Spyware Removal Tips For Your Computer

This Blog Provide further information about Spyware removal tips. This help you remove virus and spyware from your computer system

Wednesday, October 13, 2010

A New Threat to Internet Security

A new virus that was recently speculated as targeting Iranian nuclear facilities has raised concern about the safety of Industrial facilities against what could be politically targeted attacks using sophisticated code.

The Stuxnet worm was first discovered in June 2010 by an Internet security firm “VirusBlokAda” in Belarus. It gained notoriety as a one of a kind worm that targets industrial systems especially ones running the SCADA systems which are used to monitor industrial systems. It reportedly has the ability to reprogram and spy on industrial systems and has the capability to reprogram and hide the changes made to the Programming logic controllers or PLC’s. The roots of this worm can be tracked back to the early June 2009 but one of the components in this worm contains a time stamp of 3 February 2010. This new computer worm targets systems running Microsoft Windows using four zero day attacks, which include the CPLink security vulnerability and one used by the Conficker worm. The worm aims its attacks on systems running the Siemens WinCC/PCS 7 SCADA software.

As with most worms, it is initially spread by USB drives and then utilizes other shortfalls in programming to spread to other WinCC computers on the network. Once inside the PC, it uses the default password to control the software. According to experts, complexity of this worm is never seen before in a malware. The attacks require a thorough understanding of industrial processes and intent on disrupting them. And also the number of zero day attacks used in this worm is highly alarming as zero day attacks are highly prized in the hacking world and to use four of them in this worm may seem an overkill but one which has lots of consequences for the Internet and computer security world.

The worm is half a megabyte in size, quite large compared to others and written in C and C++ and is digitally signed with two stolen certificates. Its ability to upgrade via peer to peer is also very alarming and allows it to be updated after the command and control server has been disabled. Technicians say that the making of this kind of a worm would have required months of programming and many persons working on it.

An Internet security firm claims that the majority of infected systems were found to be in Iran. This claim is making speculations arise whether this worm was specifically designed to target Iranian Nuclear facilities like the Bushehr Nuclear power plant and the Natanz nuclear facility.

Siemens has released a detection and removal tool for this worm, while Microsoft has released a patch for this vulnerability.

Source : Online News Heard Now

Wednesday, October 6, 2010

antispyware soft removal and analysis

Antispyware Soft is similar in interface and behavior to Antivirus Soft, Antivirus Live and Antivirus soft scareware. This malicious, rogue security software aggressively displays fraudulent system security alerts about non-existent network infiltration attempts and malware.

The anti spyware soft rogue when installed:

  • Installs the Fake Windows Security Center where all the links lead to its payment page.
  • Hijacks Internet Explorer and automatically opens a specific set of porn websites every few minutes.
  • Blocks execution of most programs.
  • Blocks execution of Task Manager, Command Prompt and MS Configuration editor.
  • Blocks Windows firewall, Automatic Updates and Internet Options.
  • Disables Internet Explorer Phishing Filter.

Scareware like Antispyware Soft are commonly installed when users are redirected to fake online scanner pages or fake ‘video codec required’ pages distributed through out the Web by cyber criminals using blackhat SEO techniques, Spam and Malicious flash advertisements.

Antispyware Soft Removal (How to remove Antispyware Soft)

MalwareBytes's Anti-Malware Free edition (mbam-setup.exe) was able to remove this infection.

  1. Boot in to Window Safe Mode with networking
  2. Download Malware Bytes's Anti-Malware Free edition (mbam-setup.exe) or from a clean computer download and copy to a removable drive like CD, DVD or USB flash drive.
  3. Double-click mbam-setup.exe to start the installation. Proceed with installation following the prompts. Make sure that the following option is checked when you finish the installation: Update Malwarebytes’ Anti-Malware.
  4. Once the update is completed, Launch Malwarebytes’ Anti-Malware and select Perform full scan in the Scanner tab. When the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
  5. Trun System Restore off and on.

If you find the Internet Explorer is still being re-directed to the scareware website, remove the proxy settings as follows:

Open Internet Explorer, Click Tools menu and then click Internet options or open Internet options via control panel. In the Internet Options window, select the Connections tab. In the Connections tab, click on LAN settings.

IE remove proxy Antispyware Soft Removal and Analysis

In the Local Area Network (LAN) Settings window, click Advanced and clear the proxy address 127.0.0.1 and port 5555. Click Yes and OK your way out.

You should now be clean of this rogue.

The full version of Malwarebytes’ Anti-Malware performs brilliantly against scareware such as Antispyware Soft. The real-time component of the paid version includes dynamic blocking of malicious websites, servers and prevents execution of malware. It would caution you before most rogue security software could install itself. Please consider purchasing the Malwarebytes' Anti-Malware Full version for additional protection.

Antispyware Soft Analysis

A rogue security software such as Antispyware Soft belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own. They need to be removed immediately from your system.

The trojan downloader was about 271104 bytes in size. It was detected by 32/41 (78.05%) of antivirus engines available at VirusTotal.

  • Trojan.Win32.FakeSpypro
  • Trojan/Win32.FraudPack
  • W32/FakeAlert.GQ.gen!Eldorado
  • Win32:Rootkit-gen
  • Win32/XPInternetSecurity.D
  • Trojan.Win32.FraudPack.avgj
  • Win32/Adware.SpywareProtect2009
  • Troj/FakeAV-BGE
  • FraudTool.Win32.AVSoft (v)
  • SpywareGuard2008
  • TROJ_FAKEAV.SMMZ

Typical Antispyware Soft Scare Messages

Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.

Infiltration alert. Virus Attack. Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

Users should not fall for the false alerts of system infection and buy the scareware to ‘clean’ the system. If you purchased one by entering your credit card number at a rogue software website, it would be prudent to:

  • Immediately contact the bank that issued the card and dispute the charges.
  • Request them to not allow any further transaction and cancel the card. You may also request them to issue a new card with a different number.

Antispyware Soft Associated Files and Folders

  • C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\ylyqcrynp\klbqtgitssd.exe
  • C:\WINDOWS\Prefetch\KLBQTGITSSD.EXE-02AED8DA.pf

Some of the file names may be randomly generated. The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antispyware Soft Associated Registry Values and Keys

  • HKEY_CURRENT_USER\Software\avsoft
  • HKEY_CURRENT_USER\Software\avsuite
  • HKEY_CURRENT_USER\Software\avsuite\knkd=1
  • HKEY_CURRENT_USER\Software\avsuite\aazalirt=1
  • HKEY_CURRENT_USER\Software\avsuite\skaaanret=1
  • HKEY_CURRENT_USER\Software\avsuite\jungertab=1
  • HKEY_CURRENT_USER\Software\avsuite\zibaglertz=1
  • HKEY_CURRENT_USER\Software\avsuite\iddqdops=1
  • HKEY_CURRENT_USER\Software\avsuite\ronitfst=1
  • HKEY_CURRENT_USER\Software\avsuite\tobmygers=1
  • HKEY_CURRENT_USER\Software\avsuite\jikglond=1
  • HKEY_CURRENT_USER\Software\avsuite\tobykke=1
  • HKEY_CURRENT_USER\Software\avsuite\klopnidret=1
  • HKEY_CURRENT_USER\Software\avsuite\jiklagka=1
  • HKEY_CURRENT_USER\Software\avsuite\salrtybek=1
  • HKEY_CURRENT_USER\Software\avsuite\seeukluba=1
  • HKEY_CURRENT_USER\Software\avsuite\jrjakdsd=1
  • HKEY_CURRENT_USER\Software\avsuite\krkdkdkee=1
  • HKEY_CURRENT_USER\Software\avsuite\dkewiizkjdks=1
  • HKEY_CURRENT_USER\Software\avsuite\dkekkrkska=1
  • HKEY_CURRENT_USER\Software\avsuite\rkaskssd=1
  • HKEY_CURRENT_USER\Software\avsuite\kuruhccdsdd=1
  • HKEY_CURRENT_USER\Software\avsuite\krujmmwlrra=1
  • HKEY_CURRENT_USER\Software\avsuite\kkwknrbsggeg=1
  • HKEY_CURRENT_USER\Software\avsuite\ktknamwerr=1
  • HKEY_CURRENT_USER\Software\avsuite\iqmcnoeqz=1
  • HKEY_CURRENT_USER\Software\avsuite\ienotas=1
  • HKEY_CURRENT_USER\Software\avsuite\krkmahejdk=1
  • HKEY_CURRENT_USER\Software\avsuite\otpeppggq=1
  • HKEY_CURRENT_USER\Software\avsuite\krtawefg=1
  • HKEY_CURRENT_USER\Software\avsuite\oranerkka=1
  • HKEY_CURRENT_USER\Software\avsuite\kitiiwhaas=1
  • HKEY_CURRENT_USER\Software\avsuite\otowjdseww=1
  • HKEY_CURRENT_USER\Software\avsuite\otnnbektre=1
  • HKEY_CURRENT_USER\Software\avsuite\oropbbsee=1
  • HKEY_CURRENT_USER\Software\avsuite\irprokwks=1
  • HKEY_CURRENT_USER\Software\avsuite\ooorjaas=1
  • HKEY_CURRENT_USER\Software\avsuite\id=8.0
  • HKEY_CURRENT_USER\Software\avsuite\ready=1
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures=no
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures=1
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8=0
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled=0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=http=127.0.0.1:5555
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation=1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\njjhiffj=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\ylyqcrynp\klbqtgitssd.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug=1

The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antispyware Soft Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • avtiviruspower .com

Note: Visiting the domains mentioned above may harm your computer system.

If you are unable to get rid of this scareware, please visit one of the recommended forums for malware help post about your problem.

Antispyware Soft Scareware — Screenshots

Note:- The Antispyware Soft installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

Source :-www.malwarehelp.org

Friday, September 17, 2010

How to Remove Google Redirect Virus ?

Wouldn’t it be frustrating if you were trying to search for something on Google and clicking away on search results only ends you up on websites and web pages that have nothing to do with what you are searching for?

We have some bad news for you, you probably ended up being infected with the Google Redirect Virus.

The Google Redirect Virus is a browser hijacking virus that manages to infect browsers like Internet Explorer and Firefox
by redirecting innocent browser users to different malicious websites, scam advertisings, annoying pop-ups and concealing Google results.
How do I know if I’m infected?

Other than hijacked search results, these symptoms can tell that your computer
is infected with the Google Redirect Virus.

* The desktop background
has changed
* The browser default homepage has changed
* Internet Explorer or Firefox have significantly slowed down
* Corruption of computer system log files that lead to the dreaded and obnoxious “Blue Screen of Death”
* Internet Explorer cannot open any web page
* The following error constantly drives you crazy: “filename.exe is not a valid win32 application”
* Each time you attempt to download a new setup file for any program whatsoever, it alerts you that the downloaded files are corrupt and you should download fresh copies of these files

So if you want to protect your privacy, confidential information and system, you will definitely have to remove this annoying Google Redirect Virus immediately. So lets help you get rid of this beastly virus by hacking the hacker, here’s a virus removal guide:

1. Hit Start Menu > Run > Devmgmt.msc > OK/Enter
2. Open Device Manager, Click on View and hit “Show Hidden Devices”
3. Scroll down in the window and try to find “TDSSserv.sys” in the Non-plug and Play Drivers list.
4. Right click and disable it. Do not uninstall otherwise the infection will reappear once you restart your computer
5. Now you can restart.

Update your antivirus software and scan your entire computer — Google Redirect Virus will cease to exist on your machine. However, please note that you also need to use a good registry cleaner such as CCleaner to remove obsolete registry entries.

You might also want to try the following freely available standalone virus removal tools to get rid of the Google Redirect Virus:

1. ESET’s Win32/Olmarik Removal Tool
2. Kaspersky Labs TDSSKiller
3. Microsoft’s Windows Malicious Software Removal Tool
4. F-Secure’s BlackLight
5. McAfee’s Stinger
6. Dr.Web’s CureIt!

More Technical Details to help you identify the beast:

* Common Names: gogoogle, goyahoo
* O20 – AppInit_DLLs: karna.dat is apparent in HJT log
* Detected in various scanning programs
- C:\WINDOWS\system32\wini10894.exe
- C:\WINDOWS\brastk.exe
- C:\WINDOWS\system32\brastk.exe
- C:\WINDOWS\karna.dat
- C:\WINDOWS\system32\karna.dat
- TDSSserv.sys
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk
* Whenever you try to update software on your system, they are redirected to 127.0.0.1 (on to your own computer’s default host name) so none are able to update!

Source: devicemag.com

Wednesday, September 8, 2010

Remove Mcafee Antivirus - Tips

Do you plan to replace McAfee AntiVirus using another security program or do you need to reinstall McAfee AntiVirus? If so, this McAfee Antivirus removal guide should help you to ready the system and remove McAfee software.

McAfee AntiVirus Plus

Using Custom Install for McAfee AntiVirus Plus

McAfee AntiVirus Plus provides virus and spyware protection for Windows. The installer of McAfee AnitVirus lets you choose to install other McAfee protections such as an antivirus, a firewall, and SiteAdvisor. Another component you can install and use is the Quick Clean. If you need to replace McAfee with another antivirus program or you have to reinstall McAfee, here are quick and easy steps for McAfee AntiVirus removal.

Before You Begin Removing McAfee AntiVirus

Always ready your computer prior to removing any antivirus program or software in general. Before running a McAfee AntiVirus removal, take some time to ready the following:

  • If you are planning to reinstalling McAfee AntiVirus software, ensure that you've activated your subscription by creating a McAfee account so you can download it again.

  • Download the McAfee Consumer Products Removal tool, a program to clean-up the system from remnants of McAfee, especially if you are unable to remove the program using Add or Remove Programs in Windows. Please skip this step if you've installed SiteAdvisor and you plan on keeping the said browser add-on.

  • Close any running application, especially Internet Explorer and Firefox browsers so the removal of McAfee add-ons for the said browsers will remove completely.

  • Verify that System Restore in Windows XP, Vista and Windows 7 are running and create a restore point. To verify, open System Restore by clicking on Start > Programs > Accessories > System Tools. Please see this article on how to enable system restore and create a restore point in Windows.

  • An optional step: Download AppRemover and Revo Uninstaller. You will only use these tools if you cannot remove McAfee AntiVirus using Add or Remove Programs or MCPR.exe.

McAfee AntiVirus Removal: Keeping Other McAfee Software Installed

Before you begin removing McAfee AntiVirus, you need to know that you should not use the McAfee Consumer Products Removal tool (MCPR.exe) if you want to keep other McAfee software such as McAfee SiteAdvisor and McAfee Anti-Theft.

If you decide removing only the McAfee AntiVirus but keep SiteAdvisor, simply remove the program using Add or Remove Programs in Windows. Choose to remove only the McAfee AntiVirus Plus and do not put a checkmark the box before "SiteAdvisor."

Removing McAfee AV Plus Only

Proceed by clicking "Next" then reboot the computer when prompted. When Windows has finished restarting, the SiteAdvisor program should be installed but not McAfee AntiVirus will be removed. However, if the McAfee AntiVirus Plus is not removed using the Add or Remove Programs utility, proceed in using AppRemover or Revo Uninstaller programs to remove McAfee AntiVirus. I highly suggest to first use AppRemover since it supports removal of Version 10.xx of McAfee software.

Removing McAfee AntiVirus Plus and SiteAdvisor

If you have trouble using McAfee AntiVirus and SiteAdvisor or you plan to replace McAfee AntiVirus with another security solution, you need to use similar steps as above with an additional task:

  • Open Add or Remove Programs in Windows and locate and select McAfee AntiVirus Plus
    Add or Remove McAfee AV


  • Check all the boxes to remove any McAfee software in Windows.
    Removing all Mcafee software


  • Wait for the program to complete the McAfee AntiVirus removal and then restart the computer when prompted.
    Removal Process of McAfee AV and SiteAdvisor


  • Successful removal of Mcafee programs


  • The McAfee AntiVirus Plus and SiteAdvisor should be removed already but to complete the removal process, clean-up the computer using McAfee Consumer Products Removal tool (MCPR.exe). Double-click MCPR.exe on your desktop and allow it to clean the computer for any traces by McAfee programs. Reboot the computer again.

  • Cleaning Windows for McAfee software

  • If you want to view the log soon, you can opt not to reboot, then click the “View Log” button which should have similar information as what is shown below:

  • Log Report Using MCPR.exe

  • For Vista or Windows 7 users, you will see the "Program Compatibility Assistant" window after using MCPR.exe. Simply click on "This program installed correctly" to close it. Please do not select the "reinstall using recommended settings."

Please note that you can also use the McAfee Consumer Products Removal tool to remove McAfee products without having to use the Add or Remove Programs utility in Windows but it is recommended to use MCPR.exe if you are not keeping other McAfee software e.g. SiteAdvisor and McAfee Anti-Theft.

Source: brighthub.com

Tuesday, August 10, 2010

Top Reasons to use Antivirus Software

Is your computer secure? Are you really sure of this? The truth of the matter is that it’s very hard to make your computer 100% secure from all the threats that are out there. Yes using a good security suite will help keep your computer secure and safe from 99.9999% of online and offline dangers but no security suite is perfect so you’ll need to use a bit of common sense too when it comes to keeping your computer and its data safe.

There’s a lot of stuff you need to protect your computer from – spam, viruses, worms, spyware, phishing and other similar hacking attempts. If you leave your computer unsecured online it’s only a matter of time before you get attacked or infected. Actually guess how long it takes a new computer to get infected from an online source? No more than 2 hours…120 minutes. That’s all the time it takes for your shiny new computer to be riddled with viruses and spyware.

Anytime I see people using a computer with no virus or firewall protection I actually feel like crying because I know what’s going to happen. Then I get the phone call asking for help in fixing the problem.

You have a choice of either buying several separate security products and installing them one at a time or you can install a single suite that does it all for you. For most new users a suite is ideal because it’s less to worry about.

So how do you go about choosing your perfect computer security suite?

Total Protection

Whatever product you choose make sure it gives you the most bang for your buck – you want total protection for your computer for one single price. Ideally the software should include antivirus protection, a firewall and spyware protection at the minimum. Any other bells and whistles that are included are all well and good but make sure that your basic security needs are covered here.

Read Reviews

Never buy any product without reading a few user reviews first. Magazine reviews are fine but can be a bit biased so try to find real user comments on how well the software suite works. You can try Zdnet.com and PCMag.com for reviews of all the latest and great security suites – plus you’ll get to see user feedback at the end of the reviews.

Brand Names

If you’re stuck for making a choice then try to stick to a brand name that you recognize. Good example are Norton, Kaspersky and Zonelabs(the Zonealarm people). Combined with reading a handful of user reviews you’ll be able to make your mind up pretty quickly.

System Requirements

Always check the minimum requirements for any piece of software you buy. Remember that minimum means just that – those requirements listed are what the software needs to run. If you’re just meeting the minimum requirements then everything should work but will just do it really slowly.

Source: booshnews.com

Tuesday, June 8, 2010

Another Malicious Twitter Spam Experts Warning

Security researchers are warning of yet another Twitter-themed malicious spam attack that attempts to install rogue anti virus software on the victim's PC.

over 50,000 instances of latest threat Security researchers are warning of yet another Twitter-themed malicious spam attack that attempts to install rogue anti virus software on the victim’s PC.

According to Websense Security Labs ThreatSeeker Network, they have told that the spam mails or messages are designed to imitate a Password Reset Notification Message same as of Twitter.

The spam message contains a weblink to a compromised web site that, when clicked or pasted into the browser, prompts the user to download a malicious executable named password.exe, said the Company.

This executable file turns out to be a rogue AntiVirus named Protection Center Safebrowser. It has been designed and developed to look and feels like genuine anti virus software by alerting the consumers that it has discovered malicious files on the users machine may be a deskptop or laptop.

“What distinguishes this rogue anti virus promotion from others we have seen is that it displays on your desktop some of the malicious files it has already installed,” said Carl Leonard, senior research manager at Websense security labs.

“This makes the attack notifications more believable and truth. A business or firm seriously needs to consider a solution for that will provide it with real time security in order to mitigate the threat of the modern day cyber criminals.”

The security vendor revealed that it has seen more than 50,000 instances of this malicious spam email or message so far a per his knowledge.

source: v3.co.uk

Tuesday, June 1, 2010

Facebook Malware Attack Spreading Fast

Social networking site Facebook faced a third phishing attack on the weekend, with a malware, which steals login credentials and even gets home addresses, being downloaded through a video.

According to WebSense, the malware is spread via a "hilarious video" posted to Facebook walls, which when clicked, produces a form requesting login information, reports the Sydney Morning Herald.

The attack then returns one to Facebook, installs an app called "Media Player HD", and asks one to download the "FLV player", which upon doing so installs malware on the machine.

And that is not the only way it attacks. Depending on the location, one may also be presented with a contest to win an iPad, and all one would have to do is enter the home address.

In order to avoid the malware, one needs to remove the "hilarious video" if found on the Facebook wall.

And if it is seen elsewhere on Facebook, users are to remember not to click on it, and to of course remember the obvious rule: don't enter your Facebook login anywhere other than on Facebook.com.

In case a person has already clicked on it, all he or she needs to do is change the Facebook password, uninstall the Facebook app (often called "Media Player HD"), and run a virus/malware scan on the computer.

Source: news.yahoo.com