You know this hazard is resident on a computer if it periodically displays a pop-up dialog asking the user to download software that will "pervent [sic] unauthorised [sic]" access.
Please note Norton 2007 does not detect, much less remove or eliminate vulnerability to, this hazard. The hazard is known by Trojan.net -AVP/AVT to Super AntiSpyware, fakeavalert to Symantec, and Fake Alert -D to McAfee.
1 Acquire Super AntiSpyware at http://www.superantispyware.com/.
2 Acquire http://siri.geekstogo.com/SmitfraudFix.php and unzip.
3 Acquire http://download.bleepingcomputer.com/subs/beta//ComboFix.exe.
4 Determine how to move both to the desktop of the workstation under attack - if you did not use the victim workstation for downloading (LAN, optical media, pcAnywhere, etc. Used PCAW in this situation).
5 Install Super AntiSpyware, and check for updates. Use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program.
6 Under "Configuration and Preferences", click the Preferences button.
7 Click the Scanning Control tab and clear all Scanner Options.
8 Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
9 Click the "Close" button to leave the control center screen.
10 Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
11 On the left, make sure you check C:\Fixed Drive.
12 On the right, under "Complete Scan", choose Perform Complete Scan.
13 Click "Next" to start the scan. Please be patient while it scans your computer.
14 After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". In this case, Super AntiSpyware did not detect any harmful items.
15 Make sure everything has a checkmark next to it and click "Next".
16 A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
17 If asked if you want to reboot, click "Yes".
18 Restart the computer in safe mode.
19 Run SmitFraudFix by double-clicking smitfraudfix.cmd.
20 Select 1 and hit Enter to create a report of the infected files, which the program writes to C:\rapport.txt.
21 Restart the computer in normal mode.
22 Restart the computer in safe mode.
23 Run a full system scan with Super AntiSpyware and allow it to remove all suspicious items by pressing Next. The duration of this scan was 1:52:47 and 52,873 items were scanned.
24 Close Super AntiSpyware and do not allow it to restart the computer.
24 Double click on combo.exe. Press 1 to initiate program operation. The program will restart the computer.
25 Upon restart into normal mode, ComboFix resumes operation.
26 Process is complete when ComboFix completes.