Archive for February, 2010

XP Guardian 2010 virus removal

Friday, February 26th, 2010


Fake XP Guardian (XPGuardian) virus

XP Guardian is a fake anti-spyware program that is distributed through the use of Trojans or comes bundled with other malware. Once a Trojan virus is installed, it will impersonate an Automatic Windows Updates window and download the rogue program onto your computer. When the rogue program is active, it will imitate a system scan and report false system security threats. What is more, XPGuardian will constantly display fake security alerts and impersonate Windows Security Center to make the scam look more realistic. Finally it will ask you to pay for a full version of the program to remove the infections which don’t even exist. Don’t purchase it and remove XP Guardian virus from your computer upon detection.
fake-xp-guardian-2010
Remove XP Guardian for the following reasons:
- it is annoying: it shows various alerts and fake scan window at variable frequency. Those alerts and scan windows are classified as annoying and misleading advertisement;
- it is installed as removal-proof executables of extended and can block other executables;
- in addition, it will try to manage your web-browser in order to ban websites providing reliable antispyware to remove XP Guardian.

Manual removal of XP Guardian:

XP Guardian manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove XP Guardian manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan.

Delete XP Guardian files:

av.exe
WRblt8464P

Delete XP Guardian registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools


Download
Super Anti Spyware
OR

Download
Malware Bytes Anti-Malware

XP Antispyware 2010 virus removal guide

Monday, February 22nd, 2010


XP Antispyware 2010 description

XP Antispyware 2010 is a misleading security program that can change its name according to which OS is running on an infected system. XP Antispyware 2010 claims to be able to prevent, detect and remove malware infections but it is not able to do any of these functions as it is not a legitimate application. XP Antispyware 2010 is distributed by Trojans and runs fake system scans once in has entered a system. This is done to scare a victim into purchasing the “licensed version” of XP Antispyware 2010. Ignore all scan reports, security alerts, notifications and pop-ups displayed by XP Antispyware 2010, and use an effective security tool to remove the trial version of XP Antispyware 2010 and any malware related to it.
XP-Antispyware-2010
XP Antispyware 2010 spreads via trojans and deceptive online advertisements. Avoid installing this program if you have a choice.

XPAntispyware 2010 targets your money. It loads imitation of system scan and then displays fabricated system scan results. XPAntispyware2010 urges paying for the program for deleting the imaginary threats. Trust none of the notifications loaded by XP Antispyware 2010. The program is actually a malware. Besides generating large amounts of counterfeit alerts, XP Antispyware2010 also interrupts web browsing and terminates reputable security tools.

XP Antispyware 2010 displays the following falsified warnings:

XP Antispyware 2010 – Unregistered Version
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete. XP Antispyware 2010 detected 28 critical system objects. These security breaches may be exploited and lead to the following:
! Your system becomes a target for spam and bulky, intruding ads
! Browser crashes frequently and web access speed decreases
! Your personalfiles, photos, document and passwords get stolen
! Your computer is used for criminal activity behind your back
! Bank details and credit card information gets disclosed
Click REGISTER to register your copy of XP Antispyware 2010 and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration.XP Antispyware 2010 Firewall Alert
XP Antispyware 2010 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Windows recommend Activate XP Antispyware 2010
Click “Yes, Activate…” to register your copy of XP Antispyware 2010 and perform threat removal on your system.


How to manually remove XP Antispyware 2010

To remove XP Antispyware 2010 spyware you must block XP Antispyware 2010 sites, stop and remove processes, unregister DLL files, search and delete all other XP Antispyware 2010 files and registry utility. Follow the XP Antispyware 2010 detection and removal instructions below.

XP Antispyware 2010 manual removal instructions
Stop and remove XP Antispyware 2010 processes:
av.exe

Locate and delete XP Antispyware 2010 registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Detect and delete other XP Antispyware 2010 files:
av.exe
WRblt8464P


Download
Super Anti Spyware
OR

Download
Malware Bytes Anti-Malware


Fake Security Essentials 2010 virus removal

Thursday, February 18th, 2010


Security Essentials 2010 (SecurityEssentials2010)

Security Essentials 2010, also known as SecurityEssentials2010, is a fake antivirus program. The program can generally infect systems running any version of the Windows operating system. Security Essentials 2010 is one of many fake antivirus programs; other fake antivirus programs include Internet Security 2010 and XP Guardian. Security Essentials 2010 hopes to trick the user into thinking that it is a real program by using various tactics such as creating fake virus scans. The program is generally installed through the use of a trojan horse; therefore, the program is generally installed with user permission. Security Essentials 2010 is fake and doesn’t work. The program will generally modify system settings to the block the user from accessing webpages and opening programs. The virus may also modify Internet Explorer connection settings.
fake-security-essentials-2010-virus
Security Essentials 2010 itself doesn’t work to remove viruses and therefore should be removed immediately. It has a website which it uses to advertise the fake program.

Manual Security Essentials 2010 Removal

In order to manually remove Security Essentials 2010, the processes associated with Security Essentials 2010 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Security Essentials 2010 entered the computer.

Stop Security Essentials 2010 Processes
SE2010.exe

Delete Associated Security Essentials 2010 Files:

c:\s
c:\Program Files\Securityessentials2010\
c:\Program Files\Securityessentials2010\SE2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
%UserProfile%\Desktop\Security essentials 2010.lnk
%UserProfile%\Start Menu\Security essentials 2010.lnk
c:\WINDOWS\system32\41.exe
c:\WINDOWS\system32\helpers32.dll
c:\WINDOWS\system32\smss32.exe
c:\WINDOWS\system32\warnings.html
c:\WINDOWS\system32\winlogon32.exe

Delete Associated Security Essentials 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com
HKEY_CURRENT_USER\Software\SE2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security essentials 2010″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”


Download
Super Anti Spyware
OR

Download
Malware Bytes Anti-Malware


Recycler virus autorun-inf file removal

Monday, February 15th, 2010


Recycler virus

is a virus that exploits the autorun feature of Windows. It copies the autorun.inf files on each drive of the computer, be it permanent or a removable media such as DVDs, CD ROMs, USB Devices, or Memory Sticks. The recycler virus originated from the W32.Lecna.H worm that spreads itself by copying itself to all the active drives.

The virus creates a hidden folder in each active drive. Each time you insert a removable media, it will execute itself. It uses a batch file to modify the system registry and executes itself each time the system starts up. You cannot remove the virus even after formatting your removable media. The anti-virus software may detect it but cannot remove it.

The recycler virus is very destructive. Once it infects your computer, it will connect itself to malicious websites and download the malicious code to your computer. The malicious code will then steal your personal information such as credit card information, social security, account numbers, usernames, and passwords stored on your computer.


Conduct a Recycler Virus Removal

You can remove the recycler virus both manually and by using any recycler virus removal tool. To remove the virus manually, you need to:

1. Search for the process called CTFMON.EXE and kill it through Task Manager.
2. Search CTFMON.EXE file in the Startup menu and delete it.
3. Boot the system in safe mode and open the command prompt.
4. Disable hidden, system, and read only attributes for autorun.inf and recycled folder delete them.
5. Clean the recycle bin.
6. Repeat these steps for all the drives on your computer.
7. Open registry editor and modify the NoDriveTypeAutoRun entry with 03ffffff value after searching it in following registry folders:
HKEY_LOCAL_MACHINESOFTWARE
HKEY_CURRENT_USERSOFTWARE

8. Reboot and scan your system with latest antivirus software.

The manual removal of the infection is not recommended because it requires an expertise to edit windows registry. In case you remove/modify a wrong registry entry, you may cause severe damage to your system. Therefore, it is always better to remove Recycler Virus with a specialized removal tool.

DownloadFlash DisInfector to remove this virus

Vista Internet Security 2010 removal

Sunday, February 7th, 2010


Vista Internet Security 2010 virus removal

Vista Internet Security 2010 (can be also called as Vista Internet Security) is a rogue anti-spyware program that simulates a system scan and reports false scan results just to scare you and make you think that your computer is infected with Trojans, worms and other malware. Once installed, it will display fake security alerts or notifications and then inform you that you need to pay money to register the program if you want to remove the infections and computer threats, which of course do not even exist. Do not pay for this software and get rid of Vista Internet Security 2010 form your computer upon detection using the removal stated guide below.

The goal of Vista InternetSecurity is tricking people into purchasing the program. It’s not worth your money since its functions are malicious. It brings annoying counterfeit security warnings. VistaInternet Security also hijacks web browser and redirects it to deceptive websites that sell Vista Internet Security. The program is also able to block legitimate spyware and virus removers.


Manual removal of Vista Internet Security 2010:

Vista Internet Security 2010 manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove Vista Internet Security 2010 manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan (click on “Download Spyware Doctor to remove Vista Internet Security 2010 malware”).

Delete Vista Internet Security 2010 files:

av.exe
WRblt8464P

Delete Vista Internet Security 2010 registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?


Download
Super Anti Spyware
OR

Download
Malware Bytes Anti-Malware


Fake antivirus soft

Thursday, February 4th, 2010


Remove Fake Antivirus Soft rogue spyware

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.
Means
Newsoftspot.microsoft.com (also can be met as Newsoftspot.com) is a malicious domain, browser hijacker which is known to have been distributing Antivirus Soft, one of the latest rogue antispywares. Just like any other earlier variant of browser hijackers, Newsoftspot.microsoft.com is the malicious domain where people are offered to check their computers for viruses. Additionally, victims are redirected straight away to Newsoftspot.com/purchase and asked persistently to make a registration for Antivirus Soft. The “Microsoft” name on the website is expected to trick users into taking this scamware legitimate. However, just after registration it starts messing up the whole PC system, so save your money instead.
fake-antivirus-soft
While Antivirus Soft is running you will also see numerous security warnings and alerts that try to trick you into thinking that you have a security problem on your computer. An example of one of the alerts you will see is a fake Windows Security Center that looks exactly like the legitimate one, but instead suggests that you purchase Antivirus Soft to protect your computer. The infection will also show numerous alerts that state that your computer is infected, that you are sending personal data to a remote location, or a that your computer is being attacked. One of the alerts will have this text:

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E

Just like the fake scan results, these security alerts are all fake and are just being shown to trick you into purchasing the program.

Without a doubt, Antivirus Soft was created solely to try and scam you into thinking that your computer is infected in the hopes that you will then purchase it. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.

How to manually remove Antivirus Soft

Newsoftspot.microsoft.com manual removal:
Kill processes:
[random string]sysguard.exe

Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“

Delete files:
%Documents and Settings%\\[UserName]\\Local Settings\\Application Data\\[random string]\\[random string]sysguard.exe

Auto Removal:

Use these great softwares to remove “Antivirus Soft” virus.

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware