Jahewi's Anti-Malware Information
Smitfraud-variants
Preface
From it's first launch, around spring 2005, the SmitFraud group of rogue spyware-scanners has graduately become quit a problem in this virtual world.
Using trojans of all kind, these 'scanners' try to install themselves on Windows-computers with the just one reason ...
Trying to trick internet-users into buying these fake spyware-scanners.

What is Smitfraud
SmitFraud is a group of fake spyware-scanners wich has become a big problem on the internet.
These bogus scanners and their installer-trojans are constantly updated with different names and different fake malware-warnings, to trap  internet-users into downloading/installing this fake software (and, ofcourse buying it!).
To accomplice this goal, several trojans are installed automaticly thru 'flyby'-installations (on websites) or fake, free downloadable software. After the installation of the hijacking trojans, the desktop will be Hijacked to show a fake spyware-warning. Other possible noticable symptoms are a hijacked browser and popups (warning you, again, for dangerous spyware on your computer).
The actual fake scanner can be easily removed, by deinstalling it from the Software-list in the control panel.
The remaining trojans, however, will remain and are not so easily removed!

How SmitFraud works
Usually a installer-trojan installs itself on the victim's computer. It then downloads and installs several trojans.
Among them is the trojan wich hijacks the desktop, wich displays a fake spyware-warning, as shown below:
Other spices of trojans, wich are installed, are Spyware, AdWare and Browser-hijackers.
All this is done to persuate the user of the infected computer to install a trail-version the bogus scanner.
Usually the desktop-hijack and popups disappear as soon as the user has installed the fake spyware-scanner.
Browser-hijackers and certainly spyware/keyloggers remain on the infected computer.

BE AWARE: The desktop-hijacker of the latest members of Smitfraud, SpyAxe and and it's successor, SpyFalcon (and also the newest member, SpywareQuake), are also installed by a fake MultiMedia Compressor/Decompressor, called VCodec v3.05b
This fake program is offered for free on the site of VCodec (vcodec.com) and can be downloaded when the internet-surfer thinks he clicked a link to view a movie-clip on certain websites. 
Source: a.o. Sunbelt BLOG
article:  Beware Vcodec (14 dec 2005)


SmitFraud-members and their installing Adware/Hijackers (in no particular order)