Page 1 of 1

MWAV cant detect the spyware SMITFRAUD

PostPosted: Fri Feb 01, 2008 3:12 am
by cmora
Hi.

The laptop of a client was displaying too many messages related with NetSky infection, and a "Microsoft Security Alert" providing info related with a computer infection, and try to open a web named safenavweb.com.

i check the laptop wih the latest mwav, under windows safe mode, without network and with the system restore disabled.

Mwav detect too many addware, trojans, and registry failtures, but when restart in normal mode, the message related with netsky continue appearing.

I search in the spyware forums, and found information related with a trojan Named SMITFRAUD, so i search and download a tool named SmitfraudFix.zip.

After to check the system with that tool, the problem was solved correctly.

Now the client are asking me why The latest MWAV version was fail. He use AV 9.0.721.1 in all the network, and need to know if this trojan are present in the LAN.

What can i do in that cases?

Thanks in advance

PostPosted: Fri Feb 01, 2008 5:45 pm
by Varghese
Hi,

Please Post your latest Logs of MWAV here or send it as an attachement to mathew@mwti.net at the earliest.

Also send MWAVC.log from your %temp% folder.

PostPosted: Thu Mar 06, 2008 1:12 am
by cmora
Hi.

I have again problems with the SMITFRAUD Trojan. I install the latest AV (799), latest mwav and cant remove the trojan

This is the logs

http://www.jconsultores.com/mwti/forums-mwti/MWAV.LOG

http://www.jconsultores.com/mwti/forums-mwti/MWAVC.LOG

This is the log of the tool used to removed the trojan

http://www.jconsultores.com/mwti/forums ... apport.txt

So, why escan continue without detect thats trojan?

thanks in advance

Re:

PostPosted: Fri Mar 07, 2008 5:26 pm
by Varghese
Hi,

If you could send us a file pinfect.zip from the infected system the infections can be added to our updates and this should resolve the problem. This is a password protected zipped files which stores the possible new infections on your system.

The default path of the file pinfect.zip is :

c:\progra~1\escan\infected\pinfect.zip
In My Documents.
%temp% folder.

:)

PostPosted: Sat Mar 08, 2008 4:27 am
by cmora

Detection Added

PostPosted: Mon Mar 10, 2008 1:00 pm
by Varghese
Hello Cmora,

New malicious code was found in the uploaded file pinfect.zip. Its detection will be added in the next updates.

fqspogw.exe - not-a-virus:AdWare.Win32.Vapsup.cds