2007 November | My Anti Spyware

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Cannot View Hidden Files And Folders. How to fix

As a result of viruses/trojans activity can be blocked showing hidden files. In Folder options can not take the “Show hidden files and folders” option. You choice the radio button for, then press Apply and OK, but hidden files do not be shown by windows explorer. The changes would just disappear upon opening the dialog again. Or more, no Folder Options in the Tools menu.

There are two methods to restore back the showing hidden files.
1. Manually.

Click Start -> Run.
Type regedit and press OK.
In the left panel navigate to the following keys by expanding the + at left of each key at left:

HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
In the right panel Right click NoFolderOptions, choose “delete”. OK the prompt.
In the left panel navigate to the following keys by expanding the + at left of each key at left:

HKEY_CURRENT_USER
Software
Policies
Microsoft
Internet Explorer
Restrictions
In the right panel Right click NoBrowserOptions, choose “delete”. OK the prompt.
In the left panel navigate to the following keys by expanding the + at left of each key at left:

HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Explorer
Advanced
Folder
Hidden
SHOWALL
In the right panel Right click CheckedValue, choose “Edit”. This should be a DWORD key. If it isn’t, delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
Reboot your PC.

2. Automatically.

Open notepad and copy/paste the text in the quotebox below into it:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoFolderOptions”=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
“NoBrowserOptions”=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=dword:00000001
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.).
Double-click on the fix.reg. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.
Reboot your PC.

If none of the above methods work, then probably you infected with virus or trojan, that blocked of show hidden files. Then I would recommend you follow the instructions.

Related article: How to show hidden files in Windows.

November 26, 2007 on 9:49 pm | In Tips | 10 Comments |

Hijacker will not let me download anti spyware program – how to fix

If you can`t download an antispyware software, open an anti virus vendors sites, then try Hosts Xpert – Free hosts file manager for restore Windows HOSTS file.

Download Hosts Xpert
Extract to your Desktop.
Run Hosts Xpert
Click “Restore MS Hosts File”
Reboot your PC

After these simple steps you should to get access to all blocked sites, if you still have a problem, then create a free forum account, and create a new topic with your more information about problem.

November 26, 2007 on 10:28 am | In Tips | No Comments |

How to remove shell.exe, spoolvs.exe trojan

Shell.exe and spoolvs.exe are components of trojan known as TROJ_RENOS.BX, Trojan.Win32.Qhost.abh , Trojan.Dropper, TR/Crypt.XDR.Gen, W32/Blocker-based!Maximus, Mal/TinyDL-T.

Shell.exe and spoolvs.exe trojan symptoms:

Start > Settings -> Control panel is missing
Task bar icons informing you of an infection and taking you to legit looking security panel
System pop ups and IE pop ups
When you start PC, you can get a message: “Windows cannot find ‘C:\Windows\shell.exe’ Make sure you typed the file name correctly….”

Continue reading How to remove shell.exe, spoolvs.exe trojan…

November 26, 2007 on 9:53 am | In Trojan, Tutorials - HowTo | 10 Comments |

AD-aware Definition File Update

035.0000 is now available, new definition file for Ad-Aware 2007.
SE1R204 21.11.2007 is now available, new definition file for Ad-Aware SE.

New definitions:
====================
RegistryCleanerXP

Updated definitions:
====================
AdwareAlert
IEDefender +5
Win32.Trojandownloader.Zlob +6

Download Ad-aware

November 22, 2007 on 9:28 am | In Updates | No Comments |

SpyBot Definition File Update

Adware
+ MeMedia.AdVantage
Malware
+ CoolToolBar + MalwareScanner + AntiSpyZone + IEDefender + KazaapAdwareAndSpywareRemover + FroggieScan + SpyRemover + Vcodec.eMedia + SpyBouncer + Vario.AntiVirus + NoAdware + BPS.SpyEliminator
PUPS
+ CleanSpaceUltimate + Spy-Killer + SynergeticSoft.PrivacyDefender
Trojan
+ IE-Improver + Zlob.Downloader.iec + Win32.IrcContact + Win32.Agent.ekn + Smitfraud-C.MSVPS + Zlob.Downloader.oid + Fraud.ProtectionBar + Zlob.Downloader + NSIS Media.VB (22)

Download SpyBot

November 22, 2007 on 9:26 am | In Updates | No Comments |

How to remove beautyscreens.com/jokes.php popups

Symptoms:

IE pop-up windows, mostly to a sites www.beautyscreens.com/jokes.php, winantivirus.com, www.winantiviruspro.com, winantispyware.com, partypoker.com.
SpyBot found Smitfraud-C.Toolbar888, SearchClickAds, Win32.Small.dp

Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your desktop.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

O2 – BHO: ofb1 – {3E1500AC-87A5-416b-A211-82E848649DA9} – C:\PROGRA~1\Ofb1\Ofb1.dll
O4 – HKLM\..\Run: [setup] rundll32.exe “C:\WINDOWS\system32\****.dll”,realset
O4 – HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\YOUR_USER_NAME\LOCALS~1\Temp\winlogon.exe
O20 – AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

Where **** is a random chars, as ‘utgboudx’, YOUR_USER_NAME – your windows username
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.

If you are still having problems with spyware after completing these instructions, it`s possible, then please follow the steps outlined in the topic linked below:
Spyware removal – Read Before Posting

November 22, 2007 on 9:01 am | In Tutorials - HowTo | 2 Comments |

Combofix has expired! What you can do…

If after run Combofix you got message:

This copy Combofix has expired!
Please download an updated copy

You can do:
1. Download an updated copy from here
2. Change your PC system time to some days ago (7days for example). Warning, only if first option don`t work.

November 21, 2007 on 10:01 am | In Tips | 2 Comments |

How to remove savetheinformation.com and secirityonpage.com hijackers

Symptoms:

IE pop-up windows, mostly to a site called www.savetheinformation.com but also to some other sites
Yellow baloons from taskbar prompting to download antispyware software.
Grey pop-ups, like error messages, also prompting to download antivirus/spyware software.
2 programs added to start menu program list: online security guide and live safety center
when you open an IE window it goes to www.savetheinformation.com

Download VundoFix and save the file to your desktop.
Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.

Disable your Anti-Spyware Program, once your PC is clean you can re-enable.

Double-click VundoFix.exe to run it.

When VundoFix opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

If you still have a problems, the follow steps:

Download FixSTI.reg to your desktop.

Double-click on the FixSTI. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

Run HijackThis, Close all programs leaving only HijackThis running. Place a check against each of the following if found, making sure you get them all and not any others by mistake:

O2 – BHO: (no name) – {33BF7E26-185B-46C7-87FB-A8F94C7E696C} – C:\WINDOWS\system32\pmnlk.dll
O2 – BHO: (no name) – {5a2e9fa3-5acd-4013-961b-aae311cdb902} – C:\WINDOWS\system32\****.dll (file missing)
O2 – BHO: (no name) – {60D97635-E582-E002-F541-EA2B589ED998} – C:\WINDOWS\system32\****.dll (file missing)
O2 – BHO: (no name) – {89AD4D75-2429-462e-BD4E-443F233F6033} – C:\WINDOWS\system32\****.dll
O2 – BHO: (no name) – {A95B2816-1D7E-4561-A202-68C0DE02353A} – C:\WINDOWS\system32\****.dll
O2 – BHO: (no name) – {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} – C:\WINDOWS\system32\****.dll
O3 – Toolbar: Security Toolbar – {11A69AE4-FBED-4832-A2BF-45AF82825583} – C:\WINDOWS\system32\****.dll
O20 – Winlogon Notify: **** – C:\WINDOWS\SYSTEM32\****.dll

Where **** a random chars, for example: xjegktl, nuyix, ldbvcpwu, khcmkrws …

Now close all others windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

If you still have a problems with your PC or cannot remove hijackers follow the steps outlined in the topic linked below:
Spyware removal – Read Before Posting.
savetheinformationcom & secirityonpagecom-hijackers

Don`t forget, we want help you, make logs and post to spyware removal forum!

November 18, 2007 on 6:00 am | In Browser Hijacking, Spyware protection and removal, Tutorials - HowTo | 3 Comments |

VundoFix – freeware removal tool for Trojan.Vundo

VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.

Continue reading VundoFix – freeware removal tool for Trojan.Vundo…

November 18, 2007 on 3:52 am | In Free Software, Trojan | 22 Comments |

October malware toplist by viruslist.com

# Greediest Trojan targeting banks: This month’s leader is a modification of Trojan-Spy.Win32.Banker.ezn, which targets 45 banks. This seems positively modest in comparison to last month’s leader, which set its sights on 134 banks simultaneously.
# Greediest Trojan targeting payment systems: Backdoor.Win32.Xhaker.c is very equitable in its approach – it attacks three e-payment systems and three plastic card systems.
# Greediest Trojan targeting plastic cards: See above.
# Stealthiest malicious program: The number 10 seems to be in favour at the moment – this month’s winner, Backdoor.Win32.Hupigon.mrv, is packed with ten different packers, just as last month’s leader was.
# Smallest malicious program: In spite of its tiny 17 bytes, Trojan.BAT.DeltreeY.a packs a punch and wins the October nomination.
# Biggest malicious program: Once again, a hefty representative of the Haradong family wins out – Trojan.Win32.Haradong.ct weighs in at 244MB, slightly larger than its close relative Haradong.bj, last month’s winner in this category.
# Most malicious program: Backdoor.Win32.Rbot.ejs, like so many past winners of this category, disables security solutions by deleting them from memory and from the registry.
# Most common malicious program in mail traffic: Email-Worm.Win32.Netsky.q retains its persistent presence in this category for the third month running, and made up 20.11% of all malicious programs in mail traffic in October.
# Most common Trojan family: In spite of an impressive 563 modifications, Trojan-Spy.Win32.Banker’s numbers are following last month’s trend, with figures just over 100 down on September’s.
# Most common virus/ worm family: Email-Worm.Win32.Zhelatin (a.k.a the Storm worm) continues to reign in this category for the second month running, with 38 modifications in October.

Safe surfing

November 17, 2007 on 8:49 am | In Malware, Spyware | No Comments |

How to remove Pcsecuritylab.com Hijacker

Pcsecuritylab.com is a browser hijacker.
It may also change desktop wallpaper, shows message:

Warning! SpyWare Threat Detected on Your PC!

You will also periodically get fake security warning:

Your Security and Privacy are at risk: Spyware has been detected. Click HERE to remove it.

It automatically runs on every Windows startup. Pcsecuritylab.com is a very high security risk threat and should be removed immediately as to prevent harm to your computer and your privacy.

Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download Avenger and unzip to your desktop.

Open notepad and copy/paste the text in the quotebox below into it:

REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e690500e-1dd1-11b2-a943-9ecd016314d0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=”C:\\WINDOWS\\system32\\userinit.exe,”

Save this as Fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.).
Double-click on the Fix.reg. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

O2 – BHO: (no name) – {12F02779-6D88-4958-8AD3-83C12D86ADC7} – (no file)
O8 – Extra context menu item: &Search – http://edits.mywebsearch.com/toolbar…p=ZJxdm186NJUS

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\ace16win.dll

Folders to delete:
C:\WINDOWS\system32\Mz15r
C:\WINDOWS\PerfInfo
C:\WINDOWS\McAfee.com
C:\Program Files\LimeWire
C:\WINDOWS\system32\acespy

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

November 17, 2007 on 8:19 am | In Browser Hijacking, Spyware protection and removal, Tutorials - HowTo | 1 Comment |

Some new fake codecs

Fake codec is actually a trojan download installer, It will change your home page to one a scam site. It produces unwanted popup to sell rough security software.

These sites hosted codecs:

gneprogram(dot)com
ndcperformance(dot)com
mzdsoftware(dot)com
pkbsolution(dot)com
zerocodec(dot)com

Also zangcodec, playcodec. They Pushes Windows and Mac TrojanDNSChanger.

Block them now! Use for that any hosts file manager.

the binaries are hidden and getting them depends on where the developer hides them. With certain sites, you can often get a sample through /download/(sitename).exe (there are always more binaries in the same directory as well, each numbered for affiliates). For other codec sites, /download.php?id=4082 will get a binary (that number is just an affiliate ID — other numbers work as well). If you are hunting for Mac fake codecs, remember to change your user agent to a Mac. And please — don’t touch these binaries unless you know what you’re doing, as they are live Trojans.

November 16, 2007 on 9:57 pm | In Trojan | No Comments |

How to remove xlavra (Trojan-Downloader.Win32.Agent) and Wintools adware

WinTools is an adware that adds a toolbar to your browser and generating annoying popups and balloon dialogs.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: WinTools, WhenU, SearchUpgrader

Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download Avenger and unzip to your desktop.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

R3 – URLSearchHook: (no name) – {1C78AB3F-A857-482E-80C0-3A1E5238A565} – (no file)
O2 – BHO: (no name) – {87766247-311C-43B4-8499-3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 – Toolbar: (no name) – {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} – (no file)
O4 – HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 – HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O9 – Extra button: (no name) – {AFC3FA82-AD07-45cd-8B57-983435B9899E} – (no file)
O16 – DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 – AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 – Service: WinTools for IE service (WinToolsSvc) – Unknown owner – C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open notepad and then copy and paste the lines below into it.

@echo off
sc stop WinToolsSvc
sc delete WinToolsSvc

Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
Double-click on fixes.bat file to execute it.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:
C:\WINDOWS\xlavba3.exe
C:\WINDOWS\system32\sulimo.dat

Folders to delete:
C:\Program Files\Common files\SearchUpgrader\
C:\Program FilesVVSN\
C:\PROGRA~1\COMMON~1\WinTools\

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Boot your PC in Safe Mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

November 13, 2007 on 7:13 am | In Spyware protection and removal, Tutorials - HowTo | No Comments |

SnoopFree Privacy Shield – informs you when another programme is wanting to log your keystrokes

SnoopFree Privacy Shield works in a unique and powerful way against all spy software. Detect all known and unknown spy software programs.

Continue reading SnoopFree Privacy Shield – informs you when another programme is wanting to log your keystrokes…

November 12, 2007 on 8:50 pm | In Free Software, Spyware protection and removal | 1 Comment |

Comodo BOClean – Anti-Malware – 100% Free

BOClean software protects you against a full spectrum of malware, automatically removing these programs from memory, your hard disk and your registry without the need to reboot or drop your internet connection. BOClean safely neutralizes these threats instantly without any risk of damage to your files or computer. Updates are FREE, and the update download and installation process is (or, in the case of network deployment, can be) completely automated.

Continue reading Comodo BOClean – Anti-Malware – 100% Free…

November 12, 2007 on 8:17 pm | In Free Software, Spyware protection and removal | 2 Comments |

Ad-Aware updated

Ad-Aware updated, Versions 7.0.2.5 was released.

Ad-Aware is no ordinary anti-spyware, it is the original anti-spyware product, offered to consumers worldwide to protect their personal and home computers from malware attacks.
* Advanced Code Sequence Identification (CSI) Technology – Ensure your privacy protection with precise detection of embedded malware including Trojans, worms, spyware, and other forms of deceptive malware.
* Advanced Engine Structure – Benefit from superior program flexibility and more accurate scanning methods with all-new program architecture.
* Incremental Definition File Updates – Save precious time and maximize resource efficiency with incremental update files resulting in faster download times.
* TrackSweep – Control your privacy by erasing tracks left behind while surfing the Web on multiple browsers, including Internet Explorer, Firefox, and Opera, with one easy click.
* System Restore Point – Easily revert to your clean system to recover from a spyware attack.
* New Straightforward User Interface – Effortlessly maneuver the complexities of malware detection and removal with our new user-friendly interface.
* Free Updates – Protect against the latest forms of spyware and malware with free software feature updates and definitions file (threat) updates throughout the license duration.
* Free Support – Benefit with unlimited support from an extensive international network of Lavasoft security analysts and volunteers at the Lavasoft Support Forums.

Download Ad-Aware 2007 Free

November 12, 2007 on 8:59 am | In Updates | No Comments |

Dr.Web CureIt! A FREE anti-malware utility

Cure your computer of viruses, trojans, spyware and other malicious programs with Dr.Web CureIt, which uses the Dr.Web engine. There is no need for installation and therefore this is an ideal on-demand scanner as there is no conflict with your primary AV. The utility is always armed with the most up-to-date add-ons to the virus databases.

Continue reading Dr.Web CureIt! A FREE anti-malware utility…

November 10, 2007 on 9:22 am | In Free Software | No Comments |

How to remove IE Defender

IE Defender a rogue antispyware application that is starting to infect a lot of users. This particular infection is harder to remove. Also IE Defender installed in your Internet Explorer browser that hijacks searches you input into the Google and Yahoo search engines. When infected your Internet Explorer opens Google or Yahoo and make search request you will see a hijacked search result listing. You will also periodically get fake message:

Google Error
Your computer is infected! Some of your search results were changed by spyware
You have to clean your PC and we recommendto use our ANTISPYWARE!

For remove IE Defender spyware, make follow steps:

Download FixIED.reg and save the file to your desktop.
Download CCleaner. Double click on the file for install.
Download Avenger and unzip to your desktop.
Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: IE Defender

On your desktop find and double-click on the FixIED.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:
C:\Windows\System32\bDivX.dll
C:\Windows\System32\bDivX.dll.bak
C:\WINDOWS\system32\IR9V0_QCX.dll
C:\WINDOWS\system32\IR9V0_QCX.dll.bak
C:\Windows\System32\Video32.dll
C:\Windows\System32\Video32.dll.bak
C:\WINDOWS\system32\IntelVideo.dll
C:\WINDOWS\system32\IntelVideo.dll.bak
C:\WINDOWS\system32\IntelVideoDivX.dll
C:\WINDOWS\system32\IntelVideoDivX.dll.bak
C:\WINDOWS\system32\XunLeiBHO_Now.dll
C:\WINDOWS\system32\XunLeiBHO_Now.dll.bak
C:\Windows\System32\dx50codec.dll
C:\Windows\System32\dx50codec.dll.bak
C:\Windows\System32\a3gpcodec.dll
C:\Windows\System32\a3gpcodec.dll.bak
C:\WINDOWS\system32\aDivX.dll
C:\WINDOWS\system32\aDivX.dll.bak
C:\WINDOWS\system32\mp3avi.dll
C:\WINDOWS\system32\mp3avi.dll.bak
C:\Windows\System32\VideoMP3.dll
C:\Windows\System32\VideoMP3.dll.bak

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Boot your PC in Safe Mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Run the Panda online virus scan.

– Once you are on the Panda site click the Scan your PC button
– A new window will open…click the Check Now button
– Enter your Country
– Enter your State/Province
– Enter your e-mail address and click send
– Select either Home User or Company
– Click the big Scan Now button
– If it wants to install an ActiveX component allow it
– It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
– When download is complete, click on Local Disks to start the scan
– When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below

Spyware removal – Read Before Posting

November 10, 2007 on 9:09 am | In Rogue Anti Spyware, Spyware protection and removal, Tutorials - HowTo | No Comments |

SDFix free trojan remover tool

SDFix is a program written by AndyManchesta that removes big amount trojans, worms, rootkits and other malwares Click here for view a list of files that can be removed.
Continue reading SDFix free trojan remover tool…

November 9, 2007 on 4:16 am | In Best Programs, Free Software | 131 Comments |

Free Registry Backup/Restore and Optimization Tools

ERUNT – Free Registry Backup/Restore Tool and NTREGOPT – Free Registry Optimization for Windows – two tools that you should have in your file archive. Both programs works in Windows NT/2000/2003/XP/Vista.

Continue reading Free Registry Backup/Restore and Optimization Tools…

November 8, 2007 on 11:34 pm | In Free Software | 1 Comment |