smsc.exe

[BazzaBoy]

Every now and then this file (smsc.exe) comes into my Windows/System folder. I use Windows XP Home Edition with SP2.

Once it is in my computer and executes itself, it starts sending out emails with subject "Try Viagra Free", "Increase Your Manhood" etc.

Sometimes Avast (Free Edition) catches it and sometimes not.

Is there a way of telling Avast (Free Edition) not to let the file into my computer in the first place?

Grateful for any help.

[Tarq57]

Ho BazzaBoy, welcome to the forum.
The reason this is sometimes detected by Avast and sometimes not is because it (the trojan) is, according to reports, under active development. Basically means there are new variants constantly being sent out. When you get one of these, that Avast does not have detections for (yet) it will install. That it keeps re-installing under various incarnations indicates you have some remnants on board, or a vulnerability (or possibly a tendency to keep visiting the same infected sites) that makes it likely for re-infection.
Full cleanup recommended first, then a bit of patching indicated.

If you haven't done a scan with Avast yet, do that now.

Try downloading and installing MBAM http://www.malwarebytes.org/mbam.php, update it, run a quick scan. Quarantine anything found. If the application asks you to reboot, do so promptly. Then run a full scan, and repeat this until it comes up clean.
(MBAM is a good quality antispyware/trojan tool often recommended. The demand scanner-blue on the download page- is free.)

I recommend updating to SP3, or at the very least making sure all windows updates have been installed.
Go to http://secunia.com/vulnerability_scanning/online/ and carry out an online scan. This may well reveal something about out of date software on your system.

There are quite a few other tricks and recommended practices - including running a two way firewall, which will catch a malware outbound connection request - but that should do for now. (One thing at a time.)
Post back with the scan results, any missing Windows updates, and the Secunia scan results, please.

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[BazzaBoy]

Many thanks to both of you for your detailed advice. I might not have done everything that you advised, but I did most of it.

I haven't seen smsc.exe in the last two days. But if I do see it again, you'll be the first to know

Thanks again and Best Regards.

[Tarq57]

You're welcome. Did MBAM find and deal with it?

[BazzaBoy]

Finding it was not the problem. I knew where it was and had deleted it prior to making this post. Since running MBAM and installing Spyware Terminator, I haven't seen it again in the Windows/System folder. I hope, either Avast or Spyware Terminator is preventing it from entering my computer.

Do I need to install a software that actually prevents named files from entering the computer (like Zonealarm)?

[Tarq57]

ZA is a firewall. A good two-way firewall is definitely worthwhile installing. I've tried Comodo, Filseclab, Kerio 2.15, and the one I currently use, which suits me best. (And, of course, the Windows firewall.)
It won't prevent "named'' files from entering the computer - actually I don't see how that would work. What it will do is prevent installed malware from connecting outbound unless you authorise it, thus alerting you to the fact something is not right.
If you have the HIPS in ST active, it should (in theory) prevent certain system changes and installs of this nature taking place.
Comodo Firewall Pro (now only download-able as part of the full suite - installation of components is selectable) also has a HIPS, called Defence+. I understand it's pretty good.

The probelm with malware is that it tends to frequently have new variants, along with new componentry names, so the newest variants are not always detected by blacklist scanners. Which is where HIPS and a two way firewall come into their own.
I wouldn't be inclined to run more than one HIPS-type application at a time.