[UPDATE 10-24-2008] – Microsoft has released an emergency patch for it’s Windows Operating system. I wonder why? Read about the patch here. More info here and here.
********************************************************************
I fell victim to this virus about 2 months ago. Within the last two weeks so have 4 of my friends/relatives. It’s time to blog about this.
The SmitFraud family of viruses takes complete control of your Windows computer. You can get it just by going to the wrong website, and no, it’s not just porn sites that give it to you. It’s not just torrent sites, gambling sites or anything like that – normal web-surfing people are going down by this virus and it’s a shame to both Microsoft Windows and all anti-virus software.
Once infected, you will start to see what appears as Windows security telling you that you’ve been infected by spyware. You may see security balloons at the bottom right of your screen and your desktop might now have a link on it – all warnings lead you to a website that is selling anti-spyware software. THEY WANT YOU TO BUT THIS SOFTWARE. That is the end game of this virus, it says you’re infected with spyware, it prompts you to buy anti-spyware software that will fix the problem, you give them your credit card info and then you’re SCREWED. They want your credit card info. The anti-spyware software will not fix the problem.
I suspect I got this virus when I followed a link from reddit.com that was supposedly to politcal-goof video. Once I clicked the link to the website, I became infected with the virus. Windows didn’t detect it nor did my anti-virus software.
The first thing I noticed was Windows Security balloons at the bottom-right of my screen saying I had been infected with Spyware, “Click Here to Fix the Problem” or something like that. Also, my desktop, which normally was just a shade of blue, now had a link on it that said I had been infected with Spyware, click on it to fix the problem.
It is important to note that this virus has many variations and keeps evloving (the person(s) who made it keep updating it). Here are some sample screenshots of the virus.
If you think you’ve been infected by this virus, you’re pretty much screwed. It’s not an easy fix. If you do your research about this virus on the web you will find various removal tools both free and for a price. I tried every single one of them, every single technique, and nothing worked for me.
Here’s what worked for me. First, I backed up all my personal files such as Word documents, pictures, mp3s, etc… onto an external hard drive. I cannot guarantee that the virus isn’t somehwere in one of those files, but I basically quarantined those files to a removal drive.
I found out my BIOS model and serial number. Mine was a Phoenix something or the other. I found the BIOS flash software (free) on Phoenix’s website and copied it to a floppy.
Then I used my Hard Disk manufacturer’s (in my case Maxtor) Drive Diagnostics boot disk, which I booted from, then I had the option of writing zeros to my MBR (Master Boot Record), and low-level re-formatting my hard drive.
When that was done I flashed the BIOS with the floppy I made from the BIOS manufacturer’s website. I’m not gonna go into the warnings or intricate details of this procedure, you should do your homework on how to do it properly.
Then I booted from the Windows install CD and re-installed Windows. That was it, my computer was clean.
Now, about the external hard drive I backed up my important files onto. I don’t know for sure if the virus is on it, but I think it isn’t because there are no weird files I don’t recognize on the drive – only .doc, .mp3, .jpg, .gif, etc… I also scanned the hard drive with a bunch of Anti-virus software which I know didn’t detect it in the first place, but still I didn’t want to skip this step.
This Quake Spyware/Smitfraud virus is a SHAME to Microsoft and all Anti-Virus/Spyware software manufacturers. It takes complete control over Windows and is almost impossible to remove. From the looks of it, it looks like everyone is going to get a variation of this virus sooner or later, since it takes advantage of flaws in Windows an AV software to make it undetectable before it infects you, you automatically become infected by just clicking on the wrong link, and it is so hard to remove – if you even can remove it.
more information:
panda security smitfraud info