Smart Engine

By | October 10, 2010 | 1 Comment

Smart Engine is a notorious type of security program found to be coming from the same group who created My Security Shield. The malware will attempt to play tricks on computer’s real-time protection by acting the same as other antivirus product. It will detect threats that are not present on the computer only to prove its worth. In short, Smart Engine will employ deceptive tactics to persuade users. Among the things it will produce are fake scan results and bogus security alerts.

Trojan Downloader is the primary way to deploy Smart Engine. Additionally, malware authors are using tactics such as spam emails and malicious links forwarded on social networking sites. You should also be cautious when clicking on links from instant messaging software even though it came from a trusted person. Attackers know how to use instant messaging accounts and sends malicious links unknown to the owner.

This potentially unwanted software also infects a computer who visits unknown websites and fake anti-virus web pages. Some malicious web sites will pose as a multimedia hosts that allows visitors to view free video. It will prompt visitors to download a player required to watch the movie. Thus, the malware will get inside once users execute the advice.

No matter how Smart Engine got into the system, its payload is constant and damaging. You must remove this malware instantly using effective tools such as the one given below. Execute the step-by-step guide on this page to remove Smart Engine from the infected computer.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista

What are the Symptoms of Smart Engine Infection?

Screen Shot of Smart Engine

It will modify Windows Registry and add the following entry/entries:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “control/7.02129”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Smart Engine”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

The threat will drop the following malicious files:
%UserProfile%\AppData\Smart Engine\cookies.sqlite
%UserProfile%\AppData\Smart Engine\Instructions.ini
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tjd.sys

One thought on “Smart Engine

  1. remove smart-engine

    Smart engine is a notorious program got infected to my PC. I got it cleared by your removal steps thank for help…

Leave a Reply

Your email address will not be published. Required fields are marked *