No probs! :smileyhappy:

melboy, Thanks. Bugbatters is an expert in this area.  Thanks for directing me to this post.

Bugbatters standard reply on the HJT forums has this:

 

We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.
Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&message.id=91755#M91755

 Annie,

 

you wrote that your nephew "asked [you] to download SmitFraudFix".

 

be advised that, unless an expert analyzed your nephew's system, and determined that S!Ri's SmitFraudFix is the appropriate tool for his situation, it should not be run "willy-nilly" on computer systems.   in particular, running option #2 on a clean (NON-smitfraud-infected) machine will remove the user's wallpaper (desktop background)  --- leaving the unsuspecting user to wonder why smitfraudfix did this.

[option #1 generates a technical report, which will need an expert to interpret.]

 

MBAM (for windows 2000/XP/Vista) or SAS (all windows) would be "safer" ways to proceed, provided it is a malware problem.   [however, these will not repair virus issues.]

and if MBAM+SAS can't fix the malware issue, then HJT analysis would be indicated.

for antivirusXP 2008, i'd definitely start with MBAM :

 

download and install the FREE version of  

Ky331. My nephew has a spy ware problem-"AntivirusXP 2008." I shared your message with him and he is going to use MBAM and SAS instead.  I did not realize that SmitFraudFix was such a powerful program.  He is using XPHOME. He also said his Display tabs are missing-I believe the screen saver and desktop setting under display properties. From what I have read about this particular piece of malware it removes some of the display property tabs. I think I did find a vsb script to repair this for him. 

 

My nephew did a Google Search and found directions for removing this malware using SmitFraudFix.This is why he asked me to download this program for him.

 

Thank you for this information.  Annie

Ky331, Thanks. I will see him on Monday to help him with this.  Have a great day.  Annie

MBAM will fix it, but be aware that some of these infections also come along with others that MBAM may not target. Check to see if start menu shortcuts are gone as well. If not, have him post a HJT log and let us know.

He will also need to take care of any vulnerabilities that caused him to get this malware in the first place.
Make sure Java is the latest version and also that he has his Windows Updates.

I'd be interested to know your thoughts/opinions on this site:

 

http://www.kellys-korner-xp.com/xp_tweaks.htm

 

I know of a least one person that has had success using the .reg/vbs files for restoring missing tabs etc (for example #227, right hand column) 

If your question is for me, I give Kelly Theriot's site two thumbs up. :)

Thank you Bugbatter :smileyhappy:, the question was open to anyone that has more knowledge/experience than myself in this area, seeing as you fit that criteria, i appreciate your response!

 

Seriously though, for future reference it's good to know that these fixes offered may well help in fixing some of the problems left over from a malware infection/clean up.