N-case

Posted by elise in Blog Adware, Latest Adware Threats, Latest Spyware News, Recent Articles, Top Spyware Threats on June 8th, 2009 | 2 Comments
TAGS: , , , , ,

What is N-case?
N-case is a adware that automatically produces logs of your online activities, including the websites you have visited and keywords within your visited URLs. It then silently submits the log generated to the servers of 180Solution’s who releases N-Case. This malware also delivers targeted popup ads under direction of its controlling servers. Whenever PC starts up, N-Case would automatically launch and run at the background, generating unsolicited popup advertisements. It can even update itself.

Do you have N-case?
If you have enough time and expertise, you can search your computer for N-case manually. However, it might take hours to find out all files of N-case, and it is possible that N-case will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for N-case
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual N-case removal instructions
WARNING: The manually removal method is for advanced users. N-case manually removal can be difficult and time-consuming. There is no guarantee that N-case can be completely removed, for there are hundreds of files generated when N-case installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below to remove N-case manually:

Navigate and stop the N-case processes:
N/A

Navigate and delete N-case files:
%ProgramsDir%\n-Case\
%ProgramsDir%\nCase\
%SystemDir%\msbb.exe
%SystemDir%\msbb.dll
%SystemDir%\msbb1.dll
%WinDir%\ncmyb.dll

Navigate and remove N-case registry keys
N/A

What are the symptoms of N-case?

  • N-case may connect itself to the internet
  • N-case may hide from the user
  • N-case may stay resident in background

How do I keep away from N-case
Once you have cleaned up N-case, the most important point to prevent N-case and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against N-case and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
N-case is a type of adware.

Adware is a type of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.

Trojan Wind32/Heur

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Trojans on May 24th, 2009 | 2 Comments
TAGS: , , , ,

What is Trojan Wind32/Heur?
Trojan Wind32/Heur is a hazardous Trojan genetic detection that is able to self-reproduce via the local and network drive, usually installed onto your system without your content. This infection spreads itself to PCs via spam emails, share network, corrupted media files, porn websites and other related illegal websites. Trojan Wind32/Heur is also capable of downloading and executing additional malware in the infected machine, which results in delivering fake security pop-ups and redirecting search results of system browsers. It can even disable security programs and firewall software.

Do you have Trojan Wind32/Heur?
If you have enough time and expertise, you can search your computer for Trojan Wind32/Heur manually. However, it might take hours to find out all files of Trojan Wind32/Heur, and it is possible that Trojan Wind32/Heur will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Trojan Wind32/Heur
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Trojan Wind32/Heur removal instructions
WARNING: The manually removal method is for advanced users. Trojan Wind32/Heur manually removal can be difficult and time-consuming. There is no guarantee that Trojan Wind32/Heur can be completely removed, for there are hundreds of files generated when Trojan Wind32/Heur installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below to remove Trojan Wind32/Heur manually:

Navigate and stop the Trojan Wind32/Heur processes:
N/A

Navigate and delete Trojan Wind32/Heur files:
N/A

Navigate and remove Trojan Wind32/Heur registry keys
N/A

What are the symptoms of Trojan Wind32/Heur?

  • Trojan Wind32/Heur may may sneak into your system through insecure websites
  • Trojan Wind32/Heur may download other malware such as rogue anti-spyware applications
  • Trojan Wind32/Heur may cause popups of false and exaggerated results
  • Trojan Wind32/Heur may slow down computer process
  • Trojan Wind32/Heur may decrease system performance

How do I keep away from Trojan Wind32/Heur?
Once you have cleaned up Trojan Wind32/Heur, the most important point to prevent Trojan Wind32/Heur and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Trojan Wind32/Heur and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Trojan?
Trojan Wind32/Heur is a type of trojan.

Trojan is a general term for malicious program that sneaks into PC system without the user’s permission. Most Trojans exhibit some forms of hostile or malicious behaviors. They can contain a virus, a password grabber or they can be a RAT (Remote Access Trojan) that is designed to allow remote control over your system. Some Trojans contain built in scanners that automatically scan the Network from your computer, looking for another copies of themselves.

As told in the Aeneid by Virgil and mentioned in the Odyssey by Homer, the term Trojan comes from Greek mythology about the Trojan War. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.

Nowadays, Trojan is flooding on the Internet, and a Trojan may be widely redistributed as part of a computer virus. Therefore, Trojan has been one of the leading causes of computer breakings.

Kido Worm

Posted by elise in Blog Latest Adware Threats, Latest Spyware News, Latest Spyware Threats, Worm on May 22nd, 2009 | Leave a comment
TAGS: , , ,

What is Kido worm?
Kido worm is a polymorphic worm that has been spreading through the Internet community since the end of 2008. This worm makes use of a critical vulnerability in Microsoft Windows to propagate via local network and removable disks. PCs with un-patched system or low network security are more likely to be infected. Once installed on the machine, this worm inhibits system restoration, prevents access to security websites, and even brings malware to the infected machines without user’s consent.

From a report researched by the most leading antivirus software vendors, a list of 100 top malware in 2009 is revealed, in which 26 variants of Kido worm are included. It can be easily seen that Kido worm takes up substantial proportion of the top most malicious programs.

PC users are strongly recommended to remove the Kido worm once found and keep the antivirus program up-to-date.

Do you have Kido worm?
If you have enough time and expertise, you can search your computer for Kido worm manually. However, it might take hours to find out all files of Kido worm, and it is possible that Kido worm will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Kido worm
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Kido worm removal instructions
WARNING: The manually removal method is for advanced users. Kido worm manually removal can be difficult and time-consuming. There is no guarantee that Kido worm can be completely removed, for there are hundreds of files generated when Kido worm installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below to remove Kido worm manually:

Navigate and stop the Kido worm processes:
N/A

Navigate and delete Kido worm files:
%Temp%\[Random].dll
%System%\[Random].tmp
%Temp%\[Random].tmp
%Program Files%\Internet Explorer\[Random].dll
%Program Files%\Movie Maker\[Random].dll
%All Users Application Data%\[Random].dll

Navigate and remove Kido worm registry keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32

What are the symptoms of Kido worm?

  • Kido worm may connect itself to the internet
  • Kido worm may hide from the user
  • Kido worm may stay resident in background

How do I keep away from Kido worm
Once you have cleaned up Kido worm, the most important point to prevent Kido worm and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Kido worm and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
Kido worm is a type of worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Win32/Taterf.B

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on March 18th, 2009 | 1 Comment
TAGS: , , , ,

What is Win32/Taterf.B?
Win32/Taterf.B is a hazardous worm designed to steal sensitive personal information such as passwords and usernames of online activities. Once this worm is installed on system, the account information of popular online games may be at high risk of being stolen. Apart from this, Win32/Taterf.B always maliciously attempts to disable anti-virus/anti-spyware programs, with the purpose of not to be removed by those system security tools.

Win32/Taterf.B is also known as Trojan.Lineage.Gen!Pac.3, PWS-Gamania.gen.a, and Mal/EncPk-CE. Therefore, it is highly recommended to remove this infection before it can do any harm to your system.

Do you have Win32/Taterf.B?
If you have enough time and expertise, you can search your computer for Win32/Taterf.B manually. However, it might take hours to find out all files of Win32/Taterf.B, and it is possible that Win32/Taterf.B will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Win32/Taterf.B
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Win32/Taterf.B removal instructions
WARNING: The manually removal method is for advanced users. Win32/Taterf.B manually removal can be difficult and time-consuming. There is no guarantee that Win32/Taterf.B can be completely removed, for there are hundreds of files generated when Win32/Taterf.B installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Win32/Taterf.B removal manually:

Navigate and stop the Win32/Taterf.B processes:
N/A

Navigate and delete Win32/Taterf.B files:
pytdfse0.dll
autorun.inf

Navigate and remove Win32/Taterf.B registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

What are the symptoms of Win32/Taterf.B?

  • Win32/Taterf.B may connect itself to the internet
  • Win32/Taterf.B may hide from the user
  • Win32/Taterf.B may stay resident in background

How do I keep away from Win32/Taterf.B
Once you have cleaned up Win32/Taterf.B, the most important point to prevent Win32/Taterf.B and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Win32/Taterf.B and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
Win32/Taterf.B a type of worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

My Supervisor2009

Posted by elise in Blog Latest Parasite Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Parasite Threats, Top Spyware Threats on March 12th, 2009 | 1 Comment
TAGS: , , , ,

What is My Supervisor2009?
My Supervisor2009 is a rogue anti-spyware program consisting of fake privacy scanner, registry cleaner and auto-run manager. Like most anti-spyware programs, My Supervisor2009 will display a fake system scan and show up a list of various fake results, in order to scare the users to buy its full version. This program also claims to be the most effective anti-spyware remover, which is able to detect and terminate all threats from the infected machine. However, My Supervisor2009 is actually a dangerous parasite that may take up system resources and crash your PC.

After installing onto PC system, My Supervisor2009 automatically runs system scan whenever Windows system startup. Then it floods the system with fake popped up alerts and messages. Once clicking on the link on the popup windows, you may be redirected to its purchase page.

Do you have My Supervisor2009?
If you have enough time and expertise, you can search your computer for My Supervisor2009 manually. However, it might take hours to find out all files of My Supervisor2009, and it is possible that My Supervisor2009 will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for My Supervisor2009
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual My Supervisor2009 removal instructions
WARNING: The manually removal method is for advanced users. My Supervisor2009 manually removal can be difficult and time-consuming. There is no guarantee that My Supervisor2009 can be completely removed, for there are hundreds of files generated when My Supervisor2009 installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for My Supervisor2009 removal manually:

Navigate and stop the My Supervisor2009 processes:
unins000.exe
MSup1bf7.exe

Navigate and delete My Supervisor2009 files:
%UserProfile%\\Desktop\\ProcessManager.lnk
%UserProfile%\\Desktop\\AutorunManager.lnk
%UserProfile%\\Desktop\\ServiceManager.lnk
%UserProfile%\\Desktop\\My Supervisor.lnk
%UserProfile%\\Application Data\\My Supervisor\\Process.ico
%UserProfile%\\Application Data\\My Supervisor\\Autorun.ico
%UserProfile%\\Application Data\\My Supervisor\\Service.ico
%UserProfile%\\Application Data\\My Supervisor\\uill.ini
%UserProfile%\\Application Data\\My Supervisor\\settings.ini
%UserProfile%\\Application Data\\My Supervisor
%Documents and Settings%\\All Users\\Application Data\\Data Files\\config.cfg
%Documents and Settings%\\All Users\\Application Data\\Data Files
%Documents and Settings%\\All Users\\Application Data\\2dcb\\Data Files
%Documents and Settings%\\All Users\\Application Data\\2dcb\\unins000.dat
%Documents and Settings%\\All Users\\Application Data\\2dcb\\working.log
%Documents and Settings%\\All Users\\Application Data\\2dcb\\sqlite3.dll
%Documents and Settings%\\All Users\\Application Data\\2dcb\\mozcrt19.dll
%Documents and Settings%\\All Users\\Application Data\\2dcb\\unins000.exe
%Documents and Settings%\\All Users\\Application Data\\2dcb\\MSup1bf7.exe
%Documents and Settings%\\All Users\\Application Data\\2dcb

Navigate and remove My Supervisor2009 registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “URWSWR[]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Supervisor_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Supervisor”

What are the symptoms of My Supervisor2009?

  • My Supervisor2009 may change browser settings
  • My Supervisor2009 may show commercial adverts
  • My Supervisor2009 may connect itself to the internet
  • My Supervisor2009 may hide from the user

How do I keep away from My Supervisor2009
Once you have cleaned up My Supervisor2009, the most important point to prevent My Supervisor2009 and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against My Supervisor2009 and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Rogue Anti-spyware Software?
My Supervisor2009 is a type of Rogue Anti-spyware Software.

Rogue Anti-spyware Software is the software that uses malware to advise or install itself through other malicious viruses or security hole without your permission. Rogue software usually pops up fake system message such as “Warning, your computer is infected! Click here to scan your computer now!” Most of the time, when clicking the “OK” button on the dialog tab, users will be directed to an unknown website that may download more spyware threats. Sometimes, even clicking the close button on the top right may lead to the installation of the rogue software, for the button is actually a link.

With the purpose to trick innocent users into the action of paying, rogue software usually counterfeits exaggerated and fake system scanning results and scare users to pay for the removal of the never-existed spyware infections. In fact, the threat is the rogue software itself. Most of them come with a bundle of very harmful spyware programs that hidden in the files themselves.