Privacy & Security Roguefix
Plague of the rogue scanners
Antivirus 2008, Antivirus 2009, Antispykit, AntiSpyCheck, Security toolbar, IEAntiVirus, SpyMaxx, InternetSecurityDeluxe, VirusProtectPro, Virusheat, XP antivirus and many others .....
Roguefix detection and removal script to clean computers with the Windows XP operating system that are infected with fake security warnings from a family of rogue scanners, Desktop/Homepage hijackers, their
installing/accompanying trojans and 'partner' programs.
If you do not want or need the information about the infection and just want to go straight to the removal tool Click Here
These infections have acquired a generic term of smitfraud. In fact, its only connection with the Smitfraud infection (a phishing
trojan that attempts to steal passwords of Smith Barney financial company clients) is one of the early variants gave a fake warning that the PC was infected with
the smitfraud trojan. Despite there being many variants released since, each giving a different fake warning, the name smitfraud appears
to have stuck.
This tool will scan for,
Rogue scanners |
Desktop/Homepage Hijackers |
Trojans
|
Codec's
|
Accompanying Malware |
AdwareDelete Adwarepunisher adwaresheriff Alphacleaner
Anti-Leech AntiSpyCheck antispykit AntispyStorm AntiSpywareBot AntispywareSoldier AntiSpywareSuite Antispyzone AntiVermeans AntiVerminser AntiVermins AntiVerminsPro AntiVirGear Antivirus 2008
Antivirus 2009, Antivirus Gold Antivirus Golden AntiVirusPCSuite AntiWorm2008 Awola BraveSentry
BreakSpyware ContraVirus DioCleaner ErrorSafe Error Safe Free ExpertAntivirus IE AntiVirus IE Defender InternetSecurityDeluxe
MalwareAlarm Malware Bell MalwareCrush
MalwareCore MalwareStopper MalwareWar Malwarewipe
MalwareWiped malwarewipeds MalwareWipePro Malwarewiper MrAntispy MultiDefender PCPrivacyToo PCTurboPro PestCapture PestTrap popupwall PrivacyKit
PrivacyProtectorFree Protection Bar RegistryCleaner RegistryCleanerXP RemedyAntispy Safety Bar SecureMYpc security toolbar
searchspy SpyAway spyaxe SpyBrowser SpyCrush SpyDawn Spyfalcon Spyguard SpyHeal SpyHealer SpyHeals spykiller SpyLax SpyLocked SpyMaxx
Spy officer SpyQuake2 Spysheriff Spy-Shield SpyShield SpyShield Demo SpyShredder Spyspotter Spywareaxe SpywareBot
SpywareHeal SpywareLocked SpywareStrike SpywareSoftstop SpywareQuake spywarewall Spyware Wizard
SystemDoctor 2006 TitanShield Antispyware Trust Cleaner Trustin bar Ultimate Defender virusblast VirusBlasters Virusburst Virusburster Virusbursters Virus-bursters Virusheal Virus heat VirusLocker VirusProtect VirusProtectPro
virusranger VirusRay VirusRescue
WebSpyShield XP antivirus |
alloversafety.com antispylab antispynet antispywarebox asafetyproject.com asecuritydesktop bestsecurityguide.com bestsafetyguide.net dns404.net (404 errors) guarduptodate.com needupdate.com onlinesecurityguard.net
Onlinesecurityworld.com onlinestability.com perfectedsecurity privacy_danger securitycaution.com safetydefender.com safe-strip-download.com www.security-look.cc safetyuptodate.com
securitybulletin securityfeature.com securitysafeguards.net Security Troubleshootin syserrors.com www.syssecuritysite.com systemwarning.com www.theguardservices.com topantispyware topsecuritysite.com
updatescenter.com updatesearches.com updateyoursystem.com Windowssecuritycenter.com yoursystemupdate.com |
Adclicker Agent.yf Alemod Bizves Cimuz DcomSrv Delf dflnl DHIJACK Dloadr-DM DNSCHANGER EMediaCodec Fake-Alert FAKEALE Fakespy Fakevir Favadd
flush harnig lowzones loxoscam newdial Nsaq proxy fz puper small Startpage Spywad Vixup Win32.Renos
Win32.VB.vc Zlob |
AviCodecEX Brain Codec Codec Pack - All In 1 DVDCodec eCodec elitecodec emediacodec FreeVideo Gold Codec icodecpack Image Add-on Image ActiveX Object
HQ_codec HQvideoCodec icodecpack image access activex object image ax object IntCodec IVideoCodec JPEG Encoder KeyCodec Key Generator media-codec MMediaCodec mpvideocodec
NewMediaCodec online video add-on Pcodec Perfect Codec powercodec QualityCodec RichVideoCodec Silver Codec Softcodec
StrCodec Super Codec sv-codec svideocodec TrueCodec VAX codec vcodec vidcodecs Video Access ActiveX Object Video ActiveX Object Video AX Object VideoBox
VideoCompressionCodec video icodec VideoKeyCodec VideosCodec WinMediaCodec XXXAccess XXXPlugin xxxVideo Access ActiveX Object zipcodec
|
404Search 7FaSSt AccessPlugin Accoona AceSpy Aconti dialer ActiveSearch ACXInstall Dialer Adbars AdBlaster Adbreak AdsInContext
AsianRaw Dialer AzeSearch BestOffersNetworks Browserad(TX-4) CashDeluxe
CnsMin Crystalys Media Daily Weather Forecast
DealBar Deskwizz DigiKeygen digipass DollarRevenue EShopee
ezPorn EZVideo IEhelper
iwatchnow JustPorn KeyToPorn Locksky(worm) Need2find NetProject Netpumper Oemji toolbar MediaTickets My Pass Generator MyGeek/CPVFeed Perflog (keylogger) PornMagPass mirrarsearch moneygainer RuPass
Search Maid SearchPorn SelectiveAdmission surf sidekick VideoKey VideoPorn Virtual Maid
WatchPorn |
Examples of the fake warnings generated-
These can be in the form of a balloon from an icon near the clock, an alert box, your Internet Explorer home page or your desktop background. They can have the appearance of being from the Windows Security
Centre
or the Windows operating system and claim your PC is infected with any of the following.
Attention, [name]! Some dangerous viruses detected in your system
(win)spy killer error - databases note found
PCMAV virus definitions is out of date
System Performance monitor: Warning
Critical system error
Adware.W32.ExpDwnldr
PSW.x-Vir trojan
Trojan.W32.Looksky detected on you machine
trojan-spy.win32@mx
Spyware.CyberLog-X
iworm_attck_v122.02a
Trojan TJ/BZ
Trojan.Virus.Z.32.exe
C:\windows\system\keylogger.exe#CR#
W32sinika.A
OHPE ver.4.12_23/
Trojan-Spy.HTML.Smitfraud.c
W32Myzor.FK@yf
Networm-i.Virus@fp
spy-win32@mx
Internet attack attempt detected...
Credit card hijacking attempt detected...
DETECTED SPYWARE! SYSTEM ERROR #384
Alert: You are receiving spam!
Danger! Spyware activity detected on your computer...
Warning! Your computer is not protected against spyware...
Your data is being transmitted to another computer...
Warning: Your security and privacy are at risk!
Danger: Potential spyware operation!'
Somebody's trying to gain access to your PC using DATA MINER program.
Your computer is working slowly!'
System alert:'
Windows had detected spyware infection
Alert! A minimum of 7 spyware entries found
The page you are looking for is blocked by spyware
Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).
"Microsoft windows - security alert", "SERIOUS SECURITY
VULNERABILITY HAS BEEN FOUND!".
These trojans sneak into your computer by-
WMF exploit. An image vulnerability in un-patched Windows systems
Codec. Codecs usually for Windows Media player to allow a short movie clip.
DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed
Java exploit. A vulnerability in out dated versions of Java software.
Visiting cool web search web sites
P2P file sharing programs
Deceptive advertisements and Sponsored ads displayed on Search engine results.
Other side effects may include
Windows features disabled.
Security settings lowered or disabled.
Pop ups for sub-standard security products, gambling or Adult websites
.
Notice
It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it
Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive
images claiming them to be of people who expose his plagiarism. He displays
ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted. |
To clean an infected computer (Windows XP only)
1) Download Roguefix.bat from HERE
and save it to your desktop. (Click Save on the 'File download' box, then select Desktop in the box marked Save in)
This tool is regularly updated, current version 2.190 (updated 11th August 08)
Note - Some users are reporting seeing a text page as opposed to the download box when
using this link, (particularly with Firefox browser) if this happens to you, try one of the following -
- Click your browsers back button and try again,
- Use different browser e.g. Internet Explorer,
- Right click the 'download link, select Save As from the drop down list and Save to your desktop.
2) A disk and registry cleaner, I recommend either of the applications below-
Ccleaner, A variety of free cleaning utilities
Ace Utilities, a comprehensive disk and registry cleaner. (Free trial)
Note An older variant of the Zlob trojan seen with the Antivirgear
rogue scanner hooks into the Layered service Provider (LSP), this requires a special tool to repair as improper removal can cause
problems with connecting to the internet, if you have antivirgear download LSPFix.exe from here http://cexx.org/lspfix.htm
and save it to your desktop to use if prompted by Roguefix, then
Close LSPFix to allow Roguefix to continue and complete its functions.
Removal procedure
a) Set Windows to 'Show hidden files and folders How to.
b) Restart your PC in Safe Mode How to.
c) Double click on the roguefix.bat icon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be
given the option of resetting your Desktop background and your Homepage back to the Windows default settings.

e) Restart your PC in 'normally' (not in safe mode).
To complete the clean up of your pc, run the registry cleaner you downloaded earlier, and
whilst Roguefix targets the Rogue scanners and their installing trojans, it is
likely other malware will present
in your system, download, update and run one of the following-
AVG Anti-spyware, a free version is available.
Superantispyware, a free version is available.
And run one of the following online scans-
Panda Active scan
Trendmicro
To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java
Update
The Next button will take you to our Clean up after a malware infection page.
You are welcome to send comments.
Feedback@internetinspiration.co.uk
Still having problems after this clean up process?
support@internetinspiration.co.uk
Roguefix is protected against Piracy for profit or reputation by
Intellectual property rights and privileges.
Copying, in full or part and unauthorised distribution is strictly prohibited.
If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the
hassle of reformatting,
you may like to support our efforts with a small donation towards the maintenance ,further development of this site
and the research to create more pages like this for future malware, even £1, $1,
€1 can help make sure we are still here should you ever need us again.
|
Privacy & Security
Information
E-mail
Viruses
hackers, crackers & firewalls
Trojans
Spyware
Keyloggers
Cookies
BHO's & Hijackers
Drive by downloads
diallers
Scams & Hoaxes
Hijack this- automatic analysis
Free pest scan
Unwanted processes
How to-Tutorials
Clean up/repair after malware infection
Prevent malware installing
Install Hijackthis
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Roguefix - Removal tool for Rogue spyware removers & Fake Warnings
Kill E2Give
Kill MySearch
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
Kill Winfixer2005
Kill SysProtect
News/Articles
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software
|