Archive for the ‘1:Spyware Removal’ Category

« Older Entries

Win7 antivirus pro virus removal

Saturday, March 6th, 2010


Win 7 Antivirus Pro

its one of the rogue group antispyware programms. It is simillar to Antivirus Vista 2010, Win 7 Antispyware 2010 or any other which pretend to be installed via Automatic Updates.

This malware is so strong and agrresive that it can even be difficult to remove. If your computer already has it, you will notice all kind of fake allerts, fraudulent warrnings, claiming that you computer might be at risk. Win 7 Antivirus Pro tricks user by fake scans and results. Security messages shown by Win 7 Antivirus Pro often is written like that:

Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing security scan.

Win 7 Antivirus Pro is Extremely dangerous

Win 7 Antivirus Pro is a corrupt Anti-Spyware program
Win 7 Antivirus Pro may spread via Trojans
Win 7 Antivirus Pro may display fake security messages
Win 7 Antivirus Pro may install additional spyware to your computer
Win 7 Antivirus Pro may repair its files, spread or update by itself
Win 7 Antivirus Pro violates your privacy and compromises your security


Manual Removal instructions to remove Win7 Antivirus Pro

Stop these Win 7 Antivirus Pro processes:
av.exe

Remove these Win 7 Antivirus Pro Registry Entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

emove these Win 7 Antivirus Pro files:
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\WRblt8464P

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , ,
Posted in 1:Spyware Removal | No Comments »

XP Guardian 2010 virus removal

Friday, February 26th, 2010


Fake XP Guardian (XPGuardian) virus

XP Guardian is a fake anti-spyware program that is distributed through the use of Trojans or comes bundled with other malware. Once a Trojan virus is installed, it will impersonate an Automatic Windows Updates window and download the rogue program onto your computer. When the rogue program is active, it will imitate a system scan and report false system security threats. What is more, XPGuardian will constantly display fake security alerts and impersonate Windows Security Center to make the scam look more realistic. Finally it will ask you to pay for a full version of the program to remove the infections which don’t even exist. Don’t purchase it and remove XP Guardian virus from your computer upon detection.
fake-xp-guardian-2010
Remove XP Guardian for the following reasons:
- it is annoying: it shows various alerts and fake scan window at variable frequency. Those alerts and scan windows are classified as annoying and misleading advertisement;
- it is installed as removal-proof executables of extended and can block other executables;
- in addition, it will try to manage your web-browser in order to ban websites providing reliable antispyware to remove XP Guardian.

Manual removal of XP Guardian:

XP Guardian manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove XP Guardian manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan.

Delete XP Guardian files:

av.exe
WRblt8464P

Delete XP Guardian registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , ,
Posted in 1:Spyware Removal | No Comments »

XP Antispyware 2010 virus removal guide

Monday, February 22nd, 2010


XP Antispyware 2010 description

XP Antispyware 2010 is a misleading security program that can change its name according to which OS is running on an infected system. XP Antispyware 2010 claims to be able to prevent, detect and remove malware infections but it is not able to do any of these functions as it is not a legitimate application. XP Antispyware 2010 is distributed by Trojans and runs fake system scans once in has entered a system. This is done to scare a victim into purchasing the “licensed version” of XP Antispyware 2010. Ignore all scan reports, security alerts, notifications and pop-ups displayed by XP Antispyware 2010, and use an effective security tool to remove the trial version of XP Antispyware 2010 and any malware related to it.
XP-Antispyware-2010
XP Antispyware 2010 spreads via trojans and deceptive online advertisements. Avoid installing this program if you have a choice.

XPAntispyware 2010 targets your money. It loads imitation of system scan and then displays fabricated system scan results. XPAntispyware2010 urges paying for the program for deleting the imaginary threats. Trust none of the notifications loaded by XP Antispyware 2010. The program is actually a malware. Besides generating large amounts of counterfeit alerts, XP Antispyware2010 also interrupts web browsing and terminates reputable security tools.

XP Antispyware 2010 displays the following falsified warnings:

XP Antispyware 2010 – Unregistered Version
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete. XP Antispyware 2010 detected 28 critical system objects. These security breaches may be exploited and lead to the following:
! Your system becomes a target for spam and bulky, intruding ads
! Browser crashes frequently and web access speed decreases
! Your personalfiles, photos, document and passwords get stolen
! Your computer is used for criminal activity behind your back
! Bank details and credit card information gets disclosed
Click REGISTER to register your copy of XP Antispyware 2010 and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration.XP Antispyware 2010 Firewall Alert
XP Antispyware 2010 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Windows recommend Activate XP Antispyware 2010
Click “Yes, Activate…” to register your copy of XP Antispyware 2010 and perform threat removal on your system.


How to manually remove XP Antispyware 2010

To remove XP Antispyware 2010 spyware you must block XP Antispyware 2010 sites, stop and remove processes, unregister DLL files, search and delete all other XP Antispyware 2010 files and registry utility. Follow the XP Antispyware 2010 detection and removal instructions below.

XP Antispyware 2010 manual removal instructions
Stop and remove XP Antispyware 2010 processes:
av.exe

Locate and delete XP Antispyware 2010 registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Detect and delete other XP Antispyware 2010 files:
av.exe
WRblt8464P


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Fake Security Essentials 2010 virus removal

Thursday, February 18th, 2010


Security Essentials 2010 (SecurityEssentials2010)

Security Essentials 2010, also known as SecurityEssentials2010, is a fake antivirus program. The program can generally infect systems running any version of the Windows operating system. Security Essentials 2010 is one of many fake antivirus programs; other fake antivirus programs include Internet Security 2010 and XP Guardian. Security Essentials 2010 hopes to trick the user into thinking that it is a real program by using various tactics such as creating fake virus scans. The program is generally installed through the use of a trojan horse; therefore, the program is generally installed with user permission. Security Essentials 2010 is fake and doesn’t work. The program will generally modify system settings to the block the user from accessing webpages and opening programs. The virus may also modify Internet Explorer connection settings.
fake-security-essentials-2010-virus
Security Essentials 2010 itself doesn’t work to remove viruses and therefore should be removed immediately. It has a website which it uses to advertise the fake program.

Manual Security Essentials 2010 Removal

In order to manually remove Security Essentials 2010, the processes associated with Security Essentials 2010 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Security Essentials 2010 entered the computer.

Stop Security Essentials 2010 Processes
SE2010.exe

Delete Associated Security Essentials 2010 Files:

c:\s
c:\Program Files\Securityessentials2010\
c:\Program Files\Securityessentials2010\SE2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
%UserProfile%\Desktop\Security essentials 2010.lnk
%UserProfile%\Start Menu\Security essentials 2010.lnk
c:\WINDOWS\system32\41.exe
c:\WINDOWS\system32\helpers32.dll
c:\WINDOWS\system32\smss32.exe
c:\WINDOWS\system32\warnings.html
c:\WINDOWS\system32\winlogon32.exe

Delete Associated Security Essentials 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com
HKEY_CURRENT_USER\Software\SE2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security essentials 2010″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Vista Internet Security 2010 removal

Sunday, February 7th, 2010


Vista Internet Security 2010 virus removal

Vista Internet Security 2010 (can be also called as Vista Internet Security) is a rogue anti-spyware program that simulates a system scan and reports false scan results just to scare you and make you think that your computer is infected with Trojans, worms and other malware. Once installed, it will display fake security alerts or notifications and then inform you that you need to pay money to register the program if you want to remove the infections and computer threats, which of course do not even exist. Do not pay for this software and get rid of Vista Internet Security 2010 form your computer upon detection using the removal stated guide below.

The goal of Vista InternetSecurity is tricking people into purchasing the program. It’s not worth your money since its functions are malicious. It brings annoying counterfeit security warnings. VistaInternet Security also hijacks web browser and redirects it to deceptive websites that sell Vista Internet Security. The program is also able to block legitimate spyware and virus removers.


Manual removal of Vista Internet Security 2010:

Vista Internet Security 2010 manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove Vista Internet Security 2010 manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan (click on “Download Spyware Doctor to remove Vista Internet Security 2010 malware”).

Delete Vista Internet Security 2010 files:

av.exe
WRblt8464P

Delete Vista Internet Security 2010 registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Fake antivirus soft

Thursday, February 4th, 2010


Remove Fake Antivirus Soft rogue spyware

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.
Means
Newsoftspot.microsoft.com (also can be met as Newsoftspot.com) is a malicious domain, browser hijacker which is known to have been distributing Antivirus Soft, one of the latest rogue antispywares. Just like any other earlier variant of browser hijackers, Newsoftspot.microsoft.com is the malicious domain where people are offered to check their computers for viruses. Additionally, victims are redirected straight away to Newsoftspot.com/purchase and asked persistently to make a registration for Antivirus Soft. The “Microsoft” name on the website is expected to trick users into taking this scamware legitimate. However, just after registration it starts messing up the whole PC system, so save your money instead.
fake-antivirus-soft
While Antivirus Soft is running you will also see numerous security warnings and alerts that try to trick you into thinking that you have a security problem on your computer. An example of one of the alerts you will see is a fake Windows Security Center that looks exactly like the legitimate one, but instead suggests that you purchase Antivirus Soft to protect your computer. The infection will also show numerous alerts that state that your computer is infected, that you are sending personal data to a remote location, or a that your computer is being attacked. One of the alerts will have this text:

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E
Just like the fake scan results, these security alerts are all fake and are just being shown to trick you into purchasing the program.

Without a doubt, Antivirus Soft was created solely to try and scam you into thinking that your computer is infected in the hopes that you will then purchase it. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.

How to manually remove Antivirus Soft

Newsoftspot.microsoft.com manual removal:
Kill processes:
[random string]sysguard.exe

Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“

Delete files:
%Documents and Settings%\\[UserName]\\Local Settings\\Application Data\\[random string]\\[random string]sysguard.exe

Auto Removal:

Use these great softwares to remove “Antivirus Soft” virus.

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Antivirus Live 2010 fake virus

Wednesday, January 13th, 2010


Remove Fake Antivirus Live rogue spyware

Antivirus Live is a rogue antispyware program. It is a clone of widely spread rogue called Antivirus System Pro. The software usually spreads with the help of trojans. Once downloaded and installed Antivirus Live will register itself in the Windows registry to run automatically when Windows loads.When running, it will start a scan your computer and reports numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then Antivirus Live will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them!
antivirus-live-2010
Antivirus Live blocks the ability to run any programs. The following warning will be shown when you try to run the Notepad:

Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.

What is more, while Antivirus Live is running , you will be shown fake Windows Security Center, nag screens, warnings and fake security alerts from your Windows taskbar. The rogue will also change the proxy setting of Internet Explorer to redirect you to the Antivirus Live site.


How to Manually remove Antivirus Live 2010

Block Antivirus Live sites:
awareremover2010.com

Stop and remove Antivirus Live processes:
sysguard.exe

Locate and delete Antivirus Live registry entries:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “”

Search and unregister Antivirus Live DLL libraries:
iehelper.dll

Detect and delete other Antivirus Live files:
%WINDOWS%\sysguard.exe
%WINDOWS%\system32\iehelper.dll

Auto Removal tools to remove this virus:


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Desktop defender 2010 manual remove

Thursday, January 7th, 2010


Desktop Defender 2010 removal guide

It is a rogue spyware program pretending to be a security tool. Wich is installed on infected computer by the downloader trojans. It looks like it is part of Windows operating system because it appears out of nowhere and it claims to be a spyware remover.
The graphical user interface of Desktop Defender 2010 is quite impressive. It uses Windows Vista style and design elements to make it look more reliable. The rogue program ripped Clam AntiVirus database. ClamAV is an open source anti-virus toolkit. Once installed, DesktopDefender 2010 will imitate a system scan and report a variety of infections. The scan results are of course false. This parasite claims that you have to purchase the full version of the program to remove the threats, because free version is only a scanner. Obviously, you shouldn’t buy it. Another very important thing is that this program modifies the LSP chain by adding siglsp.dll file. If you remove this file without restoring the LSP chain this will break your Internet connection.
Desktop-Defender-2010
What is more, Desktop Defender 2010 will constantly display fake security alerts and notifications from the Windows Task bar stating that your computer is seriously infected or has many privacy/security problems. The fake security alerts state:

Possible loss of data!
Too many privacy violation attempts on your computer!
The details about your credit card, post address, phone numbers from the submitted form can be lost.
——————-
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.

If you find that your PC is infected with this malicious software, please use the removal guide below to remove Desktop Defender 2010 from the system manually for free. If you have already purchased this program, then contact your credit card company and dispute the charges immediately.

Manual Removal instructions to remove this virus:

Kill processes:
Desktop Defender 2010.exe
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
uninstall.exe

Unregister DLLs:
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll

Delete files:
Desktop Defender 2010.exe
guide.chm
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
daily.cvd
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll
tdifw_drv_WLH.sys
tdifw_drv_WXP.sys
uninstall.exe
tdifw_drv.sys
log.txt
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
Desktop Defender 2010.lnk
Activate Desktop Defender 2010.lnk
How to Activate Desktop Defender 2010.lnk

Delete directories:
c:\Program Files\Desktop Defender 2010
c:\WINDOWS\system32\LogFiles\tdifw
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
%Temp%\

Delete Desktop Defender 2010 Windows Registry Information:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys

End of Manual removal instructions.
Or
use Auto Removal tools to remove this virus:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Malware Defense virus removal guide

Saturday, December 26th, 2009



Malware Defense is a fake antivirus program from the same family as AntiMalware virus. Please read the removal instructions carefully and remove this infection from your computer as soon as possible. MalwareDefense is promoted through the use of Trojans, mostly Trojan.FakeAlert. Most of the time, Trojans come from fake online scanners, misleading websites or masquerading as a fake video codec. Please note that Trojans can come bundled with other illegitimate software. Once installed, Malware Defense will generate fake alerts or notifications and report false detections in order to convince you to purchase this bogus anti-virus software. Please don’t purchase it. Otherwise, you will simply lose your money.

When running, Malware Defense will simulate a system scan and display a list of infections that can’t be removed with a trial version of this program. In order to remove found infections you have to buy a full version of it. However, this is nothing more but a scam. Let’s see why. First of all, MalwareDefense reports non-existing or legitimate Windows files as infections. Do not remove those files manually because you can seriously damage your computer. Some of the infections will be shown with the following names: Backdoor.Win32.Agent.ich, Rootkit.Win32.Agent.pp, Trojan.Dropper, Virus.Win32.Gpcode.ak, Email-Worm.Win32.NetSky.q, Net-Worm.Win32.Mytob.t and etc. Usually, Malware Defense detects those infections in main Windows OS directories. Of course, this malicious software detects the same infections on every infected computer.

While running, Malware Defense will also display fake security alerts, notifications and error messages. This is a part of MalwareDefense scam. This virus will block particular software and display fake warning that states:

There is unauthorized antivirus software detected on your computer. It is recommend you to remove it, otherwise it could conflict with Malware Defense. Press ‘OK’ to terminate [Program name]


Malware Defense manual removal:
Kill processes:
mdefense.exe uninstall.exe

Delete registry values:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Malware Defense”

Unregister DLLs:
mdext.dll

Delete files:
mdefense.exe mdext.dll uninstall.exe help.ico md.db Malware Defense Support.lnk Malware Defense.lnk Uninstall Malware Defense.lnk

Delete directories:
C:\Program Files\Malware Defense
%UserProfile%\Start Menu\Programs\Malware Defense


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Personal Security virus removal guide

Saturday, December 26th, 2009



Remove Fake PersonalSecurity center rogue spyware
Personal Security is a rogue anti-spyware program from the same family as Cyber Security. This program is promoted through the use of malware that will install it on your computer without your permission. In order to protect itself, this program will automatically attempt to terminate security programs that may help to remove it. When installed, Personal Security will be configured to start automatically when Windows starts. Once started, it will scan your computer and display a variety of infections, but will state that it will not remove them unless you first purchase the program. In reality, the infections it finds are either fake or legitimate programs that if deleted could cause problems with the proper operation of Windows. Therefore, please do not act upon any of the files it states are infections.

Personal Security reports regular programs as infections and requires buying full version for deleting the „threats“. It uses aggressive tactics to indimidate victims and gain a purchase. PersonalSecurity hijacks web browser and loads the following notification:

Privacy violation alert!
Personal Security has detected numerous privacy violations. Some programs may send your private data to an untrusted internet host. Click here to permanently block this activity and remove the possible threat (Recommended)

System files modification alert!
Important system files of your computer may be modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification and remove potential threats (Recommended).

Internal conflict alert!
Personal Security has detected internal software conflict. Some application endeavors to access system kernel (such behavior is typical for spyware/malware). Click here to prevent system crash and remove potential threats (Recommended)

Spyware activity alert!
Spyware.IEMonster is a popular spyware that attempts to steal passwords from Web browsers, e-mail clients and other programs, including login information from online banking sessions, billing pages, CC transactions, etc. It may also create special tracking files to log your activity and compromise your Internet privacy. It is strongly recommended to prevent this threat immediately. Click here to get protection against Spyware.IEMonster.

Privacy Violation alert!
Personal Security detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. Click here to block this activity by removing the threat (Recommended).

System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).

System files modification alert!
Personal Security detected internal software conflict. Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer. Click here to prevent system crash by removing threats (Recommended).

Spyware activity alert!
Spyware.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. It’s strongly recommended to remove this threat as soon as possible. Click here to remove Spyware.IEMonster.

How to Manually remove Personal Security Center 2010

To remove Personal Security spyware you must block Personal Security sites, stop and remove processes, unregister DLL files, search and delete all other Personal Security files and registry utility. Follow the Personal Security detection and removal instructions below.

The most typical software removal method is to remove Personal Security by using “Add or Remove Programs” service. However there may be hidden Personal Security files, running processes and registries in your computer, so Personal Security may recreate all other files after reboot.

Personal Security manual removal instructions
Block Personal Security sites:
browsersecessentials.com
protection-estore.com

Stop and remove Personal Security processes:
psecurity.exe

Locate and delete Personal Security registry entries:
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “PSecurity”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009″

Search and unregister Personal Security DLL libraries:
win32extension.dll

Detect and delete other Personal Security files:
c:\Program Files\PSecurity
c:\Program Files\PSecurity\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
c:\Documents and Settings\All Users\Start Menu\PSecurity
c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | No Comments »

« Older Entries