Trojan/Win32.TDSS—How to Get Rid of It Completely

Posted by Emma Adrian in Blog Knowledge Base, Recent Articles on November 27th, 2009 | Leave a comment
TAGS: , ,

Trojan/Win32.TDSS, as a new emerging virus, has been more and more popular these days. Many infected users complain that they keep receiving the message of strange software and asking them to purchase it to solve their computer problem! It is really annoying but hard to get rid of it since it keeps coming back after removing. So we gonna find a good way in getting rid of Trojan/Win32.TDSS.

Trojan/Win32.TDSS can be classed as backdoor virus which will reproduce itself and create the new one under the catalog %Temp% with a new name XX TM2.tmp. It utilizes ROOTKIT technology and hides itself in the system. When it invades the system successfully, it will connect to internet and start to download the “security program”, which is actually Fraud Tool! You will be informed that your PC has been infected with virus or how many threats have been found in your system; you can only get them out of your PC by buying their products. So what can you do to stop this? To adopt effectively ways to prevent it from attacking our PC is possible and easy.

On how to get rid of Trojan/Win32.TDSS, you can simply follow the following steps:

a) Press Ctrl+ spacebar+Del at the same time and then end the virus process from Manager Task. Recover proquota.exe file and copy it to catalog of %System32%.
b) Forcibly delete the infected files. If you suspect there may be some falsely deleting, you can back up first and then execute the Remove button.
c) Delete the booting items which were created by Trojan/Win32.TDSS.

You can easily get this virus out of your PC by clicking here Start your FREE scan now!

Nasty Virus—How to Remove Nasty Virus from Your PC

Posted by Emma Adrian in Blog Knowledge Base, Recent Articles on November 18th, 2009 | Leave a comment
TAGS: , , ,

Many computer users may encounter this situation a lot: after browsing websites or downloading something from internet, strange or annoying messages show up all the time even you have disconnected to the internet. When running security program on your PC, it may detect certain virus and removed. But after rebooting, it still come back, right? It just stays there and keeps annoying you. On this kind of nasty virus, what can we do to delete it completely? Now let us take further look at this topic.

Nasty virus, or we can call it malicious virus, is always showing up when computer user is careless to surf the net. Nasty virus seems to have a lot of blatant virus features which makes the users frustrated and have no idea on dealing with it. Once sneak into users’ PC, nasty virus will start spreading by using junk-emails and online network to search for new infecting targets. Although it usually can not cause great loss to you, it is quite damaging to those users who do not backup their important data and material regularly. If you have not updated your security program to the latest version, it is easier for the nasty virus to invade your system.

No one wants troubles or nasty virus while surfing the net. So we must figure out how to remove nasty virus from our computer. For safety, you can follow the tips bellow and help you protect PC security.
1. Back up your crucial documents regularly. We do not know where or when virus may sneak into computer, so the regular backup is necessary.
2. Do not open any email that comes from unknown sender. For those emails with interesting tiles or attachment, you have to pay much attention and ignore them once receive them.
3. Use powerful security program to detect virus at real time. In case to maintain its effectiveness, please keep the security program up to date.

For more security information and how to remove nasty virus, you can visit http://www.instantspywareremoval.com/ and start your FREE scan now!

Htepo Virus

Posted by Emma Adrian in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Virus on March 16th, 2009 | Leave a comment
TAGS: , ,

What is Htepo Virus?
Htepo Virus is a rogue infection that shows symptoms similar to the virtumonde infection. Htepo Virus sends false messages to computer users through annoying popups and system alert messages. And it will show a small yellow triangle in the system tray along with shortcuts for an ‘Online Security Guide’ and ‘Live Safety Center’. Htepo Virus may redirect your homepage setting in your browser to point to Htepo.com, which is known as a malicious website that may promote other rogue software.

Do you have Htepo Virus?
If you have enough time and expertise, you can search your computer for Htepo Virus manually. However, it might take hours to find out all files of Htepo Virus, and it is possible that Htepo Virus will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Htepo Virus
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Htepo Virus removal instructions
WARNING: The manually removal method is for advanced users. Htepo Virus manually removal can be difficult and time-consuming. There is no guarantee that Htepo Virus can be completely removed, for there are hundreds of files generated when Htepo Virus installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for Htepo Virus removal manually:

Navigate and stop Htepo Virus processes:
ucleaner_setup.exe
mgrs.exe
avp.exe
winshow.exe
vvgeowbv.exe

Navigate and Unregister Htepo Virus DLL Files:
owzuaoke.dll
exapgpul.dll
owzuaoke.dll
mesowidy4444.dll
owzuaoke.dll
ompgttr.dll
swvuqlm.dll
mesowidy83122.dll
mesowidy555077.dll

Navigate and Remove Htepo Virus registry values:
Htepo Virus

Navigate and Delete Htepo Virus files:
ucleaner_setup.exe
mgrs.exe
avp.exe
winshow.exe
vvgeowbv.exe
owzuaoke.dll
exapgpul.dll
owzuaoke.dll
mesowidy4444.dll
owzuaoke.dll
ompgttr.dll
swvuqlm.dll
mesowidy83122.dll
mesowidy555077.dll

What are the symptoms of Htepo Virus?

  • Htepo Virus may show symptoms similar to the virtumonde infection
  • Htepo Virus may display annoying popups and fake system alert messages
  • Htepo Virus may change your homepage setting in your browser to point to Htepo.com
  • Htepo Virus may slow down computer process

How do I keep away from Htepo Virus?
Once you have cleaned up Htepo Virus, the most important point to prevent Htepo Virus and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Htepo Virus and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Virus?
Htepo Virus is a type of Virus.

A virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

Win32/Sality.AA

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Virus on March 6th, 2009 | 1 Comment
TAGS: , , , ,

What is Win32/Sality.AA?
Win32/Sality.AA is a polymorphic virus that infects Win 32 PE executable files, meanwhile, acting as a keylogger. This virus logs keystrokes to certain windows and certain information on the infected machine and all the collected data is periodically submitted to a remote site. Win32/Sality.AA can be spread through unsolicited spam email, corrupt p2p and freeware downloads or porn sites.

After installed onto PC system, Win32/Sality.AA may download adware, spyware and other malware threats and deliver corrupt files, such as scvhsot.exe, blastclnnn.exe, blastclnnn.exe and hinhem.scr, within the Windows Win directory.

Win32/Sality.AA is also known as W32/Sality [McAfee], Virus.Win32.Sality.aa [Kaspersky], W32.Sality.AE [Symantec], Virus: Win32/Sality.AM [MS OneCare], PE_SALITY.EM [Trend].

Do you have Win32/Sality.AA?
If you have enough time and expertise, you can search your computer for Win32/Sality.AA manually. However, it might take hours to find out all files of Win32/Sality.AA, and it is possible that Win32/Sality.AA will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Win32/Sality.AA
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Win32/Sality.AA removal instructions
WARNING: The manually removal method is for advanced users. Win32/Sality.AA manually removal can be difficult and time-consuming. There is no guarantee that Win32/Sality.AA can be completely removed, for there are hundreds of files generated when Win32/Sality.AA installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Win32/Sality.AA removal manually:

Navigate and stop the Win32/Sality.AA processes:
N/A

Navigate and delete Win32/Sality.AA files:
%System%\amvo.exe
%System%\blastclnnn.exe
%System%\scvhsot.exe
%Temp%\00055a0e_rar\scvhsot.exe
%Temp%\000592b2_rar\scvhsot.exe
%Temp%\0005934e_rar\hinhem.scr
%Temp%\0005938d_rar\blastclnnn.exe
%Windir%\hinhem.scr
%Windir%\scvhsot.exe
c:\rdsfk.com

Navigate and remove Win32/Sality.AA registry keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”[INFECTED FILE]” = “[INFECTED FILE]:*:Enabled:ipsec”
HKEY_CURRENT_USER\Software\[USER NAME]914
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify = dword:00000001

What are the symptoms of Win32/Sality.AA?

  • Win32/Sality.AA may infect computer via spam e-mail, corrupt web sites and downloads third-party files through security holes
  • Win32/Sality.AA may change system tracks, creates popup ads equivalent browsing habits and collects system activity
  • Win32/Sality.AA may forward passwords, login names and other secret private information to outside hackers by avoiding antivirus and firewall programs

How do I keep away from Win32/Sality.AA
Once you have cleaned up Win32/Sality.AA, the most important point to prevent Win32/Sality.AA and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Win32/Sality.AA and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Virus?
Win32/Sality.AA is a type of Virus.

A virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

W32.Virut.CF

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Virus on February 26th, 2009 | 1 Comment
TAGS: , , ,

What is W32.Virut.CF?
W32.Virut.CF is a computer virus that affects Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, and Windows 2000. When executes, W32.Virut.CF attempts to inject malicious codes to files with the extensions like ‘.exe’ and ‘.scr’. Meanwhile, W32.Virut.CF also embeds an iframe into the body of the web-related files, such as .html, .php, .htm and .asp.

Besides executables, W32.Virut.CF also modifies the HOSTS file and infects clean machines accessing the infected web pages, while at the same time, preventing an infected computer from connecting and getting re-infected. After compromising the computer, W32.Virut.CF will open a backdoor for a remote attacker who will use this backdoor to gain access to the infected system.

Do you have W32.Virut.CF?
If you have enough time and expertise, you can search your computer for W32.Virut.CF manually. However, it might take hours to find out all files of W32.Virut.CF, and it is possible that W32.Virut.CF will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for W32.Virut.CF
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual W32.Virut.CF removal instructions
WARNING: The manually removal method is for advanced users. W32.Virut.CF manually removal can be difficult and time-consuming. There is no guarantee that W32.Virut.CF can be completely removed, for there are hundreds of files generated when W32.Virut.CF installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for W32.Virut.CF removal manually:

Navigate and stop the W32.Virut.CF processes:
N/A

Navigate and delete W32.Virut.CF files:
N/A

Navigate and remove W32.Virut.CF registry keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

What are the symptoms of W32.Virut.CF?

  • W32.Virut.CF may infect html and HOSTS files
  • W32.Virut.CF may prevent infected PC from connecting
  • W32.Virut.CF may open a backdoor for a remote attacker
  • W32.Virut.CF may redirect the browser to unknown location
  • W32.Virut.CF may decode an unknown server name or port number

How do I keep away from W32.Virut.CF
Once you have cleaned up W32.Virut.CF, the most important point to prevent W32.Virut.CF and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against W32.Virut.CF and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Virus?
W32.Virut.CF is a virus.

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.