Welcome to the Virus Encyclopedia of Panda Security.
It infects a DLL with the virus W32/Smitfraud.A and hooks a function in order to log web pages accessed and install a program without user consent. It is installed in the affected computer by an adware program.
|First detected on:||June 8, 2005|
|Detection updated on:||July 3, 2008|
|Yes, using TruPrevent Technologies
Smitfraud is a spyware program that infects the Windows file WININET.DLL with the virus detected as W32/Smitfraud.A.
The infected DLL (Dynamic Link Library) hooks all the calls to the function HttpSendRequest, and as a result the spyware is able to log the web pages accessed by the user and send this information to a server, or download and run a file that installs a so-called antispyware program on the computer, stealthily and without user consent.
This program changes the Windows Desktop to a picture that simulates a Windows fatal error, warning users that they have been affected by Trojan-Spy.HTML.Smitfraud.c. These kind of messages attempt to trick users into purchasing the fake antispyware program.
Smitfraud is installed in the affected computer by an adware program, detected as CWS.YEXE, which is downloaded while accessing several adult sites or pirated software sites.
Click on the picture below to see a full-size diagram of the characteristics of Smitfraud and W32/Smitfraud.A, and how to protect your computer against them.
Smitfraud is easy to recognize once it has affected the computer, as it installs a so-called antispyware program that changes the Windows Desktop to the following, in an attempt to pass itself off as a Windows fatal error (also known as blue screen of death):