I've just found out I have Smitfraud-C on my computer. Should I cancel all my credit cards?
March 15, 2006 3:57 PM Subscribe
I just found out I have Smitfraud-C on my computer. I'm not sure how long it's been there. According to one website it's a keylogger among other things. I just removed it but should I cancel all my credit cards?
Smitfraud-C.
Meaning that you or someone else fell for the trojan, dintcha?
You should, at least, contact your lenders and let them know. Then you should wipe that computer and reinstall, as is SOP for any computer infection and not done nearly often enough.
posted by Kickstart70 at 4:07 PM on March 15, 2006
Meaning that you or someone else fell for the trojan, dintcha?
You should, at least, contact your lenders and let them know. Then you should wipe that computer and reinstall, as is SOP for any computer infection and not done nearly often enough.
posted by Kickstart70 at 4:07 PM on March 15, 2006
Like kickstart said, its not so much the credit cards I'd be worried about, its the accounts you have at SmithBarney. Let them know asap, and change your passwords. Of course, change your passwords AFTER you reformat and reinstall.
posted by ChasFile at 4:32 PM on March 15, 2006
posted by ChasFile at 4:32 PM on March 15, 2006
First, how did you discover this virus was present? Was it through a standard virus scan (and which one?) or did you receive a computer notice of the virus. or something else? That's an important question, because if you read here, one Smitfraud virus can actually generate a message which claims infection by a different version of a Smitfraud virus to try and get you to purchase a fake antispyware program.
Did you see the message "Security warning. A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) * 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c System can not function in normal mode. Please check your security settings. Scan your PC with available antivirus / spyware remover program to fix the problem. " If you did, that's the virus attempting to fool you into getting their spyware program.
There are several means to remove the virus. One of them can be found here. Google will turn up other sites and instructions for removal if you prefer.
The possibility of your credit card data being compromised is quite low, although not zero. The average phishing site lived about two days in 2004 according to one Internet statistics site, with many having lifespans measured in hours or minutes before they were shut down or blocked. In 2006, I'd expect them to die even quicker. Since the sites to which Smitfraud sent information are known, they would be long gone and inactive by now. Your decision on cancelling cards, but a phone call to the banks who issued the card(s) you use on the 'Net probably wouldn't be a bad idea. They can give your their preferred procedure.
Still, full computer wipes are extreme overkill for the majority of virus infections and are performed too often by the hapless computer user who, understandably, becomes overly paranoid . They are not SOP, nor should they be. The means to eliminate the Smithfraud virus is well-documented with free utilities available to do so. Unless you have evidence of secondary infections or other problems after scanning with a full antivirus program, simple removal should be sufficient.
posted by mdevore at 4:42 PM on March 15, 2006
Did you see the message "Security warning. A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) * 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c System can not function in normal mode. Please check your security settings. Scan your PC with available antivirus / spyware remover program to fix the problem. " If you did, that's the virus attempting to fool you into getting their spyware program.
There are several means to remove the virus. One of them can be found here. Google will turn up other sites and instructions for removal if you prefer.
The possibility of your credit card data being compromised is quite low, although not zero. The average phishing site lived about two days in 2004 according to one Internet statistics site, with many having lifespans measured in hours or minutes before they were shut down or blocked. In 2006, I'd expect them to die even quicker. Since the sites to which Smitfraud sent information are known, they would be long gone and inactive by now. Your decision on cancelling cards, but a phone call to the banks who issued the card(s) you use on the 'Net probably wouldn't be a bad idea. They can give your their preferred procedure.
Still, full computer wipes are extreme overkill for the majority of virus infections and are performed too often by the hapless computer user who, understandably, becomes overly paranoid . They are not SOP, nor should they be. The means to eliminate the Smithfraud virus is well-documented with free utilities available to do so. Unless you have evidence of secondary infections or other problems after scanning with a full antivirus program, simple removal should be sufficient.
posted by mdevore at 4:42 PM on March 15, 2006
If I'm reading the information about Smitfraud-C correctly, this isn't a piece of software installed on your PC; it's a web site you visit that looks like the real site, but isn't. The "keylogging" that takes place is simply you manually and intentionally entering your information into their fake web page and clicking "submit".
If that's the case, there's no point to reinstalling your computer; there's nothing to erase.
If I'm wrong, please someone point me to a more useful information page than the one linked above
In other words, get your password changed ASAP (just in case I'm wrong, use someone else's computer) and contact smith barney right away. If you have personal information (credit card and whatnot) in the sb account, notify those vendors and get things reissued as well.
posted by davejay at 4:51 PM on March 15, 2006
If that's the case, there's no point to reinstalling your computer; there's nothing to erase.
If I'm wrong, please someone point me to a more useful information page than the one linked above
In other words, get your password changed ASAP (just in case I'm wrong, use someone else's computer) and contact smith barney right away. If you have personal information (credit card and whatnot) in the sb account, notify those vendors and get things reissued as well.
posted by davejay at 4:51 PM on March 15, 2006
Ah, I should have hit preview. That'll teach me to open comment threads and answer them 30 minutes later. In short, what mdevore said.
posted by davejay at 4:51 PM on March 15, 2006
posted by davejay at 4:51 PM on March 15, 2006
Response by poster: I found out about it when I ran my weekly run of Spybot search and destroy. I killed it with that (I think) and then I subsequently ran Ad-Aware and then Norton AntiVirus to be sure.
Frankly I don't think I HAVE an account at Smith Barney. At least not that I know about. But I'll contact them anyway.
Do I really need to reformat the hard drive and reinstall windows? I've got like ten proprietary programs on this thing and it's always a hell to reinstall everything. But if I have to I will.
posted by rileyray3000 at 6:15 PM on March 15, 2006
Frankly I don't think I HAVE an account at Smith Barney. At least not that I know about. But I'll contact them anyway.
Do I really need to reformat the hard drive and reinstall windows? I've got like ten proprietary programs on this thing and it's always a hell to reinstall everything. But if I have to I will.
posted by rileyray3000 at 6:15 PM on March 15, 2006
>Do I really need to reformat the hard drive and reinstall windows?
Given what you've said, absolutely not. You had a relatively minor infestation, you removed it successfully, you have protection in place (up to date I assume/hope), you scanned for other problems with no further indications of failure. Discounting the one in a million shot, you came through this situation fine. You should be in good shape.
And if you don't have a Smith Barney account (you'd know), I'd not bother them either.
posted by mdevore at 7:20 PM on March 15, 2006
Given what you've said, absolutely not. You had a relatively minor infestation, you removed it successfully, you have protection in place (up to date I assume/hope), you scanned for other problems with no further indications of failure. Discounting the one in a million shot, you came through this situation fine. You should be in good shape.
And if you don't have a Smith Barney account (you'd know), I'd not bother them either.
posted by mdevore at 7:20 PM on March 15, 2006
Oh yeah, lest I get taken to task for that one in a million shot remark, I simply meant a very low probability you have further problems related to this virus given the lack of further symptoms. One in five hundred good enough?
posted by mdevore at 7:33 PM on March 15, 2006
posted by mdevore at 7:33 PM on March 15, 2006
I'm going to have to chime in here to adamantly disagree with Mdevore.
Once a PC has been compromised, the only way to trust it again is to blow out all system files and put the OS back fresh. You just don't know what SpyBot missed, or AdAware missed, or your antivirus software missed, and what other nasties you've picked up along the way.
And most root kits are undetectable by antivirus software. That's what F-Secure's Blacklight is for, and even it's not 100%. A root kit is different from a virus or worm, but it can be introduced by one, and your PC's a zombie before you know it.
I know it sounds extreme, but I promise I haven't worn a tin foil hat in years. If you want to be sure, re-image that sucker.
posted by SlyBevel at 8:36 PM on March 15, 2006
Once a PC has been compromised, the only way to trust it again is to blow out all system files and put the OS back fresh. You just don't know what SpyBot missed, or AdAware missed, or your antivirus software missed, and what other nasties you've picked up along the way.
And most root kits are undetectable by antivirus software. That's what F-Secure's Blacklight is for, and even it's not 100%. A root kit is different from a virus or worm, but it can be introduced by one, and your PC's a zombie before you know it.
I know it sounds extreme, but I promise I haven't worn a tin foil hat in years. If you want to be sure, re-image that sucker.
posted by SlyBevel at 8:36 PM on March 15, 2006
Disagree as you will, but I have never, ever, seen a PC which was so infested that you needed to strip it down to a full wipe. And I've seen a few bad ones. This here is small-time stuff.
There is a lot of unwarranted paranoia out there about viruses. Folks, they are just another program, almost always written by some half-ass hacker or script kiddie. No wait, they aren't just another program. Because there is no incentive to make them robust -- but great disincentives are constantly present -- viruses aren't nearly as well written as other programs. And you can kill them dead as Lincoln.
Frankly, I think a lot of the blow-back on how deadly viruses are is leaked from *ix and Mac users who take delight in spreading detailed horror stories about how bad the Windows environment is for the computing populace. That comment, by the way, isn't aimed at anyone here. It's strictly a general remark on the sad state of OS wars.
The flip side is the millions of the simple computer users who never update, have no security, and never question what the computer is doing. Those are the people who make for the real virus horror stories; not the situation we have here.
posted by mdevore at 9:08 PM on March 15, 2006
There is a lot of unwarranted paranoia out there about viruses. Folks, they are just another program, almost always written by some half-ass hacker or script kiddie. No wait, they aren't just another program. Because there is no incentive to make them robust -- but great disincentives are constantly present -- viruses aren't nearly as well written as other programs. And you can kill them dead as Lincoln.
Frankly, I think a lot of the blow-back on how deadly viruses are is leaked from *ix and Mac users who take delight in spreading detailed horror stories about how bad the Windows environment is for the computing populace. That comment, by the way, isn't aimed at anyone here. It's strictly a general remark on the sad state of OS wars.
The flip side is the millions of the simple computer users who never update, have no security, and never question what the computer is doing. Those are the people who make for the real virus horror stories; not the situation we have here.
posted by mdevore at 9:08 PM on March 15, 2006
Seems pretty clear that I won't be convincing you, and you won't be convincing me. That's ok, I can stay friends with someone I disagree with.
It's true that most PC virii are simple script kiddie jobs. It's also true that the majority are easily cleaned and never thought of again.
But...
1. A single virus isn't a problem, it's a symptom of how the user uses that PC. In my (extensive) experience, where you find one virus, you've got three to five that are deeper and unseen. If you find more than ten or so, you've got a real problem that might cost you (er...your user) data.
2. Many users aren't savvy enough not to install Kazaa, LimeWire, Edonkey, AOL, and so forth. All of these programs and many others install unauthorized crapware/adware/malware along with their intended utilities. And this crap doesn't just go away on it's own, and it usually won't uninstall via the usual methods. Yes, and advanced geek (hello!) can dig into the registry and root them out, but that's a lot of billed time on the bench.
3. Winrot is real, and it doesn't get better. Unless you really know your way around the System32 directory and the registry. My PCs and those of my clients are peak performers because I don't let them run more than a year or so with the same image. This is not OS bashing...I'm comfortable in Linux, and Windows XP Pro is my chosen OS. It's just fact: Windows installations build ever-growing temp directories, registry bloat, corrupt NTFS volumes, undeletable Hiberfils, and simply don't handle uninstalls well. And this is the basic stuff.
And so, I feel my point easily stands. Crap+Crap+Crap+Crap=Time To Reimage.
Back up frequently, reimage regularly, don't talk to strangers (ie: don't open unknown attachments), and if you know you've been infected, kill what you don't see rather than have it bite you later.
Again, tin foil hats aside, if your data is worth protecting, then protect it.
posted by SlyBevel at 11:07 PM on March 15, 2006
It's true that most PC virii are simple script kiddie jobs. It's also true that the majority are easily cleaned and never thought of again.
But...
1. A single virus isn't a problem, it's a symptom of how the user uses that PC. In my (extensive) experience, where you find one virus, you've got three to five that are deeper and unseen. If you find more than ten or so, you've got a real problem that might cost you (er...your user) data.
2. Many users aren't savvy enough not to install Kazaa, LimeWire, Edonkey, AOL, and so forth. All of these programs and many others install unauthorized crapware/adware/malware along with their intended utilities. And this crap doesn't just go away on it's own, and it usually won't uninstall via the usual methods. Yes, and advanced geek (hello!) can dig into the registry and root them out, but that's a lot of billed time on the bench.
3. Winrot is real, and it doesn't get better. Unless you really know your way around the System32 directory and the registry. My PCs and those of my clients are peak performers because I don't let them run more than a year or so with the same image. This is not OS bashing...I'm comfortable in Linux, and Windows XP Pro is my chosen OS. It's just fact: Windows installations build ever-growing temp directories, registry bloat, corrupt NTFS volumes, undeletable Hiberfils, and simply don't handle uninstalls well. And this is the basic stuff.
And so, I feel my point easily stands. Crap+Crap+Crap+Crap=Time To Reimage.
Back up frequently, reimage regularly, don't talk to strangers (ie: don't open unknown attachments), and if you know you've been infected, kill what you don't see rather than have it bite you later.
Again, tin foil hats aside, if your data is worth protecting, then protect it.
posted by SlyBevel at 11:07 PM on March 15, 2006
This thread is closed to new comments.
posted by missmobtown at 3:58 PM on March 15, 2006