Posts Tagged ‘spyware’

« Older Entries

Win7 antivirus pro virus removal

Saturday, March 6th, 2010


Win 7 Antivirus Pro

its one of the rogue group antispyware programms. It is simillar to Antivirus Vista 2010, Win 7 Antispyware 2010 or any other which pretend to be installed via Automatic Updates.

This malware is so strong and agrresive that it can even be difficult to remove. If your computer already has it, you will notice all kind of fake allerts, fraudulent warrnings, claiming that you computer might be at risk. Win 7 Antivirus Pro tricks user by fake scans and results. Security messages shown by Win 7 Antivirus Pro often is written like that:

Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing security scan.

Win 7 Antivirus Pro is Extremely dangerous

Win 7 Antivirus Pro is a corrupt Anti-Spyware program
Win 7 Antivirus Pro may spread via Trojans
Win 7 Antivirus Pro may display fake security messages
Win 7 Antivirus Pro may install additional spyware to your computer
Win 7 Antivirus Pro may repair its files, spread or update by itself
Win 7 Antivirus Pro violates your privacy and compromises your security


Manual Removal instructions to remove Win7 Antivirus Pro

Stop these Win 7 Antivirus Pro processes:
av.exe

Remove these Win 7 Antivirus Pro Registry Entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

emove these Win 7 Antivirus Pro files:
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\WRblt8464P

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Fake Security Essentials 2010 virus removal

Thursday, February 18th, 2010


Security Essentials 2010 (SecurityEssentials2010)

Security Essentials 2010, also known as SecurityEssentials2010, is a fake antivirus program. The program can generally infect systems running any version of the Windows operating system. Security Essentials 2010 is one of many fake antivirus programs; other fake antivirus programs include Internet Security 2010 and XP Guardian. Security Essentials 2010 hopes to trick the user into thinking that it is a real program by using various tactics such as creating fake virus scans. The program is generally installed through the use of a trojan horse; therefore, the program is generally installed with user permission. Security Essentials 2010 is fake and doesn’t work. The program will generally modify system settings to the block the user from accessing webpages and opening programs. The virus may also modify Internet Explorer connection settings.
fake-security-essentials-2010-virus
Security Essentials 2010 itself doesn’t work to remove viruses and therefore should be removed immediately. It has a website which it uses to advertise the fake program.

Manual Security Essentials 2010 Removal

In order to manually remove Security Essentials 2010, the processes associated with Security Essentials 2010 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Security Essentials 2010 entered the computer.

Stop Security Essentials 2010 Processes
SE2010.exe

Delete Associated Security Essentials 2010 Files:

c:\s
c:\Program Files\Securityessentials2010\
c:\Program Files\Securityessentials2010\SE2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
%UserProfile%\Desktop\Security essentials 2010.lnk
%UserProfile%\Start Menu\Security essentials 2010.lnk
c:\WINDOWS\system32\41.exe
c:\WINDOWS\system32\helpers32.dll
c:\WINDOWS\system32\smss32.exe
c:\WINDOWS\system32\warnings.html
c:\WINDOWS\system32\winlogon32.exe

Delete Associated Security Essentials 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com
HKEY_CURRENT_USER\Software\SE2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security essentials 2010″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop “NoChangingWallpaper” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoActiveDesktopChanges” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoSetActiveDesktop” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Fake antivirus soft

Thursday, February 4th, 2010


Remove Fake Antivirus Soft rogue spyware

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.
Means
Newsoftspot.microsoft.com (also can be met as Newsoftspot.com) is a malicious domain, browser hijacker which is known to have been distributing Antivirus Soft, one of the latest rogue antispywares. Just like any other earlier variant of browser hijackers, Newsoftspot.microsoft.com is the malicious domain where people are offered to check their computers for viruses. Additionally, victims are redirected straight away to Newsoftspot.com/purchase and asked persistently to make a registration for Antivirus Soft. The “Microsoft” name on the website is expected to trick users into taking this scamware legitimate. However, just after registration it starts messing up the whole PC system, so save your money instead.
fake-antivirus-soft
While Antivirus Soft is running you will also see numerous security warnings and alerts that try to trick you into thinking that you have a security problem on your computer. An example of one of the alerts you will see is a fake Windows Security Center that looks exactly like the legitimate one, but instead suggests that you purchase Antivirus Soft to protect your computer. The infection will also show numerous alerts that state that your computer is infected, that you are sending personal data to a remote location, or a that your computer is being attacked. One of the alerts will have this text:

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E
Just like the fake scan results, these security alerts are all fake and are just being shown to trick you into purchasing the program.

Without a doubt, Antivirus Soft was created solely to try and scam you into thinking that your computer is infected in the hopes that you will then purchase it. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.

How to manually remove Antivirus Soft

Newsoftspot.microsoft.com manual removal:
Kill processes:
[random string]sysguard.exe

Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“

Delete files:
%Documents and Settings%\\[UserName]\\Local Settings\\Application Data\\[random string]\\[random string]sysguard.exe

Auto Removal:

Use these great softwares to remove “Antivirus Soft” virus.

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Antivirus Live 2010 fake virus

Wednesday, January 13th, 2010


Remove Fake Antivirus Live rogue spyware

Antivirus Live is a rogue antispyware program. It is a clone of widely spread rogue called Antivirus System Pro. The software usually spreads with the help of trojans. Once downloaded and installed Antivirus Live will register itself in the Windows registry to run automatically when Windows loads.When running, it will start a scan your computer and reports numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then Antivirus Live will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them!
antivirus-live-2010
Antivirus Live blocks the ability to run any programs. The following warning will be shown when you try to run the Notepad:

Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.

What is more, while Antivirus Live is running , you will be shown fake Windows Security Center, nag screens, warnings and fake security alerts from your Windows taskbar. The rogue will also change the proxy setting of Internet Explorer to redirect you to the Antivirus Live site.


How to Manually remove Antivirus Live 2010

Block Antivirus Live sites:
awareremover2010.com

Stop and remove Antivirus Live processes:
sysguard.exe

Locate and delete Antivirus Live registry entries:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “”

Search and unregister Antivirus Live DLL libraries:
iehelper.dll

Detect and delete other Antivirus Live files:
%WINDOWS%\sysguard.exe
%WINDOWS%\system32\iehelper.dll

Auto Removal tools to remove this virus:


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Desktop defender 2010 manual remove

Thursday, January 7th, 2010


Desktop Defender 2010 removal guide

It is a rogue spyware program pretending to be a security tool. Wich is installed on infected computer by the downloader trojans. It looks like it is part of Windows operating system because it appears out of nowhere and it claims to be a spyware remover.
The graphical user interface of Desktop Defender 2010 is quite impressive. It uses Windows Vista style and design elements to make it look more reliable. The rogue program ripped Clam AntiVirus database. ClamAV is an open source anti-virus toolkit. Once installed, DesktopDefender 2010 will imitate a system scan and report a variety of infections. The scan results are of course false. This parasite claims that you have to purchase the full version of the program to remove the threats, because free version is only a scanner. Obviously, you shouldn’t buy it. Another very important thing is that this program modifies the LSP chain by adding siglsp.dll file. If you remove this file without restoring the LSP chain this will break your Internet connection.
Desktop-Defender-2010
What is more, Desktop Defender 2010 will constantly display fake security alerts and notifications from the Windows Task bar stating that your computer is seriously infected or has many privacy/security problems. The fake security alerts state:

Possible loss of data!
Too many privacy violation attempts on your computer!
The details about your credit card, post address, phone numbers from the submitted form can be lost.
——————-
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.

If you find that your PC is infected with this malicious software, please use the removal guide below to remove Desktop Defender 2010 from the system manually for free. If you have already purchased this program, then contact your credit card company and dispute the charges immediately.

Manual Removal instructions to remove this virus:

Kill processes:
Desktop Defender 2010.exe
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
uninstall.exe

Unregister DLLs:
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll

Delete files:
Desktop Defender 2010.exe
guide.chm
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
daily.cvd
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll
tdifw_drv_WLH.sys
tdifw_drv_WXP.sys
uninstall.exe
tdifw_drv.sys
log.txt
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
Desktop Defender 2010.lnk
Activate Desktop Defender 2010.lnk
How to Activate Desktop Defender 2010.lnk

Delete directories:
c:\Program Files\Desktop Defender 2010
c:\WINDOWS\system32\LogFiles\tdifw
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
%Temp%\

Delete Desktop Defender 2010 Windows Registry Information:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys

End of Manual removal instructions.
Or
use Auto Removal tools to remove this virus:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware

Tags: , , , ,
Posted in 1:Spyware Removal | No Comments »

Internet security 2010 virus removal

Saturday, December 12th, 2009



Remove Fake Internet security 2010 rogue spyware
Internet Security 2010 is a rogue antivirus program. Please read the removal instructions and get rid of this fake program from your computer as soon as possible. InternetSecurity2010 is a clone of Advanced Virus Remover malware. If you take a closer look, you will see that both programs use the same graphical user interface. This rogue application is promoted through the user of Trojans. Most of the time, Trojans have to be manually installed and come from various misleading websites, for example fake online anti-malware scanners. Once installed, Internet Security 2010 will imitate a system scan and report many false system security threats. Then it will ask you to pay for a full version of the program to remove those security threats or infections. However, do not buy it – this is a scam.

When running, Internet Security 2010 will also display fake security alerts. Those alerts will state that IS2010 has found critical vulnerabilities on your computer. The rogue program displays these infections:
Rogue:W32/XPAntivirus.gen! AdWare.Win32.Zwangi Trojan-Spy.HTML.Visafraud.a
Worm:W32/Agent
Trojan-PSW.W32/Steam
Net-Worm.Win32.DipNet.d
Trojan-Dropper:W32/Trojan-Dropper
Worm:W32/Downadup.gen
Trojan-Downlaoder:W32/Fakerean.gen!A
Net-Worm.Win32.Mytob.t
Trojan-Spy.Win32.Hookit.11
Trojan-Clicker.HTML.IFrame.g
Virus:W32/Alman.b
Trojan-Dropper.Win32.Agent.sd
Email-Worm.Win32NetSky.q
riskware.Win32
Rootkit.win32.agent
internet-security-2010

Internet Security 2010 will also display fake notifications from Windows Taskbar. The fake notifications state:

System warning!
Intercepting programs that may compromise your privacy and harm your system has been detected on your PC. It’s highly recommended you scan your PC right now.

System warning!
Continue working in unprotected mode is very dangerous. Virus can damage your confidential data and work on your computer. Click here to protect your computer.


How to Manually remove Internet Security 2010

How to remove Internet Security 2010 manually:
Manual removal of Internet Security 2010 is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files and folders to be deleted are listed below:
•%Program Files%\InternetSecurity2010
•%Program Files%\InternetSecurity2010\IS2010.exe
•%Documents and Settings%\[USER]\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk

•%Documents and Settings%\[USER]\Cookies\user@buy[1].txt
•%Documents and Settings%\[USER]\Desktop\Internet Security 2010.lnk
•%Documents and Settings%\[USER]\Desktop\SetupIS2010.exe
•%Documents and Settings%\[USER]\Start Menu\Internet Security 2010.lnk

The registry entries that need to be removed are as follows:
•HKEY_CURRENT_USER\Software\Internet Security 2010
•HKEY_LOCAL_MACHINE\SOFTWARE\Internet Security 2010
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “IS2010.exe”
Please, be aware that manual removal of Internet Security 2010 is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal Internet Security 2010, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Auto Removal tools to remove this virus:

Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , , ,
Posted in 1:Spyware Removal | No Comments »

Download Spyware doctor 6

Sunday, October 18th, 2009


Spyware doctor 6.0.1.441

Editor: PC Tools
Release: 6.0.1.441
Language: English
License: Shareware
System: 2000/XP/Vista

Download sdsetup.exe (26 MB)

Spyware Doctor is a top-rated spyware and malware eradicator which detects and removes harmful spyware, trojans, adware, keyloggers, spybots and other threats. Also protects against phishing, popups and harmful websites. This software is use by millions users worldwide as it is the best antispyware with genuine awards.

Features and Advantages:
Free customer support
Detect and remove all types of Spyware
Intelligent Automatic Protection
Optional Add-ons such as Site Guard, Email Guard and Behavior Guard
Compatible with Vista 64-bit
Easy to use

Disadvantages:
30 days trial
spyware-doctor

Tags: , ,
Posted in 5:Downloads | 1 Comment »

Cyber Security virus removal

Thursday, October 15th, 2009


Cyber Security is a rogue anti-spyware program and appears to be a clone of the highly popular System Security and Total Security. This parasite usually spreads by using browser hijackers to redirect the user to websites hosting fake online system scans and thus tricking him into downloading the program. While this method is by fat the most common, rogues such as this have been known to infect the system by using downloader trojans. Cyber Security relies on misleading advertising to sell it’s so-called “licensed version”.
cyber-security-spyware-virus

The main trick used by CyberSecurity malware is reporting imaginary threats and offering paid version of the tool for deleting the fake infections. Don’t trust this application. It blocks certain programs and websites. Cyber Security may also disable system restore.

This program is a scam and should be treated as such: do NOT download or buy it and remove Cyber Security immediatelly upon detection.

How to manually remove Cyber Security
Step 1 : Use Windows Task Manager to Remove Cyber Security Processes
Remove the “Cyber Security” processes files:
csc.exe

Step 2 : Use Registry Editor to Remove Cyber Security Registry Values
Locate and delete “Cyber Security” registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “1FD92E3F7C34799BFB075C41DA05D1FE”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Cyber Security

Step 3 : Use Windows Command Prompt to Unregister Cyber Security DLL Files
Search and unregister “Cyber Security” DLL files:
winsource.dll

Step 4 : Detect and Delete Other Cyber Security Files
Remove the “Cyber Security” processes files:
Cyber Security.lnk
Registration.lnk
Help.lnk
winsource.dll
csc.exe

Auto Removal tools to remove this virus:


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | No Comments »

Security Tool virus removal

Thursday, October 15th, 2009


Security Tool is typical fake anti-spyware application. It’s a copy of the notorious Total Security scam. It detects and reports numerous computer infections and it requires buying the full version of the program for deleting the threats. Here’s what wrong with this: SecurityTool reports imaginary infections and urges to pay for nonexistent full version.

fake-security-tool-virus
“Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with SecurityTool.”

Don’t trust SecurityTool and avoid installing this app. The fabricated alerts are not the worst part of this fraud; Security Tool also hijacks web browser and slows machines performance down.


How to manually remove Security Tool
Stop and remove SecurityTool processes:
Security Tool.exe
uninstall.exe

Locate and delete SecurityTool registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\SecurityTool

HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool

Detect and delete other SecurityTool files:
%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\SecurityTool
%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool
%Documents and Settings%\All Users\Application Data\SecurityTool
Security Tool.exe
uninstall.exe

Auto Removal tools to remove this virus:


Download Super Anti Spyware
OR

Download Malware Bytes Anti-Malware


Tags: , ,
Posted in 1:Spyware Removal | 2 Comments »

Anti Virus 2010 pro removal

Monday, October 5th, 2009



Remove Fake Antivirus 2010 pro
Antivirus Pro 2010 is a new rogue from the same family as XP AntiSpyware 2009. This program is classified as a rogue because it displays fake scan results, creates fake malware files in order to trick you into thinking you are infected, and is bundled with or installed by malware. When the program is installed, it will be configured to automatically scan your computer when you log into Windows. The installer will also create numerous randomly named files on your hard drive. When Antivirus Pro 2010 scans your computer it will detect these files and state that they are infections, but will not allow you to remove them until you purchase the program. In reality, the files that the installer creates are harmless and pose no threat to your computer. They are only being created to validate the scan results and further trick you into thinking your computer is infected.

As we have already mentioned, AntivirusPro2010 is promoted through the use of Braviax infection. This Trojan virus displays fake security alerts in your Windows task bar that promotes the misleading application. Usually it states that your computer is unprotected and that you should activate your antivirus software. The Trojan may also display warnings about various malware infections. While running, AntivirusPro_2010 will impersonate Windows Security Center and state that anti-virus software is outdated or disabled. Do not trust it, it’s a scam.

SnapShot of Antivirus Pro 2010
antivirus-pro-2010
If you find that Antivirus Pro 2010 is installed on your computer, please ignore the results and do not purchase the program. If you have already purchased the program then you should contact your credit card company and dispute the charges due to this program being a scam. In order to remove this program and any related malware, please follow the steps in the removal guide below.


How to manually remove Antivirus Pro 2010
Kill processes:
AntivirusPro_2010.exe
yxine.exe
Uninstall.exe
mifiryvele.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\PIDs

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Settings\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[ORIGINAL FILE NAME]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\AntivirusPro_2010

Unregister DLLs: AVEngn.dll
htmlayout.dll
pthreadVC2.dll
msvcm80.dll
msvcp80.dll
msvcr80.dll

Delete files:
AntivirusPro_2010.lnk
bojag.dl
aqepe.dat
nyxuj.com
Uninstall.lnk
ebapepyno.db
emuziwe.pif
ugozuf._sy
uxitavo.dl
carugy.com
yquxihet.exe
ojupegos.pif
qanof.bin
yrihoka.lib
zecorykyp.lib
AntivirusPro_2010.cfg
AntivirusPro_2010.exe
AVEngn.dll
daily.cvd
htmlayout.dll
Microsoft.VC80.CRT.manifest
msvcm80.dll
msvcp80.dll
msvcr80.dll
pthreadVC2.dll
Uninstall.exe
wscui.cpl
medoqokeqo.exe
ycevykazu.vbs
yhabozix.vbs
_scui.cpl
azasal.bin
dinubem.dl
exifoton.dll
mifiryvele.exe
ralun.sys

Delete directories:
c:\Program Files\AntivirusPro_2010

Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Tags: , , , , ,
Posted in 1:Spyware Removal | No Comments »

« Older Entries