Trojan-Spy.Win32@mx
Trojan-Spy.Win32@mx is a “trojan” that appears in fake security alerts. These Trojan-Spy.Win32@mx popups are supposed to scare you into buying fake anti-spyware software. This Trojan-Spy.Win32@mx popup reads:
“System Alert: Trojan-Spy.Win32@mx
Type: Spyware/Trojan
Vulnerable: Windows 95/98/ME/NT/2003/Windows XP
Description: Spyware program that sends confidential information to a remote attacker
Protection: Click this baloon to download official security software.”
Damn Trojan .co.uk Alert: Trojan-Spy.Win32@mx is a damn scam.
You’re not infected with Trojan-Spy.Win32@mx. You’re infected with fake security popups by Zlob Trojan. So just remove Zlob Trojan.
Trojan-Spy.Win32@mx Is Ugly
Remove Trojan-Spy.Win32@mx Automatically, with SmitFraud
Don’t have a lot of time? What with YouPorn.com reading The Guardian, my charity work, and more, neither do I. If you don’t know how to manually delete Trojan-Spy.Win32@mx files, and don’t want to learn, here’s how you automatically remove Trojan-Spy.Win32@mx.
Before you start, print out these instructions—you’re going to have to restart your computer in Safe Mode. Also, back up your PC in case you make a mistake.
- Download SmitFraudFix for free, and save it to your desktop.
- Reboot your PC in Safe Mode.
- To reboot in Safe Mode using Windows XP, restart your PC, and when a progress bar appears at the bottom of the screen, hit F8 once every second. When you see the Windows Start-up menu, highlight Safe Mode and hit Enter. Your desktop will show up, and make whatever repairs necessary. Then reboot your system and allow it to start up as normal.
- To reboot in Safe Mode using Windows Vista, go Start > Run. Type “MSCONFIG” into the Open field, and click OK. From the BOOT.INI tab, check /SAFEBOOT and click Restart).
- Once your desktop loads, double-click SmitfraudFix.exe.
- After the credits roll, you’ll see a menu. Click option number two, “Clean (safe mode recommended)“. Click Enter and delete your files infected with Trojan-Spy.Win32@mx.
- SmitFraudFix will clean your PC. When SmitFraudFix is finished, its Disk Cleanup automatically starts.
- Once Disk Cleanup is done, it’ll ask you, “Registry cleaning – Do you want to clean the registry?” Type in “Y” (yes), and click “Enter“. When Disk Cleanup finishes, restart your PC.
- If your system’s wininet.dll is infected, SmitFraudFix asks you if you want to replace the file. If SmitFraud asks, “Replace infected file?” Type “Y” (yes) to answer and click “Enter“.
- Once that’s finished, restart your system.
- After restarting, a Notepad file might popup with a log of the files SmitFraudFix deleted. If it doesn’t popup, you can find the log as a file rapport.txt in Local Disk C:, the root of your hard drive.
- Restart your system again, in Safe Mode. Once it boots up, go to C:\Windows\Temp. Select “Edit“, select “Select All“, and click “DELETE“. Click “Yes” to confirm you want all these files to get trashed in the Recycle Bin.
- Restart your system one more time, in normal mode. Go to Windows Update and download any critical updates for your computer. You’re done.
Remove Trojan-Spy.Win32@mx with Your Bare Hands
You dig a work out. Manually removing Trojan-Spy.Win32@mx can be hard and time consuming, but apparently you’re into that. Obviously, I can’t guarantee these instructions will completely remove Trojan-Spy.Win32@mx from your system, but it’s worth a try. Just make sure you backup your system before you try to remove Trojan-Spy.Win32@mx manually.
Before you start, print out these manual Trojan-Spy.Win32@mx removal instructions and close all applications, including your web browser.
- Uninstall Trojan-Spy.Win32@mx: Select Start menu > Settings > Control Panel. Double-click “Add/Remove Programs“, and search for “Trojan-Spy.Win32@mx”. If you find Trojan-Spy.Win32@mx, uninstall Trojan-Spy.Win32@mx.
- Stop Trojan-Spy.Win32@mx processes: Select Start menu > Run. Type taskmgr, then click on the Processes tab for a list of running processes. Search for Trojan-Spy.Win32@mx processes, like “Trojan-Spy.Win32@mx.exe“, or any Trojan-Spy.Win32@mx processes I list below. Right-click “Trojan-Spy.Win32@mx.exe“, and click “End task“.
%CurrentFolder%\smmain.exe
%CurrentFolder%\spunst.exe
%ProgramFiles%\Video ActiveX Access\iesmin.exe
%CurrentFolder%\smunst.exe
%CurrentFolder%\smmon.exe
- Delete Trojan-Spy.Win32@mx files in Windows Vista and XP: Select Start menu > Settings > Search. Click For Files and Folders…. You’ll see a speech bubble asking you, “What do you want to search for?” Select All files and folders. Type the names of Trojan-Spy.Win32@mx files into the search box, including any Trojan-Spy.Win32@mx file I’ve listed below. Now select Local Hard Drives, and click Search. As soon as you see a bastard Trojan-Spy.Win32@mx file, just delete it.
- Unregister Trojan-Spy.Win32@mx DLL files: Select Start menu > Settings > Run. Type “cmd” in Run’s box, and click OK. To switch directories, type “cd” in the command box, hit the Space key, and type the directory where the Trojan-Spy.Win32@mx DLL file is located. If you don’t know which directory the Trojan-Spy.Win32@mx DLL file is located in, enter “dir” into the command box to see a directory’s contents. To go back one directory, enter “cd ..” in the command box and hit Enter. Once you find the Trojan-Spy.Win32@mx DLL file you want to remove, including any of the DLLs I list below, type “regsvr32 /u MadeUpDLLName.dll” (e.g., “regsvr32 /u Trojan-Spy.Win32@mx.dll”) and hit Enter. If you delete a DLL by mistake, type “regsvr32 MadeUpWhoopsName.dll” (e.g., “regsvr32 Trojan-Spy.Win32@mx.dll”) into your command box, and hit Enter.
%CurrentFolder%\splug.dll
- Unregister Trojan-Spy.Win32@mx registry keys: Select Start menu > Run. Type regedit, and click OK. Search for any Trojan-Spy.Win32@mx registry keys I list below. To delete these Trojan-Spy.Win32@mx registry keys, right-click the Trojan-Spy.Win32@mx registry key, select “Modify”, and click “Delete“.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\”rare” = “%CurrentFolder%\smmain.exe”
HKEY_CURRENT_USER\Software\Protection Tools\”65005″ = “1″
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
- Delete Trojan-Spy.Win32@mx directories: Select Start menu > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder. Search for “C:\ProgramFiles\Trojan-Spy.Win32@mx“, or any Trojan-Spy.Win32@mx directories I list below. Right-click these Trojan-Spy.Win32@mx directories. Click “Delete“, “Yes“, and “Yes” again to confirm you want to move the Trojan-Spy.Win32@mx folder into the Recycle Bin.
- Remove Trojan-Spy.Win32@mx desktop icons: Drag and drop any Trojan-Spy.Win32@mx icons into your Recycle Bin.
- Change your home page: If Trojan-Spy.Win32@mx hijacked your home page, select Start menu > Control Panel > Internet Options > General. Under “Home Page” select Use Default. Enter the URL you want as your home page (for example, “http://www.damntrojan.co.uk”), and select “Apply” and “OK“. Open a new browser window to make sure your home page has changed.
You’re done. Hopefully these Trojan-Spy.Win32@mx removal instructions got rid of Trojan-Spy.Win32@mx for you. Just so we’re clear on things, I can’t guarantee these instructions will completely remove Trojan-Spy.Win32@mx from your computer.
If you tried these instructions to get rid of Trojan-Spy.Win32@mx and they didn’t work, throw your computer out the window.
Or consult professionals.
Trojan-Spy.Win32@mx Might Be Rogue Anti-Spyware
WTF is Rogue Anti-Spyware?
Rogue anti-spyware is a nice way of saying some anti-spyware software may be a fake. Rogue anti-spyware, at best, is anti-spyware software not proven to protect your PC. Rogue anti-spyware, at worst, is installed by a Trojan or browser security holes, gives you false positives in scans, and pops up fake security alerts to scare you into buying it.
Some rogue anti-spyware even is created by spyware and adware folk, or installs spyware onto your PC.
Sound like a scam?
It is.
If you’re infected with fake anti-spyware like Trojan-Spy.Win32@mx, you could see a Trojan-Spy.Win32@mx popup posing as a security alert. Maybe it looks like this:
Why Rogue Anti-Spyware Sucks
Rogue anti-spyware, like Trojan-Spy.Win32@mx, has a few qualities that make it faker than a chest on a Trump chick.
- Fake alerts and false positives: Rogue anti-spyware can drive you crazy with fake security alerts popping up, telling you you’re infected with spyware threats that don’t even exist.
- Copycat images: Rogue anti-spyware sometimes copies the look of real anti-spyware (think of that knock-off Fucci bag you bought your girl friend). More often though, rogue anti-spyware just looks like other fakes.
- High-pressure sales: Rogue anti-spyware will sell you harder than Crazy Gideon pimps an old tape cassette player. Think scare tactics, like fake alerts, and exaggerated “security” scans of your system.
- Poor detection: Besides rogue anti-spyware often plugging in fake threats in security scans, rogue anti-spyware can be sloppy about telling you what you’re really infected with. For instance, rogue anti-spyware might say you’ve got 13 threats, but not what kind of “threats.” Or maybe the rogue says you’re infected with MadeUpParasite, but it doesn’t tell you which files are actually on your computer.
- Weak scans: Rogue anti-spyware might scan your system, but skim over important folders. Though, really, I’d be surprised if it did any scanning at all.
Did Trojan-Spy.Win32@mx use these moves to try to get you to buy Trojan-Spy.Win32@mx?
Trojan-Spy.Win32@mx Could Be a Trojan
WTF Are Trojans?
Remember that college class you took on Greek mythology?
Neither do I.
Trojans get their name from Greek mythology, though — a Trojan is software that acts like a Trojan horse. The same way that Trojan horse looked like a great gift to the Spartans — only it was stuffed full of soldiers — Trojans are software that appear harmless but are really designed to kill your computer.
Trojans often pretend to be a video codec you need to watch porn — really — , maybe a photo attached to email, or some sort of other harmless software. Once you open your gates to a Trojan though, it can spy on you, download more malware, or allow a hacker to do whatever he wants on your machine.
How Trojan-Spy.Win32@mx and Trojans Might Infect You
- Websites: When you’re surfing the web, you won’t only get infected when you download some codecs or plugins. Sometimes all you have to do is visit a site and a Trojan secretly downloads itself onto your computer. Scary. Use a browser like Firefox to prevent this — it’s much more secure than Internet Explorer.
- Open ports: If you run any file-sharing applications — and I’m not just talking peer-to-peer music software — you risk opening up your system to infection. It can be as simple as leaving file sharing open on your instant message client. My rule of thumb is to close off every port. Set up a firewall, too, if you don’t already have one.
- Email: Some random person you don’t really remember just forwarded you some hot pictures? Don’t open them. Lots of Trojans are dolled up as harmless looking email attachments that take advantage of security holes in your mail client. Spam blocker software can help, but it’s better just not to open any attachments from people you don’t know.
Popularity: 3% [?]
