windows - security alert", "SERIOUS SECURITY VULNERABILITY HAS BEEN FOUND!".

These trojans sneak into your computer by-

WMF exploit. An image vulnerability in un-patched Windows systems

Codec. Codecs usually for Windows Media player to allow a short movie clip.

DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed

Java exploit. A vulnerability in out dated versions of Java software.

Visiting cool web search web sites

P2P file sharing programs

Deceptive advertisements and Sponsored ads displayed on Search engine results.

Other side effects may include

Windows features disabled.

Security settings lowered or disabled.

Security software disabled.

Unable to access security related websites.

Pop ups for sub-standard security products, gambling or adult websites

Links to substandard products, gambling or adult websites added to desktop, Favourites and Start Menu

Notice
It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive images claiming them to be of people who expose his plagiarism.
He displays ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted.

To clean an infected computer

Windows XP only

a) Roguefix.bat (current version 2.247 updated 2nd July 09) download and save it to your desktop.
Right click the 'download link, select Save As from the drop down list then select Desktop in the box marked Save in

b) Install the free trial of Malwarebytes Antimalware download
Antimalware is a relatively new application from malwarebytes.org and is consistently succeeding where others fail. The free trial is fully functional and will remove everything found.
Note - Some variants of the installing trojan amend the Host file, blocking access to many security related websites including Malwarebytes.org, if you have any problems with the link, you can download the installer from my server, download*
* the file is provided via the malwarebytes affiliate program.

Removal procedure

1) Restart your PC in Safe Mode How to.

2) Double click on the roguefix.bat icon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be given the option of resetting your Desktop background and your Homepage back to the Windows default settings.

3) Perform full scan with Antimalware

4) Restart PC normally

If you feel you would like to further check your system I recommend an online scan - Bit defender Online scan

To help protect yourself against future infections of this type, make sure you have all Windows critical updates and the latest version of java Update

The Next button at the bottom of the page will take you to our Clean up after a malware infection page.

If you are still having problems after this clean up process support@internetinspiration.co.uk

You are welcome to send comments. Feedback@internetinspiration.co.uk

Roguefix is protected against Piracy for profit or reputation by Intellectual property rights and privileges.
Copying, in full or part and unauthorised distribution is strictly prohibited.

If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.

To clean an infected computer *Windows XP only*

To clean an infected computer

Windows XP only