My Anti Spyware

How to remove cls_pack.exe, extrac64_cab.exe and winhlp64.exe trojan (Fake Security Center Alert)

cls_pack.exe, extrac64_cab.exe and winhlp64.exe are components of trojan FakeAlert. Once the trojan is installed and started, it will configure itself to run automatically when Windows loads. Then it will show a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as a method to make you think your computer has a security problem. An example of above alerts:

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Rootkit.Win32.Agent.pp
Risk Level: Middle Risk

However, all of these alerts are fake and should be ignored!

Continue reading How to remove cls_pack.exe, extrac64_cab.exe and winhlp64.exe trojan (Fake Security Center Alert)…

How to remove smss32.exe, winlogon32.exe, helper32.dll (Fake Worm.Win32.Netsky Spyware Alert)

Smss32.exe, winlogon32.exe, helper32.dll are components of trojan FakeAlert. Once installed, the trojan will configure itself to run automatically when Windows starts. When the trojan is started, it will display a screen that stats that Worm.Win32.Netsky detected on your computer as an attempt to make you think your computer in danger. The alert is fake and you can safety ignore it.

What is more, the “smss32.exe, winlogon32.exe, helper32.dll” trojan may display a lot of popups, disable Windows Task Manager, change a desktop background, block the ability to run any applications including antivirus and antispyware programs. The trojan will also download and install Internet Security 2010 onto computer automatically without your permission. Internet Security 2010 is a rogue antispyware program, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.

Use the removal guide below to remove smss32.exe, winlogon32.exe, helper32.dll and any associated malware from your computer for free.
Continue reading How to remove smss32.exe, winlogon32.exe, helper32.dll (Fake Worm.Win32.Netsky Spyware Alert)…

How to remove settdebugx.exe trojan (Fake Security Center Alert)

settdebugx.exe is a core component of trojan FakeAlert. When the trojan is installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Of course, all of these alerts are fake and should be ignored!

What is more, the trojan will also download and install Malware Defense automatically without your permission. Malware Defense is a rogue antispyware programs, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.

If your computer is infected, then use these removal instructions below, which will remove settdebugx.exe trojan and other components of trojan FakeAlert for free.
Continue reading How to remove settdebugx.exe trojan (Fake Security Center Alert)…

How to remove H8SRT trojan (Remove Rootkit.TDSS)

H8SRT trojan is a new version of TDSS trojan, also known as Rootkit.TDSS. The trojan infects your computer through a vulnerability in an already installed programs (mostly in InternetExplorer). It is a very dangerous trojan-rootkit, it uses rootkit-specific techniques designed to hide the software presence in the system.

When installed, it will be configured to start automatically when Windows starts. H8SRT trojan may:
- display many popups and fake security alerts;
- hijack Internet Explorer;
- redirect search results in Google, Yahoo, MSN to non related sites;
- block an access to security websites;
- disable Windows Task Manager, Windows Security Center and Registry editor.

Continue reading How to remove H8SRT trojan (Remove Rootkit.TDSS)…

How to remove richtx64.exe trojan (Fake Security Center Alert)

richtx64.exe is a component of trojan FakeAlert. Once installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Some of the alerts:

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Trojan-Downloader.JS.Multi.ca
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.Mytob.t
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.DipNet.d
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Rootkit.Win32.Agent.pp
Risk Level: Middle Risk

Of course, all of these alerts are fake and should be ignored!

Continue reading How to remove richtx64.exe trojan (Fake Security Center Alert)…

Remove Worm.Win32.Netsky Fake Spyware Alert (winhelper86.dll, winupdate86.exe, winlogon86.exe trojans)

If you are seeing a Spyware Alert box that stats that Worm.Win32.Netsky detected on your machine, then you have become infected with a trojan that uses this Spyware Alert to trick you into purchasing Advanced Virus Remover, Antivirus 2009 or another rogue antispyware program. Once running, the trojan will display a fake Security alert as shown below:

Security alert
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.

Recommendation: It is necessary to perform a system scan.

Worm.Win32.Netsky detected on your machine – Fake Spyware Alert

Continue reading Remove Worm.Win32.Netsky Fake Spyware Alert (winhelper86.dll, winupdate86.exe, winlogon86.exe trojans)…

How to remove sshnas.dll or sshnas21.dll trojan (Remove trojan FakeAlert)

sshnas.dll or sshnas21.dll is a component of trojan FakeAlert. The trojan come from malicious websites that ask users to download an Adobe Flash Player update or player needed to view a movie online. The filename of the trojan is flash-HQ-plugin. Once started, the trojan will download and install core components: c.exe, msa.exe and sshnas.dll (sshnas21.dll). When downloaded, it will be configured to start automatically when Windows starts. Trojan FakeAlert may display many popups and fake security alerts, hijack Internet Explorer, disable Windows Task Manager and Registry editor.Also it is usually installed in conjunction with a rogue antispyware programs.

If your computer is infected, then use these removal instructions below, which will remove sshnas.dll (sshnas21.dll) trojan and other components of trojan FakeAlert for free.
Continue reading How to remove sshnas.dll or sshnas21.dll trojan (Remove trojan FakeAlert)…

How to remove thefeedwater.com and providefeed.com redirect (Calc.dll trojan)

Thefeedwater.com and providefeed.com are a malicious websites. If your browser is redirected to these sites as well as toseeka.com, asterplex.com, webfindengine.com, clickfreesearch.com, then your computer is infected with Calc.dll and ntuser.dll trojans. Once running, the trojan will displays a lot of popups, fake security warnings and offers to install other potentially unwanted software and rogue antispyware applications. However, all of these warnings should be ignored! Use these free instructions below to remove thefeedwater.com and providefeed.com redirect and any associated malware from your computer.
Continue reading How to remove thefeedwater.com and providefeed.com redirect (Calc.dll trojan)…

How to remove Conflicker.B spam-trojan (Uninstall instructions)

Conflicker.B spam-trojan is a trojan that installs Antivirus Pro 2010 (rogue antispyware program) and displays fake security alerts on compromised computer. This trojan infects computers via spam emails with header “Conflicker.B Infection Alert”. The contents of the SPAM email is:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

The email contains an attachment named “install.zip”. The zip file contains a file called install.exe that a trojan-downloader. Once install.exe is run, it will display a lot of fake security alerts that says “Windows has detected an infection” and will download and install the fake security program (rogue antispyware) called Antivirus Pro 2010.

It is important to know that Antivirus Pro 2010 is fake, does not offer any protection to computer and uses false scan results, fake security alerts, nag screens in order to scare you to buy the paid version of the software. If your computer is infected, then use these removal instructions below, which will remove Conflicker.B spam-trojan, Antivirus Pro 2010 and any other infections you may have on your computer for free.
Continue reading How to remove Conflicker.B spam-trojan (Uninstall instructions)…

How to remove msivxserv.sys trojan (Google redirect virus)

MSIVXserv.sys trojan is a new hidden trojan/rootkit from DNSChanger trojan family. The trojan uses rootkit-specific techniques designed to hide the software presence in the system. Once infected it blocks user access to security websites, blocks Spybot, AdAware, AVG, Superantispyware and Malwarebytes Anti-malware. Search results in Google, Yahoo, MSN and other redirects you to other non related sites.

Also msivxserv.sys trojan changes the DNS server options to the following fixed IPs: 85.255.112.95, 85.255.112.171, 85.255.112.204, 85.255.112.90.

Use the free instructions below to remove msivxserv.sys trojan and any associated malware from your computer.
Continue reading How to remove msivxserv.sys trojan (Google redirect virus)…