Showing posts with label how. Show all posts
Showing posts with label how. Show all posts

Thursday, November 10, 2011

Privacy Protection - Removal Guide ( FakeAV Rogue )

Privacy Protection - dangerous virus, also known as FakeAV or Rogue. It block most of all programs and you can't to do anything.

To remove this virus first of all you need kill them from memory.

Click "Start" menu and select "Run" option. Type-in the following text exactly as it is specified here:
taskkill.exe /F /IM privacy.exe


This will kill the process of Privacy Protection virus. (if you could not do it from the first attempt then try again)

When the virus outside of memory you can do something to remove it from you PC forever.

Go to the website www.Trojan-Killer.net and download Trojan-Killer.

Run and install it.


Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.


When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.




Files are created:
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\All Users\Application Data\privacy.exe
C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk


Register:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Privacy Protection = C:\Documents and Settings\All Users\Application Data\privacy.exe
Author: на No comments:
Keywords: , , , , , ,

Wednesday, November 9, 2011

AV Security 2012 - How To Remove - FakeAV - Rogue

AV Security 2012 - it is fake antivirus. Only money ransom.





Files are created:
C:\Documents and Settings\<UserName>\Application Data\iEEDV8olEViWC\AV Security 2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Security 2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
C:\WINDOWS\system32\AV Security 2012v121.exe
(Will be possible to meet such a file C:\WINDOWS\system32\virus.exe)




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qxxTGN9pR8234A"="C:\WINDOWS\system32\AV Security 2012v121.exe"

Random key names.


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.




Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.




When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)
Author: на No comments:
Keywords: , , , , , ,

Tuesday, November 8, 2011

System Security 2012 FakeAV How To Remove

System Security 2012 - it is fake antivirus. Only money ransom.



Files are created:
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Application Data\rCC66jQAXymZtn3\System Security  2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Desktop\System Security  2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security  2012\System Security  2012.lnk
C:\WINDOWS\system32\pttggOL3r.exe (It's random file name)
C:\WINDOWS\system32\System Security 2012v121.exe




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"


Random key names.



To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.






Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.






When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)
Author: на No comments:
Keywords: , , , , , ,

Monday, October 31, 2011

System Security 2011 - Fake AV - Rogue - Removal Guide


System Security 2011 - it is fake antivirus. Only money ransom.



Files are created:


C:\Documents and Settings\<UserName>\Application Data\GRRFB8olDViWCkC\System Security  2011.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\System Security  2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security  2011\System Security  2011.lnk
C:\WINDOWS\system32\D888oFB8lEViW6j.exe (It's random file name)




Registry edit:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"


Random key names.



To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.






Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.






When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)
Author: на No comments:
Keywords: , , , , , ,

Monday, October 10, 2011

Cloud Protection - Rogue, Fake Anti Virus, Ransomware. Delete Guide.

Cloud Protection - it is fake antivirus. Only money ransom.



Files are created:

C:\Documents and Settings\<UserName>\Application Data\g44tgnOLrfI2dJw\Cloud Protection.ico
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\Cloud Protection.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\2.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\svhostu.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\Cloud Protection\Cloud Protection.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Startup\crss.exe
C:\Program Files\Internet Explorer\1.tmp
C:\WINDOWS\system32\D88olEDV7kS7kSu.exe



Registry edit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tAAX5yhmP4gO3fK8234A" = "C:\WINDOWS\system32\D88olEDV7kS7kSu.exe"


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.






Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.






When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)
Author: на No comments:
Keywords: , , , , , ,

Friday, September 30, 2011

How to define - a malicious program or not


Download and install the System Explorer.
Run it and go to the tab Processes.
Select a suspicious process, click on it by right-click, on the shortcut menu select File Check - Virustotal.com as shown below.



File upload to Virustotal.com and opens a browser window with information about this file.






On this page you will see a list of antivirus software, and in front of their verdict on this file.
If the majority of antivirus programs define it as malicious, you can safely delete it.
Do not forget that to remove a trojan or other malicious programs must not only memory but also from the disk where it stores its own copy, and startup.
Author: на No comments:
Keywords: , , ,

How to remove programs from startup


Download and install the System Explorer.
Run the System Explorer and go to the second tab.
Try to change it so that displayed information about the startup as shown below.






In order to remove the program from startup, press the right mouse button, and click Delete Item.


Be careful when removing programs from startup. Do not remove the system and useful processes.
Author: на No comments:
Keywords: , , , ,

How to kill the process from memory


The easiest method to remove malware from memory is to download and run Trojan-Killer.
This program is a file scanner. Excellent find and remove any malicious software once and forever.
Clean your computer from infection in the autorun in the registry and on disk.


Another way - use Task Manager. Not the best, but execute without downloading any software.
To do this, press the key combination [Ctrl + Alt + Delete] or [Cltr + Shift + Escape].
After that, should start the Task Manager.
Go to the tab Processes, in the list that opens, select the malicious process, click End Process or Delete key on your keyboard. On the message, click Yes.


I recommend to download and install the System Explorer.
This program is similar to Task Manager, but has many advantages and ease of use.
Firstly a list of processes easier to understand and have the opportunity to see the information about running processes, their location on the disk, and you can check out any process for viruses. Next I'll describe in more detail.


Install the System Explorer. Run it.






To remove the the process from memory, click on it right mouse button and click End Process.






But remember, you only remove it from memory, if it is a malicious file - it is registered in the startup and will start again when you restart the system.
Before removing the process you can check File Directory Explore - opens the folder where this file exists.
If you are sure that this is a malicious program, then delete it from the process, and then remove from the disk.


I recommend reading the following articles:
How to define - a malicious program or not.
How to remove programs from startup.
Author: на No comments:
Keywords: , , , ,

Wednesday, September 28, 2011

How to kill malicious processes

Typically, antivirus and antimalware applications ( like Trojan-Killer ) kills malicious processes automatically once detected. That is a preferred way, as these tools know how to precisely recognize bad processes. However, under certain circumstances processes need killing before running scan:
You want to delete malware manually
Malware processes block removers from execution or updating their database
You can not download anti-malware tools
Malware tools do not have particular version of parasite in database yet and can not detect it.
It is important to know, that this important first step will stop symptoms for this reboot only, you will need to proceed with removal steps for completely cleaning the PC.

In case you fail to launch Spyware Doctor or any other program, first try rightclicking on them and running as administrator (on windows 7 or Vista).


Using safe mode
Most of malicious processes are inactive when PC operates in safe mode with networking. To reach safe mode with networking, do following:
  1. Reboot
  2. Press F8 early on (you can press F8 couple times)
  3. Choose Safe mode with networking (preferably) or safe mode from menu
  4. On success you should not see any alerts that bother you under normal mode continue to next steps of malware removal.
This will not work if malicious process is launched using drivers, master boot record or (in safe mode with networking) launched together with browser. Also, Safe mode might be disabled.

Killing processes using task manager
The benefit of using task manager is that you do not need to download anything. Task manager is present in all windows computers, though it might be disabled and provides little control

  1. Open task manager by either pressing ctrl+shift+esc or pressing ctrl+alt+del and choosing from menu. For best results, try doing so just after windows login, while other processes are still loading
  2. If it fails, go to go to Start->Run and type taskmgr
  3. If this fails, go to C:\Windows\System32, copy taskmgr and rename it to 1.scr , 1.com or other random name. Launch that file. You can try right-clicking on it and choosing Run as administrator on Windows Vista or Windows 7
  4. Choose process TAB, choose to see processes of all users (optional)
  5. Choose malicious process from the list, right click on it
  6. Press End process
On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

Sometimes task manager is disabled by malware. A workaround would be to go to C:\Windows\System32, Make copy of taskmgr.exe and rename it to 1.exe or iexplore.exe . Launch the file.

Killing processes using process explorer
Process explorer provides more information on how the processes were launched. Also it is not blocked together with Task Manager. If it is blocked from execution, try saving it as 1.scr, 1.com or iexplore.exe before execution.
  1. Download Process explorer from here : http://download.sysinternals.com/Files/ProcessExplorer.zip and unzip.
  2. Launch process explorer (procexp.exe)
  3. Select malicious process and press DEL.
On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.


Author: на No comments:
Keywords: , , ,
Subscribe to: Posts (Atom)