Posts Tagged ‘rogue’

Fake Security Essentials 2010 virus removal

Thursday, February 18th, 2010


Security Essentials 2010 (SecurityEssentials2010)

Security Essentials 2010, also known as SecurityEssentials2010, is a fake antivirus program. The program can generally infect systems running any version of the Windows operating system. Security Essentials 2010 is one of many fake antivirus programs; other fake antivirus programs include Internet Security 2010 and XP Guardian. Security Essentials 2010 hopes to trick the user into thinking that it is a real program by using various tactics such as creating fake virus scans. The program is generally installed through the use of a trojan horse; therefore, the program is generally installed with user permission. Security Essentials 2010 is fake and doesn’t work. The program will generally modify system settings to the block the user from accessing webpages and opening programs. The virus may also modify Internet Explorer connection settings.
fake-security-essentials-2010-virus
Security Essentials 2010 itself doesn’t work to remove viruses and therefore should be removed immediately. It has a website which it uses to advertise the fake program.

Manual Security Essentials 2010 Removal

In order to manually remove Security Essentials 2010, the processes associated with Security Essentials 2010 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Security Essentials 2010 entered the computer.

Stop Security Essentials 2010 Processes
SE2010.exe

Delete Associated Security Essentials 2010 Files:

c:\s
c:\Program Files\Securityessentials2010\
c:\Program Files\Securityessentials2010\SE2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
%UserProfile%\Desktop\Security essentials 2010.lnk
%UserProfile%\Start Menu\Security essentials 2010.lnk
c:\WINDOWS\system32\41.exe
c:\WINDOWS\system32\helpers32.dll
c:\WINDOWS\system32\smss32.exe
c:\WINDOWS\system32\warnings.html
c:\WINDOWS\system32\winlogon32.exe

Delete Associated Security Essentials 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com
HKEY_CURRENT_USER\Software\SE2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security essentials 2010″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Desktop defender 2010 manual remove

Thursday, January 7th, 2010


Desktop Defender 2010 removal guide

It is a rogue spyware program pretending to be a security tool. Wich is installed on infected computer by the downloader trojans. It looks like it is part of Windows operating system because it appears out of nowhere and it claims to be a spyware remover.
The graphical user interface of Desktop Defender 2010 is quite impressive. It uses Windows Vista style and design elements to make it look more reliable. The rogue program ripped Clam AntiVirus database. ClamAV is an open source anti-virus toolkit. Once installed, DesktopDefender 2010 will imitate a system scan and report a variety of infections. The scan results are of course false. This parasite claims that you have to purchase the full version of the program to remove the threats, because free version is only a scanner. Obviously, you shouldn’t buy it. Another very important thing is that this program modifies the LSP chain by adding siglsp.dll file. If you remove this file without restoring the LSP chain this will break your Internet connection.
Desktop-Defender-2010
What is more, Desktop Defender 2010 will constantly display fake security alerts and notifications from the Windows Task bar stating that your computer is seriously infected or has many privacy/security problems. The fake security alerts state:

Possible loss of data!
Too many privacy violation attempts on your computer!
The details about your credit card, post address, phone numbers from the submitted form can be lost.
——————-
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.

If you find that your PC is infected with this malicious software, please use the removal guide below to remove Desktop Defender 2010 from the system manually for free. If you have already purchased this program, then contact your credit card company and dispute the charges immediately.

Manual Removal instructions to remove this virus:

Kill processes:
Desktop Defender 2010.exe
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
uninstall.exe

Unregister DLLs:
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll

Delete files:
Desktop Defender 2010.exe
guide.chm
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
daily.cvd
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll
tdifw_drv_WLH.sys
tdifw_drv_WXP.sys
uninstall.exe
tdifw_drv.sys
log.txt
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
Desktop Defender 2010.lnk
Activate Desktop Defender 2010.lnk
How to Activate Desktop Defender 2010.lnk

Delete directories:
c:\Program Files\Desktop Defender 2010
c:\WINDOWS\system32\LogFiles\tdifw
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
%Temp%\

Delete Desktop Defender 2010 Windows Registry Information:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys

End of Manual removal instructions.
Or
use Auto Removal tools to remove this virus:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

System Security 2009 fake virus program removal guide

Monday, July 27th, 2009



Remove System Security 2009 fake rogue spyware
System Security, also known as System Security 2009, (Fake anti virus program / Rogue spyware) is another deadly counterfeit antispyware application that developed to invade our Internet life. (Do not confuse System Security, which is fake softeware, to AE Software Technologies’ System Security 2009 which indeed a legit software). Presumably, System Security is a new verion of Winweb Security, with different name but same destruction. Just like most fake antispywares, System Security simulates the Windows system security alert interface, then issues misleading and exaggerated results to distract and scare the internet users.

System Security 2009 usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. System Security will display fake system alerts or fake security alerts to trick user to buy the paid version of System Security, in order to remove the potential and reported problems. Not only does it cause your machine to slow down dramatically, it would also put your privacy and data in risk.

And Once installed, Security 2009 will be set to start automatically when Windows starts. Once started, the program will scan your computer and list a variety of infections, which cannot be removed unless you first purchase the program. These infections, though, are actually legitimate programs that could cause problems with the proper operation of your computer if deleted. While running, Security 2009 will also display fake security alerts in your Windows taskbar. These security alerts will contain messages stating that Security 2009 detected malware or an attack on your system and that you should register the software to protect yourself. These fake alerts and the false positives found in the scan are just a tactic to scare you into purchasing the software.



Manual System Security Removal Instructions:

Stop System Security Processes:
SystemSecurity.exe
05643921.exe
install.exe

Find and Delete these System Security Files:
systemsecurity.exe
SystemSecurity.lnk
SystemSecurity on the Web.lnk
Uninstall SystemSecurity.lnk
%desktopdirectory%\system security.lnk
%desktopdirectory%\ws\config.udb
%desktopdirectory%\ws\init.udb
%desktopdirectory%\ws\languages\english.lng
%desktopdirectory%\ws\languages\german.lng
%desktopdirectory%\ws\languages\spanish.lng
%desktopdirectory%\ws\systemsecurity.exe
%programs%\system security\system security.lnk
%desktopdirectory%\ws\systemsecurity.exe
05643921.exe
install.exe
%desktopdirectory%\system security 2009.lnk
%programs%\system security\system security 2009 support.lnk
%programs%\system security\system security 2009.lnk

Remove System Security Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run systemsecurity
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 shortcutpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 uninstallstring
=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Spyware Doctor

=======================

Tags: , , , , , , , , ,
Posted in 1:Spyware Removal | 9 Comments »

Fake Search and destory 2009 virus removal

Monday, July 27th, 2009



Remove Fake Search and Destroy 2009
Search And Destroy 2009 is more fake antivirus software. If you thought Search And Destroy 2009 was all right, don’t blame yourself — Search And Destroy 2009 is riding off the good name of Spybot’s Search & Destroy, which is legit antivirus/antispyware software. Outside of the name rip-off, Search And Destroy 2009 has nothing in common with Spybot’s work.

You can thank a Trojan or scam website for installing Search And Destroy 2009 onto your PC. Once Search And Destroy 2009 is in, Search And Destroy 2009 tries to trick you into buying the “full” version of Search And Destroy 2009 with fake threat alerts, and by noting harmless files as dangerous.



Remove Search and Destory Popups Manually:

Block Search And Destroy 2009 sites:
http://www.search-and-destroy.com/

Get rid of Search And Destroy 2009 files:
SearchAndDestroy2009.lnk
UninstallSearchAndDestroy2009.lnk

Get rid of Search And Destroy 2009 folders:
%Documents and Settings%\All Users\Start Menu\Programs\Search And Destroy 2009
%Program Files%\Search And Destroy
Get rid of Search And Destroy 2009 registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Search And Destroy5.2

HKEY_ALL_USERS\Software\MPMFC1
Note: In any Search And Destroy 2009 files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Search And Destroy 2009 removal, go ahead and leave a comment.
=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Spyware Doctor

=======================

Tags: , , , , ,
Posted in 1:Spyware Removal | No Comments »

Fake antivirus 2009 Removal guide

Monday, July 27th, 2009



XP Antivirus Protection AKA: XPAntivirus 2009 or 2010 is fake antivirus software program. This program is typically known to infect a computer just after performing an install of specific video codec. This corrupted video codec is usually distributed with a Trojan, Malware and Virus. It is crucial to remove all the components of XP Antivirus and all malware and trojans such as zlob.trojan, trojan.vundo and trojan.downloader that may have been installed along with it. The following tutorial explains how to remove this XP Antivirus Protection.

Simply, It’s a virus designed to extort money from you by demanding you pay for the “full version”. to remove the viruses that it has “detected”.

How to remove XP Antivirus Protection:

Step 1 : Use Windows File Search Tool to Find Antivirus 2009 Path

1. Go to Start > Search > All Files or Folders.
2. In the “All or part of the the file name” section, type in “Antivirus 2009″ file name(s).
3. To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
4. When Windows finishes your search, hover over the “In Folder” of “Antivirus 2009″, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete Antivirus 2009 in the following manual removal steps.
5. “Antivirus 2009″ files can be found in the directory path(s): 6. %AllUsersProfile%\Application Data\SoftLand Ltd\Antivirus 2009 %ProgramFiles%\Antivirus 2009 XP %UserProfile%\Start Menu\Antivirus2009y %ProgramFiles%\Win Antivirus 2009 %AppData%\Antivirus2009y %ProgramFiles%\Antivirus2009y %ProgramFiles%\ANTIVIRUS 2009

Step 2 : Use Windows Task Manager to Remove Antivirus 2009 Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the “Image Name” button to search for “Antivirus 2009″ process by name.
3. Select the “Antivirus 2009″ process and click on the “End Process” button to kill it.
4. Remove the “Antivirus 2009″ processes files:
5. lwpwer.exe xpa_2009.exe Antivirus-2009.exe av2009xp.exe Win Antivirus 2009.exe AntvrsInstall[1].exe AntvrsInstall.exe Antvrs.exe
Read more about How to kill Antivirus 2009 Processes


Now, the Step 3:

Navigate to Start-> Run, type cmd in the box and click Open
In the command window, type regsvr32 /u shlwapi.dll and press Enter
Next type regsvr32 /u wininet.dll and press Enter
Next Press Ctrl + Shift + ESC

Right click on antivirus.exe from the processes window and select the option to end process
Right click on antivirusUpdate.exe from the processes window and select the option to end process
Navigate to Start-> Search, then click on Files and Folders. Search for and delete the following files:
antivirus.exe
antivirusUpdate.exe
shlwapi.dll
wininet.dll
antivirus 2009.lnk
Uninstall antivirus 2009.lnk
antivirus 2009
antivirus.lnk
Uninstall antivirus.lnk
antivirus on the Web.lnk
antivirus.url
Navigate to Start-> Run, type regedit in the box and click Open
Delete antivirus 2009 in the following path: HKEY_USERS\Software\

And Also Look for the following
Step 4 : Detect and Delete Other Antivirus 2009 Files

1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the “OK” button.
2. Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
3. To change directory, type in “cd name_of_the_folder”.
4. Once you have the file you’re looking for type in “del name_of_the_file”.
5. To delete a file in folder, type in “del name_of_the_file”.
6. To delete the entire folder, type in “rmdir /S name_of_the_folder”.
7. Select the “Antivirus 2009″ process and click on the “End Process” button to kill it.
8. Remove the “Antivirus 2009″ processes files:
Restart your PC and everything should be back to normal
=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Spyware Doctor

=======================

Tags: , , , , , , , ,
Posted in 1:Spyware Removal | No Comments »