Thanks to someone at http://siri-urz.blogspot.com who found the Smart Fortress registration code hard-coded in the .exe file we now know that the removal process can be made easier by entering it into this new Fake AntiVirus program (see http://siri-urz.blogspot.com/2012/02/smart-fortress-2012.html)
The code is (as of today's date) AA39754E-715219CE - it's hard-coded, but once the author knows it's been discovered he will probably change it. So this advice will - almost certainly - have to be updated from time to time.
The code is also to be found on the deletemalware site at http://deletemalware.blogspot.com/2012/02/how-to-remove-smart-fortress-2012.html;
here is an extract from the removal instructions showing the screen where you need to enter the code -
Quick Smart Fortress 2012 removal instructions:
1. Open Smart Fortress 2012 scanner. Click the "Registration" button (top right corner). Enter the following debugged registration key and click "Activate" to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.
Once this is done, you are free to install recommended anti-malware software and remove Smart Fortress 2012 virus from your computer properly.
Message was edited by: Hayton on 07/03/12 01:22:37 GMTMessage was edited by: Hayton on 07/03/12 22:36:43 GMT
Yesterday i found this on couple of systems , but i have manually removed by deleting folder & removed it from Add Remove Program.
So my question is does this Infection is detectable by McAfee DAT....?????
Thanks for the correction Paul. My information came from Microsoft, that two sites had the code, and siri-urz was the second one mentioned. I'll correct the information in the post.
No worries, just wish sites would give credit where credit is due. S!Ri website, plus a few others is one of the first places users should look for information regarding new rogues. Not only did S!Ri create SmitFruadfix tool, he is now a malware reseacher for Malwarebytes.
Thanks for the information here and the code. It worked for one of our infected machines today. Once entered, it was relatively easy to get rid of the application itself. Will McAfee be able to detect/repair this?
Will McAfee be able to detect/repair this?
I would have thought so. It's been out there long enough for McAfee to have included it in the Stinger utility, at least. I'll ask in the next conference call.