Starting Information
I was recently hired to remove a virus from a computer. The client stated that he clicked on a video link on Myspace that required special software to view. Afther this, the browser had excessive popups and would redirect to one of multiple spyware/virus removal sites when visiting Yahoo claiming that the laptop was infected with the w32.myzor.FK@yf virus. Upon inspecting the laptop, I verified the symptoms and also found LimeWire installed. Customer had been told by another tech that he would have to use the recovery CD and should back up any important files prior.
Procedure
Knowing that LimeWire is the devil, I uninstalled it before proceeding. Then, I gathered as much information about the infection as possible. Most viruses and malware have some form of identification. A taskbar popup would identify virus w32.myzor.FK@yf as the cause of the problem. A google search on that particular string revealed that it is a fake virus from a fake anti-virus program. The “virus scanner” pesters users into thinking that their computer is loaded with viruses and then redirects the browser or opens popups to anti-virus websites where the user can purchase the remedy. A Google search on removing this faux virus resulted in Symantec instructions on manual removal of the malware. These instructions were outdated as the registry keys cited were not present. Other sites had similar results for manual removal. One removal tool cited in several reputable tech forums is smitfraudfix.exe. I downloaded the tool onto a thumb drive and scanned it for viruses before using it on the afflicted laptop. The tool effectively removed the malware and deleted the Video ActiveX Access Program folder.
End Result
The problem was completely resolved without any loss of information or the need to run the recovery CD as the owner had been told. Instructed user to avoid installing software to view video and to purchase an anti-virus.
