System Security 2009

Posted by elise in Blog Latest Adware Threats, Latest Parasite Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Parasite Threats, Top Spyware Threats on June 11th, 2009 | Leave a comment
TAGS: , , , ,

What is System Security 2009?
System Security 2009 is simply a clone of the infamous rogue anti-spyware named System Security. The same as most of false anti-spyware programs, System Security 2009 utilizes the deceive means to reach its purpose. By making use of the backdoor techniques, System Security 2009 usually intrudes PC system without your acknowledge or permission.

Once installed, it will flood PC system with unsolicited ads that show your machine is at risk. The progam will appear every now and then on your screen, continually scanning your PC and reporting a variety of supposed malware. To solve the program with System Security 2009, you must go to its website to pay for the license, in which you may be in high danger of downloading extra virus onto your system. In fact, System Security 2009 can not detect any infections because it does not have any legit virus scanning engine at all. Not only does it slow down your PC performance dramatically, System Security 2009 will also threaten your personal data and privacy.

Do you have System Security 2009?
If you have enough time and expertise, you can search your computer for System Security 2009 manually. However, it might take hours to find out all files of System Security 2009, and it is possible that System Security 2009 will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for System Security 2009
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual System Security 2009 removal instructions
WARNING: The manually removal method is for advanced users. System Security 2009 manually removal can be difficult and time-consuming. There is no guarantee that System Security 2009 can be completely removed, for there are hundreds of files generated when System Security 2009 installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below to remove System Security 2009 manually:

Navigate and stop the System Security 2009 processes:
SystemSecurity.exe
05643921.exe
install.exe

Navigate and delete System Security 2009 files:
systemsecurity.exe
SystemSecurity.lnk
SystemSecurity on the Web.lnk
Uninstall SystemSecurity.lnk
%desktopdirectory%\system security.lnk
%desktopdirectory%\ws\config.udb
%desktopdirectory%\ws\init.udb
%desktopdirectory%\ws\languages\english.lng
%desktopdirectory%\ws\languages\german.lng
%desktopdirectory%\ws\languages\spanish.lng
%desktopdirectory%\ws\systemsecurity.exe
%programs%\system security\system security.lnk
%desktopdirectory%\ws\systemsecurity.exe
05643921.exe
install.exe
%desktopdirectory%\system security 2009.lnk
%programs%\system security\system security 2009 support.lnk
%programs%\system security\system security 2009.lnk

Navigate and remove System Security 2009 registry keys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 shortcutpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 uninstallstring

What are the symptoms of System Security 2009?

  • System Security 2009 may be advertised through the use of Trojans
  • System Security 2009 may pop up fake security alerts about infections
  • System Security 2009 may automatically run when you start Windows
  • System Security 2009 may cause privacy violated
  • System Security 2009 may cause the system damage

How do I keep away from System Security 2009
Once you have cleaned up System Security 2009, the most important point to prevent System Security 2009 and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against System Security 2009 and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Anti-spyware Software?
System Security 2009 is a type of Anti-spyware Software.

Rogue Anti-spyware Software is the software that uses malware to advise or install itself through other malicious viruses or security hole without your permission. Rogue software usually pops up fake system message such as “Warning, your computer is infected! Click here to scan your computer now!” Most of the time, when clicking the “OK” button on the dialog tab, users will be directed to an unknown website that may download more spyware threats. Sometimes, even clicking the close button on the top right may lead to the installation of the rogue software, for the button is actually a link.

With the purpose to trick innocent users into the action of paying, rogue software usually counterfeits exaggerated and fake system scanning results and scare users to pay for the removal of the never-existed spyware infections. In fact, the threat is the rogue software itself. Most of them come with a bundle of very harmful spyware programs that hidden in the files themselves.

How to Optimize Computer System

Posted by elise in Blog Knowledge Base on March 30th, 2009 | Leave a comment
TAGS: , , , ,

Are you fed up with slow PC performance? In fact, more that 90% of the individual PC users are not utilizing their computer’s full speed. Most of people spend lot of money on purchasing latest software, in order to accelerate PC speed. If all those software do not work well, let me show you a simple tip to optimize computer. It is not a tough task, but you have to spend some time with your computer.

At the bottom left of your PC screen, click “Start”->”Programs”->”Accessories”->”Notepad” and copy & paste the following information on the notepad; and then click “Safe As” to save the notepad onto your desktop. On the “File Name” blank, select “All File” and fill in the title “Clean up System LJ.bat” in the blank. Please note that the suffix name must be .bat

Please copy and paste the following information onto the notepad:

@echo off
echo is cleaning up system junk files, please wait…
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q “%userprofile%\Local Settings\Temporary Internet Files\*.*”
del /f /s /q “%userprofile%\Local Settings\Temp\*.*”
del /f /s /q “%userprofile%\recent\*.*”
echo system cleaning is finished!
echo. & pause

Then you would have your own junk file cleaner made successfully. Double-click on the junk file cleaner to proceed. When the screen notes that the system cleaning is finished, you will get a “slim” PC system once again.

Win32/Sality.AA

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Virus on March 6th, 2009 | 1 Comment
TAGS: , , , ,

What is Win32/Sality.AA?
Win32/Sality.AA is a polymorphic virus that infects Win 32 PE executable files, meanwhile, acting as a keylogger. This virus logs keystrokes to certain windows and certain information on the infected machine and all the collected data is periodically submitted to a remote site. Win32/Sality.AA can be spread through unsolicited spam email, corrupt p2p and freeware downloads or porn sites.

After installed onto PC system, Win32/Sality.AA may download adware, spyware and other malware threats and deliver corrupt files, such as scvhsot.exe, blastclnnn.exe, blastclnnn.exe and hinhem.scr, within the Windows Win directory.

Win32/Sality.AA is also known as W32/Sality [McAfee], Virus.Win32.Sality.aa [Kaspersky], W32.Sality.AE [Symantec], Virus: Win32/Sality.AM [MS OneCare], PE_SALITY.EM [Trend].

Do you have Win32/Sality.AA?
If you have enough time and expertise, you can search your computer for Win32/Sality.AA manually. However, it might take hours to find out all files of Win32/Sality.AA, and it is possible that Win32/Sality.AA will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Win32/Sality.AA
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Win32/Sality.AA removal instructions
WARNING: The manually removal method is for advanced users. Win32/Sality.AA manually removal can be difficult and time-consuming. There is no guarantee that Win32/Sality.AA can be completely removed, for there are hundreds of files generated when Win32/Sality.AA installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Win32/Sality.AA removal manually:

Navigate and stop the Win32/Sality.AA processes:
N/A

Navigate and delete Win32/Sality.AA files:
%System%\amvo.exe
%System%\blastclnnn.exe
%System%\scvhsot.exe
%Temp%\00055a0e_rar\scvhsot.exe
%Temp%\000592b2_rar\scvhsot.exe
%Temp%\0005934e_rar\hinhem.scr
%Temp%\0005938d_rar\blastclnnn.exe
%Windir%\hinhem.scr
%Windir%\scvhsot.exe
c:\rdsfk.com

Navigate and remove Win32/Sality.AA registry keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”[INFECTED FILE]” = “[INFECTED FILE]:*:Enabled:ipsec”
HKEY_CURRENT_USER\Software\[USER NAME]914
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify = dword:00000001

What are the symptoms of Win32/Sality.AA?

  • Win32/Sality.AA may infect computer via spam e-mail, corrupt web sites and downloads third-party files through security holes
  • Win32/Sality.AA may change system tracks, creates popup ads equivalent browsing habits and collects system activity
  • Win32/Sality.AA may forward passwords, login names and other secret private information to outside hackers by avoiding antivirus and firewall programs

How do I keep away from Win32/Sality.AA
Once you have cleaned up Win32/Sality.AA, the most important point to prevent Win32/Sality.AA and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Win32/Sality.AA and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Virus?
Win32/Sality.AA is a type of Virus.

A virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

XPPoliceAntivirus

Posted by elise in Blog Latest Parasite Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Tutorials on February 23rd, 2009 | Leave a comment
TAGS: , , ,

What is XPPoliceAntivirus?
XPPoliceAntivirus is also known as XP Police Antivirus, XPPolice Antivirus and XP PoliceAntivirus. This is a newly released fake anti-spyware program that may be installed onto PC system through Trojans while visiting rogue websites or downloading phony video from unknown or questionable websites. XPPoliceAntivirus is associated with Antivirus 2009, Pro AntiSpyware 2009, and MS Antivirus 2009.

Once XPPoliceAntivirus is installed onto your system, it will display fake warning alerts, messages and popups to make you believe that your computer is infected with spyware. All those fake notifications are designed to look similar to the legitimate messages issued by Windows Security Center. XPPoliceAntivirus uses aggressive and deceptive approaches to frighten the user into purchasing its full version, so it should be removed as soon as possible.

Do you have XPPoliceAntivirus?
If you have enough time and expertise, you can search your computer for XPPoliceAntivirus manually. However, it might take hours to find out all files of XPPoliceAntivirus, and it is possible that XPPoliceAntivirus will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for XPPoliceAntivirus
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual XPPoliceAntivirus removal instructions
WARNING: The manually removal method is for advanced users. XPPoliceAntivirus manually removal can be difficult and time-consuming. There is no guarantee that XPPoliceAntivirus can be completely removed, for there are hundreds of files generated when XPPoliceAntivirus installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for XPPoliceAntivirus removal manually:

Navigate and stop the XPPoliceAntivirus processes:
xppolice.exe

Navigate and delete XPPoliceAntivirus files:
C:\WINDOWS\Prefetch\XPPOLICE.EXE-386FFD9B.pf
C:\Documents and Settings\dtHome\Start Menu\XP Police Antivirus.LNK
C:\Documents and Settings\dtHome\Desktop\XP Police Antivirus.LNK

Navigate and remove XPPoliceAntivirus registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe    e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run    PoliceAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “xppolice”

What are the symptoms of XPPoliceAntivirus?

  • XPPoliceAntivirus may be misleadingly advertised through websites
  • XPPoliceAntivirus may automatically start when you logon to Windows
  • XPPoliceAntivirus may display fake alerts and warnings
  • XPPoliceAntivirus may install an adware Trojan to infect Internet Explorer
  • XPPoliceAntivirus may decrease the system performance

How do I keep away from XPPoliceAntivirus
Once you have cleaned up XPPoliceAntivirus, the most important point to prevent XPPoliceAntivirus and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against XPPoliceAntivirus and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Rogue Anti-spyware Program?
XPPoliceAntivirus is a type of Rogue AntiSpyware Program.

Rogue Anti-spyware Software is the software that uses malware to advise or install itself through other malicious viruses or security hole without your permission. Rogue software usually pops up fake system message such as “Warning, your computer is infected! Click here to scan your computer now!” Most of the time, when clicking the “OK” button on the dialog tab, users will be directed to an unknown website that may download more spyware threats. Sometimes, even clicking the close button on the top right may lead to the installation of the rogue software, for the button is actually a link.

With the purpose to trick innocent users into the action of paying, rogue software usually counterfeits exaggerated and fake system scanning results and scare users to pay for the removal of the never-existed spyware infections. In fact, the threat is the rogue software itself. Most of them come with a bundle of very harmful spyware programs that hidden in the files themselves.