FP - SmitFraudFix.exe

[mohan]

Please download SmitFraudFix.exe from http://siri.urz.free.fr/Fix/SmitfraudFix.php. its marked as Win32-Shutdowner-CD[PUP]

SmitfraudFix.exe|>SmitfraudFix\restart.exe [L] Win32:Shutdowner-CD [PUP] (0)
File was successfully moved to chest...

Regards

[DavidR]

Clearly not a false positive as it can a) restart your system and b) it is flagged as a PUP Potentially Unwanted Program. The restart function in the hands of a malicious attack would be one use of the tool, but in the case of Smitfraudfix would be if it is required to restart the system to remove in use malware, etc.

So you could chose not to do anything (block) since you downloaded it. It would of course be detected next time round, so you would have to exclude it from scan if you wish to keep it.

However, there is little benefit in keeping this tool lying around if you have used it, these types of tools should be downloaded before they are used (that way you have the latest version) if you suspect you have the infection it deals with.

[Marc57]

It's not just Avast that detects this:

http://www.virustotal.com/file-scan/report.html?id=3a0d4b187980f8b40f39f059bbae1613b0b8ce2f57e587d55444ab61eadc535a-1283832126

[mohan]

Thanks David & Marc, I guess my problem stems my issue with the Ask and Chest options not working the way ideally I wold understand them to work as
http://forum.avast.com/index.php?topic=59281.msg537597#msg537597, I'll lock this topic down.

[DavidR]

You're welcome.

The Ask option relates to the on-access scan (see below), as the on-demand scan (which was what this was detected on, unless you were running these tools?) completes the scan and shows a list of detections and files that can't be scanned (not suspect or infected, just can't be scanned). All infections will have the default move to chest option selected in the action to take. These options can be changed before clicking the Apply button to take the selected options on the detections.

With on-access detections, the default settings if something is detected whilst you are using your computer (is to move to the chest) so all you would get is an alert notifying you of the detection and the file would already have been moved to the chest.

[mohan]

@David,

My settings are here, http://forum.avast.com/index.php?topic=59281.msg537597#msg537597 - All selections are set to Ask for PUP,Virus and Suspicious.

The items were identified in an on-access detection and not on-demand, But even though my selected option's are Ask - I am still not presented with the Ask dialog.

I would now think this doesn't matter right ? Since now I have the folder excluded (see settings above), I should then be able to restore from chest ? Am Trying to do the same yet the file is not restored to the location which is excluded. Can I possibly term that I have an issue using the restore from chest option ?

Is there a way I could possibly pass on my settings to you or above is adequate ?

Apologies in advance if I a dragging on a topic but it does seem either there's a product idiosyncrasy Im unable to understand or I am using it wrong.

[DavidR]

Aside from the fact that those two tools are no longer updated and much depreciated, excluding a folder isn't advisable as you leave too big a hole in security, specific files only should be excluded.

What would have been helpful was a screen shot of the detection as the Ask alert differs from an auto move to the chest (but still has move to chest as the selected option, if you don't change that it will go to the check on OK. See images, which was it.

[mohan]

Thanks David,

I was trying to replicate to provide a snapshot.

I upgraded to 5.0.677 and defs 100908-1 after a complete uninstall.
Removed the folders from being excluded.
Downloaded and Manually extracted both the SDFix and SmitFraud exe's ensuring that the Restart file is still present.

It was detected in both the on-demand scan and on-access and I got alerts (attached).

Of course I use Malwarebytes Anti malware and SuperAntiSpyware and a bunch of other new s/w (on-demand only) is what I use now, but sometimes legacy programs come in use a lot which accounts for why I like to preserve them especially one day I may find they are no longer available on the net.

Thanks ever so much for the help.

I'll later check if the restore and extract options from the chest work as required so that I can also update the other topic.

[DavidR]

Well the detections and actions are acting as they should.

On-demand, completes the scan before listing the detections and you then select which action to take and click OK to complete those actions.

On-access, is also working as it should since you have set the primary action to Ask, it shows the move to chest (safest option) which can be changed, otherwise when you click OK it will send the file to the chest.

Now you can get rid of both of those dates tools as they really are much depreciated now as they are no longer updates, it defeats their purpose.