Today one of my customer PC infected lot of spyware and most of it can be removed using spyware doctor as this software is really pro in cleaning spyware. The system is extremely slow and the system keep popping up those advertisement pop-up on the screen plus the task bar there have an icon displaying info box said “your computer is infected with a lot of spyware and download this software to clean your pc” but the program itself is a spyware… so nice it.
I check the task manager to see any unknown program running beside those normal program that we seen running on win XP, then i spotted 2 misc program running called “icthis.exe” and “icmnrt.exe”. It does not look familiar to a clean system, so i do a Google search to find what is this little program do and it come out is a trojan/backdoor program then i find for solution to clean/remove it from the system since spyware doctor doesn’t get rid of it.
Get into techguy forum where someone had request for a solution to get rid of the program and one of the Distinguished Member have solution for it and it really works with very simple steps written there. The following is the guide that i copy out for reference:-
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press “Enter”.
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 – Clean by typing 2 and press “Enter” to delete infected files.
You will be prompted: “Registry cleaning – Do you want to clean the registry?”; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning: running option #2 on a non infected computer will remove your Desktop background.
This SmitFraudfix not only fix this trojan/backdoor as it can fix others, please refer to this website.
Source : TechGuy | SmitFraudFix