smc.exe removal

Symantec: Infostealer.Ebod:

Seen very recently in September 2009, this Trojan proved that it could affect almost any Windows platform and can be run in every environment. However, it doesn't damage the target's system much. It opens a backdoor in the computer from where all the information is sent to a http. The Trojan enters the computer when the User downloads applications from unknown websites. Once executed, the Trojan creates a copy of itself in the "C:\WINDOWS\System" folder and a registry entry is also created in order to execute this copy at every system startup. The Trojan also creates a copy of itself in the %temp% folder. Here, the name of the Trojan can possibly be anything. When connected to the Internet, the Trojan sends the saved log file consisting of the Administrator information and passwords to the http. A heavy network activity can be detected during this part of execution of the virus. When the attacker has the Administrator information, he can operate any directory in the computer. The Trojan is also capable of stealing the cookies of the Internet Explorer and Mozilla Firefox. An update of this Trojan can be expected very shortly and thus it should be removed as soon as possible. Here are the removal instructions of the Backdoor.

Manual instructions to remove smc.exe:

  1. Lets begin with the Registry modification. To do this, the computer should be restarted in the Safe Mode first. When you're running in the Safe Mode, go to Start --> Run and type "regedit" to enter the Windows Registry Tools.
  2. In the Registry, navigate to the following key

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

    On your right-hand side, search for the following item and delete it
    "smc = %System%\smc.exe"
  3. Once it is removed, you're almost done. Reboot your system again in the Safe Mode and delete the file "C:\WINDOWS\System\smc.exe". The file can also be present in your "C:\WINDOWS\System32" folder depending on the Operating System that you are running. It could also be hidden. So open the Command Prompt, type "attrib -r -a -s -h C:\WINDOWS\System\smc.exe" in it and press Enter. You'll unlock the file. This way you can delete the Trojan directly.
  4. The Trojan will never run on your computer unless you download it once again and execute it or if you'll run any suspicious application from your %temp% folder. Go to Start --> Run and type "%temp%" in the box. Delete all the files and folders in that directory.
  5. You're now completely free from the Trojan. Just remember not to download any suspicious files from unknown https again.
Posts that might help you here:

Enabling Safe Mode booting, enabling the Registry, enable hidden files and folders option and enabling the Command Prompt.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme