Search This Blog

Thursday, March 13, 2014

Smart File Advisor Crapware Removal


If you had come to this page, you are more likely than not to have installed a perfectly legit software which had bundled with this software known as "Smart File Advisor" also known as SFA. One known one is Alcohol 52% FE.

While what SFA tries to do is to keep track of your file associations, but in a very dangerous way. Instead of letting Windows manage it, it checks for a php online everytime a new file type is used. In addition, it messes around with your registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations
And this is where the real danger lies in. In theory (if it had not already been taking places) is that whenever you try to download a file, it would poll that php scripts and it CAN do really bad things like redirecting you to another file instead (and renaming it to be your original - Its not even hard), make you run some scripts which captures information form your PC, insert codes into your return pages which can do almost anything a page can do and more.

In short. SPYWARE. And its not just me doing all the bullshiting here! Even AVG backs me by flagging SFA as a virus!

So, if I have convince you to uninstall SFA. Good. But this is just the point where you find that if you try to uninstall it from the Add/Remove or "Programs and Features" (in Windows 8), you will either find that SFA will threaten to remove your other software as well and most likely it will fail to uninstall anyway.

So, is there a uninstaller? Yes, but after looking through the page I found, I find the "uninstaller" rather fishy by itself too, so I really won't recommend it. So, let's do it manually. You will need to make sure you close the stupid SFA program from the tray and in memory (Task Manager). Then you will need to perform the following which involve deleting of a folder (usually just 1, 32 or 64 bits). And then you will need to remove some registry entries away. I had it packed into a reg file for you to cut and paste into your editor and save it.

1. Delete away these directories if you have any of them:
C:\Program Files\Smart File Advisor
C:\Program Files (x86)\Smart File Advisor

2. Here is the "Remove SFA.reg":
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\*\shell\sfa_checksum]

[-HKEY_CLASSES_ROOT\*\shell\!sfa]

[-HKEY_CLASSES_ROOT\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\sfa_checksum]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\!sfa]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Smart File Advisor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SFAUpdater"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1]

4 comments:

shadow651 said...

Thanks a BUNCH!!!!!!!!!!!!!

I hate crap ware like this, and it was totally bogging down my computer every time I right clicked

Chuckleberry Finn said...

I noticed you singled out the change to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations

as the most dangerous thing SFA does, but you don't touch that registry entry in your script. What should the entry look like normally, pre-SFA?

Nemesis said...

You should not need to touch the file association. Once SFA is gone, it stop to mess around with the file association and your defined programs should handles those files DIRECTLY without going through SFA or the Php scripts anymore.

Anonymous said...

I think SFA is spyware. SFA downloaded a virus that Malwarebytes quarantined. I used the SFA uninstaller and, hopefully, it removed itself. I checked the registry entries mentioned in this Blog and those entries aren't there anymore. Only time will tell if SFA is still lurking somewhere on my computer.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.