S.M.A.R.T Repair Rogue Removal Instructions

If you’ve got S.M.A.R.T Repair alert on your computer,then as you probably already suspect you’re computer has been infected with a rogue software.
S.M.A.R.T Repair has changed your desktop background,hidden your files and shortcuts and it’s causing browsing redirects.T

S.M.A.R.T Repair is a malicious software that will display fake alerts, claiming that several hard drive errors were detected on your computer.In reality, none of the reported issues are real, and are only used to scare you into buying S.M.A.R.T Repair and stealing your personal financial information.
This rogue software has changed your desktop background,hidden your files and shortcuts and it’s causing browsing redirects.
We strongly advise you to follow our S.M.A.R.T Repair removal guide and ignore any alerts that this malicious software might generate.Under no circumstance should you buy this rogue security software as this could lead to identity theft.
If you’ve got a S.M.A.R.T Repair infection , you’ll be seeing this screens :

[Image: Smart-HDD.png]

[Image: Smart-HDD.png]

[Image: Smart-HDD.png]

Registration codes for S.M.A.R.T Repair

As an optional step,you can use the following license key to register S.M.A.R.T Repair and stop the fake alerts.
08869246386344953972969146034087
Please keep in mind that entering the above registration code will NOT remove S.M.A.R.T Repair from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

Removal guide for S.M.A.R.T Repair

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows  start-up logo appears.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]
  4. Log on to your computer with a user account that has administrator rights

STEP 2: Remove S.M.A.R.T Repair malicious proxy server

S.M.A.R.T Repair may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.

  1. Start Internet Explorer [Image: S.M.A.R.T Repair- IE] and if you are using Internet Explorer 9 ,click on the gear icon   [Image: IE gear icon] (Tools for Internet Explorer 8 users) ,then select Internet Options.
    [Image: Internet-options-IE.png]
  2. Go to the tab Connections.At the bottom, click on LAN settings.
    [Image: Remove-proxy-server2.png]
  3. Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.
    [Image: Remove-proxy-server3.png]

If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy

STEP 3: Run RKill to terminate known malware processes associated with S.M.A.R.T Repair.

RKill is a program that attempts to terminate any malicious processes associated with S.M.A.R.T Repair ,so that your normal security software can then run and clean your computer of infections.

As RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.

  1. While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.
    [Image: download-rkill.png
  2. Double-click on the RKill iconin order to automatically attempt to stop any processes associated with S.M.A.R.T Repair.
    [Image: run-rkill-1.png]
  3. RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.
    [Image: run-rkill-2.png]
    IF you receive a message that RKill is an infection, that is a fake warning given by the rogue. As a possible solution we advise you to leave the warning on the screen and then try to run RKill again.Run RKill until the fake program is not visible but not more than ten times.
    IF you continue having problems running RKill, you can download the other renamed versions of RKill from here.
  4. When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
    [Image: S.M.A.R.T Repair rkill3.jpg]

WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.

STEP 4: Remove S.M.A.R.T Repair malicious files with Malwarebytes Anti-Malware FREE

  1. Please download the latest official version of Malwarebytes Anti-Malware FREE.
    download Malwarebytes
  2. Install Malwarebytes’ Anti-Malware by double clicking on mbam-setup.
    [Image: malwarebytes-installer.png]
  3. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finishbutton. If Malwarebytes’ prompts you to reboot, please do not do so.
    [Image: install-malwarebytes.png]
  4. Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
    [Image: decline-trial-malwarebytes.png]
  5. On the Scanner tab,please select Perform full scan and then click on the Scan button to start scanning your computer for any possible infections.
    [Image: malwarebytes-full-system-scan.png]
  6. Malwarebytes’ Anti-Malware will now start scanning your computer for S.M.A.R.T Repair malicious files as shown below.
    [Image: malwarebytes-scanning.png]
  7. When the scan is finished a message box will appear, click OK to continue.
    [Image: malwarebytes-scan-finish.png]
  8. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image: malwarebytes-scan-results.png]
  9. Malwarebytes’ Anti-Malware will now start removing the malicious files.If during the removal process Malwarebytes will display a message stating that it needs to reboot, please allow this request.
    [Image: malwarebytes-reboot-prompt.png]

STEP 5: Double check your system for any left over infections with HitmanPro

  1. This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
    [Image: Download Hitman Pro]
  2. Double click on the previously downloaded file to start the HitmanPro installation.
    [Image: hitmanpro-icon.png]
    NOTE : If you have problems starting HitmanPro, use the “Force Breach” mode. Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  3. Click on Next to install HitmanPro on your system.
    [Image: installing-hitmanpro.png]
  4. The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
    [Image: hitmanpro-setup-options.png]
  5. HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
    [Image: hitmanpro-scanning.png]
  6. Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next.
    [Image: hitmanpro-scan-results.png]
  7. Click Activate free license to start the free 30 days trial and remove the malicious files.
    [Image: hitmanpro-activation.png]
  8. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 6: Unhide your files and folders

S.M.A.R.T Repair modifies your file system in such a way that all files and folders become hidden, to restore the default settings , you’ll need to run the below program.

  1. Download Unhide.exe, to unhide your files and folders.
    Download Unhide.exe
  2. Double-click on the Unhide.exe icon on your desktop and allow the program to run.The whole process should not take more than 5 minutes to complete,and at the end this utility will generate a report.
    Unhide files utility

STEP 7 : Restore your shortcuts and remove any left over malicious registry keys

S.M.A.R.T Repair has moved your shortcuts files in the Temporary Internet folder and added some malicious registry keys to your Windows installation , to restore your files we will need to perform a scan with RogueKiller.

  1. Please download the latest official version of RogueKiller.
    download RogueKiller
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    [Image: roguekiller-1.png]
  3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    [Image: roguekiller-2.png]
  4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
    [Image: roguekiller-1.png]

STEP 8: Get your desktop look back!

S.M.A.R.T Repair changes your desktop background to a solid black color,to change it back to default one follow the below instruction.

    • Windows XP : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Display icon. From this screen you can now change your Theme and desktop background.
    • Windows 7 and Vista : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Appearance and Personalization category. Then select Change the Theme or Change Desktop Background to revert back to your original Theme and colors.

What’s next? Join our amazing community and build up your malware defenses !

IT’S YOUR TURN TO HELP!

If we have managed to help with your computer issues, then please let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

ABOUT STELIAN PILICI

I am the creator and owner of MalwareTips.com.
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

You can follow me on Google+ , and I will keep you up-to-date with the latest computer infections and malware threats.

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free!
We do not request any kind of payment for our services, however if you like to support us with our website costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.
  • Joe

    Hi, a family member of mine accidently ordered the igooseberry suff with team viewer and everything because he thought the computer might be destroyed, but seeing it now i hear its all a scam and what not. He went along and made some payments and its been awhile. Is there a way to stop all payments and make them leave him alone? if you can help then thank you

    • Stelian Pilici

      Hello Joe,
      He needs to contact its bank and inform them that he has been the victim of a scam and possible phishing attack, the bank staff should know how to proceed from there.
      NEXT,please run a scan with the tool from this guide to remove the malicious software from your computer.
      Good luck!

  • OldSchoolTech

    Dear Contributors,

    Big thank you to Stelian Pilici for this thorough, clear guide.
    I’m not sure how I picked up S.M.A.R.T Rogue Virus. Would be interesting to find out. I work as a technician and would advise any one infected to keep calm – the fake alert messages seem disturbing at first.
    When you see a repeated message reproduce itself on the desktop, this is an old hacker technique. Reports indicate this is an old style virus that’s been updated. (I did not press anything when the SMART Scan appeared. It was obviously bogus).

    SMART Rogue Virus hijacks the desktop and sets registry entries to 0 so its difficult to navigate once the virus has “taken over”. The main virus executable file places itself in Documents&Settings\AllUsers\WINDOWS\ApplicationData\ as fA9kENasc6uYJ2.exe (in my case).

    I was able to follow Stelian’s Guide with the one exception. Hitman Pro 3.6.2’s “Next” button was greyed-out when I downloaded it to the (still infected) desktop. The solution is to run MBAM in safe mode first, remove the PUM malware, ensure their is no proxy setup in IE8/9, connect to the Net with IE8/9, visit Hitman Pro or Majorgeeks website and select Run rather than download at the prompts, so Hitman Pro’s “next” button is accessible. (I had not heard of Hitman Pro before, but its an excellent malware remover that even spotted and deleted the notorious “Ask” toolbar entries that MBAM missed, as well as SMART Rogue).

    In my case, Rogue had disabled my internet connections, but the Open Network Connections function was still available in the system tray (bottom right on all Windows where the clock is). Open network connections, select the connection you always use, right click, choose enable from the pulldown list.

    SMART Rogue Virus also disables taskmanager (and in my case) Firefox browser. Following Stelian’s Removal Guide does restore these vital functions.

    For the really thorough (or paranoid) I recommend ATF-Cleaner (freeware) and CCleaner (famous freeware) after completing all Stelian’s removal steps. 14.2MB of temp data was removed by ATF-Cleaner. I’m pretty sure my PC is clean.. But I’ll be running regular MBAM’s and Hitman Pro Scans for awhile…

    Live long and prosper.

    Regards, OldSchoolTech

  • Archie Gillis

    Thanks so much for your guidance on removing the S.M.A.R.T. virus.
    Your instrucitions were clear, precise and worked exactly as you stated.
    There is no way I could have done this on my own.
    Thanks again and keep up the good work.

  • Craig

    THank you for your help removing the S.M.A.R.T. virus….. it was fantastic help!! Wonderful.

  • syrgel

    Hello Stelian,
    Thank you! you are incredible!!!

  • Crystal

    I spent hours yesterday trying to remove this virus. Your steps FINALLY removed this virus. Thank you SO much! You saved me from having to pay to have it removed.

  • Alohabuffy

    Worked great! Thanks for a nice job!

  • Dimitri

    Merci !!!

  • Grate Full

    Thank you so much, this was incredibly helpful!

  • Aphrodite

    Thank you so much! Superbly written and wonderfully ACCURATE! This saved the user from my brunt of my wrath since he waited until 2pm on a FRIDAY to tell me even though “it had been acting funny for a few days…”

  • Sharon

    Thanks so much! Your instructions were great and so far so good. When I started I couldn’t even boot into safe mode and get anything done but I was able to go into msconfig and disable the program from starting up on boot, that let me follow your procedure. I got infected going to a website, not opening e-mail or specifically downloading software so this one is really nasty.

  • DC in SoCal

    Great solution!!! Many thanks….

  • Erika

    I want to say THANK YOU! I freaked out when I got the virus, but I read your tutorial and fixed it myself. BTW, what do you think of Kaspersky TDSS Killer? I downloaded it too but am wondering if it’s also a malware. While downloading it, PC Performer also downloaded. I removed PC Performer immediately, but left me wondering about TDSSKiller. Please advise. Thanks.

    • Stelian Pilici

      Hello Erika,
      Kaspersky TDSSKiller is a legit and good utiltiy , however it’s not need it if you scanned with the software that I’ve recommended in this guide.
      Regarding PC Performer , you have made the right decision as I have never heard of this utility and overall this type of software don’t help that much…so stay away from it.

      Stay safe!:D

  • Royce Logan

    Hi Stelian. Good job with this and thanks. I can’t get Rkill to work even with the other names. I’m thinking SMART may have already countered your latest version. I get a quick black report screen that pops back off almost immediately.

  • lore

    Well done man!
    Great job! If SW/HW tutorials were done done like this, the entire world population would be skilled on computer science!!!

  • Sis

    You are a genius!! This worked for me, and was very clearly written without being over my head. Thank God there are smart people like you out there to combat these malicious hackers. Thanks so much!
    My only question is, “Where is your donate button??” I totally would!

    Thanks again
    SIS

    • Stelian Pilici

      We do it for the FUN :D … You don’t need to ‘donate’anything!Just stay safe!:D

  • CKR

    I have been trying all day to clear this thing off my Dell laptop comp. This is my 5th go-around trying to get things downloaded from these instructions. I’ll have so many new downloads, who knows how long it will take to start my comp up now?!? And, I still am having SMART -a$$ issues!! Anybody know a good comp scrapyard I can take this thing to???? I’m done!!

    • Stelian Pilici

      Hello,
      So what’s your status?Did you manage to download Rkill,Malwarebytes and HitmanPro?Did your run this scanners?

  • Nathan

    Thanks for the instructions on how to remove s.m.a.r.t. repair.
    There are two things that concern me.

    1. How did it get onto my computer?

    2. In doing the scans, some programs on my computer were listed as dangerous & needing to be deleted. But they are programs that I want. Is it possible that some software might not really be dangerous but have characteristics that make it appear dangerous to the “doctor” softwares? If so, how can I tell when something really needs to be deleted and when it’s OK to keep?

    • Stelian Pilici

      Hello,
      1.There are several ways for this rogue to get on your computer..Some users have reported that they got infected after opening a malicious email attachment , while other say that they have downloaded a fake video codec….Anyway you can read this article: http://malwaretips.com/blogs/from-where-did-my-pc-got-infected/

      2.If you have on your PC some programs that you KNOW that they are good ,you should chose the “SKIP” action for HitmanPro……all products can have a false possitive detection so this is not a big thing.
      I would suggest that you upload the detected file to virustotal.com and make sure it’s really safe.

      Good luck!

  • V. Reinecker

    Helping out a friend with a Vista system and the S.M.A.R.T Repair issue. Followed your instructions through and seemed to get everything back in safe mode. Windows will now not start in normal mode. The automatic system repair did not resolve the issue and system restore doesn’t seem like a good option since it would probably restore what I just painstakingly removed. The user is not sure she received a Windows disk with this HP desktop. Suggestions? Thanks. BTW your instructions were excellent and really appreciated. This just seems to be a glitch in this system.

    • Stelian Pilici

      Hello,
      Please try this steps:

      1.    Boot from the Windows 7 installation DVD

      2.    Select Repair your computer option

      3.   Advanced options

      4.   Command prompt

      5.    On the command prompt enter diskpart.

      Disk 0 Online

      Type: DISKPART> SELECT DISK 0

      Type: DISKPART> LIST PARTITION

      (this is an example list)

      Partition 1 OEM 39 MB

      Partition 2 Primary 750 MB

      Partition 3 Primary 297 GB   < select the partition with Windows, which is probably the first one larger than 16 GB

      Type: DISKPART> SELECT PARTITION 3 < select the partition number that has Windows

      Partition 3 is now the selected partition

      Type: DISKPART> ACTIVE

      DiskPart marked the current partition as active

      Type: DISKPART> EXIT

      Leaving DiskPart…

      Type the following commands:
      bootrec.exe /fixmbr

      bootrec.exe /fixboot

      bootrec.exe /rebuildbcd

      Scanning

      Total identified Windows Installations:  1

      Add installation to boot list? Y

      Operation completed successfully

      6.Restart the computer.

       

      Now if the BOOTMGR is missing, we need to fix that too.

      1.    Again, insert the Windows 7 installation disc into the disc drive, and then start the computer.

      2.    Select Repair your computer option

      3.    In the System Recovery Options dialog box, choose the drive of your Windows installation and click Next.

      4.    At the System Recovery Options Dialog Box, click on Repair your computer.

      5.    Click the operating system that you want to repair, and then click Next

      6.    In the System Recovery Options dialog box, click Startup Repair

      7.    Restart

       

      Now the computer should work again. Be sure to run Windows Update and scan it again with HitmanPro to remove any residual infections (if there are any).

      Please let us know if you need any further assistance. We are happy to help.

      • VR

        I am assuming you mean from a Widows Vista disk on a Vista system or would a Windows 7 disk work too?

        • Stelian Pilici

          Yes,this will work also for Windows Vista!

          • VR

            Thanks much. Really appreciate your help.

  • Drasil

    Thanks, this was very helpful. I would start with disabling the process first. then unhiding the files. You can then restore most of the user functions after that manually. While your antivirus does the rest.

  • Andrew van Leewan

    Thank you so much Stelian for this helpful tutorial.

  • Mandy

    My computer popped up with the SMART file and I freaked out….all my pictures of my daughter were gone as were all my work files. I calmly searched on my phone for something to help, and found this. It took quite a while to fix, but I’m so glad I came across this. Thanks for saving my computer and my pocket book from techs that would have taken advantage of me.

  • Beth

    I was just infected with this today. Operating Windows 7. Finally got to the internet in Safe Mode and have run every link to RKill that you’ve posted and each log states that no processes were terminated. Is this a problem? I am now running ESET as you instructed someone earlier.

    • Stelian Pilici

      No,if rKill didn’t find any malicous process running than,that’s great!;D
      Let the ESET scan complete and get back to us!

  • michael g

    you guys are the greatest…clearly written…well supported…and most of all it works!
    thanks for taking the time to do this.
    m

  • Christine C

    So far so good – you are a genious. I can’t get roguekiller.exe to download, no matter what I try – any suggestions on that piece?

    • Stelian Pilici

      1.Download any re-named version of Rkill (direct download links bellow):
      http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
      http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
      http://download.bleepingcomputer.com/grinler/rkill.scr
      2.Next,please perform a scan with RogueKiller and ESET Online Scanner.
      Run a scan with ESET Online Scanner

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push List of found threats
      9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
      10. Push the back button.
      11. Push Finish
  • dfischbone

    I read the instruction and pre-downloaded all the recommended applications. Then with the applications on a flash drive I went through the process step by step. Once the procedure was complete I realized a complete restoration.

    Thanks so much and I recommend supporting all the developers who help facilitate this type of support against rogue marauders.

  • Jessica

    Worked great! Thank you so much:)

    • Chris N

      Agreed, talk about a pain in the a$$. I was trying to go to a website to look up a great quote on teamwork (for a meeting) and blamo I got nuked this morning at around 7AM. I’m just now back to productive thanks 100% to this article. +1 for the good guys. Thanks so much Stelian…

    • Carlo

      Just worked fine for me! Saved my day! Thanks for the useful tips!

  • Jake

    I can’t get any response when I reboot and press F8. My only options are F2 and F11 which have nothing to do with Safe Mode. Any ideas on how I can get around this? I’ve tried pressing F8, depressing F8, CTRL F8 but nothing happens.

    Thanks.

  • SuCa

    You advised backing up important files before attempting to get rid of the SMART malware. I tried accessing my photos in Safe Mode, but was not able to do so. I am also concerned about saving files that may be infected. How can I backup the files I need to?

    • Stelian Pilici

      Run Rkill,than try to run Unhide.exe.. This should make your files visible again…….Next you can save your personal files.Do not save .EXE files.
      For what is worth I think you can also perform the MBAM scan before saving any files as this program has a very low amount of false positive.

      • SuCa

        Rkill would not run; neither would MBAM. I get a messaage: Internal error: “failed to expand shell folder constant “userappdata.” I have no idea what that means. Has this menace filled my hard drive, and would it help to use a flash drive for extra capacity?

        • Stelian Pilici

          The only “solution” that has come anywhere near helping anyone is the following for the related Error 1606. Follow these steps to change your registry settings: (Of course, you should back up the registry before making any changes)

          Click on “Start-Run, type “regedit” (without the quotes)
          Navigate to this registry path:
          HKEY_CURRENT_USER –> Software –> Microsoft –> Windows –> Current Version –> Explorer –> User Shell Folders
          Clear the key: Recent (right mouse click on the key/folder, choose “Delete”)
          Close the Registry Editor and restart the computer.

          If this fails to correct your problem, the question is – how long has this been a problem?  If it has just recently surfaced, you might try a System Restore to a point in time before the problem started. Here are the steps:

           

          The System Restore tool

          If the issue that you are experiencing started occurring recently, you can use the System Restore tool. By using this tool, you can restore the computer to an earlier point in time. Using the System Restore tool may not necessarily help you determine the issue. When you use System Restore to restore the computer to a previous state, programs and updates that you installed are removed.

           

          To restore the operating system to an earlier point in time, follow these steps:

          1.     Click Start, type system restore in the Start Search box, and then click System Restore in thePrograms list. If you are prompted for an administrator password or confirmation, type your password or click Continue.

          2.     In the System Restore dialog box, click Choose a different restore point, and then click Next.

          3.     In the list of restore points, click a restore point that was created before you began to experience the issue, and then click Next.

          4.     Click Finish.

          The computer restarts, and the system files and settings are returned to the state that they were in at the time that the restore point was created.
          Next,try to run RKILL and then Malwarebytes!Let us know how is everything going!

          • SuCa

            I tried the shell thing – it did not work. I restored back to the week before the trouble started and tried following your instructions again. RKill cannot run. Mbam installation wizard not allowed to finish instillation, so cannot run. I tried Chameleon, but that did not work. I did run Hitman Pro three times – it did detect a Trojan virus and other issues the first time, now no threats detected. Unhide.exe will not run – message: “There was a problem retrieving a necessary environment variable. Unhide has terminated!” Trend Micro will not run, neither will McAfee. (I don’t think I’m supposed to have two security systems, but I have no idea where McAfee came from). I’m still operating in Safe Mode. Any further suggestions?

  • TomB

    Hi
    My desktop has been infected with the subject virus. I am trying to use the
    Malwarebytes (MWB) process to remove it and restore hidden files. I have a Dell XPS running W 7. I have followed the instructions to input the MWB
    provided bogus activation code, and then shut the computer down. Problem: When I restart and hold down the F8 key, I get a very quickly flashed screen with a couple of options in the lower left corner about modes (not there long enough to read) and then it goes to “resume windows”. If I go ahead and let windows open, the S.M.A.R.T. stuff is still there. At that point, I shut the system down again for fear of getting more damage/infection. I have tried it several times, with varying lengths of time holding down F8, etc., but keep getting the same results. Can you help me get to SAFE MODE?
    Thanks.
    TomB

    • TomB

      I just tried restart with FORCEBREACH and it worked. Hopefully I will not have to come back, again

      • Stelian Pilici

        If you remove all the infected files…it won’t!
        Additionally ,you can perform a scan with ESET Online Scanner

        Hold down Control and click on the following link to open ESET OnlineScan in a new window. > ESET OnlineScan Link

        1. Click the Eset online Scannerbutton.
        2. For alternate browsers only (Microsoft Internet Explorer users can skip these steps)
          • Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the Eset installer icon on your desktop.
        3. Check Yes, I accept the Terms of Use
        4. Click the Start button.
        5. Accept any security warnings from your browser.
        6. Check Scan archives
        7. Push the Start button.
        8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        9. When the scan completes, push List of found threats

        Also it would be a very good idea to register on our forums and start a thread in our Security Configuration Wizard forum to build up your PC protection.

    • Stelian Pilici

      Please follow the below instructions:
      STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
      1.Here are the direct download links for HitmanPro,
      http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
      http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
      2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
      Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
      3. Let HitmanPro scan and remove all the detected threats.

      STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.
      1.Download any re-named version of Rkill (direct download links bellow):
      http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
      http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
      http://download.bleepingcomputer.com/grinler/rkill.scr
      2.Next,please perform a scan with Malwarebytes as seen on the guide.

      STEP3 : Perform a system scan with Emsisoft Anti-Malware:

      1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
      2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        [Image: ekk1.png]
      3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        [Image: ekk2.png]
      4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        [Image: ekk3.png]

        [Image: ekk4.png]

      5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        [Image: ekk5.png]

      6. Select “Smart scan” and click-on the below “SCAN” button.

        [Image: ekk6.png]

      7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        [Image: ekk7.png]

      8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        [Image: ekk8.png]
      9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.
  • Jyates

    Most helpful guide, worked like a peach!
    Ran Malwarebtytes again, No Objects Detected! Thanks!

  • Ryan

    Can’t connect to internet in safe mode. When i hit F8, i choose safe mode with networking from there, I can’t connect to the internet at all. When I do try and follow the steps and go to internet options, LAN settings, the proxy server box is already unchecked.
    How can i get on internet in safe mode with networking? Pleaseeeeee help!!!!!!

    • Stelian Pilici

      Hello,
      Ok,try to do this…
      STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
      1.Here are the direct download links for HitmanPro,
      http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
      http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
      2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
      Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
      3. If it start ,let it scan and remove all the detected threats.

      STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.
      1.Download a different named Rkill (direct download links bellow):
      http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
      http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
      http://download.bleepingcomputer.com/grinler/rkill.scr
      2.And then follow the guide starting with the Malwarebytes scan.

      STEP3 : Perform a system scan with Emsisoft Anti-Malware:

      1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
      2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        [Image: ekk1.png]
      3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        [Image: ekk2.png]
      4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        [Image: ekk3.png]

        [Image: ekk4.png]

      5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        [Image: ekk5.png]

      6. Select “Smart scan” and click-on the below “SCAN” button.

        [Image: ekk6.png]

      7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        [Image: ekk7.png]

      8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        [Image: ekk8.png]
      9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

      If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

  • Hodgy

    My system configuration utility does not work now. When I type “msconfig” I get the following message “Windows cannot find ‘msconfig’. Make sure you typed the name correctly, and then try again. To search for a file….”

    • Stelian Pilici

      Did you remove all the detect threats?

  • Hodgy

    Your directions worked flawlessly. The rogue is removed and my computer is working as was, except that now everytime I boot up, the Windows Zero Configuration does not start automatically. I went into the settings from services.msc and set to automatic, but once I restart it the utility does not start. If I start it manually from the Properties it works fine. Any suggestions?

    • Stelian Pilici

      Have you looked for errors in your Event Logs? That might tell you why it’s not starting.
      Also, many manufacturers include their own utility software for managing connections. That will disable WZC. Do you have another program, somewhere on your start menu, that will let you manage your wireless?
      You can also run msconfig and look under services – is it enabled in there?

  • jon

    I got infected, and i can’t get the internet work. Any idea of getting around to the internet?

    • Stelian Pilici

      Did you check for a proxy server?
      This infection should not block your internet connection… did you check the cables/wifi?
      Do you have any previously created restore points?

  • Cathy

    Yes, I followed the instructions using Malwarebytes, Hitman, and Tweaking. But I reached a stumbling block with RogueKiller. And now it won’t download the Emisoft file. Is it safe at this point to restart my laptop, or will it re-initiated the S.M.A.R.T. infection? I’m running McAfee. Could that be blocking these downloads?

    • Stelian Pilici

      Yes, restart you computer…… :)
      Next , please try to Run a scan with ESET Online Scanner

      Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan

      1. Click the Eset online Scannerbutton.
      2. For alternate browsers only (Microsoft Internet Explorer users can skip these steps)
        • Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the Eset installer icon on your desktop.
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Accept any security warnings from your browser.
      6. Check Scan archives
      7. Push the Start button.
      8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      9. When the scan completes, push List of found threats
      10. Push Export to Text file  and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
      11. Push the back button.
      12. Push Finish

      If a log has been produced post it in your next reply.

  • Cathy

    The instructions to removed the S.M.A.R.T. virus have worked for me up until the downloading of RogueKiller. I cannot get it to download from your link. I have also tried downloading it from other sites, but Internet Explorer (9) keeps locking up. Any suggestions?

    • Stelian Pilici

      Here is the direct download link for RogueKiller: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
      Did you remove the detected infections by HitmanPro and Malwarebytes?

      Lets check with Emsisoft Emergency Kit to see if there are any active infection :

      1. Download the latest official version of Emsisoft Emergency Kit
      2. After the download process will has comleted, you’ll need to unpack EmsisoftEmergencyKit.zip
        [Image: ekk1.png]
      3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        [Image: ekk2.png]
      4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        [Image: ekk3.png]

        [Image: ekk4.png]

      5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        [Image: ekk5.png]

      6. Select “Smart scan” and click-on the below “SCAN” button.

        [Image: ekk6.png]

      7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        [Image: ekk7.png]

      8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        [Image: ekk8.png]
      9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.
  • Corey W. Winters

    Hi,
    Can you tell me why EVERYTIME I use this page to remove “SMART repairs”, I have to pay for HitmanPRO, why am I the only person in the world who has to pay for the software to clean the computer with a 12mth license.
    I have used your very helpful pages, this and the other page ‘Remove Data Recovery, S.M.A.R.T HDD,Repair and Check virus’ BUT this point: 7. Click Activate free license to start the free 30 days trial ….. there is NO Activate free license button available and I am forced to pay for HotmanPro to clean.
    Altho it is not expensive, your instructions need to make users aware of the possible payment.
    HitmanPro software sales tell me there was never an option to “Activate free license”, so where did this option come from.

    • Stelian Pilici

      Hello Corey,
      Did you install HitmanPro on your computer or you’ve just selected to perform a one time scan???

      Lets try to remove the infection with another software:

      Lets check with Emsisoft Emergency Kit to see if there are any active infection :

      1. Download the latest official version of Emsisoft Emergency Kit
      2. After the download process will has comleted, you’ll need to unpack EmsisoftEmergencyKit.zip
        [Image: ekk1.png]
      3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        [Image: ekk2.png]
      4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        [Image: ekk3.png]

        [Image: ekk4.png]

      5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        [Image: ekk5.png]

      6. Select “Smart scan” and click-on the below “SCAN” button.

        [Image: ekk6.png]

      7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        [Image: ekk7.png]

      8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        [Image: ekk8.png]
      9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

      NEXT,install again HitmanPro and perform another scan,this time however write down the path of the infection so that we may remove them manually!
      I’ll wait for your reply and help you remove them!:)

  • JLu

    THANKS for sharing your wise knowledge. This is a simple guide to use and easy to understand.

  • viti

    very helpful!!!! Thank u!!!!

  • itedvf

    this must be the best guide online!thanks!