Killing SmitFraud

I spent over two hours on the phone with my dad two states away this evening. His laptop had been infected with a particularly nasty piece of spyware that I can only determine to be a variant of SmitFraud. SmitFraud infects the wininet.dll file with the W32/Smitfraud.A virus which monitors the infected computers internet activity and “calls home”. It installs a variety of “anti spyware” programs, most notably in his case was “Spyware Quake“.

We found a number of solutions spread across the internet, but none seemed particularly reliable. One piece of advice was to run the “anti-spyware” program to get a list of infections. This seemed rather dubious to me. Even after identifying infections and deleting them, there was one (C:\WINDOWS\system32\wfkduei.dll) that would not go away and could not be deleted – even in safe mode.

Ultimately, we came across this piece of advice from a french forum

Bonsoir.

Télécharger SmitfraudFix.zip
Dézipper le dossier sur le bureau (clic droit -> extraire tout…)
Dans le dossier, double-clic sur SmitfraudFix.cmd
Lancer option 1.
et coller le log généré.

Interpreted:
Good Evening.

Download SmithfraudFix.zip
Unzip the file to your desktop (Right click -> Extract)
From the desktop, double-click on SmitfraudFix.cmd
Choose Option 1
and post the generated log

Now we just chose option 2 (Clean) and hey, what do you know? It works! I’ll vouch for this fix for sure.