Kill Virus Computer

How to remove Win 7/Vista/XP Antispyware 2011

2011-09-01T06:56:00.000-07:00

Avira detects Exploit for new FlashPlayer Vulnerability

2011-02-23T01:57:00.000-08:00

A new security flaw is abused in the wild to compromise PCs – up-to-date anti-malware protects.

A so-called zero-day vulnerability within Adobe’s Flash Player gets currently exploited, warns IT-security specialist Avira. An update to fix this is announced for the end of the month – until then, users need protection by anti-malware solutions.

Adobe has confirmed the newly discovered and already actively abused vulnerability within the Flash Player. As there is no update available yet, users can get infected just by browsing the Internet – malicious Flash objects can get embedded by cyber criminals in nearly all web sites, for example by manipulating advertisements.

Avira anti-malware solutions protect from this threat, though. The newly discovered exploit has already been detected by Avira AntiVir with heuristic routines as HEUR/HTML.Malware. For the current malware, a detection by the name EXP/Flash.CY has been added. The malicious Flash is downloading further malware to take control over the infected computer – but users of Avira anti-malware solutions are safe. Further details about this malware can be found in Avira’s TechBlog. Read more

Know Your Malware - Prevent the Need For Spyware Removal By Hugo Grosz

2010-11-12T08:21:00.000-08:00

Who knows if we will ever be capable of getting rid of computer viruses once for all? There's basically no way of avoiding them altogether. It's true that not every type of malware is as dangerous as the rest. The effect of malware on infected computers can range from annoyance at pop-up ads to losing files and perhaps even functionality.

There isn't actually anything you can to do completely prevent the spread of malware, but there are definitely steps you can take to make your computer safer. There are many security suites and programs that include anti-virus, firewall software and additional varieties of protection to discover and get rid of these types of forms of applications. No matter how good the the security software, one of the biggest problems is user error.

It's long been said that knowing is half the battle, and understanding what kinds of malware there are and how they propagate will assist you to prevent them from getting on your desktop. Knowing how they spread will put you in a better position to be able to prevent them from attacking your computer.

This is a list of typical forms of malware:

* Viruses - Viruses are the only malware named after how they spread, just like a virus. Just like bacterias spread from person to person computer viruses journey from PC to computer by means of executable files. Like most malware viruses use numerous different way to prevent recognition. Viruses corrupt and change files on your computer.
* Worms - Worms move from computer to computer just like viruses. However, one of the primary differences between them is that viruses require you to do something, whereas worms advance by themselves. Worms find the vulnerabilities in your system.
* Trojans - Trojans are usually hidden in the install files of other programs which can be innocuous or even desirable like freeware. A lot of freeware and stolen programs that people download contain Trojans.
* Spyware - What spyware does is collects information. You probably won't notice spyware, since it's job is to monitor for information, not necessarily change files. Unlike viruses, worms and Trojans, spyware is usually used for commercial gain.
* Adware - Though not 100% spyware, certain kinds of adware can be considered as such, if the advertisements, typically appearing in the form of pop-ups, weren't in some way consented to.
* Rootkits - Rootkits allow malware to essentially be hidden from the user of a computer. Installing during startup rootkits will keep malware programs from being listed or certain files from being read.

Even knowing the different kinds of harmful software that could assault your personal computer won't always allow you getting rid of them if you do. Anti-virus applications can find a lot of them, but they are only effective if they're up-to-date or if you may run them. Numerous spyware programs stop you from being able to do this.

For this reason having the capacity to talk directly to a virus removal specialist on the telephone who current on the newest dangers and will help you troubleshoot malware problems can save you a great deal of time, cash and needless anxiety.

Discover more things about malware protection and virus removal support, and return to surfing the net confidently.

Find out more about malware protection and virus removal support, and go back to surfing the web with confidence.

Hugo Grosz loves computer culture. Although he only recently began writing about the computers, you can be sure that if it's been blogged about, dugg, tumbled or tweeted he has seen it and probably reposted it somewhere. Relying solely on his weatherworn laptop, Hugo travels to the four corners of the World Wide Web exploring digital tourism, geocaching, telecommuting and every other meme imaginable. He tries to be careful, but even a seasoned web traveler like himself occasionally needs some help with spyware removal.

Computer Is Running Slow:How You Can Fix This Yourself In No Time By David S Marshall

2010-11-01T05:07:00.000-07:00

Have a slow computer means that everything you do runs slows, not just during boot up or opening a program. And if the problems that cause your computer are left untreated you could end up with more than a computer.running slow. You could end up with damage that either requires professional help and a big repair bill.

There are several different things you can do to restore system performance and dependability and it does not even require you to go to the local computer repair shop either.

#1 First you need to get rid of temporary files from your computer. This can be done through the disk cleanup tool. Temporary files build up on your computer over time. As this file build up and the number of files it in begins to get out of control that can seriously cause your computer to slow down, especially when you go online. If you have never cleaned your computer out the chances are you have a lot of temporary files hidden on your computer that need to be gotten rid of to save space.

#2 Next, good PC security software will clean up any current problems you may have with your computer. Viruses will not always damage a computer; some will simply slow you down while others will be pretending to be security software and leave your computer open to further malware attacks. As long as it's kept up to date and you scan regularly your computer will be free of these problems.

#3 Third, you need to take advantage of the system maintenance tools you have available and defragment your hard drive. This will organize all of the files on your hard drive and making sure they are all lined up for faster access by the computer and stop your computer running slow.

#4 You need to make sure that your registry is in good health. The number of times every day that the registry is accessed and utilized makes it very prone to corruption and other issues as well. When something goes wrong with an entry, you may not see a problem right away, but soon there will be an increasing number of issues such as crashing, blue screen errors and even preventing you from accessing windows at all. The registry is just that important. So you need to make sure that you scan it regularly with a system and registry scanner tool designed to do just that and fix any issues that may be there. Only then can you restore true performance and dependability to your computer and stop your computer running slow on you.

How To Remove The "Major Defense Kit" Virus Completely From Your System By Katie Martins

2010-10-28T05:51:00.000-07:00

Major Defense Kit may look like a legitimate software tool, but the fact is that it's nothing more than a fraud - designed to try and steal your passwords and get you to but the fake upgrade to the program. The way this infection works is to install itself onto your computer and then pretend to find a series of virus infections on your PC. These viruses will all be fake, and will just be there in order to try and get you to buy the worthless upgrade to the software. If you have this virus, you should not trust it and you should remove it from your system immediately. This tutorial is going to outline exactly how to do that.

This program is what's known as a "malware" infection, which basically means that it will place a functional software program onto your PC, which will then try and trick you into buying the fake upgrade. Malware stands for malicious software, and is a common type of virus infection that's continually trying to steal passwords and extort money from you. The likely source of infection for Major Defense Kit is through the likes of a Trojan Horse virus, rogue downloads and fake antivirus scans online.

Removing the Major Defense Kit virus is actually quite easy if you know what to do. The problem most people have is that they don't realize how many infectious components this virus has, and so when they try to remove it - they will actually leave a lot of its parts on there - leading your computer to continually bring it back. There are two ways to remove this virus - one working much more reliably than the other. The first way is to manually delete the program files that the virus needs to run. These are files which the program uses to run, and if you remove them - the application should disappear from your system... however, there are many hidden components that Major Defense Kit installs onto your PC, making the manual removal of the virus quite a difficult thing to do.

If you wanted to try manually removing this infection, you should delete the folder & files below:

* %UserProfile%\Application Data\PAV\
* %UserProfile%\Application Data\antispy.exe
* %UserProfile%\Application Data\defender.exe
* %UserProfile%\Application Data\tmp.exe

The best way to remove Major Defense Kit is to use what's known as a "malware removal tool". This is a software program that's been specifically designed to scan through your PC and get rid of all the parts of the malware infection inside. We've found the tool XoftSpy is the most reliable and effective malware removal program to get rid of the Major Defense Kit. This has been designed by a company called "Pareto Logic", who are a large Canadian firm who produce a huge number of different programs to help boost PC speed & security. You can get rid of MDK by downloading XoftSpy to your system, installing it and then letting it perform a "full scan". This will remove any of the viruses that are on your system, and will allow it to run as smoothly and reliably as it did when it was new.

Fake System Defragmenter Removal Tutorial - How To Remove This Virus From Your PC For Good

2010-10-26T06:00:00.000-07:00

The Fake System Defragmenter program is another fake security application which has been created to try and con you into thinking it's a legitimate program. This virus will install itself automatically onto your computer and then proceed to control various important system features, stop many of your programs from running correctly as well as showing a large number of false popups. If you have this infection, you need to get rid of it in the most complete way possible.

This virus is what experts are calling a "malware" (malicious software) infection. This basically means that the actual infection is basically just a software tool which will install itself & run like any other software program on your PC. In order to remove this virus, you need to be able to get rid of any of the infected parts of the software by first stopping it from working and then getting rid of its infected elements. The virus will install program files, infected settings, rogue files and other general software applications onto your PC. In order to remove the infection, you need to be able to delete all parts of the virus for good, and that's best done by loading up your system into safe mode and then using a malware removal tool.

The first step to getting rid of this virus is to load up Windows into safe mode:

1. Restart Windows
2. Before your PC starts to load, press F8 continually
3. On the "boot menu" that appears, select "Safe Mode With Networking"

This will load up Windows without any software and with the Internet, allowing you to remove the virus by getting rid of any parts of it which are causing issues on your system. Safe Mode is basically a "feature" that Microsoft introduced to help your computer load up without any of the programs that could cause problems, such as System Defragmenter. After loading up in "Safe Mode", you'll then be able to get rid of the virus because it's not running.

The way to remove the System Defragmenter infection is to then download a "malware removal tool" to scan through your system and remove any of the parts of the virus which could be inside your PC. These programs work by scanning through your computer and getting rid of any infected files, settings and options - allowing your system to run much smoother and more effectively as a result. We've found "XoftSpy" is the best program to get rid of the System Defragmenter virus. This tool has been created by a large software company in Canada who have been able to continually update their programs to make them as effective as possible. You should download XoftSpy, install it and then let it fix all the infected parts of your system - which should remove the virus you have.

You can remove System Defragmenter by using the tutorial and tools on our website. You can Click Here to remove the fake System Defragmenter virus from your PC.

By Katie Martins

How To Repair Your Slow Computer - 5 Quick Tips

2010-10-02T00:05:00.000-07:00

A computer that loads slower than a snail is not at all a good thing. If your PC works the same, stop cursing and waiting in vain. There are still a lot of things you can do if you need help repair your slow computer. And the good news for you is that you do not need any kind of hardware upgrade just to speed up your PC once again.

Hard Drive Defragmentation

One of the reasons that your PC can be running slowly is that the files in the hard drive are scattered. This setup makes it harder for the hard drive to access information. To speed up your PC, it is a good idea to run a disk defragmenter at least once a month. Running the defragmenter can take two to four hours so you have to be patient when doing this.

Spyware Removal

Even if you think your computer does not have any kind of spyware installed in it, there is a lot of chance that it has spyware already. This is especially true if you use the PC for surfing the Internet most of the time. As you know, the spyware can make your PC run slowly. Hence, remove the spyware in your computer system through the help of spyware removal programs that you can find in the Internet.

Memory Expansion

If the reason for your slow computer performance is too much files or too much programs operating every now and then, it is a good idea to expand the memory of your hard drive. Doing this is as simple as opening the memory slot to give way to the installation of the new chip. However, this can be a very complicated task for an amateur like you so better seek the help of a technician for this.

Background Processes Deactivation

There are programs in your computer that can be working in the background without you knowing them. These programs, despite you not using them, can suck up your computer system and thus slow your computer down. Check the processes tab on your computer and end the task of the programs that you are not using. If this sounds like a complicated job for you, a registry cleaner will help you do the job. Most of today's registry cleaners have a feature to effectively handle the background processes in your computer.

Windows Registry Cleanup

This is the best approach to speed up your slow computer. It is quite unknown to many that when the computer registry has a lot of entries in it, the computer tends to become slower. With numbers of entries of deleted programs in the registry, you need to free the registry with them.

There are two options to clean the registry. One is manual removal and the other is automatic. The first one is not advisable because if you accidentally delete an important entry, you can make your whole computer system to fail. Hence, automatic removal with the help of registry cleaners will be the best solution to clean your windows registry. There are a lot of applications in the Internet but be careful to choose only the most reliable and credible program.

True enough, there are tons of things you can do if you need help repair your slow computer. So what still are you waiting for? Stop your suffering today and act on making your computer perform better and faster.

Beware Of Fake Anti-Spyware Programs

2010-09-24T20:30:00.000-07:00

So you have spyware, and you want to get rid of it. You do some research, and find an anti- spyware program. Unfortunately, this is not the end of your worries.

Malicious programmers have released a large number of fake anti-spyware programs. They use web banner ads to tell users their computers have been infected with spyware, and tell them to purchase anti-spyware programs that remove these harmful parasites. But, these harmful products do not get rid of spyware. In fact, they can actually add even more spyware!

We've seen an increase in this type of activity lately, and as a result, there is increased concern. Some of these anti-spyware programs promote themselves as being antispyware, antivirus, or registry cleaners. They will often feature popups telling the users to install their product. Software like this is often referred to as rogue software.

Here's a list of some of the known anti-spyware scam programs:

* AntiVirus Gold

* ContraVirus

* Errorsafe (also known as system doctor)

* MacSweeper

* PAL Spyware Remover

* Pest Trap

* PSGuard

* SpywareStrike

* Spyware Quake

* Spydawn

* Spylocked

* SpyShredder

* Spy Sheriff

* Spy Wiper

* UltimateCleaner

* WinAntiVirus Pro 2006

* WinFixer

* WorldAntiSpy

How you can prevent this? For starters, do not install freeware products that claim to be anti-spyware. It's fine to use products that offer a free scan, but you will want to eventually go with the paid version. Fortunately, legit anti-spyware programs don't cost too much money. It'll probably run you about $25 to $50. Well worth it, when you consider the piece of mind of getting a reliable piece of software.

Removing AntiMalware Doctor From Windows XP-Vista-7 - How to Remove This Virus For Good

2010-09-21T17:44:00.000-07:00

AntiMalware Doctor is a 'rogue antivirus' program that's been designed by a group of hackers to try and steal your money, identity and other personal details from your system. Thinly disguised as an antivirus program, this virus will continually post fake virus scanning results, popups and other annoyances in order to try and lure you into buying the upgrade of the software. Unfortunately, removal of this infection from your PC can be quite tricky, because of the various hidden elements that many people don't even know about. If you want to remove this virus from your system, it's advisable that you use the steps outlined in this tutorial...

It's important to be sure that you can get rid of all elements of this infection in the most complete & reliable way, as it has a lot of "hidden"elements which cause the most damage to your PC. The likes of separate viruses, hidden files which steal your data & hidden key-logging software not only take much more effort to remove from your system, but are also the most vicious of the various AntiMalware Doctor elements on your PC. The bottom line is that if you want to remove this virus from your computer, you need to make sure that you are able to get rid of all the settings & files it has, that are infecting your PC.

Many people try and manually remove this application (because they mistakenly think it's a common application. They find this directory and try to delete it:

* C:\Documents and Settings\malwarehelp.org\My Documents\New Folder

Although deleting the files that AntiMalware Doctor requires to run may get rid of some of its data, the fact is that it has a lot of files & settings which are continually being used on your system. To get rid of this infection, it's recommended that you use a type of program called an "anti-malware" tool. This is a type of scanning utility which have been released by several leading companies. This type of software will install onto your computer and then remove all traces of the Antimalware Doctor program, which will bring your computer's security back to the way it way.

The way to use one of these anti-malware programs is to use a tool that's able to scan through your PC and fix the various elements of AntiMalware Doctor, which it requires to run. It's recommended that you use a program such as "XoftSpySE" - a tool designed specifically to remove rogue antivirus programs. This particular anti-malware tool has been created by a company in Canada called Pareto Logic, and is famed for being able to remove even the most stubborn of infections from your PC.

Noadware.net - Spyware/Adware RemoverClick Here!

How Do I Remove Advanced Security Tool 2010? Quick Tutorial To Remove This Virus

2010-09-17T21:51:00.001-07:00

Advanced Security Tool 2010 is a rogue antivirus program that's been designed to try and get you to buy the fake upgrade to this software, as well as to steal your personal details from unsecured Internet sites. If you don't know already, this is a thinly-disguised scam, which does nothing to protect your PC - instead, it will just place a series of fake adverts on your system in an attempt to get you to do what it wants. Fortunately, this virus does not damage any programs on your system and is quite easy to remove if you know how.

Known as "malware" (malicious software), Advanced Security Tool 2010 is nothing more than a fraud, which needs to be removed immediately if you want your system to remain fully functional. It will have installed itself from the likes of a fake email attachment, rogue download or even a corrupt installation of software. It will have installed itself into the folder listed below, and will have also placed a series of key-logger programs and other malicious files into the "Windows Folder" of your system. In order to remove the virus, you need to get rid of both parts of the infection - the fake software and the hidden viruses it will embed into your system.

This virus will install itself into this folder on your PC:

* %UserProfile%\Application Data\[random files]

If you want to remove the virus, there are two ways to do it. The first is to manually get rid of the infection by deleting the various parts of the virus that allow it to run. You an click on "My Computer", browse to the folder listed above and then press SHIFT + DELETE on all the files in that folder to get rid of them from your PC. This may stop the program working temporarily, but it's often the case that most instances of this virus will just return after restarting. This is because the infection is continually backing itself up inside the Windows folder of your system, and so if you want to get rid of the virus completely - you need to be able to completely remove all parts of it.

The best way to get rid of this virus is to use what's known as a "malware removal tool". These are software programs which have been designed by professional companies to get rid of all the potential infections your computer may have. These are highly effective, and we've found that a tool called XoftSpy is the best at removing the Advanced Security Tool 2010 infection from your computer. This has been developed by a leading company in Canada, and is continually being used to help fix a huge number of infections on people's computers. You can use this tool to fix your errors by downloading it onto your computer, installing it and then fixing any of the infected files your system has. This will get rid of all the parts of the virus and protect against future infections.

Removing AntiMalware Doctor the Easy Way - A Simple Guide to Remove AntiMalware Doctor For Good

2010-08-28T05:22:00.000-07:00

Antimalware Doctor is a relatively new virus that's been introduced by a group of hackers (thought to be from China), which pretends to be a legitimate antivirus program. This infection is continually being spread around the Internet by a series of different mediums, including the likes of Trojan Horse viruses, malicious websites and even email viruses. This infection is one of the most virulent on the Internet, and can be quite difficult to remove. Fortunately, you can use this simple tutorial to remove it from your system for good:

The way to remove Antimalware Doctor is to actually a little more complicated than you might have first thought. The problem is that this virus is not just a rogue application that tries to get you to buy a fake "upgrade". It's actually a deep-rooted infection which is continually being used to steal personal credit card details from people around the World. Apart from having the fake antivirus application, it also has a series of malicious files which are used to monitor your PC and steal your data from you. This makes it important that you're not only able to remove all parts of the damaging application, but you're able to get rid of the "back end" infections as well.

This virus is what's known in the trade as "malware" - meaning that it has a lot more than just one corrupt / damaged file - it's most likely deep rooted inside your computer, and to get rid of it you need to be able to use a reliable & effective "anti-malware" program. The best types of program to remove Antimalware Doctor (as ironic as this is) are ones which are called anti-malware themselves, such as "MalwareBytes" or "XosftSpySE". You need to download one of these removal programs onto your computer and then let it perform a "deep" scan of your system. A deep scan basically makes the program look through all the damaged parts of your PC, cleaning out any & all of the infected parts of it.

After using an "anti-malware" tool on your system, you should also look to use a "registry cleaner" to scan through your PC and fix the various errors that are left inside. This step is highly recommended because Antimalware Doctor will actually leave a lot of infected registry settings on your system, which need to be removed if you're going to get your computer running smoothly again. The registry is basically a big database which stores all the files & settings your computer needs to run, and is also where viruses like to keep a lot of "dormant" files. These files "reignite" when you use your PC, leading to more viruses entering your system if you don't remove them. Registry cleaners are recommended to get rid of this infection for good.

Online Scan - 4 Good Online Scans to Keep Your Computer Clean

2010-08-28T05:03:00.000-07:00

Many people either don't have the money or don't have any interest in installing an anti virus or anti spyware program. While I feel that that is a mistake, an online scan can make a good alternative. You just have to use the right online scan. Check out the 4 online scans I recommend.

BitDefender

BitDefender is an amazing online anti virus scan. I found that it is equally effective, if not more so, than the AVG Free I run. My biggest complain about it is it gets plenty of false positives. False positives are when it thinks something is a virus, but it isn't actually a virus. Your average user probably won't see this problem too much, because you won't have nearly as much stuff on your computer as I do. Overall, I believe BitDefender is the best online scan out there.

HouseCall

Another good online virus scan. HouseCall has been around for a long time and a lot of people like it. I believe it is also very good, but I like BitDefender a bit more.

Panda

I love Panda's anti virus. I believe Panda anti virus is the only anti virus truly worth paying for. It's an absolute beast. That said, I'm not as sure about their online scan, mainly because I can't try it. It currently isn't compatible with Windows Vista, so I'm out of luck. They plan on changing that soon. Still, if it's anywhere near as good as their program's scan, it'll be a very good one to try.

Ewido

Ewido is the only online spyware scan I can recommend. I found Ewido to actually be MORE effective than the standard programs I was running. Even after running those programs, Ewido still found more stuff, some things as serious as Trojan horses! Definitely run Ewido.

I highly suggest running at least one of the virus scans and Ewido about once every week or two, even if you have programs installed for those jobs. A free second opinion never hurt anyone.

Anti Virus Online Scan - Learn About an Anti Virus Online Scan

2010-08-28T05:01:00.001-07:00

On the war between viruses and human, there were only few times that viruses overpowered human nature, it was the brilliant mind and interest of many a highly intelligent computer whiz around the world who took the crown and the legacy. One thing that can attest to this is the increasing numbers of software that are designed to defeat and hammer these viruses that craves to destroy our computers.

Anti virus software is a great example of this breakthrough. And nowadays, it is undeniable that this tool becomes one of the most highly recommended devices when it comes to computer safety. Although many have emerged, the effectiveness and appropriateness of this program remains robust and has been known for such a long time and is even commended. Meanwhile, while the consistency of an anti virus is being applauded by many of us, viruses are also making and are even leaving a mark on every residence that has a computer. Files are scammed while computers are inflicted with different harmful malware that technically cause a serious problem that may result in a total destruction of a computer.

Due to the malicious and crashing effects of malwares to computers, various opposing software against various malware are being promoted and are featured to most of the existing websites in the planet. There are too many of them to mention however, some people would take advantage of these situations and would create more chaos towards their computer owner. Numerous Anti virus online, portals and sites are stretched and are outlined to help lessen worse cases with regards to the existence of a virus. And yet, as mentioned, some people are really too greedy to make use of these websites and earn their own commissions out of this outbreak. In this day and age, no computer in every dwelling connected to the internet should be without the protection of an up-to-date anti virus program.

The need of getting a back up program is still practiced by many because the continuous war on virus issues is still arising. Anti viruses online are scattered and are found around the wires and the chords of your computers. You have to make sure that whichever you acquire is safe and reliable. It is easy to be scammed by many of these existing malware. You've got to be very cautious.

Keylogger Scan With Spyware Removal Software For Your Computer

2010-08-26T06:54:00.001-07:00

There are many dangers when it comes to having keylogger's hack into your computer. It is, indeed, a cyber crime. That is, unless a company is using it to track the keystrokes on company computers. Because of the many dangers, it's important to know how to find a keylogger scan with spyware removal software.

Keyloggers have developed this new way of cyber crime. As with many crimes, this can be incredibly dangerous to your computer. What happens with keylogging, is the hacker keeps a tab of all the usernames and passwords you place into websites. This means the hack has access to important information such as back accounts and emails.

As with most hackers, keyloggers have a great way of disguising themselves. Because of this fact, it's important to be cautious of the dangers keylogging poses to your well being. With all of your passwords, keyloggers can do minor things, or even something as big as draining your bank account. Therefore, it is important to always be aware of any suspicious activity.

When you have noticed something unusual, first you need to download anti-spyware software. There are several different ones to choose from online. Though, be aware that not all anti-spyware is actually anti-spyware. There is a possibility that it is actually spyware. Take a moment or two to research anything that you download.

The anti-spyware you download will inform you of any potential threats on your computer. Be prepared to be shocked by the number of potential hazardous things which have been downloaded over the course of time. Once you see what all the threats are, the anti-spyware should be able to remove it all.

The internet is very dangerous. Always be aware of the risks when passing along any sensitive information to a site. If it cannot be trusted, do not give any information away. It can and will be used against you at some point in time. While keylogging is dangerous, there are much worse things. Be sure to run things like a keylogger scan with spyware removal software on a regular basis in order to stay safe.

How to Remove Google Redirect Virus? Use These Google Redirect Virus Fix Instructions to Fix Your PC

2010-08-24T04:59:00.000-07:00

The Google redirect virus can be an annoying phenomenon on your system by making it slow and redirecting you to websites you never intended to visit. Google redirect removal is the only way to rid your machine of this virus intrusion. Before figuring out how to carry out this virus cleaning, it would be a good idea to learn more about the virus and the effects it has.

This virus has been designed to redirect unsuspecting users to harmful sites which are infested with spyware and viruses. These get into the user's system and begin to transmit all the online activities to an unknown destination thus completely compromising your private information including login IDs and passwords, bank account details, credit card details and so on.

You can well imagine the repercussions in your life after if you don't immediately resort to Google redirect removal - bank frauds, credit card unauthorized usage and more.
Some of the typical tell-tale signs on a system infected with the Google redirect virus include:
o Changing of desktop background

o Home page change

o A very noticeable slow down in browsers like Internet Explorer/ Firefox etc

o Errors in outgoing e-mail attachments, faulty Messenger application etc

o Breakdown of freeware

Web sites like clearask.com, go.Google.com, web-analytics.google.com are some of the redirected sites. These are malicious in nature and hook spyware into your system easily.

For a thorough Google redirect removal you will need to verify and clean up not only Windows registry entries but also browser objects like add-ons, help objects and DLL (Dynamic Linked Libraries) files. This can be accomplished manually though it is time and effort intensive. It is very difficult to find out the entries associated with the virus and remove them one by one.

There is also a possibility that you might miss out one or two entries which in turn could cause the virus to return. Worse still if you delete some critical entries your operating system itself might begin to malfunction. So only if you have enough expertise and knowledge it is advisable to attempt a manual virus cleaning.

There are reliable and effective spyware removal and virus removal tools which you can use to achieve Google redirect removal in a straight forward, quick manner. You can find the best spyware removal software in the market by going to the following link and then enjoy total freedom from all kinds of malware and spyware.

Are you frustrating that viruses/trojan infect your computer and disturb your computer performance? Need to do Google redirect removal in easy and fast way? Scan your computer now with free antispyware scanner and delete/uninstall the virus. When you've fixed them, be amaze how fast your computer is.

http://spyware-removal.online-product-reviews.net

Get Rid of Google Redirect Virus - Easy Fix

2010-08-24T04:57:00.000-07:00

Are you experiencing problems with your computer because it keeps getting redirected to different sites that you did not even click on in the first place? If so, then it means you are infected with the Google redirect virus. While the effects are really nasty, it helps to know that there are steps which you can take to get rid of this notorious threat.

Potential Harms of Google Redirect Virus

First off, it pays to know just what could happen to your computer if it is infected with this Trojan. One, your browser will redirect itself to pages that could plant some more spyware and malware into your computer. Second, the performance of your computer can slow down really bad. Third, you will keep getting some ad sites popping up in your browser - ad sites that you did not even click on or open.

Can't Get Rid of Google Redirect Virus? Here are the Removal Instructions

The best way to get rid of the Google redirect virus is to invest in software that performs spyware removal or have an anti-virus program running in your computer. At the same time, you can also uninstall the Google redirect virus manually - though it will take some time and effort as well as computer know-how in order to achieve this. The Google redirect virus works by corrupting registry entries in your system, so you need to do a manual cleaning fix in order to solve this.

To remove this search result hijacking virus, you should click your Start button and type regedit on the Run option. Look for the registry keys that have been affected, as well as their corresponding values. In order to do this, you need to keep an eye out for values which have undergone modification and remove any redundant entries.

Second, look for the unregistered DLL files - these are the malicious files that you need to remove. As soon as you locate them, the next thing you have to do is to kill the processes which are operating so the Google redirect virus stops spreading.

Should you find that this does un-install Google redirect virus, the next thing you have to do is a system restore. Reformatting your system can also help, but if you do not know what you are doing you could end up losing all important information or data that you have not yet been able to back up. Reformatting hard disk is not the solution but automatic spyware removing software will restore the earlier functionality of google search results.

At the end of the day, a very good spyware and antivirus could make sure that your computer is being given close monitoring to get rid of all the potential harms you can get from malicious websites. Automatic Removal Tools will not only remove this search result hijacking virus but also protect you from any such threats in future by providing real time protection.

The malicious Google redirect virus can do potential damage to your computer if you are not aware of its existence. It pays a lot to invest in Spyware Removal as well as know-how in fixing it yourself. You can use this effective software to Remove Google Redirect Virus easily and get your search results old functionality back.

Computer Crashing? It Might Be Malicious Software

2010-08-18T08:39:00.000-07:00

There are few things more frustrating than a computer that crashes all the time. Whether it causes you to lose half of a letter you just typed in, get disconnected from your favorite game, or causes you to miss out on an online auction, a crashing computer is a nightmare. There are many reasons why your computer can become unstable, but one of the more common ones is malicious software, more commonly known as "malware".

Infectious software comes in the form of viruses, trojans, spyware and adware. This software attempts to use your computer for identity theft, sending out spam messages, and other illegal activities. Some viruses actually attempt to steal your credit card and banking information for resale on the black market. But malicious software is often very poorly written and is known to cause all sorts of problems on the computer it infects.

Computer viruses take advantage of weaknesses in your computer's operating system in order to hide from you and to look for ways to spread to other machines. A virus will often insert itself into a legitimate program or modify system configuration settings. When it infects your machine, it does not do so gently, the virus writer doesn't care if your machine is still in good shape after his virus is installed.

Once these system files or configuration settings are corrupted by malicious software, then how your computer will react is unpredictable. Programs that once ran fine may begin to act strangely or not run at all. Your network connections may become unstable or slow, and you may begin experiencing more frequent unexplained rebooting of your PC. A computer virus will do whatever it takes to infect your machine no matter how much damage it might do. All it cares about is getting installed and then hiding from you as it does the other things it was programmed to do.

However returning your computer to its normal operating state is fairly simple thanks to malicious software removal tools. These tools will peek inside all of your files and system settings looking for the digital fingerprints that malicious software leaves behind. Once it finds these fingerprints it will remove the viruses and help restore your computer to the way it was before. Malicious software removal tools can not only fix the immediate problems you are experiencing, they can also help to prevent future infections. This not only protects your computer, but protects you from becoming a victim of identity theft.

Is Net Dll a Spyware Or Virus? How to Remove Net Dll?

2010-08-17T05:40:00.000-07:00

Net.dll is also one of those key files which can be used by both safe programs and malicious programs such as virus and spyware. Usually, virus will modify its name as something similar to net.dll or exact the same name.

False net.dll is very harmful to your computer. It will continue to corrupt files and get more malicious programs installed in your computer quietly. Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft".exe file is located in the C:Windows or C:WindowsSystem32 folder, then there is a high risk for a virus, spyware, trojan or worm infection!

More information about false net.dll is possible.

Infected Registry Entries: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun

Advanced computer users can try to check those registry entries and repair them manually. But in the case that key system file is infected by virus, a professional security tool is very necessary. If you know little about how to remove net.dll or other infected files, you can turn to a professional anti-spyware program. There are some security programs on the market, which are specialized at removing PC threats and managing PC performance. That is to say you do not have to worry that computer errors will occur after you remove some infected system files.

Defense Center Removal - How to Remove Defense Center Quick & Easy

2010-08-15T08:46:00.000-07:00

Defense Center is a rogue antivirus application that's been designed be a group of hackers who want to try and profit from getting you to purchase the full version of this virus and to steal your personal data. This virus is constantly installing itself on numerous computers, and is extremely difficult to completely remove. Fortunately, this tutorial is going to show you the steps you need to take to remove this infection from your system and prevent it from coming back.

Removing the Defense Center virus is a lot like trying to get a weed out of your garden - there are many ways you can do it, but only a few which are really effective. If you're looking to get this infection removed from your system for good, you need to make sure you do several things correctly - namely removing the application & files that needs to run, and then removing the malicious codes that it also places on your hard drive. The "hidden danger" of this infection is that it not only installs a very annoying executable file on your PC, but also has a range of other infected codes which will steal your personal details & credit card information.

This means that if you want to remove this virus from your PC properly, you need to be able to get down to the core of the infection and remove all traces of it from your PC. To do this, you should look to use a "spyware removal" tool or a "malware removal" tool. These are programs specifically designed to scan through your system and remove the various infected files & settings that the Defense Center virus needs to run. Using one of these automated programs should allow you to completely remove the virus from your system, by letting it delete the application and then remove the malicious codes it has.

To remove this virus, you should first download a program such as "MalwareBytes" or "SpywareDoctor". These will then scan through your PC and remove any infected files that they will identify. Considering you use an effective tool that can actually remove the Defense Center virus, you should be able to remove the "physical" traces of it from your PC. A good tip is to perform a "Deep Scan" with one of these programs - this will search your entire hard drive for the virus, not just a few files.

After you've used an anti-malware, or anti-spyware program to remove all the files and settings that the Defense Center virus needs to run, you should then use a 'registry cleaner' to remove all the settings that this file requires. The registry is a large database inside the Windows system, which stores all sorts of important settings & options for your PC, and is where Defense Center stores a large number of important settings that it requires to run. Unfortunately, and not many people know this, these rogue antivirus programs (of which Defense Center is one), will store infected registry settings which will then cause other infections to come and infect your PC. This is a big problem which can be solved with a 'registry cleaner' tool.

How to Get Rid of Defense Center From Your Computer and Keep Your PC Malware Free

2010-08-08T05:01:00.001-07:00

What is defense center?

This is another fake antivirus and anti-malware program that attempts to trick you into buying the so called "full version" of this scamware to remove malware from your computer. Once it gets onto your computer it can be extremely difficult to remove as this malware uses several tricks to prevent you removing it. To many people this malware looks like a genuine anti-malware program and all the warnings and pop up messages warning you about critical viruses, spyware and trojans on your computer are enough to trick many people.

If your computer is infected with this malware you will start to see messages which are auto-generated by defense center and warn about fake viruses and,spyware, malware and Trojans and tell you to click a button to remove this. Clicking the button will take you to a page to buy this malware which will not protect your computer and is just scamware.

You will see a constant stream of these fake error messages and they are just designed to get you to part with your money. Remember these messages are fake and not real.

This malware will even disable and remove genuine antivirus software and warn you it is infected to get you to remove it. If you see any warning messages telling you that your antivirus software is infected ignore it and follow these steps below to protect your computer.

How can I prevent defense center installing on my PC.

Defense center gets onto your computer by exploiting vulnerabilities or holes in your internet browser and operating system and other programs to find a way onto your computer and there are several steps you can take to keep this malware away from your computer.

#1 Run windows update and set it to update automatically. You can do this by going to windows control panel then security center and setting automatic updates to on.

#2 Make sure all the programs on your computer are up to date. If you get any messages saying there are updates available update them.

#3 If you visit websites and get warnings close the site immediately.

How can I get rid of Defense Center from my computer?

If you are one of the thousands of people who have fallen victim to this malware recently you can take steps to get rid of it. When it installs it will start generating pop up warning messages every few minutes and these will increase in frequency until it reaches the point where you cannot even use your computer. There are two ways for how to get rid of defence center from your computer. Manually or automatically.

Manual method for how to get rid of defense center from your PC.

This can be a long process and there is no guarantee it will remove every file because of the nature of malware the names of files are always changing to prevent removal.

#1 Restart your computer in safe mode by pressing the F8 key at startup and start task manager by pressing the ctrl-alt-del keys together.

#2 Go to the processes tab in task manager and stop any of the following processes that are present. mswinsck.exe, wscsvc32.exe, defcnt.exe, uninstall.exe.

These all for defense center and you need to stop them if you want to get rid of defense center from your computer.

#3 Stat the registry editor by going to the windows start menu, then run and type in regedt32. Use the find button on the menu to find the following entries and delete them. The exception are the two entries marked: "DisableTaskMgr" = "1" this shoud be changed to "DisableTaskMgr" = "0".

HKEY_USERSS-1-5-21-861567501-152049171-1708537768-1003_Classessecfile
HKEY_CURRENT_USERSoftwareClassessecfile
HKEY_CLASSES_ROOTCLSID{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOTsecfile
HKEY_LOCAL_MACHINESOFTWAREDefense Center
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallDefense Center
HKEY_LOCAL_MACHINESOFTWAREProgram Groups
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Defense Center"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{5E2121EE-0300-11D4-8D3B-444553540000}"

#4 close the registry editor and then use the search button to search for anything related to defense center on your computer and delete anything you find.

#5 Restart your PC. The manual method is time consuming and risky if you make any mistakes and delete the wring files. The other method is quicker and safe.

Automatic method for how to get rid of defence center from your PC.

This is the recommended method.

#1 download and install a system scanner that will scan and check your windows computer for malware, spyware and Trojans. You can find many of these online that will tell you if there is any malware on your computer and how to remove it.

#2 Follow the steps that come with the software to remove all traces of it. A good malware scanner will remove all registry entries and any hidden files that may be used to download and reinstall the malware after you have removed it.

Following these steps will show you how to get rid of defense center from your computer and make it run like new again.

How to Get Rid of AV Security Suite From Your Computer and Protect it From Malicious Software

2010-08-08T04:59:00.000-07:00

While the name AV security suite may sound like it would be something good for your computer, this software is just the opposite. It uses fear and relies on you not having much knowledge of how these things work in order to frighten you enough that you are willing to purchase this so fake anti-virus program.

AV Security Suite generally gets on your computer in several different ways including through hacked sites you visit, via spam emails and gets installed without your knowledge or permission. From there it will automatically change files on your computer so that it will have permission to run automatically every time your computer boots up and will run silently in the background.

It can start using it's scare tactics by popping up on your screen at unexpected times displaying messages that your computer is currently infected by viruses, malware or spyware. Sometimes it will even tell you that your computer is under attack by an external source. Other times it will display a screen saying that your computer has been scanned and it is currently having certain problems. All of this is done to make it look as if you need to purchase their program in order to resolve these security issues with your PC and you need to get rid of AV security suite from your computer.

What you need to realize is that even legitimate sites can become a host for the AV Security Suite. This usually happens when a site is hacked and the virus is put into place on the page somewhere. This is also how people can become infected multiple times over the course of a few days because of going to the same site over and over again to read new things. This is especially true for computers that have not been kept up to date with anti-malware protection.

In order to make this ruse even more believable that your computer is infected, AV security suite will prevent random programs from working as they should. It will also automatically connect your computer to an external site. This will allow it to display fake security messages as you surf the web giving you fake warnings about how these pages are reported as being unsafe.

If you want to get rid of AV security suite it can be quite a hassle if done manually.

#1 First, you will need to go into your computer Internet Explorer options and go to Connections --> LAN Settings --> and uncheck the box saying "Use a proxy server for your LAN". Once that is done you can move on to file removal.

#2 File removal is going to be quite a task. Usually every program has a list of names and files associated to it that you can remove. Because of the random way the virus installs the files it is almost impossible to find them. The registry entries on the other hand are slightly easier to locate and get rid of. They include anything with avsuite or AV security suite in the name and you will have to search for them in the registry and delete them.

Once all of that has been removed you should no longer have any problems. But if you still have problems or there is further malware on your computer you can download and run PC health check software that will help you get rid of AV security suite fast. It will scan your computer and delete any malicious software for you and make your PC run fast and get rid of any malware in minutes.

Computer Virus Removal - How to Remove Computer Virus Manually and Automatically

2010-07-31T23:21:00.000-07:00

Computer viruses have been a common term to all of the computer users. However, though we use computer daily, do you really know how to remove computer viruses when you are suffered by these terrible unexpected intruders? Actually, as long as you read this article, and learn some basic knowledge about computer virus, you should know several ways to manually or automatically remove them. They are just not that horrible. Get rid of viruses now!

Do You Have a Computer Virus?
If you suspect that you may have a computer virus, please confirm it first. The common symptoms for a virus-compromised computer are: computer running very slow, popping up with many unknown errors, displaying constantly ads windows, random PC reboots, or blue error screens, etc. In a word, a compromised computer just runs abnormally. If any of the above happens, your computer is likely infected by viruses. Then do not panic. Be assured you can also fix your computer viruses yourself.

How to Remove Computer Viruses Automatically?
The fastest and easiest way to remove a computer virus is to run antivirus software. Definitely, you need to have a virus removal tool installed to secure your computer.

1. Close all running processes. Before you run the antivirus software, please make sure you have saved and shut down all the running programs, files or any other applications. This is because most of the antivirus software requires a reboot of your PC in order to disable any process of the computer virus. Run a scan on your computer with the antivirus software. Remove the detected virus

2. Update your antivirus software. In order to catch up with the latest spreading viruses, good antivirus software should always have update on its virus definitions database from time to time. So, before you run the virus removal tool, check the virus definitions update first.

3. Detect and remove computer virus. Run the virus scanner of your antivirus software to detect the computer virus as well as any other malicious PC threats. Then, remove the detected computer virus and other malicious items.

How to Remove Computer Virus Manually?
Usually, it is ok and easy to automatically remove the computer virus or other malicious PC threats with a virus removal tool. But some people might have the idea to do both the automatic and manual computer virus removal! Well, it is a good idea anyway. If you also want to know the way for a manual virus removal, you can try the following manual steps:

1. Remove suspicious programs from Add/Remove Programs
Most of the computer viruses intrude into your computer with the spyware programs, so you need to remove any suspicious programs from your computer. You can first start you PC in the Safe Mode by pressing F8 while your PC reboots. Then, click Start > Control Panel > Add or Remove Programs. This will list all programs that are installed on your machine. Look for those associated with the virus or Spyware and delete them. Meanwhile, you can search online to get a list of programs corresponding to a particular virus.

2. Delete Virus Files
The list of files related with a specific virus can be searched for through the Internet. Then, you can just look for these files on your computer and delete them permanently.

3. Delete unnecessary Registry Entries
Viruses add some Registry entries into your system Registry when they install on your computer. Again search information from the net and remove these redundant entries to completely flush out the virus from your computer.

Note: Anyone who wants to try the manual computer virus removal should be careful enough to avoid the risk of deleting needed files and entries. To clear viruses from your computer and to know more about the best virus/spyware removal tool you can go to the following link.

Remove Trojans From Your Computer Before it is Too Late!

2010-07-23T20:00:00.000-07:00

Why is it so important to remove Trojans from your computer? Well for one thing, there are over one million known viruses that are just looking for a host computer to infect. Once that happens, there are many things that can happen to your computer.

One of the most disturbing issues it that if you do not remove Trojans, you are giving a stranger unlimited access to your computer, possibly to your most intimate details such as bank account information, credit card information or even the means to steal your identity. All it takes is a little data here and a little data there for a clever thief to take over your life.

While not every virus leads to the loss of important information, other issues arise when you do not remove Trojans such as your computer running more slowly than when you first bought it, your internet activities can be tracked and monitored or your homepage can be changed and you may not be able to change it back.

So what may happen if you sit back and do nothing? Your computer may continue to be bogged down until it is virtually useless or the viruses and Trojans may play so much havoc on your computer, that you have to take it to a computer repair shop and spend hundreds of dollars just to get your computer to run like it should.

How do I protect myself from these viruses and Trojans? One thing that can be done is to only visit sites you know and trust, but that would greatly limit your use of the internet if you only went to a few trusted sites. You could throw out your computer and return to the days of pen and paper for communication purposes, but that is not realistic either. One of the best defenses to remove Trojans is to perform a full system scan on a regular basis with trusted anti-spyware software. If done regularly, your computer will remain safe and secure from those who would do you harm.

To receive a FREE scan of your pc to remove Trojans, viruses and spyware, go to http://spywaresolutions.info today

W32/Drowor.C - Malware

2010-03-28T02:28:00.000-07:00

General Method of propagation:
• Infects files
• Mapped network drives

Aliases:
• Symantec: W32.Drowor.B
• Kaspersky: IM-Worm.Win32.Sohanad.dz
• Sophos: W32/Drowor-A
• VirusBuster: Worm.VB.DRUS
• Eset: Win32/Agent.NTF
• Bitdefender: Win32.Trafrox.B

This is a component of: W32/Troxa.A

Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003

Side effects:
• Disable security applications
• Downloads files
• Infects files
• Registry modification

Right after execution the following information is displayed:

Files It copies itself to the following location:
• %SYSDIR%\%random character string%\Services.exe

It creates the following directory:
• %SYSDIR%\%random character string%

It deletes the following files:
• %SYSDIR%\updater.exe
• %SYSDIR%\x0f4rt.de
• %SYSDIR%\x0f4rt.xe

It tries to download some files:

– The location is the following:
• http://indonesianvxzone.cjb.net/**********
It is saved on the local hard drive under: %SYSDIR%\x0f4rt.de At the time of writing this file was not online for further investigation.

– The location is the following:
• http://vaksin.cjb.net/**********
It is saved on the local hard drive under: %SYSDIR%\x0f4rt.de At the time of writing this file was not online for further investigation.

– The location is the following:
• http://34refds.cjb.net/**********
It is saved on the local hard drive under: %SYSDIR%\x0f4rt.de At the time of writing this file was not online for further investigation.

– The location is the following:
• http://43ti45s.cjb.net/**********
It is saved on the local hard drive under: %SYSDIR%\x0f4rt.de At the time of writing this file was not online for further investigation.

File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The following section is added to the infected file:
• .idata

Damaging - The files may be improperly infected. This results in infected files that are broken and crash.

Stealth:
No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.

Self Modification:

Encrypted - The virus code inside the infected file is encrypted.

Method:

This memory-resistent infector remains active in memory.

Infection length:

Approximately 19.000 Bytes

Ignores files that:

Contain any of the following strings in their name:
• inst
• unin
• wise
• vise
• setup
• dele
• master
• sfx

The following files are infected:

By file type:
• *.exe
• *.scr

Files in any of the following directories:
• %all directories%

Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "services"=""%SYSDIR%\%random character string%\Services.exe""

Process termination It tries to terminate the following processes and delete the corresponding files:
• anti; apvxdwin; avengine; avg; avlite; AVSYNMGR; avup; AVWUPD32;
AVXQUAR; ccapp; cclaw; center; debug; firewa; fix; griso; guard;
hacker; hex; hijack; iknow; kick; LordPE; navw32; pavprsrv; pavsrv51;
procexp; scan; secure; security; sysinter

DoS Right after it becomes active, it starts DoS attacks against the following destinations:
• www.lc.net.id
• 202.133.81.1-202.133.81.60

Miscellaneous Mutex:
It creates the following Mutex:
• [w32.trafox.A]

String:
Furthermore it contains the following strings:
• This file was hacked by: tr4f0x.A - IVS - Indonesian Virus Society
• [Dropped][By]tr4f0x.A.w32[t]

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• ASPack 2.12

Trojan.PWS.Onlinegames.KDDS

2010-02-25T05:45:00.000-08:00

SYMPTOMS:
- presence of the following hidden files in temp folder: cvasds0.dll and herss.exe - presence of the following hidden files in root of the system drive: autorun.inf, bveijo.exe - presence of the registry key:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\herss,

TECHNICAL DESCRIPTION:
This malware purpose is to steal information about online games. When executed it copies itself to temp folder as herss.exe and drops a file named cvasds0.dll in the same folder, both hidden. The .dll file will then be injected into memory of explorer.exe and execution will continue from there. The injected dll is responsible for the following actions: - It will make an additional copy of the executable file inside root directory of the system drive, as bveijo.exe, and will create an autorun.inf file pointing to it. -It will register the executable file at startup by adding the key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\herss pointing to …\temp\herss.exe -It will uncheck the option "Show hidden files and folders" under Folder Options -> View by modifying the registry -It will disable the Regedit tool The injected dll will begin to steal passwords regarding several online games: MapleStory, Metin2, Knight Online, Silkroad The propagation of the malware is assured by a periodically creation of the autorun.inf and associated executable files in the root folder of the local partitions and removable drives.

Removal instructions:
Please let BitDefender disinfect your files.

ANALYZED BY:
Prelipcean Bogdan, virus researcher

Virus Writers Produce Hardware Damaging Code with Win32.Worm.Zimuse

2010-02-03T04:54:00.000-08:00

Disguised IQ test combines virus, rootkit and worm -- malicious code for one fatal formula

BitDefender®, an award-winning provider of innovative anti-malware security solutions, today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. There are two known variants of this virus, which enters the computer as a harmless IQ test.

Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.

Win32.Worm.Zimuse.A is an extremely dangerous piece of malware. Unlike average worms, Win32.Worm.Zimuse.A could lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record - a key zone of the hard disk drive.

In order to execute on each Windows boot-up, the worm sets the following registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe

It also creates two driver files, namely:

%system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys

Since 64-bit versions of Windows Vista and Windows 7 require digitally signed drivers, the worm would fail installing these files.

Unfortunately, in its early stages, this worm makes it nearly impossible for users to know their system has fallen victim to the e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), the computer user receives an error message stating that a problem has occurred due to malicious content in IP packets from a peculiar-looking web address. It then asks the user to recover the system by pressing “OK.” After this message, the next restart causes the computer’s hard disk to become damaged due to the compromised boot sector. To view a video detailing what occurs during an attack by Win32.Worm.Zimuse.A, please click here. or see video below

In order to stay safe, BitDefender recommends downloading, installing and updating a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection. Users should also employ extra caution when prompted to open files from unfamiliar locations.

Ten Commandments for Your Computer Sanity

2010-01-30T21:17:00.000-08:00

1. Dont assume anything. Make some time to learn about securing your system.

2. Acquire and use a reliable antivirus program. Select an antivirus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of antivirus software.

3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic.

4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt.

5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated antivirus program.

6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic.

7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary.

8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist.

9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an antivirus program has already verified the files at their source.

10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in.

Here is a cool tip when using Avira antivirus.

2010-01-06T06:14:00.001-08:00

W32.Sasser

2009-12-27T04:33:00.000-08:00

Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm:

W32.Sasser.Worm
W32.Sasser.B.Worm
W32.Sasser.C.Worm
W32.Sasser.D
W32.Sasser.E.Worm
W32.Sasser.G

The W32.Sasser family of worms can run on (but not infect) Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to. In this case, the worm will waste a lot of resources so that programs cannot run properly, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)

Note: The execution of the worm causes LSASS.EXE to crash on some systems. The result of this is that the system may undergo a reboot. The fixtool can be successfully run only after the system has completed the reboot.

What the tool does

The W32.Sasser Removal Tool does the following:
Terminates the W32.Sasser viral processes.
Deletes the W32.Sasser files.
Deletes the registry values that the worm adds.
Available command-line switches for this tool

Switch Description
/HELP, /H, /? Displays the help message.
/NOFIXREG Disables the registry repair (We do not recommend using this switch).
/SILENT, /S Enables the silent mode.
/LOG=[PATH NAME] Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FxSasser.log, in the same folder from which the removal tool was executed.
/MAPPED Scans the mapped network drives (We do not recommend using this switch. See the following Note).
/START Forces the tool to immediately start scanning.
/EXCLUDE=[PATH] Excludes the specified [PATH] from scanning (We do not recommend using this switch. See the following Note).
/NOFILESCAN Prevents the scanning of the file system.

Note: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:
The scanning of the mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch, followed by a manual scan with AntiVirus. This will allow the tool to alter the registry.

Then, scan the computer with AntiVirus and the current virus definitions. You should be able to clean the file system after completing these steps.

The following example command line can be used to exclude a single drive:

>"C:\Documents and Settings\user1\Desktop\FxSasser.exe" /EXCLUDE=M:\ /LOG=c:\FxSasser.txt

Alternatively, the command line below will skip the scanning of the file system, but will repair the registry modifications. Run a regular scan of the system with the proper exclusions:

>"C:\Documents and Settings\user1\Desktop\FxSasser.exe" /NOFILESCAN /LOG=c:\FxSasser.txt

Notes:
The greater than symbol (>) is not part of the path.
The name of the log file can be whatever you select. The name listed is for the sole purpose of this example.

Obtaining and running the tool

Note: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

WARNING: For network administrators. If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line with the Exclude switch.

For more information, read the Microsoft knowledge base article, XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Download the FxSasser.exe file from: http://securityresponse.symantec.com/avcenter/FxSasser.exe.

Note: Version 1.0.1 (As shown in the removal tool dialog title bar) provides support for both W32.Sasser.B.Worm and W32.Sasser.Worm.

Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.

Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.

Do one of the following:
If you are running Windows NT/2000/XP, skip to step 8.
If you are running Windows 95/98/Me, restart the computer in Safe mode. For instructions, read the document, How to start the computer in Safe Mode.
Double-click the FxSasser.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.

Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled as previously directed, because Windows prevents outside programs from modifying System Restore.

When the tool has finished running, you will see a message indicating whether W32.Sasser infected the computer. In the case of a removal of the worm, the program displays the following results:
Total number of scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

Digital signature
FxSasser.exe is digitally signed. Symantec recommends that you use only copies of FxSasser.exe, which have been directly downloaded from the Symantec Security Response Web site. To check the authenticity of the digital signature, follow these steps:
Go to http://www.wmsoftware.com/free.htm.
Download and save the chktrust.exe file to the same folder in which you saved FxSasser.exe (for example, C:\Downloads).
Depending on your operating system, do one of the following:
Click Start, point to Programs, and then click MS-DOS Prompt.
Click Start, point to Programs, click Accessories, and then click Command Prompt.

Change to the folder in which FxSasser.exe and Chktrust.exe are stored, and then type: chktrust -i FxSasser.exe.

For example, if you saved the file to the C:\Downloads folder, you would enter the following commands:

cdcd downloads
chktrust -i FxSasser.exe

Press Enter after typing each command. If the digital signature is valid, you will see the following:

Do you want to install and run "W32.Sasser Removal Tool" signed on 05/10/2004 3:45 PM and distributed by: Symantec Corporation?

Note
The date and time displayed in this dialog box will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.
The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document, How to restore the Publisher Authenticity confirmation dialog box.

Click Yes to close the dialog box.
Type exit, and then press Enter. (This will close the MS-DOS session.)

System Restore option in Windows Me/XP
Users of Windows Me and Windows XP should temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file onto your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

Kill virus freshy

2009-12-17T03:45:00.000-08:00

Sign of virus freshy

1. When we look in to flash drive,found virus freshy is formal icon folder name
Freshy.exe and other file is hidden by virus freshy and rename like old folder

2. Its make menu folder option hidden

3. In windows startup found Trojan in its.

4. Its send file net.exe in to C:\WINDOWS\system32\

5. Its open telnet for strange man

6. Its change password user by hacked

Edition:

If edit virus freshy by manual is difficult,notice used
download file for edit virus freshy easily.

Analytics:

This virus is not harmful for your computer but its used for open your computer by open telnet for hacker attack computer by easily and then hide folder option for defense editing virus freshy

Infact about virus freshy:

- freshy is not virus but freshy is Trojan
- trojan is not harmful for data in your computer but its make hidden file and open telnet for hacker.

Test antivirus in your computer

2009-12-17T03:31:00.000-08:00

The method for test Anti virus in your computer are worked or not ?

1. open notpage program

2. Copy this code into Notepad
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

3. Save เป็นชื่อ virus.com

4. Then run its

or other method is Copy this code into Notepage and then Save its for test run.
If anti virus worked, its send alarm autometic for delete them but its not found them.We can consider for uninstall out of your computer.

ANOTHER VIRUS ON MY COMPUTER

2009-11-23T08:09:00.000-08:00

How Spyware Attacks

2009-10-20T14:53:00.000-07:00

Spyware can be downloaded from Web sites, email messages, instant messages, and from direct file-sharing connections. Additionally, a user may unknowingly receive spyware by accepting an End User License Agreement from a software program.

How Do You Know You Need Antispyware
Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user

What To Do: Anti-spyware Protection
*Use Norton Internet Security to provide anti-spyware protection and proactively protect from other security risks
*Configure the firewall in Norton Internet Security to block unsolicited requests for outbound communication
*Do not accept or open suspicious error dialogs from within the browser
*Spyware may come as part of a "free deal" offer - do not accept free deals
*Always read carefully the End User License agreement at Install time and cancel if other “programs” are being installed as part of the desired program
*Keep software and security patches up to date

How Do I Avoid Spyware?
*Be selective about what you download to your computer
*Read licensing agreements
*Watch out for anti-spyware scams
*Beware of clickable ads
*Keep your Internet browser up to date
*Scan your computer often

Kaspersky AntiVirus 2009 Review

2009-09-05T21:16:00.001-07:00

Antivirus 2009 Removal

2009-09-05T21:13:00.001-07:00

Backdoor.Ryknos

2009-08-20T06:20:00.000-07:00

Discovered: November 10, 2005
Updated: January 4, 2006 12:00:00 AM
Type: Removal Information

This tool is designed to remove the infections of

Backdoor.Ryknos
Backdoor.Ryknos.B
SecurityRisk.First4DRM

Important:
If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article: XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Follow these steps to download and run the tool:
Download the FixRyknos.exe file from: http://securityresponse.symantec.com/avcenter/FixRyknos.exe
Save the file to a convenient location, such as your Windows desktop.
Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

Close all the running programs.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
How to disable or enable Windows Me System Restore
How to turn off or turn on Windows XP System Restore

Locate the file that you just downloaded.
Double-click the FixRyknos.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then reenable System Restore.
If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
Run LiveUpdate to make sure that you are using the most current virus definitions.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:
Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

What the tool does

The Removal Tool does the following:
Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat

Switches

The following switches are designed for use by network administrators:
Switch Description
/HELP, /H, /? Displays the help message.
/NOFIXREG Disables the registry repair (We do not recommend using this switch).
/SILENT, /S Enables the silent mode.
/LOG=[PATH NAME] Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FixRyknos.log, in the same folder from which the removal tool was executed.
/MAPPED Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START Forces the tool to immediately start scanning.
/EXCLUDE=[PATH] Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL Disables the cancel feature of the removal tool.
/NOFILESCAN Prevents the scanning of the file system.

Important: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:
The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. This will let the tool alter the registry. Then, scan the computer with AntiVirus with current virus definitions. With these steps, you should be able to clean the file system.

The following is an example command line that can be used to exclude a single drive:

"C:\Documents and Settings\user1\Desktop\FixRyknos.exe" /EXCLUDE=M:\ /LOG=c:\FixRyknos.txt

Alternatively, the command line below will skip scanning the file system, but will repair the registry modifications. Then, run a regular scan of the system with proper exclusions:

"C:\Documents and Settings\user1\Desktop\FixRyknos.exe" /NOFILESCAN /LOG=c:\FixRyknos.txt

Note: You can give the log file any name and save it to any location.

Digital signature
For security purposes, the removal tool is digitally signed. Symantec recommends that you use only copies of the removal tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:
Go to http://www.wmsoftware.com/free.htm.
Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the removal tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the removal tool and Chktrust.exe are in the root of the C drive.)

Click Start > Run.
Type one of the following:
Windows 95/98/Me:

command

Windows NT/2000/XP:

cmd

Click OK.
In the command window, type the following, pressing Enter after typing each line:

cdcd downloads
chktrust -i FixRyknos.exe

You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 11/11/2005 6:13:31 PM

All other operating systems:
You should see the following message:

Do you want to install and run "FixRyknos.exe" signed on Thursday, November 11, 2005 6:13:31 PM and distributed by Symantec Corporation?

Notes:
The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.
If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.
The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

Click Yes or Run to close the dialog box.
Type exit, and then press Enter. (This will close the MS-DOS session.)

W32.Klez.gen_mm

2009-08-13T01:57:00.000-07:00

About W32.Klez.gen@mm detections
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.

What the tool does
The W32.Klez Removal Tool:
Terminates all the processes associated with W32.Klez@mm or W32.Elkern.
Deletes the services of W32.Klez@mm.
Removes the registry entries created by W32.Klez@mm.
Detects all types of W32.Klez@mm and W32.ElKern infections and repairs the repairable files.
Innoculates the W32.Elkern.4926 repaired files to prevent re-infection.

NOTES
A file infected with W32.Klez.E@mm or W32.Klez.H@mm includes a link to the encrypted host file. If the encrypted file does not exist at that link, the tool deletes the infected file, because it is not repairable, and thus, the encrypted file is not restored.
The W32.ElKern repair removes the viral code from the infected file. It does not ensure that a file repaired from a W32.ElKern attack will run, as this virus often corrupts files.

Command-line switches available for this tool

Switch Description
/HELP, /H, /? Displays the help message.
/NOFIXREG Disables registry repair (the use of this switch is not recommended).
/SILENT, /S Enables silent mode.
/LOG= [PATH NAME] Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file FixKlez.log in the same folder from which the removal tool was executed.
/MAPPED Scans mapped network drives (the use of this switch is not recommended—refer to the following Note).
/START Forces the tool to immediately start scanning.
/EXCLUDE= [PATH] Excludes the specified [PATH] from scanning (the use of this switch is not recommended).

NOTE: The use of the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:
The scanning of the mapped drives scans the mapped folders only. This may not include all the folders on the remote computer, which can to lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer is using this file.
The repair of a file infected with W32.Klez@mm may fail if this file is located on the mapped drive, because the path to the original encrypted host file is a local path.
For these reasons, you should run the tool on every computer.

Obtaining and running the tool

NOTE: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Download the FixKlez.com file from http://securityresponse.symantec.com/avcenter/FixKlez.com.
Save the file to a convenient location, such as your download folder or the Windows desktop (or, if possible, removable media known to be uninfected).
To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Close all the programs.
If you are on a network, or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or Windows XP, disable System Restore. Refer to the "System Restore option in Windows Me/XP" section, later in this writeup, for additional details.

NOTE: If you are running Windows Me/XP, Symantec strongly recommends that you do not skip this step.

Shut down the computer and turn off the power. Wait 30 seconds. Do not skip this step.
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode."
Double-click the FixKlez.com file to start the removal tool.
Click Start to begin the process and allow the tool to run.
Normally restart the computer.
Next, if you are using a Symantec antivirus product, re-install it.
For consumer products such as Norton AntiVirus 2000/2001/2002/2003, follow the instructions in the document, "How to restore Norton AntiVirus after removing a virus."
For Enterprise products, contact your system administrator.
Run LiveUpdate to make sure that you are using the most current virus definitions, and then rescan the computer. If your Symantec antivirus product detects any infected files and cannot repair them, choose to delete the files.
If you are running Windows Me/XP, re-enable System Restore.

NOTE: The removal procedure may not be successful if Windows Me/XP System Restore was not disabled as previously directed, as Windows prevents System Restore from being modified by outside programs. If W32.Klez.gen@mm was activated before you ran the removal tool, in most cases you will not be able to start Norton AntiVirus (NAV). Refer to the "Removal" section of the W32.Klez.E@mm writeup for instructions on running NAV from the command line and re-installing NAV.

When the tool has finished running, you will see a message indicating whether variants of W32.Klez@mm and/or variants of W32.ElKern infected the computer. If an infection was removed, the program displays the following results:
Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of deleted viral services
Number of fixed registry entries

Digital signature
FixKlez.com is digitally signed. Symantec recommends that you use only copies of FixKlez.com downloaded directly from the Symantec Security Response Web site. To verify the authenticity of the digital signature, follow these steps:
Go to http://www.wmsoftware.com/free.htm.
Download and save the Chktrust.exe file into the same folder in which you saved FixKlez.com (for example, the C:\Downloads folder).
Depending on your version of Windows, do one of the following:
Click Start, point to Programs, and then click MS-DOS Prompt.
Click Start, point to Programs, click Accessories, and then click Command Prompt.
Change to the folder that contains FixKlez.com and Chktrust.exe, and then type:

chktrust -i FixKlez.com

For example, if the file exists in the C:\Downloads folder, enter the following commands:

cdcd downloads
chktrust -i FixKlez.com

Press Enter after you type each command. If the digital signature is valid, you will see the following:

"Do you want to install and run "W32.Klez Fix Tool" signed on 9/10/2002 7:11PM and distributed by Symantec Corporation?"

NOTES
The date and time that appear in this dialog box will be adjusted to your time zone if your computer is not set to the Pacific time zone.
If you are using Daylight Saving Time, the time that appears will be exactly one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.
The tool is from Symantec and is legitimate; however, your operating System was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document, "How to restore the Publisher Authenticity confirmation dialog box."
Click Yes to close the dialog box.
Type exit, and then press Enter to close the MS-DOS session.

System Restore option in Windows Me/XP
Windows Me and Windows XP users should temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. When a computer is infected with a virus, worm, or Trojan, it is possible that the virus, worm, or Trojan could be backed up by System Restore. By default, Windows prevents System Restore from being modified by other programs. As a result, there is the possibility of accidentally restoring an infected file, or online scanners could detect the threat in that particular location. For instructions on how to turn off System Restore, read your Windows documentation or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to disable or enable Windows XP System Restore"

For additional information and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Anti-Virus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

Running the tool from a floppy disk
Insert the floppy disk, containing the FixKlez.com file, into the floppy disk drive.
Click Start, and then click Run.
Type the following:

a:\fixklez.com

and then click OK

Computer Virus, Spyware.

2009-07-29T07:04:00.001-07:00

how to kill a computer virus online

2009-07-29T07:02:00.001-07:00

Trojan.Ransomlock

2009-07-04T17:59:00.000-07:00

Discovered: April 15, 2009
Updated: April 15, 2009 4:22:57 PM
Type: Trojan
Infection Length: 109,568 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

When the Trojan executes, it creates the following file:
%Temp%\don[RANDOM CHARACTERS].tmp

The Trojan modifies the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %Temp%\don[RANDOM CHARACTERS].tmp"

The Trojan then displays a message in Russian, which has been translated into English below:
To unlock you need to send an SMS with the text
[RANDOM NUMBERS]
To the number
3649
Enter the resulting code:
[TEXT BOX]

Any attempt to reinstall the system may lead to loss of important information and computer damage

The Trojan attempts to lock the desktop making the computer unusable.

The threat executes every time the computer is started, even in safe mode.

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.

Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.

Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.

Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.

Computer Tips & Techniques : How to Remove Viruses for Free

2009-06-29T06:50:00.000-07:00

Computer Virus Attack

2009-06-10T03:52:00.002-07:00

Computer Virus Attack

2009-06-10T03:52:00.001-07:00

How To Make An Error Messege Box

2009-05-28T01:35:00.001-07:00

.VBS ERROR BOX CODES

2009-05-28T01:34:00.001-07:00

How to make custom pop-ups and fake .bat viruses

2009-05-28T01:32:00.002-07:00

cmd virus

2009-05-28T01:32:00.001-07:00

how to remove a virus on your computer

2009-05-17T03:17:00.001-07:00

Symantec Trojan.Ransomlock Key Generator Tool

2009-05-14T21:36:00.000-07:00

This tool is designed to generate a key to unlock computers that have been infected by Trojan.Ransomlock.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Follow these steps to download and run the tool:

1. Download the Ransom_unlock.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/Ransom_unlock.exe
2. Save the file to a convenient location, such as your Windows desktop.
3. Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

4. Locate the file that you just downloaded.
5. Double-click the Ransom_unlock.exe file to run the tool.
6. The following screen is displayed:

7. Note the code displayed on the dialog box on the compromised computer in the following screenshot:

Note: The code ranges from 10 to 11 numbers and may begin with "41" or "k2".

8. Choose one of the following options depending on the format of the code displayed by the threat:

If the code displayed by the threat has the following format "41NN1234567" (where NN are two random numbers) for example "41671234567", enter the code as it is.
If the code starts with the number "411" for example "4111234567", enter the code as it is.
If the code starts with "k2" then enter in "4110" followed by the third, fourth, sixth, seventh, ninth and tenth digit. For example if the code is "k2670620000" you should enter in "4110676200".

9. The unlock code is displayed.
10. Note the unlock code and type it into the dialog box on the compromised computer.
11. Click the button on the lower right hand side on the dialog box shown in the following screenshot:

12. Click any key to close the tool.
13. Run LiveUpdate to make sure that you are using the most current virus definitions.
14. Run a full system scan.

Digital signature
For security purposes, the tool is digitally signed. Symantec recommends that you use only copies of the tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

1. Go to http://www.wmsoftware.com/free.htm.
2. Download and save the Chktrust.exe file to the same folder in which you saved the tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the tool and Chktrust.exe are in the root of the C drive.)

3. Click Start > Run.
4. Type one of the following:

Windows 95/98/Me:
command

Windows NT/2000/XP:
cmd

5. Click OK.
6. In the command window, type the following, pressing Enter after typing each line:

cd\
cd downloads
chktrust -i Ransom_unlock.exe

7. You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 04/22/2009 11:09:26 AM

All other operating systems:
You should see the following message:

Do you want to install and run "Symantec Trojan.Ransomlock Key Generator Tool" signed on Wednesday, April 22, 2009 11:09:26 AM and distributed by Symantec Corporation?

Note:
The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.

If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

If this dialog box does not appear, there are two possible reasons:

The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

8. Click Yes or Run to close the dialog box.
9. Type exit, and then press Enter. (This will close the MS-DOS session.)

Fake Virus Tutorial

2009-05-12T08:44:00.000-07:00

Virus Attack! Damn it!

2009-05-08T16:57:00.000-07:00

Computer Virus Attack

2009-05-08T16:56:00.000-07:00

Time line of trojan

2009-04-29T05:28:00.002-07:00

2000
May: The ILOVEYOU worm appears. As of 2004[update] this was the most costly virus to businesses, causing upwards of 5.5 to 10 billion dollars in damage. The backdoor trojan to the worm, Barok, was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently?) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.

2001
May 8: The Sadmind worm spreads by exploiting holes in both Sun Solaris and Microsoft IIS.
July: The Sircam worm is released, spreading through Microsoft systems via e-mail and unprotected network shares.
July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services is released.
August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading onto Microsoft systems, primarily in China.
September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by Code Red II and Sadmind worm.
October 26: The Klez worm is first identified.

2002
Beast is a windows based backdoor trojan horse, more commonly known in the underground cracker community as a RAT (Remote Administration Tool). It is capable of infecting almost all Windows OS i.e. 95 through XP. Written in Delphi and Released first by its author Tataye in 2002, its most current version was released October 3, 2004
August 30: Optix Pro is a configurable remote access tool or Trojan, similar to SubSeven or BO2K.

2003
January 24: The SQL slammer worm, aka the Sapphire worm, attacks vulnerabilities in Microsoft SQL Server and MSDE and causes widespread problems on the Internet.
April 2: Graybird is a Trojan also known as Backdoor.Graybird.
June 13: ProRat is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).
August 12: The Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers.
August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
August 19: The Sobig worm (technically the Sobig.F worm) spreads rapidly through Microsoft systems via mail and network shares.
October 24: The Sober worm is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weakpoints by the Blaster and Sobig worms cause massive amounts of damage.

2004
Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm.
March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The Sasser worm emerges by exploiting a vulnerability in LSASS and causes problems in networks, even interrupting business in some cases.
August 16: Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor Trojan Horse that infects Windows NT family systems (Windows 2000, XP, 2003).
August 20: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan Horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.
October 12, 2004: Bitfrost, also known as Bitfrose, is a backdoor trojan which can infect Windows 95 through Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.[13]
December: Santy, the first known "webworm" is launched. It exploited a vulnerability in phpBB and used Google in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.

2005
August 16: The Zotob worm and several variations of malware are discovered on Microsoft systems. The effect was overblown because several United States media outlets were infected.[citation needed]
October 13: The Samy XSS worm becomes the fastest spreading virus by some definitions as of 2006[update].
October 31: Sony BMG was found to have purposefully infected music CDs with a rootkit in an attempt to prevent illegal copying of music.
Late 2005: The Zlob Trojan, also known as Trojan.Zlob, is a trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005.
2005: Bandook or Bandook Rat (Bandook Remote Administration Tool) is a backdoor trojan horse that infects the Windows family. It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the Internet.

2006
January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/Leap-A or OSX/Oompa-A, is announced.
Late September: Stration or Warezov worm first discovered.

2007
January 17: Storm Worm identified as a fast spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the Storm botnet. By around June 30 it had infected 1.7 million computers, comprised between 1 and 10 million computers by September. Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.

[edit] 2008
January 17: MacSweeper is the first known rogue software for Mac OS X.
February 17: Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.
March 3: Torpig, also known as Sinowal and Mebroot, is a Trojan horse which affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.
May 6: Rustock.C, a hitherto-rumoured spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.[18]
July 6: Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.
July 31: The Koobface computer worm targets users of Facebook and Myspace.
November 21: Computer worm Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta. The French Navy,UK Ministry of Defence (including Royal Navy warships and submarines),Sheffield Hospital network,German Bundeswehr and Norwegian Police were all affected. Microsoft sets a bounty of $250,000 USD for information leading to the capture of the worm's author(s). Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively.

Time line of trojan

2009-04-29T05:27:00.000-07:00

1990-1999
1990
Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family. Chameleon series debuted with the release of 1260.[citation needed]

1992
Michelangelo was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.[citation needed]

1993
"Leandro & Kelly" and "Freddy Krueger" spread quickly due to popularity of BBS and shareware distribution.

1995
The "Concept virus", the first Macro virus, is created which attacked Microsoft Word documents.[citation needed]

1996
"Ply" - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.

1998
June 2: The first version of the CIH virus appears.

1999
Jan 20: The Happy99 worm invisibly attached itself to emails. Displayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to Outlook Express and Internet Explorer on Windows 95 and Windows 98.
March 26: The Melissa worm is released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
June 6: The ExploreZip worm, which destroys Microsoft Office documents, is first detected.
December 16: Sub7, or SubSeven, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger

Time line of trojan

2009-04-29T05:24:00.001-07:00

1980-1989

1980
Jürgen Kraus wrote his master thesis "Selbstreproduktion bei Programmen" (self-reproduction of programs).

1981
A program called Elk Cloner, written for Apple II systems and created by Richard Skrenta. Apple II was seen as particularly vulnerable due to the storage of its operating system on floppy disk. Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history.

1983
The term 'virus' is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."[citation needed]
November 10, 1983, at Lehigh University, Cohen demonstrates a virus-like program on a VAX11/750 system. The program was able to install itself to, or infect, other system objects.

1984
Ken Thompson publishes "Reflections on Trusting Trust", a theoretical paper which describes how a virus can be inserted into a program's object code, when the virus itself cannot be found in the source code.

1986
January: The Brain boot sector virus (aka Pakistani flu) is released. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi, and his brother, Amjad Farooq Alvi.
December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.

1987
Appearance of the Vienna virus, which was subsequently neutralized--the first time this had happened on the IBM platform.[6]
Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988.
November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.
December: Christmas Tree EXEC was the first widely disruptive replicating network program, which paralysed several international computer networks in December 1987.

1988
June: The Festering Hate Apple ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks.
November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities.

1989
October 1989: Ghostball, the first multipartite virus, is discovered by Friðrik Skúlason.

Timeline of computer viruses and worms

2009-04-29T05:21:00.001-07:00

Early 1970s
The Creeper virus was an experimental self-replicating program written by Bob Thomas at BBN in 1971.Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The Reaper program was created to delete Creeper.

1974
The Wabbit virus was not really a virus but more of a fork bomb, a program that multiplies copies of itself on a single computer, named for the speed at which it clogged the system with copies of itself, reducing system performance, before reaching a threshold and crashing.[citation needed]

1975
ANIMAL was a popular game written for the UNIVAC 1108 which asked a number of questions to the user in an attempt to guess the type of animal that the user was thinking of. When run, the related program PERVADE would also create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damage to existing file or directory structure, and to not copy itself if permissions did not exist or if damage could result. Its spread was therefore halted by an OS upgrade which changed the format of the file status tables that PERVADE used for safe copying. Though non-malicious, "Pervading Animal" represents the first Trojan "in the wild".

Trojan.Initbar

2009-04-27T02:44:00.000-07:00

Important:

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article: XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Follow these steps to download and run the tool:

Download the FIXINITB.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FIXINITB.exe.Save the file to a convenient location, such as your Windows desktop.
Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

Close all the running programs.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

How to disable or enable Windows Me System Restore

How to turn off or turn on Windows XP System Restore

Locate the file that you just downloaded.
Double-click the FIXINITB.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.

NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then reenable System Restore.
If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
Run LiveUpdate to make sure that you are using the most current virus definitions.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:

Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

What the tool does
The Removal Tool does the following:

Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat

Switches
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
/NOFIXREG
Disables the registry repair (We do not recommend using this switch).
/SILENT, /S
Enables the silent mode.
/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FIXINITB.log, in the same folder from which the removal tool was executed.
/MAPPED
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START
Forces the tool to immediately start scanning.
/EXCLUDE=[PATH]
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL
Disables the cancel feature of the removal tool.
/NOFILESCAN
Prevents the scanning of the file system.
/NOVULNCHECK
Disables checking for unpatched files.

Important: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:

The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. This will let the tool alter the registry. Then, scan the computer with AntiVirus with current virus definitions. With these steps, you should be able to clean the file system.

The following is an example command line that can be used to exclude a single drive:

"C:\Documents and Settings\user1\Desktop\FIXINITB.exe" /EXCLUDE=M:\ /LOG=c:\FIXINITB.txt

Alternatively, the command line below will skip scanning the file system, but will repair the registry modifications. Then, run a regular scan of the system with proper exclusions:

"C:\Documents and Settings\user1\Desktop\FIXINITB.exe" /NOFILESCAN /LOG=c:\FIXINITB.txt

Note: You can give the log file any name and save it to any location.

Digital signature
For security purposes, the removal tool is digitally signed. Symantec recommends that you use only copies of the removal tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

1.Go to http://www.wmsoftware.com/free.htm.
2.Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the removal tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the removal tool and Chktrust.exe are in the root of the C drive.)

3.Click Start > Run.
4.Type one of the following:

Windows 95/98/Me:
command

Windows NT/2000/XP:
cmd

5.Click OK.
6.In the command window, type the following, pressing Enter after typing each line:

cd\
cd downloads
chktrust -i FIXINITB.exe

7.You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 04/15/2009 08:32:29 AM

All other operating systems:
You should see the following message:

Do you want to install and run "FIXINITB.exe" signed on April 15, 2009 8:32:29 AM and distributed by Symantec Corporation?

Notes:
The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.

If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

If this dialog box does not appear, there are two possible reasons:

The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

8.Click Yes or Run to close the dialog box.
9.Type exit, and then press Enter. (This will close the MS-DOS session.)

Trojan.Ransomlock

2009-04-25T02:26:00.000-07:00

Follow these steps to download and run the tool:

1. Download the Ransom_unlock.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/Ransom_unlock.exe
2. Save the file to a convenient location, such as your Windows desktop.
3. Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.
4. Locate the file that you just downloaded.
5. Double-click the Ransom_unlock.exe file to run the tool.
6. The following screenshot is displayed:
7. Note the code displayed on the dialog box on the compromised computer in the following screenshot:

Note: The code is 10 or 11 numbers and always begins with '411'.

8. Type the code into the tool and press Enter.
9. The unlock code is displayed.
10. Note the unlock code and type it into the dialog box on the compromised computer.
11. Click the button on the lower right hand side on the dialog box shown in the following screenshot:

12. Click any key to close the tool.
13. Run LiveUpdate to make sure that you are using the most current virus definitions.
14. Run a full system scan.

Digital signature
For security purposes, the tool is digitally signed. Symantec recommends that you use only copies of the tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

1. Go to http://www.wmsoftware.com/free.htm.
2. Download and save the Chktrust.exe file to the same folder in which you saved the tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the tool and Chktrust.exe are in the root of the C drive.)

3. Click Start > Run.
4. Type one of the following:

Windows 95/98/Me:
command

Windows NT/2000/XP:
cmd

5. Click OK.
6. In the command window, type the following, pressing Enter after typing each line:

cd\
cd downloads
chktrust -i Ransom_unlock.exe

7. You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 04/22/2009 11:09:26 AM

All other operating systems:
You should see the following message:

Do you want to install and run "Symantec Trojan.Ransomlock Key Generator Tool" signed on Wednesday, April 22, 2009 11:09:26 AM and distributed by Symantec Corporation?

Note:
The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.

If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

If this dialog box does not appear, there are two possible reasons:

The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

8. Click Yes or Run to close the dialog box.
9. Type exit, and then press Enter.

Virus attack destroys desktop!!

2009-04-23T04:18:00.000-07:00

The Malware Attack

2009-04-22T05:40:00.001-07:00

Virus Attack

2009-04-22T05:38:00.000-07:00

Virus attack 3 (Vista) + msn virus

2009-04-22T05:36:00.000-07:00

Trojan.Initbar

2009-04-16T15:39:00.000-07:00

Important:

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article: XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Follow these steps to download and run the tool:

-Download the FIXINITB.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FIXINITB.exe.-Save the file to a convenient location, such as your Windows desktop.
-Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

-Close all the running programs.
-If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
-If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

How to disable or enable Windows Me System Restore

How to turn off or turn on Windows XP System Restore

-Locate the file that you just downloaded.
-Double-click the FIXINITB.exe file to start the removal tool.
-Click Start to begin the process, and then allow the tool to run.

NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

-Restart the computer.
-Run the removal tool again to ensure that the system is clean.
-If you are running Windows Me/XP, then reenable System Restore.
-If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
-Run LiveUpdate to make sure that you are using the most current virus definitions.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:

Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

What the tool does
The Removal Tool does the following:

Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat

Switches
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
/NOFIXREG
Disables the registry repair (We do not recommend using this switch).
/SILENT, /S
Enables the silent mode.
/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FIXINITB.log, in the same folder from which the removal tool was executed.
/MAPPED
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START
Forces the tool to immediately start scanning.
/EXCLUDE=[PATH]
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL
Disables the cancel feature of the removal tool.
/NOFILESCAN
Prevents the scanning of the file system.
/NOVULNCHECK
Disables checking for unpatched files.

Important: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:

The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. This will let the tool alter the registry. Then, scan the computer with AntiVirus with current virus definitions. With these steps, you should be able to clean the file system.

The following is an example command line that can be used to exclude a single drive:

"C:\Documents and Settings\user1\Desktop\FIXINITB.exe" /EXCLUDE=M:\ /LOG=c:\FIXINITB.txt

Alternatively, the command line below will skip scanning the file system, but will repair the registry modifications. Then, run a regular scan of the system with proper exclusions:

"C:\Documents and Settings\user1\Desktop\FIXINITB.exe" /NOFILESCAN /LOG=c:\FIXINITB.txt

Note: You can give the log file any name and save it to any location.

Digital signature
For security purposes, the removal tool is digitally signed. Symantec recommends that you use only copies of the removal tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

-Go to http://www.wmsoftware.com/free.htm.
-Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the removal tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the removal tool and Chktrust.exe are in the root of the C drive.)

-Click Start > Run.
-Type one of the following:

Windows 95/98/Me:
command

Windows NT/2000/XP:
cmd

-Click OK.
-In the command window, type the following, pressing Enter after typing each line:

cd\
cd downloads
chktrust -i FIXINITB.exe

-You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 04/15/2009 08:32:29 AM

All other operating systems:
You should see the following message:

Do you want to install and run "FIXINITB.exe" signed on April 15, 2009 8:32:29 AM and distributed by Symantec Corporation?

Notes:
The date and time in the digital signature above are based on Pacific time. They will be adjusted your computer's time zone and Regional Options settings.

If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

If this dialog box does not appear, there are two possible reasons:

The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

-Click Yes or Run to close the dialog box.
-Type exit, and then press Enter. (This will close the MS-DOS session.)

Trojan.Xrupter

2009-04-12T17:45:00.000-07:00

Important:

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

For instructions on how to do this, refer to your Windows documentation, or the document: How to configure shared Windows folders for maximum network protection.

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.
This tool is not designed to run on Novell NetWare servers. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

How to download and run the tool

Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch. For more information, read the Microsoft knowledge base article: XADM: Do Not Back Up or Scan Exchange 2000 Drive M (Article 298924).

Follow these steps to download and run the tool:

Download the FixXrupter.exe file from: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixXrupter.exe.
Save the file to a convenient location, such as your Windows desktop.
Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.

Close all the running programs.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

How to disable or enable Windows Me System Restore

How to turn off or turn on Windows XP System Restore

Locate the file that you just downloaded.
Double-click the FixXrupter.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.

NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then reenable System Restore.
If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
Run LiveUpdate to make sure that you are using the most current virus definitions.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:

Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

What the tool does
The Removal Tool does the following:

Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat

Switches
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
/NOFIXREG
Disables the registry repair (We do not recommend using this switch).
/SILENT, /S
Enables the silent mode.
/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FixXrupter.log, in the same folder from which the removal tool was executed.
/MAPPED
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START
Forces the tool to immediately start scanning.
/EXCLUDE=[PATH]
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL
Disables the cancel feature of the removal tool.
/NOFILESCAN
Prevents the scanning of the file system.
/NOVULNCHECK
Disables checking for unpatched files.

Important: Using the /MAPPED switch does not ensure the complete removal of the virus on the remote computer, because:

The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

The /EXCLUDE switch will only work with one path, not multiple. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. This will let the tool alter the registry. Then, scan the computer with AntiVirus with current virus definitions. With these steps, you should be able to clean the file system.

The following is an example command line that can be used to exclude a single drive:

"C:\Documents and Settings\user1\Desktop\FixXrupter.exe" /EXCLUDE=M:\ /LOG=c:\FixXrupter.txt

Alternatively, the command line below will skip scanning the file system, but will repair the registry modifications. Then, run a regular scan of the system with proper exclusions:

"C:\Documents and Settings\user1\Desktop\FixXrupter.exe" /NOFILESCAN /LOG=c:\FixXrupter.txt

Note: You can give the log file any name and save it to any location.

Digital signature
For security purposes, the removal tool is digitally signed. Symantec recommends that you use only copies of the removal tool that have been directly downloaded from the Symantec Security Response Web site.

If you are not sure, or are a network administrator and need to authenticate files before deployment, you should check the authenticity of the digital signature.

Follow these steps:

Go to http://www.wmsoftware.com/free.htm.
Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.

Note: Most of the following steps are done at a command prompt. If you downloaded the removal tool to the Windows desktop, it will be easier if you first move the tool to the root of the C drive. Then save the Chktrust.exe file to the root of C as well.

(Step 3 to assume that both the removal tool and Chktrust.exe are in the root of the C drive.)

Click Start > Run.
Type one of the following:

Windows 95/98/Me:
command

Windows NT/2000/XP:
cmd

Click OK.
In the command window, type the following, pressing Enter after typing each line:

cd\
cd downloads
chktrust -i FixXrupter.exe

You should see one of the following messages, depending on your operating system:

Windows XP SP2:
The Trust Validation Utility window will appear.

Under Publisher, click the Symantec Corporation link. The Digital Signature Details appears.
Verify the contents of the following fields to ensure that the tool is authentic:

Name: Symantec Corporation
Signing Time: 23/03/2009 09:28:06 AM

All other operating systems:
You should see the following message:

Do you want to install and run "Trojan.Xrupter Removal Tool" signed on March 23, 2009 9:28:06 AM and distributed by Symantec Corporation?

Notes:
The date and time in the digital signature above are based on Pacific time. They will be adjusted to your computer's time zone and Regional Options settings.

If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

If this dialog box does not appear, there are two possible reasons:

The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.

The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document: How to restore the Publisher Authenticity confirmation dialog box.

Click Yes or Run to close the dialog box.
Type exit, and then press Enter. (This will close the MS-DOS session.)

Conflicker C | Worst virus ever to be activated on April the 1st (This is a WARNING!) | (HD)

2009-04-09T14:28:00.001-07:00

CONFLICKER C!!! VIRUS!!!

2009-04-09T14:27:00.000-07:00

New virus Conficker C worm computer virus how to avoid it April 1st HD

2009-04-09T14:25:00.000-07:00

The Conficker Worm

2009-04-01T11:44:00.000-07:00

Worried about the Conficker worm striking on April 1st? A few simple steps can protect you.

Target: All users of Windows XP and Windows Vista.

If you’re worried about the Conficker worm striking on April 1st, don’t be.

On April 1st the Conficker worm will simply start taking more steps to protect itself. Beginning on April 1st the worm will use a communications system that is more difficult for security researchers to interrupt

The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec’s Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009,Norton Internet Security 2009 or Norton 360 Version 3.0. If you are unable to reach our web site, you may be infected. In that case you will need to get to a computer that is not infected, download our specialized Conficker removal tool and run it on the infected machine before installing new antivirus software. Symantec has a detailed technical analysis of the threat here.

What does the Conficker worm do?The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk? Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.

What to do if you are infected If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites.

If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.

1.Advice to Stay Safe from the Downadup Worm:Run a good security suite (we are partial to Norton Internet Security 2009 and Norton 360 Version 3.0).

2.Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.

3.Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.

4.Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.

5.Be smart with your passwords. This includes

-Change your passwords periodically

-Use complex passwords – no simple names or words, use special characters and numbers
-Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.

6.Use a passwords management system such as Identity Safe (included in Norton Internet Security 2009 and Norton 360 Version 3.0) to track your passwords and to fill out forms automatically.

7.Run Norton Internet Security 2009, Norton AntiVirus 2009 or Norton 360 Version 3.0. You can also try Norton Security Scan.

The history of Conficker

2009-04-01T11:36:00.000-07:00

This worm is spreading through networks at alarming rates. It's weapon: exploiting vulnerability called MS08-067 in Windows 2000, XP, and Server 2003. Conficker spreads via Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

Alternative names for conficker
Kido
Downadup

The Conficker Virus
Once this virus infects a computer it does a number of things including:

-Extracts all of its files to the %System% directory with random DLL file names,
-which can wreak havoc on your computer.
-Deletes the user's Restore Points.
-Registers a services called Netsvcs
-Creates scheduled tasks that execute all of the DLL files.
-Creates it's own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
-Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
-Connects to external sites to download additional files.

Removing Conficker
If you are looking for professional help, please consult with a computer networking and storage professional, such as Digital Perfections

If you are an IT professional, here is a quick tip:

-Visit http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
-Follow a series of steps in order to update your computer, and remove the virus.

10 Commandments for Your Computer Sanity

2009-03-30T06:31:00.000-07:00

Worm Sasser

2009-03-19T07:38:00.000-07:00

In case its the virus wich i'm 90% sure
this is what you should do

Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
avserve.exe = %Windows%\avserve.exe
Close Registry Editor.

TR/Crypt.XPACK.Gen trojan

2009-03-16T05:04:00.000-07:00

TR/Crypt.XPACK.Gen also referred to as Trojan.Crypt.XPACK.Gen or Crypt.XPACK.Gen is a Trojan horse parasite that infects PC's via system security loopholes and allows outside hackers to gain control over the computer. Once infected, the TR/Crypt.XPACK.Gen trojan will use exploits to download and install additional malware and viruses onto the system without victims knowledge. Trojan Crypt.XPACK.Gen is usually infecting via corrupt media codec, AcitveX and Flash updates downloaded from questionable porn and freeware websites.TR/Crypt.XPACK.Gen trojan is a severe security risk that can track keystrokes and steal sensitive banking informations like credit card numbers and login passwords

TR/Crypt.XPACK.Gen Aliases: Win32.Bagle.HV@mm, W32/Bagle.gen, Email-Worm.Win32.Bagle.hv, Trojan.Bagle.Gen!Pac19, I-Worm/Bagle.PZ, TROJ_Generic, Win32.HLLM.Beagle, Win32:Beagle-VI, Email-Worm.Win32.Bagle.hv, Win32/Bagle.HJ

Trojan Crypt.XPACK.Gen Clones: Trojan.Crypt.Xpack.AQB, Trojan.Crypt.XPACK.Gen, Trojan.Crypt.Xpack.SY, trojan.crypt.xpack.atr, Trojan.Crypt.Xpack.CS, Trojan.Crypt.Xpack.HM, Trojan.Crypt.Xpack.JD, Trojan.Crypt.Xpack.P, Trojan.Crypt.Xpack.QKTrojan.Crypt.Xpack.ZU, Trojan.Crypt.Xpack.QF

Trojan TR/Crypt.XPACK.Gen infection signs:

Slow computer performance, slow boots and reboots, deletes legal system files causing Blue Screen Of Death
Strange system processes in task manager
Can deactivate pop up blockers and overrun desktop with Trojan Crypt.XPACK.Gen pop ups

Hinder bandwidth and internet accessibility
TR/Crypt.XPACK.Gen re-install itself every time the PC is started
Incapable to delete bogus desktop shortcuts and icons
System tray icons missing from windows system tray

TR/Crypt.XPACK.Gen trojan behaviors:

Tracks installed security program, inactivate anti-virus and firewall applications
Crypt.XPACK.Gen logs and sends out operating system information, user names, keystrokes, passwords and other sensitive data
Tracks windows activity and system registry, generates popups that match browsing actions
Use system security leaks to infect pc with new trojan entries
Download FREE TR/Crypt.XPACK.Gen detection tool and find out if your PC is infected. Clean out all Crypt.XPACK trojan variants for good

meLT bat command worm virus

2009-03-10T18:09:00.001-07:00

Kill Win32.Sality.X

2009-03-07T17:50:00.000-08:00

Name of the threat: Win32.Sality.X
Command or file name: antzom.exe
Threat type: Spyware\trojan
Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

Intrusion method

This threat copies its file(s) to your hard disk. Its typical file name is Win32.Sality.X. Then it creates new startup key with name Win32.Sality.X and value antzom.exe. You can also find it in your processes list with name antzom.exe or Win32.Sality.X.
If you have further questions about this threat, please fill in the form below and we'll contact you shortly.
» Download program for antzom.exe removal (True Sword Threat Remover)
Recommended Solution
If you are not sure what to delete, use our award winning program - True Sword. True Sword will find and fully remove Win32.Sality.X and 229 940 other dangerous threats including trojans, spyware, adware, riskware, problemware, keyloggers, dialers, viruses and other kinds of malicious programs in several seconds. Fast, easy, and handy, True Sword protects your computer against malicious programs that do harm to your computer and break your privacy. True Sword scans your hard disks and registry and destroys any manifestation of such malicious programs. Standard anti-virus software can do nothing against privacy breakers and malicious programs like that. Get rid of trojans, spyware, adware, trackware, dialers and keyloggers in one click now!
» Download True Sword now for free
How to fix Win32.Sality.X
This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Win32.Sality.X. To fix this threat, you should:
1. Kill the following processes and delete the appropriate files:
• antzom.exe
• ax.exe
• bomryuc.dll
• drlbqse.dll
• egjjen.sys
• fmgonn.sys
• hehmu.sys
• hsgfrn.sys
• idlrrh.sys
• impnn.sys
• jnjpvn.sys
• loader174.exe
• mAO3q2B7r6.exe
• mm2emt.exe
• ogmkmn.sys
• omdftn.sys
• vwservice.exe
• vwsrv.exe
• vwsrv[1].exe
• win13652.dll
• win21309.dll
• win25709.dll
• win27388.dll
• win28610.dll
• win29788.dll
• win3096.dll
• win31324.dll
• win33848.dll
• win35482.dll
• win36587.dll
• win37763.dll
• win40320.dll
• win40346.dll
• win44025.dll
• win46721.dll
• win48684.dll
• win63279.dll
• win7320.dll
• windjnvr.exe
• winibqs.exe
• winjepm.exe
• winkrqpx.exe
• winkxggjh.exe
• winnmswkj.exe
• winrlwmt.exe
• winxotbiy.exe
• wmdrtc32.dll
• wmdrtc32.dl_
• x1001[1].exe
• x2000[1].exe
• x2007.exe
• x2011.exe
• x2011[1].exe
• x3000[1].exe
• ywsnkhb.dll
Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use True Sword for safe problem solution.
2. Delete the following malicious folders:
no information
3. Delete the following malicious registry entries and\or values:
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aouei

• Key: CLSID\{1CE21416-0B8D-8CF6-1FCB-099B30C628BB}\InprocServer32
Value: ThreadingModel

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE
Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: Class

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000\Control
Value: ActiveService

• Key: System\CurrentControlSet\Services\vwservice
Value: DisplayName

• Key: System\CurrentControlSet\Services\vwservice\Enum
Value: Count

• Key: System\CurrentControlSet\Services\vwservice\Security
Value: Security

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: Type

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: Start

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: ErrorControl

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: ImagePath

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: DisplayName

• Key: System\CurrentControlSet\Services\NdisFileServices32\Security
Value: Security

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32
Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000\Control
Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
Value: 0

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_NDISFILESERVICES32\0000\Control
Value: ActiveService

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: d

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {06DB7430-7430-6DB1-306D-430DB4306DB1}

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: ImagePath

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: DeleteFlag

• Key: System\CurrentControlSet\Services\NdisFileServices32
Value: ImagePath

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: ClassGUID

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: DeviceDesc

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: Service

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: ConfigFlag

• Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
Value: Legacy

• Key: System\CurrentControlSet\Services\vwservice
Value: ImagePath

• Key: System\CurrentControlSet\Services\vwservice
Value: ObjectName

• Key: System\CurrentControlSet\Services\vwservice
Value: ErrorControl

• Key: System\CurrentControlSet\Services\vwservice
Value: Start

• Key: System\CurrentControlSet\Services\vwservice
Value: Type

• Key: System\CurrentControlSet\Services\vwservice
Value: FailureActions

• Key: System\CurrentControlSet\Services\vwservice\Enum
Value: NextInstance

• Key: System\CurrentControlSet\Services\vwservice\Enum
Value: 0

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: s

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: f

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: d

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: f

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: d

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion
Value: s

• Key: Software\Microsoft\Internet Explorer\Main
Value: Start Page
Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched.

How To Delete The Msn Virus

2009-03-02T05:49:00.000-08:00

How to get rid of the msn virus (trojan)

2009-03-02T05:48:00.000-08:00

Conclusion

2009-02-28T01:51:00.000-08:00

As you can see the most important step that should be done before connecting to the Internet is to install a firewall and block all ports that you do not need open. This will assure us that your computer will not become hacked by many of the worms and bots out on the Internet. Once a firewall is installed, updating your computer and installing an antivirus software are the next steps. Please follow these steps, as if it is not done, you computer will ultimately get compromised and then further proliferate the infection of others..

Specific Steps for Linux/UNIX

2009-02-28T01:50:00.000-08:00

Almost all Linux distributions come with a built in firewall which is usually iptables. Make sure that the firewall is starting automatically at boot up and is configured to deny all traffic inbound to your computer except for the services you require like SSH. Unfortunately iptables would require a tutorial all in its own, so I will refer you to this already created tutorial:

Specific Steps for MAC OSX

2009-02-28T01:48:00.000-08:00

Mac OSX has a built-in firewall that should be used before connecting to the Internet. To turn this firewall on follow these steps:

1.Open up the System Preferences
2.Click on the Sharing icon
3.Click on the Firewall tab
4.Click on the Start button
5.Now the screen should show the status of the Firewall as On.
Now that the firewall is configured you should connect to the Internet and immediately check for new updates from Apple by following these steps:

1.Choose System Preferences from the Apple Menu.
2.Choose Software Update from the View menu.
3.Click Update Now.
4.Select the items you want to install, then click Install.
5.Enter an Admin user name and password.
6.After the update is complete, restart the computer if necessary
Now install an antivirus software on your computer if one is not already.

Specific Steps for Microsoft Windows XP

2009-02-28T01:46:00.000-08:00

If you have recently purchased a computer and it came with XP Service Pack 2 installed, then the firewall will be enabled by default and you will not have to do anything but install a antivirus software and check for any new updates at www.windowsupdate.com.

On the other hand, if this is an older computer, or you are re-installing one, then you should follow these steps before you connect to the Internet:

1.Log into Windows XP with an administrator account.
2.Enable the Internet Connection Firewall by following the steps found in the following tutorial link: Configuring Windows XP Internet Connection Firewall
3.Once the firewall has been turned immediately go to www.windowsupdate.com and download and install all critical updates and service packs available for your operating system. Keep going back and visiting this page until all the updates have been installed.
4.Once that is completed install an antivirus software and free firewall.
5.Disable the built in XP firewall.

Specific Steps for Windows 2000

2009-02-28T01:44:00.000-08:00

Windows 2000 does not contain a full featured firewall, but does contain a way for you to get limited security until you update the computer and install a true firewall. Windows 2000 comes with a feature called TCP filtering that we can use as a temporary measure. To set this up follow these steps:

1.Click on Start, then Settings and then Control Panel to enter the control panel.
2.Double-click on the Network and Dial-up Connections control panel icon.
3.Right-click on the connection icon that is currently being used for Internet access and click on properties. The connection icon is usually the one labeled Local 4.Area Connection
5.Double-click on Internet Protocol (TCP/IP) and then click on the Advanced button.
Select the Options tab
6.Double-click on TCP/IP Filtering.
7.Put a checkmark in the box labeled Enable TCP/IP Filtering (All Adapters) and change all the radio dial options to Permit Only.
8.Press the OK button.
9.If it asks to reboot, please do so.

Specific Steps for Windows 95/98/ME

2009-02-28T01:43:00.001-08:00

Unfortunately these versions of Windows do not come with a built-in firewall. It is therefore recommended that you download a free firewall and antivirus software from another computer and burn it onto a CD. Then install these products on to your computer before you connect to the Internet. If you do not have the ability to do this, then immediately after you determine that you are connected to and are able to use the Internet, you must go to www.windowsupdate.com and download and install all critical updates available for your operating system. Keep going back and visiting this page until all the updates have been installed.

When these updates are finished installing, then download and install a firewall and antivirus software.

Use an Antivirus Software

2009-02-28T01:42:00.001-08:00

Many of the programs that will automatically attempt to infect your computer are worms, trojans, and viruses. By using a good and up to date antivirus software you will be able to catch these programs before they can do much harm. You can find a listing of some free antivirus programs at the below link

Download the latest security updates

2009-02-28T01:41:00.001-08:00

Now that you have a firewall and non-essential services disabled, it is time to connect your computer to the Internet and download all the available security updates for your operating system. By downloading these updates you will ensure that your computer is up to date with all the latest available security patches released for your particular operating system and therefore making it much more difficult for you to get infected with a piece of malware.

Disable services that you do not immediately need

2009-02-28T01:40:00.000-08:00

Disable any non-essential services or applications that are running on your computer before you connect to the Internet. When an operating system is not patched to the latest security updates there are generally a few applications that have security holes in them. By disabling services that you do not immediately need or plan to use you minimize the risk of these security holes being used by a malicious user or piece of software.

Safely Connecting a Computer to the Internet

2009-02-28T01:37:00.000-08:00

Use a Firewall

The most important step when setting up a new computer is to install a firewall BEFORE you connect it to the Internet. Whether this is a hardware router/firewall or a software firewall it is important that you have immediate protection when you are connecting to the Internet. This is because the minute you connect your computer to the Internet there will be remote computers or worms scanning large blocks of IP addresses looking for computers with security holes. When you connect your computer, if one of these scans find you, it will be able to infect your computer as you do not have the latest security updates. You may be thinking, what are the chances of my computer getting scanned with all the millions of computers active on the Internet. The truth is that your chances are extremely high as there are thousands, if not more, computers scanning at any given time. The best scolution is if you have a hardware router/firewall installed.. This is because you will be behind that device immediately on turning on your computer and there will be no lapse of time between your connecting to the Internet and being secure. If a hardware based firewall is not available then you should use a software based firewall. Many of the newer operating systems contain a built-in firewall that you should immediately turn on. If your operating system does not contain a built-in firewall then you should download and install a free firewall as there are many available. If you have a friend or another computer with a cd rom burner, download the firewall and burn it onto a CD so that you can install it before you even connect your computer to the Internet. We have put together a tutorial on firewalls that you can read by clicking on the link below:

How to remove these infections

2009-02-28T01:30:00.000-08:00

We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.

If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.

1.Download and extract the Autoruns program by Sysinternals to C:\Autoruns

2.Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.

3.Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.

4.When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.

Include empty locations

Verify Code Signatures

Hide Signed Microsoft Entries

5.Then press the F5 key on your keyboard to refresh the startups list using these new settings.

6.The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.

7.Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.

8.Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

How to see hidden files in Windows

9.When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.

How these infections start

2009-02-28T01:29:00.000-08:00

Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.

Unfortunately, though, in the Windows operating system there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.

At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

Virus and other unwanted program

2009-02-28T01:25:00.000-08:00

Malware - Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.

This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won't be covered under this tutorial.

Before we continue it is important to understand the generic malware terms that you will be reading about.

Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.

Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.

Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.

Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.

Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

How To Remove Any Malware Infection. A Step-By-Step How To. Part 5.

2009-02-26T06:42:00.001-08:00

Malwarebytes' Anti-Malware Install and scan

2009-02-26T06:40:00.000-08:00

Spybot Search and Destroy, stubborn virus removal

2009-02-26T06:39:00.001-08:00

Repair your virus, Stop Sign Scanner

2009-02-26T06:38:00.001-08:00

Top 10 virus prevention tips

2009-02-26T02:26:00.002-08:00

10.Buy Anti Virus software.

I know that anti virus software can get expensive but its worth every penny you spend if it saves you from having to completely reinstall your computer or in some cases buy a new one. Most people hate anti virus software because they find it slows their PC down which some do. If your looking for a new anti virus software I would recommend ESET NOD32. My father, which is in the IT industry, recommend NOD32 to me and family and so far I am really enjoying the simplicity of the software, how may virus it really finds and kills and how much it doesn’t slow down my PC.

Top 10 virus prevention tips:

2009-02-26T02:26:00.001-08:00

9.Use common sense.

I know this sounds kinda mean - but its so true and especially with myself. If your not sure about something your downloading, ask someone that does or don’t download it. Keep your virus software up to date and on.

Top 10 virus prevention tips:

2009-02-26T02:25:00.001-08:00

8.Backup your PC.

I recently was given a new computer as a gift and it has Windows Vista installed on it. It came pre-installed with a program that runs a backup on all my documents every week just in case I get a virus and needs those files. GO THE EXTRA STEP. I have a 500GB external hard drive that cost $99 and I use it to back up all my personal files and programs JUST IN CASE I get a virus. And yes you can set it up to do it automatically each week as well so you don’t have to touch it.

Top 10 virus prevention tips:

2009-02-26T02:24:00.000-08:00

7.Beware of simple picture files.

Viruses can hide anywhere including but not limited to pictures files, music files, document files, sound files, website files, anywhere! If you get pictures from someone always scan the files - again can save you tons of time if it has a virus.

Top 10 virus prevention tips:

2009-02-26T02:23:00.002-08:00

6.Scan all files before use.

I know it takes a little time out of your busy schedule but scanning a corrupt file can save you from a lot of problems down the road. A good anti virus program only takes about max of thirty seconds to scan simple-medium size files.

Top 10 virus prevention tips:

2009-02-26T02:23:00.001-08:00

5.Use trusted software.

This runs hand and hand with downloading the wrote/wrong programs. There are some really nice free ware programs that you can download safely and legally and have a very nice program. But even some software that you buy from the store can attract Trojans and small viruses to infect your main system files.

Top 10 Virus Prevention Tips:

2009-02-26T02:22:00.001-08:00

4.Watch your email.
I know many say that if your receiving an attachment file from someone you trust it is clean and safe for viewing. That is only true if that person has clean computer files as well. YES, you can get a virus from someone that you trust and that can be done without the persons knowledge. I would recommend using your trusted Anti-Virus software to scan every file that you review via email.