Lancafdo

Remove Lancafdo Automatically, with SmitFraud

Don’t have a lot of time? What with YouPorn.com reading The Guardian, my charity work, and more, neither do I. If you don’t know how to manually delete Lancafdo files, and don’t want to learn, here’s how you automatically remove Lancafdo.

Before you start, print out these instructions—you’re going to have to restart your computer in Safe Mode. Also, back up your PC in case you make a mistake.

1. Download SmitFraudFix for free, and save it to your desktop.
2. Reboot your PC in Safe Mode.
   • To reboot in Safe Mode using Windows XP, restart your PC, and when a progress bar appears at the bottom of the screen, hit F8 once every second. When you see the Windows Start-up menu, highlight Safe Mode and hit Enter. Your desktop will show up, and make whatever repairs necessary. Then reboot your system and allow it to start up as normal.
   • To reboot in Safe Mode using Windows Vista, go Start > Run. Type “MSCONFIG” into the Open field, and click OK. From the BOOT.INI tab, check /SAFEBOOT and click Restart).
3. Once your desktop loads, double-click SmitfraudFix.exe.
4. After the credits roll, you’ll see a menu. Click option number two, “Clean (safe mode recommended)“. Click Enter and delete your files infected with Lancafdo.
5. SmitFraudFix will clean your PC. When SmitFraudFix is finished, its Disk Cleanup automatically starts.
6. Once Disk Cleanup is done, it’ll ask you, “Registry cleaning – Do you want to clean the registry?” Type in “Y” (yes), and click “Enter“. When Disk Cleanup finishes, restart your PC.
7. If your system’s wininet.dll is infected, SmitFraudFix asks you if you want to replace the file. If SmitFraud asks, “Replace infected file?” Type “Y” (yes) to answer and click “Enter“.
8. Once that’s finished, restart your system.
9. After restarting, a Notepad file might popup with a log of the files SmitFraudFix deleted. If it doesn’t popup, you can find the log as a file rapport.txt in Local Disk C:, the root of your hard drive.
10. Restart your system again, in Safe Mode. Once it boots up, go to C:\Windows\Temp. Select “Edit“, select “Select All“, and click “DELETE“. Click “Yes” to confirm you want all these files to get trashed in the Recycle Bin.
11. Restart your system one more time, in normal mode. Go to Windows Update and download any critical updates for your computer. You’re done.

Remove Lancafdo with Your Bare Hands

You dig a work out. Manually removing Lancafdo can be hard and time consuming, but apparently you’re into that. Obviously, I can’t guarantee these instructions will completely remove Lancafdo from your system, but it’s worth a try. Just make sure you backup your system before you try to remove Lancafdo manually.

Before you start, print out these manual Lancafdo removal instructions and close all applications, including your web browser.

1. Uninstall Lancafdo: Select Start menu > Settings > Control Panel. Double-click “Add/Remove Programs“, and search for “Lancafdo”. If you find Lancafdo, uninstall Lancafdo.
2. Stop Lancafdo processes: Select Start menu > Run. Type taskmgr, then click on the Processes tab for a list of running processes. Search for Lancafdo processes, like “Lancafdo.exe“, or any Lancafdo processes I list below. Right-click “Lancafdo.exe“, and click “End task“.
   
   
   

   %System%\mssrv32.exe
   %System%\svchost.exe

3. Delete Lancafdo files in Windows Vista and XP: Select Start menu > Settings > Search. Click For Files and Folders…. You’ll see a speech bubble asking you, “What do you want to search for?” Select All files and folders. Type the names of Lancafdo files into the search box, including any Lancafdo file I’ve listed below. Now select Local Hard Drives, and click Search. As soon as you see a bastard Lancafdo file, just delete it.

   
   

4. Unregister Lancafdo DLL files: Select Start menu > Settings > Run. Type “cmd” in Run’s box, and click OK. To switch directories, type “cd” in the command box, hit the Space key, and type the directory where the Lancafdo DLL file is located. If you don’t know which directory the Lancafdo DLL file is located in, enter “dir” into the command box to see a directory’s contents. To go back one directory, enter “cd ..” in the command box and hit Enter. Once you find the Lancafdo DLL file you want to remove, including any of the DLLs I list below, type “regsvr32 /u MadeUpDLLName.dll” (e.g., “regsvr32 /u Lancafdo.dll”) and hit Enter. If you delete a DLL by mistake, type “regsvr32 MadeUpWhoopsName.dll” (e.g., “regsvr32 Lancafdo.dll”) into your command box, and hit Enter.
   
   
   
5. Unregister Lancafdo registry keys: Select Start menu > Run. Type regedit, and click OK. Search for any Lancafdo registry keys I list below. To delete these Lancafdo registry keys, right-click the Lancafdo registry key, select “Modify”, and click “Delete“.
   
   
   

   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”Type” = “00000010″
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”Start” = “00000002″
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”ObjectName” = “LocalSystem”
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”ImagePath” = “%System%\mssrv32.exe”
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”ErrorControl” = “00000000″
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”DisplayName” = “Microsoft security update service”
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate\”Description” = “This service downloading and installing Windows security updates”
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD\Parameters\”DisableRawSecurity” = “00000001″

6. Delete Lancafdo directories: Select Start menu > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder. Search for “C:\ProgramFiles\Lancafdo“, or any Lancafdo directories I list below. Right-click these Lancafdo directories. Click “Delete“, “Yes“, and “Yes” again to confirm you want to move the Lancafdo folder into the Recycle Bin.
7. Remove Lancafdo desktop icons: Drag and drop any Lancafdo icons into your Recycle Bin.
8. Change your home page: If Lancafdo hijacked your home page, select Start menu > Control Panel > Internet Options > General. Under “Home Page” select Use Default. Enter the URL you want as your home page (for example, “http://www.damntrojan.co.uk”), and select “Apply” and “OK“. Open a new browser window to make sure your home page has changed.

You’re done. Hopefully these Lancafdo removal instructions got rid of Lancafdo for you. Just so we’re clear on things, I can’t guarantee these instructions will completely remove Lancafdo from your computer.

If you tried these instructions to get rid of Lancafdo and they didn’t work, throw your computer out the window.

Or consult professionals.

Lancafdo Might Be Rogue Anti-Spyware

WTF is Rogue Anti-Spyware?

Rogue anti-spyware is a nice way of saying some anti-spyware software may be a fake. Rogue anti-spyware, at best, is anti-spyware software not proven to protect your PC. Rogue anti-spyware, at worst, is installed by a Trojan or browser security holes, gives you false positives in scans, and pops up fake security alerts to scare you into buying it.

Some rogue anti-spyware even is created by spyware and adware folk, or installs spyware onto your PC.

Sound like a scam?

It is.

If you’re infected with fake anti-spyware like Lancafdo, you could see a Lancafdo popup posing as a security alert. Maybe it looks like this:

Why Rogue Anti-Spyware Sucks

Rogue anti-spyware, like Lancafdo, has a few qualities that make it faker than a chest on a Trump chick.

• Fake alerts and false positives: Rogue anti-spyware can drive you crazy with fake security alerts popping up, telling you you’re infected with spyware threats that don’t even exist.
• Copycat images: Rogue anti-spyware sometimes copies the look of real anti-spyware (think of that knock-off Fucci bag you bought your girl friend). More often though, rogue anti-spyware just looks like other fakes.
• High-pressure sales: Rogue anti-spyware will sell you harder than Crazy Gideon pimps an old tape cassette player. Think scare tactics, like fake alerts, and exaggerated “security” scans of your system.
• Poor detection: Besides rogue anti-spyware often plugging in fake threats in security scans, rogue anti-spyware can be sloppy about telling you what you’re really infected with. For instance, rogue anti-spyware might say you’ve got 13 threats, but not what kind of “threats.” Or maybe the rogue says you’re infected with MadeUpParasite, but it doesn’t tell you which files are actually on your computer.
• Weak scans: Rogue anti-spyware might scan your system, but skim over important folders. Though, really, I’d be surprised if it did any scanning at all.

Did Lancafdo use these moves to try to get you to buy Lancafdo?

WTF? Lancafdo?

Yep. Read more:

More in Trojans »