Smitfraud/Rogue Antispyware Removal for Vista users

From CastleCopsWiki

Jump to: navigation, search

Removal consists of running a disk cleanup program and two scans

  1. ATF Cleaner
  2. RogueRemover FREE
  3. SUPERAntispyware (in safe mode)


ATF Cleaner

Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista!

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Uncheck Cookies - only, if you choose to retain your cookies
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Uncheck Cookies - only, if you choose to retain your cookies
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Uncheck Cookies - only, if you choose to retain your cookies
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit. on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


RogueRemover FREE Scan

The list of threats removed by RogueRemover may be found here:
http://www.malwarebytes.org/database.php


Please download the RogueRemover installer called rr-free-setup.exe to your desktop.

  • Double-click on rr-free-setup.exe to install the program
  • After installation, do one of the following to launch RogueRemover FREE as an Administrator:
  • Right-click the RogueRemover desktop shortcut and select "Run as Administrator"
  • Click the Vista Orb (Start), select All Programs and choose RogueRemover FREE, and then right-click RogueRemover FREE and select "Run as Administrator"
  • When the program opens, select the Check for Updates button on the Main Menu.
  • When the Update window opens, select the Check for Updates button, again.
  • If your firewall prompts, make sure to indicate your approval, so updating can proceed.
  • Click Check for Updates until you are prompted with a Download option.
  • If prompted again, select Download to receive the latest updates.
  • When updating completes, close the update window.
  • Finally, select Scan and the program will scan for all the Rogue Programs that are in its database.
  • Please make a note of RogueRemover's results at the end of the scan and then close the program.


SUPERAntispyware Scan

Download and install SUPERAntiSypwareusing the default settings

  1. Roght-click the SUPERAntiSpyware desktop icon and choose "Run as Administrator" to launch the program.
  2. When you are asked to update the program definitions, click Yes.
Only if you are not prompted to update the definitions or already have SAS, select Check for Updates before scanning.

Program Setup

Select Preferences | Scanning Control

Check the following Scanner Options:
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.

Click the Close button to leave the control center screen.

Scan Setup

  1. Select Check for Updates to verify that you are working with the most up-to-date definition database.
  2. On the main SAS screen, under Scan for Harmful Software select Scan your Computer.
  3. On the left, make sure your primary drive (normally C:\Fixed Drive) is selected, plus any other hard drives that are connected to your system.
  4. Now, close SUPERAntispyware because you will be running the scan in safe mode


Boot into safe mode

  • Restart your computer
  • Right after the PC manufacturer's splash screen appears, immediately tap the F8 function key
  • When the Advanced Options menu appears, select the safe mode option
  • You will see a list of drivers scroll by, after which a low resolution version of the Windows desktop appears

Image:SAS-icon.png Scan with SUPERAntispyware

  1. Relaunch SUPERAntispyware by right-clicking its desktop short-cut and choosing "Run as Administrator".
  2. On the main SAS screen, under Scan for Harmful Software select Scan your Computer.
  3. On the right, under Complete Scan, choose Perform Complete Scan.
  4. Click Next to start the scan.
  5. After the scan is complete, a Scan Summary box will appear listing potential threats that were detected. Click OK.
  6. Check all detected threats, then click "Next".
  7. A notification will appear that "Quarantine and Removal is Complete". Click OK and then click the Finish to return to the main menu.
  8. Reboot your computer

Retrieving the scan report

  • Relaunch SUPERAntispyware
  • Click Preferences | Statistics/Logs
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, select the most recent and press View log. The SAS scan log will be displayed in your default text editor.
  • If you are posting a HJT log, and any threats (excuding cookies) were found - copy and paste the SAS Scan Log results in your HJT topic - along with your HJT log.
  • Click Close to exit the program.

If you have questions or need help, please refer the SUPERAntiSpyware Frequently Asked Questions.

Now go ahead and perform an antiviral scan.

This article is part of the Malware Removal and Prevention series
The series was developed as the key deliverable of the
Cleaning Malware Project.
Malware Removal and Prevention Overview
Malware Prevention
edit this template
Retrieved from "http://wiki.castlecops.com/Smitfraud/Rogue_Antispyware_Removal_for_Vista_users"
Personal tools