My Anti Spyware

How to remove NetworkControl or Network Control (Uninstall instuctions)

Network Control or NetworkControl is a malicious program that pretend to be a firewall software, but in reality the program only imitates firewall functions and unable to protect you from any attacks from the Internet. It performs only one – displays a lot of various misleading security alerts to scare you into thinking your computer under hacker/virus attack. It will offer to purchase one of Advanced Net Firewall, Shield EC, Personal Network Protect, IP Blockator, and Network Defender to protect your computer. Most important, don`t purchase anything!

NetworkControl uses two methods to distribute itself. First, fake online malware scanners which reports that your computer is infected with a lot of infections and then offers to install an “antivirus”. Continue reading How to remove NetworkControl or Network Control (Uninstall instuctions)…

How to remove defcnt.exe, autmgr32.exe, wscsvc32.exe malware

Defcnt.exe is the core part of rogue antispyware program called Defense Center. Defcnt.exe infiltrate computers through the use of trojan (autmgr32.exe and wscsvc32.exe are components of the trojan). When the trojan is downloaded and started, it will download defcnt.exe and other components of Defense Center and save it to %ProgramFiles%\Defense Center folder (where %ProgramFiles% is the C:\Program Files by defaults). After that, the same trojan will register defcnt.exe in the Windows registry to run automatically when you login to Windows.
Continue reading How to remove defcnt.exe, autmgr32.exe, wscsvc32.exe malware…

How to remove Presto Tuneup (Uninstall instructions)

Presto Tuneup is fake optimization program (scareware) that uses fake alerts, false privacy risks, false system errors to trick you into buying the software. During installation, Presto Tuneup is set to start automatically when your computer starts. Immediately after launch, Presto Tuneup starts scanning the computer and list a variety of problems that will not be fixed unless you first purchase the scareware.

Presto Tuneup

While Presto Tuneup is running your computer will display fake warnings from your windows taskbar. All of these warnings are fake, so you can safely ignore them. Use the free instructions below to remove Presto Tuneup and any associated malware from your computer.
Continue reading How to remove Presto Tuneup (Uninstall instructions)…

How to remove Registry Defender Platinum (Uninstall instructions)

Registry Defender Platinum also known as RD Platinum is a rogue registry cleaning program that uses fake alerts and false registry problems to trick you into buying the fake software. The software is distributed through the use variety of malicious software, for example trojan Vundo. Once infected, your computer will display numerous fake alerts notifying you about Windows registry problems.

When installing, Registry Defender Platinum configures itself to run automatically every time, when you start Windows. Once running, the rogue will scan your computer and list a large amount of problems. Then, it said that you should purchase Registry Defender Platinum in order to fix them. Computer users are urged to avoid purchasing this bogus program!
Continue reading How to remove Registry Defender Platinum (Uninstall instructions)…

How to remove WinCodecPro trojan and wmptray.exe (fake media codec)

WinCodecPro is a fake video codecs pack that advertised as a pack that contains all the video codecs and uses scare tactics to trick you into buying the fake software. WinCodecPro distributed through the use trojans. Once infected with the trojan your computer will display large amount of alerts that tells you that your media player, system or codecs are corrupted and that you should purchase WinCodecPro in order to fix these problems. These alerts are fake and generated by the C:\Program Files\MediaSystem\wmptray.exe. The file is a main component for this trojan.

A few fake alerts that WinCodecPro trojan generates:

Warning
Fatal Error: Windows can’t play the following media formats: AVI;ASF;WMV;AVS;FLV;MKV;MOV;3GP;MP4;MPG;MPEG;MP3;AAC;WAV;WMA;CDA;FLAC;M4A;MID. Update your video codec to resolve this issue.

Warning
Media codec has been destroyed. Risk of losing all your audio video files high. To resolve this issue, update your media codec immediately.

Warning
Critical media error! Your media driver is unstable. Video driver is corrupt and can no longer save your monitor settings. Driver is in critical mode. To restore your media drivers, update your video codec immediately.

Warning
Fatal Error: Can’t play audio video files. Update your video codec immediately to resolve this issue.

Warning
Internal error! Media player has been corrupted. Immediately update your video codec to resolve this issue.

Ignore these fake alerts and use the free instructions below for removing the WinCodecPro trojan, wmptray.exe and any associated malware from your computer.
Continue reading How to remove WinCodecPro trojan and wmptray.exe (fake media codec)…

How to remove Security toolbar 7.1

Security Toolbar 7.1 is an adware program that also installs rogue security applications and display false alert on compromised computer.

Security toolbar symptoms.

• False pop-up saying you that “Your computer is infected”.
• Browser been hijacked to other websites.
• Fake Windows Security Center popup messages.

Continue reading How to remove Security toolbar 7.1…

Found first Christmas malware

F-Secure reported about malware runs using fake Christmas Cards as the lure.
Example:

A Dear friend has sent you an ecard from http://www.123Greetings.com
Your ecard will be available with us the next 30 days.
…
To view your card,CLICK HERE
…

After run this ecard file x-mas.exe you got Zapchast mIRC-based backdoor.

Read more: Merry Christmas and so on

October malware toplist by viruslist.com

# Greediest Trojan targeting banks: This month’s leader is a modification of Trojan-Spy.Win32.Banker.ezn, which targets 45 banks. This seems positively modest in comparison to last month’s leader, which set its sights on 134 banks simultaneously.
# Greediest Trojan targeting payment systems: Backdoor.Win32.Xhaker.c is very equitable in its approach – it attacks three e-payment systems and three plastic card systems.
# Greediest Trojan targeting plastic cards: See above.
# Stealthiest malicious program: The number 10 seems to be in favour at the moment – this month’s winner, Backdoor.Win32.Hupigon.mrv, is packed with ten different packers, just as last month’s leader was.
# Smallest malicious program: In spite of its tiny 17 bytes, Trojan.BAT.DeltreeY.a packs a punch and wins the October nomination.
# Biggest malicious program: Once again, a hefty representative of the Haradong family wins out – Trojan.Win32.Haradong.ct weighs in at 244MB, slightly larger than its close relative Haradong.bj, last month’s winner in this category.
# Most malicious program: Backdoor.Win32.Rbot.ejs, like so many past winners of this category, disables security solutions by deleting them from memory and from the registry.
# Most common malicious program in mail traffic: Email-Worm.Win32.Netsky.q retains its persistent presence in this category for the third month running, and made up 20.11% of all malicious programs in mail traffic in October.
# Most common Trojan family: In spite of an impressive 563 modifications, Trojan-Spy.Win32.Banker’s numbers are following last month’s trend, with figures just over 100 down on September’s.
# Most common virus/ worm family: Email-Worm.Win32.Zhelatin (a.k.a the Storm worm) continues to reign in this category for the second month running, with 38 modifications in October.

Read more: Malware Miscellany, October 2007

Safe surfing

Found new fake codec and new rogue antispyware

Sunbelt blog reported about new malwares.

DVDacess (hosted at inc-codec(dot)com)

is a Trojan horse that drops and executes a copy of Trojan-Zlob, a back door Trojan that allows the remote attacker to perform various malicious actions on the compromised computer.

VirusHeal (hosted at virusheal(dot)com)

a clone of rogue security product SpyHeal.

For protect your PC, add both domains in the your blocklist.
If you have problems with these malwares and can`t uninstall them, then try free spyware removal tool – smitfraudfix.

Related articles: How to remove malicious codecs.

Found new way for steal data encrypted using SSL/TLS

Russian malware authors are finding new ways to steal and profit from data which used to be considered safe from thieves because it was encrypted using SSL/TLS.

A single attack by a single variant compromises more than 5200 hosts and 10,000 user accounts on hundreds of sites.

• Steals SSL data using advanced Winsock2 functionality
• State-of-the-art, modularized trojan code
• Spread through IE browser exploits
• Undetected for weeks, months by many AV vendors
• Customized server/database code to collect sensitive data
• Customer interface for on-line purchases of stolen data
• Accounts compromised by stealing data primarily from infected home PCs
• Accounts at top financial, retail, health care, and government services affected
• Data’s black market value at least $2 million

There are two other known variants. New variants, similar attacks inevitable.

Read more here: Gozi Trojan