Smitfraudfix.exe - Detection

pcbugfixer

G'Day Folks,

Seems on my latest scan of the workstation, they are comming up with previously undetected infections of various types.

The problem now is that some of these BDTS 2009 just deletes, which makes it difficult to retrieve and submit them. However I will attempt to do so from possible backups we may have.

On file that is interesting is the SmitfraudFix.exe which I will upload (SmitfraudFix.zip) to my Temp folder for Cris to investigate please.

SmitfraudFix.exe is the fix / remover for the Smitfraud* Trojan and payload (multiple strands / versions of Smitfraud) so it will be interesting to find out why it is infected with the "Application.Generic.13334" - virustotal.com has some interesting results from various Anti-Virus Publishers and it would be interesting to find out why the 'Fix" tool file is reported as being infected ?

BTW ee.exe is still being detected and either deleted or offers other options in the scan results of different workstation all with BDTS 2009.

alexcrist

ee.exe is not detected anymore. Please update your virus signatures.

Smitfraudfix is not a single tool, but it contains more tools inside. One (some) of those tools are dangerous and might be used by malicious applications to take harmful actions against your system. Those tools are NOT malware, but they can be used by malware.

And the prefix Application. in it's signature defines just that: a clean file (usually an executable filetype), but which could be used for malicious actions if used in certain conditions. Also, as you can see on VirusTotal, other engines also sign it by Risktool or not-a-virus, which represents the same thing.

I will send the file for analysis, but detection might remain so don't hold your breath on this one.

Cris.