Spyware removal tutorials - HOWTOs
 |
Been infected with spyware? Has not found Spyware removal tutorial for your problem ? Tell us about your problem! |
How to fix shell.exe, spoolvs.exe problem
Symptoms:
* Start > Settings -> Control panel is missing
* Task bar icons informing you of an infection and taking you to legit looking security panel
* System pop ups and IE pop ups
* When you start PC, you can get a message: “Windows cannot find ‘C:\Windows\shell.exe’ Make sure you typed the file name correctly….”
How to remove beautyscreens.com/jokes.php popups
Symptoms:
* IE pop-up windows, mostly to a sites www.beautyscreens.com/jokes.php, winantivirus.com, www.winantiviruspro.com, winantispyware.com, partypoker.com.
* SpyBot found Smitfraud-C.Toolbar888, SearchClickAds, Win32.Small.dp
How to remove savetheinformation.com and secirityonpage.com hijackers
Symptoms:
* IE pop-up windows, mostly to a site called www.savetheinformation.com but also to some other sites
* Yellow baloons from taskbar prompting to download antispyware software.
* Grey pop-ups, like error messages, also prompting to download antivirus/spyware software.
* 2 programs added to start menu program list: online security guide and live safety center
* when you open an IE window it goes to www.savetheinformation.com
How to remove Pcsecuritylab.com Hijacker
Pcsecuritylab.com is a browser hijacker. It automatically runs on every Windows startup. Pcsecuritylab.com is a very high security risk threat and should be removed immediately as to prevent harm to your computer and your privacy.
How to remove xlavra (Trojan-Downloader.Win32.Agent) and Wintools adware
WinTools is an adware that adds a toolbar to your browser and generating annoying popups and balloon dialogs.
IE Defender a rogue antispyware application that is starting to infect a lot of users. This particular infection is harder to remove. Also IE Defender installed in your Internet Explorer browser that hijacks searches you input into the Google and Yahoo search engines.
How to remove safenavweb.com hijacker
Symptoms: system keeps popping up warning messages & launching Internet Explorer & directing it to safenavweb.com
How to remove trojan dns/changer
Trojan DNSChanger (both Windows and Mac versions) hijacking your DNS settings and then redirecting you to malicious websites, stealing personal identities, killing your dog and even crank-calling your grandmother with naughty messages.
Automatic removal HaxDoor trojan
This trojan allows others to access the computer, drops more malware, installs itself in the Registry.
Automatic removal MBS Account Manager
MBS Account Manager is a program from Micro Bill Systems in the UK. The program provides billing and collection services for websites (mostly adult in nature). This software is potentially unwanted as apart from constantly displaying demands for money for it’s services, attempts to install further unwanted components using ActiveX. MBS Account Manager will display a bill as a pop-up, when the bill is ignored, the popups become more frequent.
How To Remove Spylocked And Spywarelocked rogue antispyware
SpyLocked (SpywareeLocked) is the fake anti-spyware, or rogue antispyware program. This program usually installed itself onto your PC without your permission, through Zlob Trojan, Virus, fake audio/video codecs. SpyLocked will show fake system alerts or fake security alerts to trick user to buy the Paid Version of SpyLocked.
pop-ups coming up everytime when you start your computer
The vulnerability is caused due to a boundary error in the Microsoft Vector Graphics Rendering(VML) library (vgx.dll) when processing certain content in Vector Markup Language (VML) documents. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a malicious VML document containing an overly long “fill” method inside a “rect” tag with the Internet Explorer browser.
How to remove DriveCleaner Infection
DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks.
How to protect from PowerPoint 0-day vulnerability
Unspecified vulnerability in mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows remote user-complicit attackers to execute arbitrary commands via a crafted PPT file, which causes a “memory corruption error,” and exploited by Trojan.PPDropper.B
How to remove antispywarebox hijacker
Symptoms:
Explorer opens to about:blank and displays a Windows Security Center (remove spyware alert) & link directs to http://www[dot]antispywarebox[dot]com/index2.php?aff=0&wd=C:/WINDOWS
fake security warnings popup in the bottom right of screen. Examples:
- “Your computer is working slowly!”
- “Alert! You are receiving spam!”
- “Warning! Your security and privacy are at risk!”
- “You computer is not protected against spyware!”
- “Danger! Spyware activity detected on your computer!”
- “Alert! A minimum of 7 spyware items found!”
How to remove NEED2FIND and RXToolbar
Need2Find is an adware promoted by Ask Jeeves. Ask Jeeves distributes a variety of programs that offer users some trinket of apparent value (e.g. smileys for email programs) while also adding an extra toolbar to users’ web browsers. Ask Jeeves promotes these programs in ways that do not entail meaningful user consent.
How to remove guardupdate.com, startupguarduptodate.com, guarduptodate.com homepage hijackers
Symptoms:
- Homepage hijacked and you got redirect to guardupdate.com, startupguarduptodate.com, guarduptodate.com.
- Many more popups.
- Yelloe triangle pops up in the bottom of the task bar flashing and saying that your PC have infected.
How to remove Spyware Sheriff and Antispylab
Spyware Sheriff is an rogue antispyware application that uses Trojans and other malware into tricking or scaring you into purchasing it. If you are infected with this malware, your Internet Explorer home page will be reset to about:blank and display a fake Windows Security Center alert stating that you are possibly infected.
How to remove Spyware Soft Stop | More info
Spyware Soft Stop is a rogue antispyware.
Once installed this program will issue fake taskbar alerts, which look like Windows Security alerts, stating that you are infected with various viruses and advising you to click on the icon to remove them.
Look2Me adware operates in stealth and displays an excessive amount of pop-up advertisements. Most common are IE pop-up windows, but some pop-ups are tailored by shape and animation. Some of the advertisements push the user to install ErrorGuard or WinFixer
How to drop rights for safe surf
…You have simple solution for safe surf: running your browser, e-mail, and perhaps other regularly used Web-facing programs each under its own less-privileged account…
Vundo (VirtuMonde, WindowsUpd, Adware.VirtuMonde, TrojanDownloader.Win32.Agent.e, ADW_TARGETSOFT.A) is an adware program that downloads and displays popup advertisements. It also offers to install other potentially unwanted software.
Standart symptoms: computer work slow, pop ups from Adult Friend Finder, you have found rogue anti-spyware
How to disable Active Scripting support
This howto describes steps that may help you solve problems with Active Scripting support in Internet Explorer. These steps disable Active Scripting support in Internet Explorer and should be considered temporary measures until the underlying problem is resolved. If you disable Active scripting support in Internet Explorer, the functionality of many Web sites on the Internet will be affected.
How to remove SpywareQuake | More info
SpywareQuake is a rogue anti-spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program.
How to remove BraveSentry | More info
BraveSentry is a rogue anti spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version.
Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a “skinable” browser toolbar for Internet Explorer…
…The Hotbar software may be installed at the vendor’s web site by a traditional download process or by an Active X process sometimes found in confusing circumstances such as banner ads and pop-ups at third party web sites including some kids sites.
How to remove AlfaCleaner | More info
AlfaCleaner is a rogue anti spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version.
AlfaCleaner is a variant of the Anti Virus Pro, Winhound Spyware Remover, & XSRemover
Downloadable from alfacleaner.com, innovagest2000.com
How to block Drag-and-Drop Vulnerability
Microsoft Internet Explorer suffers from a vulnerability in its handling of certain drag-and-drop events. As a result, it is possible for a malicious web site to predict and exploit the timing of a drag-and-drop operation such that any drag operation (including using scroll-bars) could potentially lead to the installation of arbitrary files in sensitive locations that may enable further system compromise.
How to remove SpyFalcon | More info
SpyFalcon is a rogue anti spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. If you are infected with this program you may receive warnings in your task bar that appear to be from Microsoft Security Center stating that you are infected with spyware and to run its special anti-spyware tool.
This tool turns out to be the commercial version of SpyFalcon. These warnings are fake and are a goad to have you buy the commercial version of this software.
How to recovery lost files (due to W32.Blackmal.E@mm - BlackWorm virus or other reasons)
…First if at all possible TURN off the computer and put the infected drive on another system that is not infected.
If for one reason or another you can not you should cosider one of the cdrom or floppy based
recovery systems and an extra drive…
How to remove VideoCodec3_05b - ICQCHK.exe - MSX.DLL | More info
ICQCHK Trojan is installed by VideoCodec3_05b.exe to help you play “funny” movies. Now the Trojan’s web sites are closed.
Related files in the %SysDir% folder (usually c:\ Windows\System32):
kaboom.dll, iewatch.exe, A0003016.exe, VideoCodec3_05b.exe, sysmon.exe, msx.dll, gtrack.dll, ietool[1].exe, ietool[2].exe, ietool[3].exe
How to remove AdwarePunisher - rogue anti spyware
AdwarePunisher - rogue antispyware (1, 2)
uses flawed, inadequate detection scheme; same app as AdwareBazooka, HitSpy, RemedyAntiSpy, SystemStable, & The SpyGuard.
How to remove BlackWorm, W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi | More info
Email-Worm.Win32.VB.bi is a mass-mailing worm that also tries to spread using remote shares. It also tries to disable security-related software.
How to remove SpywareStrike | More info
SpywareStrike is a program that displays an icon in the system tray.
This icons shows a balloon, which says that your computer is infected with dangerous spyware parasites and asks the user to download and install an antispyware program, which actually is SpywareStrike. Once the user clicks on such balloon, the trojan opens the official web site of SpywareStrike. It may also try to download the application. The SpywareStrike is able to change the Internet Explorer default home page and redirect the web browser to fake securety sites. SpywareStrike automatically runs on every Windows startup.
How to remove the Aurora, Nail.exe, Epolvy Hijackers
Nail.exe is a is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. Aurora.exe is an advertising program by Aurora. This process monitors your browsing habits and distributes the data back to the author’s servers for analysis. This also prompts advertising popups etc…
How to block WMF exploit | More info
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability.
The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine.
Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.
Winhound is a anti-spyware/antivirus program that is know to issue fake alerts on your computer in order to manipulate you into buying its full commercial version. If you are infected with this program you may receive virus alerts in your task bar that appear to be from Microsoft Security Center stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of Winhound. These alerts are fake and are a goad to have you buy the commercial version of this software. It will also hijack your desktop to show the following fake message: Warning Spyware Detected on Your System: Install an antivirus or spyware software to clean your computer.
How to remove Needupdate (securityerrors) hijacker
You can try the tutorial, if got redirect to these domains:
dns404.net, needupdate.com, yoursystemupdate.com, systemwarning.com, warningmessage.com, syserrors.com, notfound404.com, updateyoursystem.com, securityerrors.com, hdnsservidce.com, downldboost.com
How to Remove the Ist Bar (Trojan.ISTsvc)
Adware.Istbar is an adware component, which does one or more of the following:
* Installs an Internet Explorer toolbar
* Acts as a Home page and search hijacker
How to remove SpyAxe | More info
SpyAxe is a rogue anti-spyware program that is know to issue fake alerts on your computer in order to manipulate you into buying its full commercial version. If you are infected with this program you may receive virus alerts in your task bar that appear to be from Microsoft Security Center stating that you are infected with spyware and to run its special anti-spyware tool.
WinFixer is a bogus anti-spyware and spam-blocking application downloaded mainly from popup ads that would be convincing to the average user. It is also bundled with certain free downloadable applications. The program requires you to buy it for about $30. When bought, it scans the computer and replicates the cookie-handling function of Internet Explorer, meaning it’s useless to anyone with IE installed.
If installed, WinFixer will load on startup and use 100% of the user’s CPU. The program shows many “false positives” in its scan results, often targeting non-malicious files, or even essential files. If the user exits WinFixer, it will start up again within a short amount of time.
How to remove browser hijackers | More info
There is a despicable trend that is becoming more and more common wherein the browser settings of web surfers are being hijacked forcibly by malicious web sites and software which modifies your default start and search pages.
Sometimes internet shortcuts will be added to your favorites folder without asking you. The purpose of this is force you to visit a web site of the hijacker’s choice so that they artificially can inflate their web site’s traffic for higher advertising revenues.
CWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites (see below). Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.
The majority of users running WebHancer are not aware they are running it, unless they have noticed system side-effects or unusual data transfers from their machine. WebHancer, like “Comet Curse”, falls into the category of “everything-installs-it-can’t-get-rid-of-it” foistware, with completely unrelated software secretly installing the WebHancer product on the user’s system. (Given this, I think the program should be more aptly called “WebCancer”
In one of the most user-hostile moves I’ve seen in a while, the clandestine WebHancer install will alter critical Registry keys relating to Windows Sockets, causing the system’s Internet connection capabilities to break if the user dares to try uninstalling the spy. WebHancer’s makers claim not to modify system files (which is, technically, true) although they have confirmed that attempting to remove it will break your system.
How to detect keylogger on my computer
The spyware keylogger secretly steals data from users’ Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.
How to use “Internet Zone Settings”
Most of the Internet Explorer settings that we’ll be configuring apply to the Internet zone. The Internet zone is the default zone that all web sites fall into unless the user explicitly adds them to another zone (e.g., the Trusted sites zone or the Restricted sites zone).
How to use the HOST file to block ads | More info
You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.
How to install and use the Windows XP Recovery Console
The Recovery Console is a special boot up method that can be used to help fix problems that are preventing your Windows installation from properly booting up into Windows. This method allows you to access the files, format drives, disable and enable services, and other tasks from a console prompt while the operating system is not loaded.
How to show hidden files in Windows
By default Windows hides certain files from being seen with Windows Explorer or My Computer. This is done to protect these files, which are usually system files, from accidentally being modified or deleted by the user. Unfortunately viruses, spyware, and hijackers often hide there files in this way making it hard to find them and then delete them.
How to Disable System Restore in Windows ME or Windows XP
One of the best features of Windows ME or XP is the System Restore option, however if a virus infects a computer with this operating system the virus may be accidentally backed up because of this feature. In order to completely remove a virus on these operating systems, you should disable System Restore before cleaning the system, then reenable it after the system is clean.
How to protect my computer from spyware
The only way to protect against spyware attack is a solid anti spyware program. Don’t forget to update it regularly because new spywares are written everyday. Almost all anti spyware software has an “auto-update” feature I would recommend you utilize. I have some links to quality free anti spyware programs. Try them… and … safe surfing
Previous Posts:
- How to remove new rogue antispywares Malware Bell and IE Antivirus
- How to remove softwarereferral/safewebnavigate hijackers and etlrlws toolbar
- How to uninstall combofix
- Found new rogue antispyware programs
- How to remove braviax.exe/cru629.dat/users32.dat malware
- VirusHeat rogue antispyware - How To Remove
- Fresh updates to Ad-Aware and SpyBot-search & Destroy
- How to remove core.cache.dsk and parportt.sys
- How to remove CID popups
- How To Remove cyberstoll.com, search-daily.com hijacker and WebHancer spyware
- How to remove Video Add-on and antispyware/security toolbar 7.1
- Trojan Vundo/Virtumonde turns a good file into a Trojan-Dropper
- How to make Internet Explorer more secure
- New updates to Ad-Aware and SpyBot-search & Destroy
- How to remove webcry.com hijacker
- Found first Christmas malware
- Found some new fake codecs
- Cannot View Hidden Files And Folders. How to fix
- Hijacker will not let me download anti spyware program - how to fix
- How to fix shell.exe, spoolvs.exe problem
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (3)
- Browser Hijacking (rss) (13)
- Critical patch (rss) (21)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (63)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (34)
- Rookit (rss) (3)
- spyware (rss) (2)
- Spyware protection and removal (rss) (74)
- Tips (rss) (78)
- Trojan (rss) (35)
- Tutorials - "How to" (rss) (65)
- Updates (rss) (16)
- Virus (rss) (19)
- Worms (rss) (14)
Archives:
- May 2008 (1)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^