Trojan-Spy.HTML.Smitfraud.c

Trojan-Spy.HTML.Smitfraud.c is a generic detection for a variant of Trojan that can steal sensitive information from infected computers. Victims are redirected to a phishing web site to gather username and password. It may also block some antivirus programs from running by disabling its process. Trojan-Spy.HTML.Smitfraud.c will also try to connect to a remote server and download more threats. This password-stealing threat will record key presses from the infected computer and save it as a log file. Then it sends the gathered data to a remote attacker on specific schedule through email or file transfer protocol.

Alias:  Phish-BankFraud.eml.a, Trj/Citifraud.A, generic5

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Upon execution of Trojan-Spy.HTML.Smitfraud.c, it will drop file under Temp directory of Windows. Registry keys are also added to the compromised computer that is essential to perform its tasks.

The Trojan is also found to have other harmful characteristics like the following:

  • It may connect to an Internet and request for additional malware files.
  • Author of this Trojan utilized a packer that is not typically used for legitimate software.
  • The Trojan may terminate any instance of security software services.
  • It contains other characteristics and identified security risks.

Distribution
Trojan-Spy.HTML.Smitfraud.c spreads via file-sharing network. In most occasions, a Trojan developer embeds its malicious code onto legitimate executable files that are made online through file-sharing servers. Using an encryption method not commonly used for commercial product, it often conceals itself from antivirus program. There are no reports that this Trojan can infect other computers that are on a local network.

Update:

On some occasions, fake anti-virus program will send an alert about the presence of Trojan-Spy.HTML.Smitfraud.c. This is a fake warning that attempts to mislead user into paying for the registered version of the endorsed product.

Trojan-Spy.HTML.Smitfraud.c

How to Remove Trojan-Spy.HTML.Smitfraud.c

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan your computer with suggested tools and scanners.

NOTE: We suggest that you PRINT this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

Step 1 : Scan and remove Trojan-Spy.HTML.Smitfraud.c with MalwareBytes Anti-Malware

This guide requires a tool called Malwarebytes' anti-malware. It is a free tool designed to eradicate various computer infections including Trojan-Spy.HTML.Smitfraud.c. MBAM scanner and malware removal tool is distributed for free.

1. In order to completely remove Trojan-Spy.HTML.Smitfraud.c, it is best to download and run the recommended tool. Please click the button below to begin download.

Download Tool

2. After downloading, double-click on the file to install the application. If you are using Windows Vista or higher version, right-click on the file and select 'Run as administrator' from the list.

3. When User Account Control prompts, please click Yes to proceed with the installation.

4. Follow the prompts and install as 'default' only. There are no changes needed during the installation process.

5. Before the installation procedure ends, MalwareBytes Anti-Malware will prompt if you want to launch the application. Please leave the check mark on Launch Malwarebytes Anti-Malware.

Launch MBAM

6. Lastly, click the Finish button.

7. Malwarebytes Anti-Malware will launch for the first time. It is necessary to proceed with database update.

8. Remove all media such as Memory Card, CD, DVD, and USB devices. Then, restart the computer.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

9. Once Windows is running on Safe Mode, find the icon of MalwareBytes Anti-Malware. Double-click to launch the program.

10. Choose Threat Scan on scanner's console to ensure that it thoroughly check the PC for any presence of Trojan-Spy.HTML.Smitfraud.c and other forms of threats. Click the Start Scan button to begin.

MBAM Scan

11. Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and click on Remove Selected.

MBAM Scan Finish

12. If it prompts to restart the computer, please reboot Windows normally.

Step 2 : Run a scan with your anti-virus program/a>

1. Repeat the process of starting Windows in Safe Mode with Networking.
2. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of Trojan-Spy.HTML.Smitfraud.c.

Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.

3. Once updating is finished, run a full system scan on the affected PC. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.

Step 3: Run another test with online virus scanner

Another way to remove Trojan-Spy.HTML.Smitfraud.c without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.

1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Virus Scan

2. After completing the necessary download, your system is now ready to scan and remove Trojan-Spy.HTML.Smitfraud.c and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.

Alternative Removal Procedures for Trojan-Spy.HTML.Smitfraud.c

Option 1 : Use Windows System Restore to return Windows to previous state

During an infection, Trojan-Spy.HTML.Smitfraud.c drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

How to Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.

rstrui-win7

How to Open System Restore on Windows 8

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.

rstrui-win8

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.

Avatar

About Adam Green

Adam is an experienced security aficionado who has written 100s of articles about malware, VPNs and staying secure online. He has been writing for PreciseSecurity.com since 2010.

Leave a Comment

Your email address will not be published. Required fields are marked *