Smart Engine
Smart Engine is an addition to the lists of rogue security application currently propagating through the Internet. Smart Engine virus can easily penetrate target computer by looking for a possibility of security holes present on the system. These vulnerabilities can be taken as advantage by a Trojan to secretly install Smart Engine without user’s knowledge. Once exists on the PC, numerous fake alerts is issued and misinform that computer is contaminated with virus. Every start of Windows will provide false virus scan showing dozens of infected files and suggest removing it by having the registered version of a program. Every aspect of its actions emphasized the acquisition of full version which is the sole purpose of every fake antivirus application.
Stating that your computer is under attack followed by recommendation to obtain a licensed version is a common techniques exercise by rogue security product. This is the best strategy so far to promote and sell useless anti-virus application. Ignore it and if possible, avoid visiting unknown web sites and fake online virus scanner where these types of malicious software are hosted. It is important to protect the computer with effective anti-malware solution that will block entry of malicious files and traffic.
Screen Shot:
Alias: SmartEngine
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Smart Engine Removal Procedures
Manual Removal:
1. Stop Smart Engine process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
SMae0_2129.exe
2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Smart Engine entries.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Remove Smart Engine start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
SMae0_2129.exe
7. Click Apply and restart Windows.
Smart Engine Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Special Removal Guide:
This procedure requires removal of registry key. It is important to backup your registry first before proceeding with this step.
1. Go to Start > Run > type regedit.
2. Registry editor will show up. On the menu, click on Edit then Find.
3. In the box, copy and paste this value: 3F2BBC05-40DF-11D2-9455-00104BC936FF
4. Search result will display registration key that belongs to Smart Engine.
5. Delete the key and click OK to save changes.
Technical Details and Additional Information:
Malicious Files Added by Smart Engine:
c:\Documents and Settings\All Users\Application Data\456a678\
c:\Documents and Settings\All Users\Application Data\456a678\4475.mof
c:\Documents and Settings\All Users\Application Data\456a678\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\456a678\MS345d_2129.exe
c:\Documents and Settings\All Users\Application Data\456a678\MSS.ico
c:\Documents and Settings\All Users\Application Data\456a678\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\456a678\BackUp\
c:\Documents and Settings\All Users\Application Data\456a678\MSSSys\
c:\Documents and Settings\All Users\Application Data\456a678\MSSSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\456a678\Quarantine Item\
c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
%UserProfile%\Application Data\Smart Engine\
%UserProfile%\Application Data\Smart Engine\cookies.sqlite
%UserProfile%\Application Data\Smart Engine\Instructions.ini
%UserProfile%\Desktop\Smart Engine.lnk
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Smart Engine.lnk
%UserProfile%\Start Menu\Programs\Smart Engine.lnk
File Location for Windows Versions:
- %UserProfile% is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
Smart Engine Registry Entries:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “control/7.02129″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Shield”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
sajeevan
Oct 11, 2010 @ 17:33:28
my taskbar isn’t opening !!!!!!
Debb Rose
Oct 13, 2010 @ 21:40:34
Can’t open Windows defender, nor Task Manager and don’t know what spyware to trust Help!!!!!!
Flavius
Oct 14, 2010 @ 02:37:08
Pointless tutorial since the virus is blocking internet connection, so you can not update the anti-virus, and also it disables the taskmanager ;)
Sarge
Oct 15, 2010 @ 17:45:33
I could still open the internet therefore downloaded the free Avast! anti virus and ran all scans. This picked up 2 threats which when removed got rid of the smart engine virus.
John
Oct 16, 2010 @ 18:26:22
Try running internet explorer in 64 bit. It worked for me.
Richardo
Oct 19, 2010 @ 10:48:58
Able to open the internet and downloaded Skybot. But still unable to run eithere this or McAfee and Smart Engine still there.
jimbo
Oct 21, 2010 @ 03:49:25
I have had this smart engine virus for 3 days. I have tried every automatic bug removal there is. They eithere don’t work or wnat money. I know this bug is a fake. What do I have to do to get rid of this nasty viral infection???
Oli71fr
Oct 25, 2010 @ 18:03:25
This virus is a nasty one. It prevents all vital functions from your system.
The only solution is to wipe it out from the system.
I saved the personal data on a stick and got on with installing Linux.
Problem solved!
Maybe someone will find a fix.
Good luck windows users – I am gone.
few
Oct 26, 2010 @ 01:46:48
I restarted windows and immediately after startup opened task manager, probly b/c smart engine had not yet loaded. I was then able to go into all users/applications/XXXX/ and delete the files responsible. So far it has not returned and I was able to delete the shortcuts
Keith
Oct 30, 2010 @ 21:46:42
Have just got rid of this blasted programme. The so called cures all wanted lots of money to get rid of it so in a way they are no better than the people who created it in the first place. In the end I wiped the hard drive by reformatting then spent the rest of the day reinstalling everything. On the plus side we got rid of an unwanted partition on the drive, and the computer is running more quickly after losing a lot of rubbish from the start up sequence.
ykntrtry
Nov 01, 2010 @ 14:11:14
Try system restore to a restore point before smart engine installation.
ANON
Nov 03, 2010 @ 19:51:02
Download this:
http://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware
Run it in safe mode. (Press f8 alot when you start your computer)
Download from a different computer if you do not have internet access.
helpdesk guy
Dec 24, 2010 @ 05:50:55
Run a liveboot of Ubuntu and you can delete the files, then the program cannot execute so you can now change the registry and startup and such. Run an antivirus after to cleanup anything you missed.
ttx
Jan 25, 2011 @ 16:47:23
Windows defende don’t work at all it will lock you out of computer then you have to reformat it
adam
Feb 03, 2011 @ 14:33:08
i had this now my son has it on his laptop. i cant remember what i did to get rid of mine think i downloaded a small tool. i cant seem to get rid of his. These people should be prosicuted how dumb do they think people are as if your going to pay for something when theyve basicly knackered your pc.