Removing the diabolical Smitfraud Trojan (Smitfraud-c)

I used a combination of a few things to remove the Smitfraud Trojan. (This is for Windows XP & 2000.) Here's what tools you will need: 1- smitfraud removal tool. I found it on the net at http://siri.urz.free.fr/Fix/SmitfraudFix.zip. 2- Boot disk called BartPE (you have to make this), or any type of alternate boot disk that lets you have access to your files. 3- Spybot Search and Destroy. Now, here is what you need to do: 1- Turn off the system restore in Windows XP. 2- Boot in safe mode (keep pressing F8 on bootup). 3- Run the tool from http://siri.urz.free.fr/Fix/SmitfraudFix.zip. 4- Reboot when it tells you, but use an alternate boot source like BartPE. Do not use your hard disk to boot, although you will need to get to the hard disk files in the next step. 5- Once you reboot using your alternate boot source, navigate your way to your system hard drive under windows\system32. Look for and delete the following files: fccayyw.dll and tuvwv.dll 6- Now reboot your machine normally, log into Windows and run Spybot Search and Destroy. Run it a couple times till all traces are gone. 7- Reboot and turn the system restore back on if you want. Basically, it's those 2 files from step 5 that lock themselves into your system and make it impossible to remove the trojan. They create several threads in the explorer.exe service and the winlogon.exe service, and you can't unregister those DLLs no matter what you do... unless you use an alternative boot method. Jeff Gross