Avast WEBforum

Other => Viruses and worms => Topic started by: contender1 on October 29, 2008, 09:36:05 PM

Title: smitfraudfix.exe being displayed as a trojan by avast
Post by: contender1 on October 29, 2008, 09:36:05 PM

Hi All

I am trying to help a friend remove some rogue spyware software that is trying to get him to purchase antispyware 2008.
After reading a post on this forum i understand that smitfraudfix.exe maybe the tool required to remove this problem but everytime i download smitfraudfix.exe and scan it with avast, avast reports the following infection Win32:Trojan-gen {Other}.
Is this a false positive being generated by avast or is the file really infected.
I've downloaded it from a few different mirrors located at the following web page http://siri.geekstogo.com/SmitfraudFix.php but the trojan appears to be present from all locations.

Any help on this would be appreciated.
Cheers

Title: Re: smitfraudfix.exe being displayed as a trojan by avast
Post by: DavidR on October 29, 2008, 10:40:43 PM

I don't doubt it is likely to be an FP but you should confirm.

Pause the web shield that will at least allow it to be downloaded, don't execute/run it.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.

Title: Re: smitfraudfix.exe being displayed as a trojan by avast
Post by: denstalker on October 31, 2008, 01:18:35 PM

Why is avast unable to detect smitfraud.exe? My co-worker's computer got infected, and she was on avast.

Title: Re: smitfraudfix.exe being displayed as a trojan by avast
Post by: DavidR on October 31, 2008, 03:50:29 PM

Well firstly smitfraudfix.exe is a 'tool' used to remove rogue malware, unless you are talking about a different file name.

Secondly as this topic states, avast is detecting smitfraudfix.exe, incorrectly it would appear.

So you co-workers computer didn't get infected by smitfraudfix.exe, if you are talking about smitfraud.exe and that is the correct file name then it is a different topic and you should create a new topic.