Spyware, Viruses, & Security forum

General discussion

Spyware found BBSee Smitfraud

by kingkailash / May 10, 2011 9:46 PM PDT

I posted this also in the computer help forum accidentally, so apologies first.
PCSafe scan found BBSee Smitfraud. I only use PCSafe for scanning so it won't get rid of it. I ran a Malwarebytes and SuperAnti-Spyware scan and they didn't find it. So my question is whether or not it is a worry or not and if it is how do I get rid of it. I haven't noticed any untoward activity that I think is supposed to be associated with this malware or spyware or whatever it is, like false pop ups, so...what to do.
Any help please.

Discussion is locked
You are posting a reply to: Spyware found BBSee Smitfraud
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Spyware found BBSee Smitfraud
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I wounld not trust any findings
by roddy32 / May 10, 2011 10:06 PM PDT
Collapse -
How To Remove PCSafe Adware Filter
by Carol~ Moderator / May 10, 2011 11:51 PM PDT


I removed your post at Computer Help. No need to worry about it. Thanks for letting us know!

As Roddy already mentioned, PCSafe Adware Filter is "untrustworthy". It's been on (and off) lists of "rogue/suspect" anti-spyware programs over the years. It has been so, due the amount of misleading results (false positives) reported. Along with the company's exploitation of names (and words) associated with software which are known to be "tried and true".

In addition to removing it through Add/Remove, I would also suggest performing an online scan with Emsisoft's Web Malware Scan. Read what they have to say about PCSafe here. <<== Of their free and paid versions, the link references the paid. Despite their excellent reputation, there is no need to install it. Their online scan should remove any leftover files, IF there are any to be had.

An added note. If BBSee were on your system, Malawrebytes' Anti-Malware and SUPERAntiSpyware would have detected it and removed it.

Best of luck..

Collapse -
cannot remove file still
by kingkailash / May 11, 2011 5:38 AM PDT

I tried downloading emisoft but the file is corrupted.
What I cannot understand is why I cannot delete this file:HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000\Control
[ActiveService] npf
This is the one of two files that PCSafe found(which by the way I have now uninstalled).
I have deleted the file from the registry half a dozen times and it always comes back after restart.
If it is there should I not get rid of it?

Collapse -
Which program detected it?
by Carol~ Moderator / May 11, 2011 6:30 AM PDT

If you were unable to run the Web Malware Scan due a corrupt file, which program (besides PCSafe) detected the registry key and found it to be "malicious"?

According to what I've read, the file by itself is considered "innocent". If you're otherwise "clean", I would let it be.

If you wish to try one more scan, I would suggest:

ESET's Online Scanner. Their FAQ and Help sections should answer any questions you might have. (Temporarily disable your Anti-virus prior to running the scan)

Let us know how you make out..

Collapse -
If you're sure I'm fine
by kingkailash / May 11, 2011 6:59 AM PDT

If what you've read says this files is okay then I shall leave it alone.I am only new to al this spyware stuff. They seem more annoying than viruses.
I suppose I have been panicking. I have pulled an allnighter(6.15 am now) because I googled the file and came up with it being mentioned in all sorts of trojans etc as managing to reinstall itself on restart after deleting. See some of these:
and here: http://www.threatexpert.com/report.aspx?md5=aff81d2aa66fc69152c48d4f39544ec4
I kept finding the file amongst these reports and others and panicked. From what I read of it being a backdoor worm or something re booting itself and doing its business in secret without me knowing made it all the more suspicious.
So if all the above checks out then, are you sure I'm okay. I'm really bushed.

Collapse -
I read the same things...
by Carol~ Moderator / May 11, 2011 8:28 AM PDT

You never answered, which software detected the registry key. If it was a legitimate software (and NOT PCSafe), I would first suggest trying to remove it in safe mode.

It's important to note, I wrote "if you're otherwise clean". The one registry key (by itself) isn't going to pose a problem. I read the same things you did. I also found that despite the fact the key can be created by malware, by itself it's innocent.

I can't tell you with 110% certainty, it's okay to leave it. I don't know the "state" of your system. Or how safe your computing habits are. Or if you ARE "otherwise clean". I also don't know what the problem was to begin with. Unless you were basing the problem on what PCSafe reported.

Considering the lack of information, I can only further suggest to scan with ESET's Online Scanner. If you want to try additional scanners, I will gladly give you names. If you're experiencing ANY other problems with your system, please let us know.

Get some sleep. We'll be here, if you need us.

Collapse -
It was only pcsafe adware filter.
by kingkailash / May 11, 2011 8:53 AM PDT

Only pc safe adware filter found the spyware/malware. Malwarebyes or SuperAntispyware. I went to an online site called PCHell and in safe mode used SmitRem and SmitFraudFix with Malawarebytes again and CC cleaner and Hijack This. Nothing untoward was found.
I couldn't find the run...to get to regedit in safe mode when I did try.
Just wish I could get some of my original settings back to do with general colour appearance on the computer...will figure that out at some stage.
Anyhow I think I'm satifsfied, I've had some brekky and feel more reassured now after your assessment. I don't think I'll bother with any other scans.
Thanks for you help. It has been much appreciated.

Collapse -
With the amount of scans you've done..
by Carol~ Moderator / May 11, 2011 8:58 AM PDT

I'm convinced!

You're welcome. Glad we were able to be of help.


Collapse -
Confrimation from PCSafe Adware
by kingkailash / May 11, 2011 12:57 PM PDT

Just received this in email. Thought I'd post it just in case it helps someone else.
And thanks again to Carol for you invaluable input.

"I believe the LEGACY_NPF 'problem' is actually a legit use of that filter
driver for tuneconvertaudio, which you installed on the 7th, along with a
lot of other audio converter software with "4free video converter".

That registry key that you deleted is associated with a network packet
filter (npf.sys) which has been frequently associated with spyware and other
malware in the past. In this case it is likely a legit use of old
technology. I assume that the BBSee adware came in the same package..

Since the npf reg entry is the only match, if you are not experiencing any
outward manifestations such as pop-ups telling you that your computer is
infected (which normally associate with 'smitfraud') I suggest that you
inactivate that particular test in AdwareFilter to simply avoid the match --
as follows.

After the next detection in AdwareFilter on the window that lists the
detected malware, click on the smitfraud line and then click the button to
see the detailed information (lower left on that window). On the detail view
put check marks in the boxes next to the LEGACY_NPF registry matches and
click the button to ignore those matches in the future."

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?