Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Security toolbar 7.1

Security Toolbar 7.1 is an adware program that also installs rogue security applications and display false alert on compromised computer.

Security toolbar symptoms.

  • False pop-up saying you that “Your computer is infected”.
  • Browser been hijacked to other websites.
  • Fake Windows Security Center popup messages.

Continue reading How to remove Security toolbar 7.1…

December 9, 2007 on 7:59 am | In Malware, Malware removal | Comments Off |


Trojan Vundo/Virtumonde turns a good file into a Trojan-Dropper

VirusList posted about new variant Trojan Vundo/Virtumonde. Vundo Authors are now using file infection so Virtumonde checks which files run at Windows startup and tries to infect them. Effectively this means that Virtumonde turns the original host file into a Trojan-Dropper.

Dropper code is prepended to the original host file, with a copy of Virtumonde being appended to the same file. When the infected file is launched it drops the original host file to %temp% and the Virtumonde file to the system directory.

Although Virtumonde is using an infection marker to prevent re-infecting the same file over and over again, this doesn’t always work. There are samples of already infected files being re-infected and the host file then won’t run. However, re-infection doesn’t prevent Virtumonde itself from running.

If your computer infected with trojan Vundo then follow these instructions How to remove Trojan Vundo.

December 9, 2007 on 7:10 am | In Trojan | No Comments |


How to make Internet Explorer more secure

Follow these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialise and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt

    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

Read more:
How to use “Internet Zone Settings”
How to disable Active Scripting support
How to drop rights for safe surf

December 9, 2007 on 3:55 am | In Internet Browsers and Mail and News readers, Tips | No Comments |


New updates to Ad-Aware and SpyBot-search & Destroy

0038.0000 is now available, new definition file for Ad-Aware 2007.

SE1R207 03.12.2007 is now available, new definition file for Ad-Aware SE.

New definitions:
====================
DrProtection +2
ErrorDigger +3
Win32.Trojan.AdClicker +2
Win32.TrojanDropper.Frijoiner +19

Updated definitions:
====================
ABetterInternet.Aurora
AdvancedCleaner +5
Adware.2Search +3
Adware.Agent +30
Adware.BHO(generic) +10
Adware.CasClient
Adware.Dropper
Adware.LoopAd
Adware.TTC
Adware.VapSup
Adware.WebBuying +3
AntiVermins +2
AntivirusPCSuite +4
AntiVirusPro
Awola
BPS SpywareRemover +4
BraveSentry
DeusCleaner +3
Dialer +4
FakeAlert +10
PCPrivacyTool
PurityScan
Redirected hostfile entry
Scam.AdwareRemoverGold +4
SpyShredder
SystemDefender +3
Toolbar.Softo
UltimateCleaner +4
Win32.Backdoor.Agent +12
Win32.Backdoor.Agobot
Win32.Backdoor.Bifrose
Win32.Backdoor.Delf +7
Win32.Backdoor.Haxdoor +4
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot +7
Win32.Backdoor.Nepoe
Win32.Backdoor.Padodor
Win32.Backdoor.PcClient
Win32.Backdoor.RBot +7
Win32.Backdoor.SDBot +3
Win32.Backdoor.VB +3
Win32.Dialer.Trojan
Win32.Generic.PWS +4
Win32.Generic.Worm +3
Win32.Rootkit.Agent +6
Win32.Trojan.Agent +28
Win32.Trojan.BHO
Win32.Trojan.Delf
win32.Trojan.Dnschanger +5
Win32.Trojan.Downloader +2
Win32.Trojan.KillAV +3
Win32.Trojan.MatrixHasYou +10
Win32.Trojan.Pakes +6
Win32.Trojan.Pushdo +2
Win32.Trojan.Qhost +3
Win32.Trojan.Small +5
Win32.Trojan.Spambot
Win32.Trojan.Spy +10
Win32.TrojanClicker +7
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent +30
Win32.TrojanDownloader.Alphabet +9
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.Delf +17
Win32.TrojanDownloader.NewMedia +30
Win32.TrojanDownloader.Nurech +4
Win32.TrojanDownloader.Obfuscated +6
Win32.TrojanDownloader.QQHelper +4
Win32.TrojanDownloader.SecMediaOnline
Win32.TrojanDownloader.Small +13
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB +5
Win32.Trojandownloader.Zlob +7
Win32.TrojanDropper +10
Win32.TrojanProxy.Agent.dl +9
Win32.TrojanProxy.Bobax
Win32.Trojan-PSW.Delf +5
Win32.Trojan-PSW.Lineage +4
Win32.Trojan-PSW.Sinowal +2
Win32.TrojanPWS.LdPinch +7
Win32.TrojanPWS.Lmir +2
Win32.TrojanPWS.OnlineGames +79
Win32.TrojanPWS.WebMoner +2
Win32.TrojanSpy.Banker +20
Win32.TrojanSpy.Broker +2
Win32.TrojanSpy.BZub +10
Win32.TrojanSpy.Goldun +5
Win32.TrojanSpy.Peed
Win32.TrojanSpy.Zbot +14
Win32.Worm.Autorun +2
Win32.Worm.Feebs +2
Win32.Worm.LockSky +4
Win32.Worm.Zhelatin
WinPerformance
Virtumonde +19
XPAntivirus +2

Download Ad-aware

Updates to SpyBot-search & Destroy

Hijacker
+ IESearchToolbarHelper.vbs
Keylogger
+ Perfect Keylogger
Malware
+ Awola.Anti-Spyware + BPS Spyware Cops + BPS Spyware Remover + BPS SpywareStriker + BPS.SpywareZapper + IEDefender + SecureMyPC + SpyLax + SpyStriker + SpyViper + SpywareAnnihilatorPro + TrustCleaner + Vcodec.eMedia + WiperWizard
PUPS
+ Maxion.MaxnetShield
Security
+ Microsoft.Windows.RedirectedHosts
Trojan
+ Bancos.Qhost.tu + DropAgent.rtk + FakeMSUpdate.ede + Smitfraud-C.MSVPS + Virtumonde.ddc + Zlob.Downloader + Zlob.Downloader.iec + Zlob.Downloader.oid + Zlob.Downloader.vcd + Zlob.Downloader.vdt + Zlob.VideoActiveXObject

Download SpyBot-search & Destroy

December 9, 2007 on 2:44 am | In Updates | 5 Comments |


How to remove webcry.com hijacker

Symptom: When you do any kind of search, the search results come up like normal, however when you click on a link under the results the page goes blank and you keep getting re-directed to webcry.com

Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your desktop.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

O2 – BHO: (no name) – {4A4CB994-9A38-DF0F-2760-0708BFE8F63A} – C:\Program Files\****\****.dll
O2 – BHO: (no name) – {52EA2AED-161F-45A5-EBAC-0293CA8C771C} – C:\Program Files\****\****.dll
O4 – HKLM\..\Run: [*****] regsvr32 /u “C:\Documents and Settings\All Users\Application Data\*****.dll”

Note: Where **** is a random chars, as ‘utgboudx’,’mgfaejew’

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd.

Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

If you are still having problems with spyware after completing these instructions, it`s possible, then please follow the steps: Spyware removal – Read this before posting

December 8, 2007 on 8:45 am | In Browser Hijacking, Tutorials - HowTo | 3 Comments |


Found first Christmas malware

F-Secure reported about malware runs using fake Christmas Cards as the lure.
Example:

A Dear friend has sent you an ecard from http://www.123Greetings.com
Your ecard will be available with us the next 30 days.

To view your card,CLICK HERE

After run this ecard file x-mas.exe you got Zapchast mIRC-based backdoor.

Read more: Merry Christmas and so on

December 4, 2007 on 3:25 am | In Malware | 1 Comment |


Found some new fake codecs

Sunbelt blog reported about some new fake codecs:

codechq – codechq(dot)net
Pushes both Windows and Mac TrojanDNSChanger. Sample binaries: Mac: codechq(dot)net/download/codechq(dot)dmg; Windows: codechq(dot)net/download/codechq(dot)exe.

vplprocedure – vplprocedure(dot)com
Sample binary vplprocedure(dot)com/download.php?id=10581

codectime – codectime(dot)com
Pushes both Windows and Mac TrojanDNSChanger. Sample binaries: Mac: codectime(dot)com(dot)/download/codectime(dot)dmg; Windows: codectime(dot)com(dot)/download/codectime(dot)exe

If you cannot remove fake codecs follow the steps in the topic Spyware removal – Read Before Posting.

December 3, 2007 on 6:42 am | In Spyware, Trojan | No Comments |



My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.