| Recent Posts |
|
| Free Scanners |
|
|
| How to Prevent Spyware |
| Spyware and other unwanted software can invade your privacy, bombard you with
pop-up windows, slow down your computer, and even make your computer crash. Here
are several ways you can help protect your computer against spyware and other
unwanted software.
more >> |
| Microsoft Security Updates |
| As part of Microsoft's routine, monthly security update cycle, today we
released two new security updates.
more >> |
| Protecting Your Computer |
| Here are 4 basic steps to protect your computer against attacks and threats.
more >> |
| Minimizing the Risk
|
| Using Internet communication tools such as chat rooms, e-mail, and instant
messaging can put children at potential risk of encountering online predators.
more>> |
|
|
| Tuesday, May 30, 2006 |
Trojan.Alemod.F monitors web traffic and download remote files and execute it to infect the computer. It can redirect web pages to a predefined websites.
Symptoms:
Redirects homepage and internet browser.
How to Remove Trojan.Alemod.F:
Please use Removal Method 1. Cick here.
|
posted by hitech-leiza @ Tuesday, May 30, 2006  |
|
|
|
|
|
Securityfeature.com is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.securityfeature.com
How to Remove securityfeature.com
Please use Removal Method 1. Cick here.
|
| posted by hitech-leiza @ Tuesday, May 30, 2006 |
|
|
|
|
| Monday, May 29, 2006 |
Thespyguard is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.thespyguard.com
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Malwarewipe is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.malwarewipe.com
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Pesttrap is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.pesttrap.com
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Securitybulletin is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.securitybulletin.net
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
Securityuptodate is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.securityuptodate.net
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
bestsafetyguide is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed.
Symptoms:
Redirects homepage and internet browser to www.bestsafetyguide.com
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 (press 1 on keyboard) and hit "Enter"; a text file will appear, which lists infected files (if present).
4. Download Ewido and save to your desired location.
5. Install Ewido and download all necessary updates.
6. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
7. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
8. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
9. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics:
This is the detection for a trojan that is reported to be distributed by the name Stickrep.dll, its default installation path is %sysdir%. However, to install it is not dependent upon the directory it resides in. Upon execution the DLL file creates a tray icon showing a fake warning message such as "Your Computer is Infected!"
Symptoms:
SpywareQuake download will pop-up it not yet present on your computer.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download SmitFraudFix and save to your desired location.
2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
3. Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics:
This is a detection for an FTP script which is dropped by a virus.
The machine which identifies the script has been remotely "attacked" by a machine which is infected with one of many variants of W32/SDBot.worm
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Proceed to W32/Sdbot.worm family.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
W32/Sdbot.worm is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics:
In typical Sdbot evolutionary fashion, MS05-039 exploit code has been added to the Sdbot virus family. The same activity happened around DcomRPC, LSASS, and a host of other common vulnerabilities. This description covers the initial MS05-039 flavored Sdbot. At least one other MS05-039 exploiting Sdbot variant is known to exist, and at least 3 other SVKP repacks are also known. Like many Sdbots, certain functionality is only activated upon receiving the appropriate command from a BOT commander. If the bot is unable to connect to the hard coded server/channel, that functionality would not be executed.
Files and process known to be related to W32/Sdbot.worm are:
1. pnpsrv.exe
Symptoms:
Files DcomRPC and LSASS error.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
Adware-SaveNow is generally software that displays advertisements. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.
Characteristics:
Upon execution this file launches an installation dialogue and presents a license agreement. A brief overview of the software’s functionality and intended use is also present. After pressing “I Agree” the software creates several files, along with an entry in the registry “Run” key to ensure launch at startup. If Internet Explorer is currently running, the software contacts the WhenU servers and downloads configuration data, then displays a new browser window indicating that the SaveNow software has been installed. A link to the privacy policy is present on this page. Following installation, the software monitors browsing activities and pulls down advertising from the WhenU servers when it detects a match with its local database.
Files and process known to be related to Adware-SaveNow - WhenU.SaveNow are:
1. savenowinst.exe
2. babe-bs.exe
3. bsaveinstwm.exe
4. nowbox.exe
5. save.exe
6. saveinstwm.exe
7. savenow.exe
8. savenowinst.exe
9. sync.exe
10. saveinstcm.exe
11. whenu.exe
12. sebqiwg.exe
13. glf3c.exe
14. searchupdate.exe
15. saveupdate.exe
Symptoms:
Targeted Pop-up advertising.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Overview:
180search Assistant is an adware program that delivers targeted pop-up advertisements to a user’s computer. Whenever a keyword is entered into a search engine or a targeted Web site is visited, 180search Assistant opens a separate browser window displaying an advertiser's Web page that is related to the keyword or site.
Characteristics:
This is not a virus or a Trojan. It is a direct-marketing adware application. On execution of the application it installs CEDP Stealer on the system. As soon as this application is accessed first time it opens a web page for “sherv.net” and starts downloading and installing 180search Assistant silently in the background. Two BHOs are also added.
Files and process known to be related to Adware-Kazoom.dr - 180search Assistant are:
1. CEDP.Stealer.exe
2. 180sa.exe
3. 180sahook.dll
4. a.exe
5. bridge.dll
6. AHNUXEKR.exe
Symptoms:
Redirects web browser to 180 Search Assistant
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
|
Characteristics:
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Files and process known to be related to Adware-CoolWebSearch are:
1. coolwebsearch-org.dll
Symptoms:
Internet browser web page was modified to coolwebsearch web site.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Monday, May 29, 2006 |
|
|
|
|
| Sunday, May 28, 2006 |
Overview:
Adware-ISTBar is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Characteristics:
Adware-ISTBar is not a virus or trojan. It is a direct-marketing adware application from istbar.xxxtoolbar.com
This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.
Files and process known to be related to Adware-ISTBar are:
1. IstBar_DH.dll
2. istbar.dll
3. istbarcm.dll
4. istdownload.exe
5. cmctl.dll
6. istbarcm.dll
7. ysbactivex.dll
Symptoms:
Installs an Internet Explorer toolbar. Redirects Internet Explorer Homepage.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Removal Tool Provided by Symantec:
1. Download FxIstbar and save to your desired location.
2. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run FxIstbar.exe and scan computer and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Characteristics:
Perfect Keylogger is a spyware application. It is not a virus or trojan, but is classified as a "potentially unwanted program" and may be detected accordingly with VirusScan 7 when scanning for potentially unwanted programs. The keylogger is designed to monitor system use. Information gathered includes:
- Typed keystrokes including passwords
- Screen shots
- Websites visited
- Windows clipboard
Logged information may be emailed to a specified address, or FTPed to a specified account. Additionally the program attempts to run hidden and bypass firewall programs.
Files and process known to be related to Perfect Keylogger are:
1. apps.dat
2. bpk.bin
3. bpk.dat
4. bpk.exe
5. bsdhooks.dll
Symptoms:
Presence of files listed above.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
Trojan Downloader-AUB is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics:
Trojan Downloader are designed to download files from a remote website and execute the files that have been downloaded.
As it is trivial for the malware author to modify the Downloader to refer to a different website or web address, McAfee write detection routines for Downloaders which as a general rule do not include these strings in the detection routines.
Files and process known to be related to Trojan Downloader - Downloader-AUB are:
1. ipcon32.exe
Symptoms:
An instance of newly installed software without user intervention.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics:
Trojan Downloader are designed to download files from a remote website and execute the files that have been downloaded.
As it is trivial for the malware author to modify the Downloader to refer to a different website or web address, McAfee write detection routines for Downloaders which as a general rule do not include these strings in the detection routines.
Files and process known to be related to Trojan Downloader - Downloader-AVC are:
1. invisibledrvnt.sys
2. useful[1].exe
3. lvsrev.exe
Symptoms:
An instance of newly installed software without user intervention.
Source: MCAfee Threat Center
MCAfee Users Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
Adware.YourSiteBar is an Internet Explorer toolbar published by Integrated Search Technologies. It is usually distributed with Adware.SideFind and Trojan.ISTsvc.
Characteristics:
This is not a virus or trojan. It is a direct-marketing adware application. This application installs a tool within the Internet Explorer.
This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.
Files and process known to be related to YourSiteBar are:
1. ysb.dll
2. imagemap_normal.bmp
3. version.txt
4. yoursitebar.xml
Symptoms:
A blank toolbar is created in the Internet Explorer browser.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
First, use the ADD/REMOVE Programs Control Panel in Windows to remove this program. Proceed below if unsuccessful
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
SpywareQuake is a Security Risk that is installed without user notification or consent by a Trojan.
Characteristics:
This is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an anti-spyware application claiming to remove unwanted malicious spyware programs. In order to clean or delete any files labeled as “malicious spyware”, you must first enter a valid serial number to activate the full version or click on the “Buy Online” button and purchase the full version. This has been reported to be distributed in wild via exploits and trojan downloaders .
Files and process known to be related to SpywareQuake are:
1. blacklist.txt
2. English.ini
3. msvcp71.dll
4. msvcr71.dll
5. ref.dat
6. SpywareQuake.exe
7. SpywareQuake.url
8. uninst.exe
Symptoms:
SpywareQuake Pop-Up, Taskbar Icon, Security Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
Characteristics:
This is not a virus or a trojan. It is detected as a "potentially unwanted program". It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. This has been reported to be distributed in wild via trojan Vundo. Other incarnations of this software exist with the same model and similar web presences (for example WinFixer).
Files and process known to be related to SysProtect are:
1. Activate.dat
2. bnlink.dat
3. df_fixer.dll
4. df_proxy.dll
5. FxCore.dll
6. MMFx.dll
7. SYP.url
8. StrRes.dll
9. sscan.sys
10. sr.exe
Symptoms:
Sysprotect Pop-Up, Taskbar Icon, Security Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
StartPage is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics:
StartPage is a trojan which modifies Internet Explorer's default startpage.
Files and process known to be related to StartPage are:
1. uis8.bat
2. [Random Filename].scr
3. index.html
Symptoms:
Modifies default start page in Internet Explorer.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
Adware-PestTrap is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed. In a further attempt to get you to purchase the full version of the product, it regularly displays an "always on top" alert warning of potential threats and urging the user to purchase the full software. It also creates an entry in the registry Run key to ensure it is launched and performs a scan at each system startup. In order to clean or delete any elements identified as threats, you must enter a valid serial number to activate the software, which requires purchase of the full version.
Characteristics:
There are multiple versions of this software, primarily involving only a name & domain change, along with aesthetic changes to the software graphics and interface. Some versions include "SpySheriff", "SpyTrooper", and "SpywareNO!". Beyond intentional download and installation by the end user, they have been found to be installed via browser exploits
Files and process known to be related to Adware-PestTrap are:
1. pesttrap.exe
2. uninstall.exe
3. pesttrap.dvm
4. notfound.wav
5. heur00_.dll
6. found.wav
7. base00_.avd
8. pesttrap.lnk
Symptoms:
PestTrap Pop-Up, Taskbar Icon, Security Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
|
Overview:
Adware-SpySheriff is not a virus or a trojan. It is detected as a "potentially unwanted program." This is an anti-spyware application claiming to remove unwanted malicious spyware programs but requires paid registration before any issues found can be fixed. In a further attempt to get you to purchase the full version of the product, it regularly displays an "always on top" alert warning of potential threats and urging the user to purchase the full software. It also creates an entry in the registry Run key to ensure it is launched and performs a scan at each system startup. In order to clean or delete any elements identified as threats, you must enter a valid serial number to activate the software, which requires purchase of the full version.
Characteristics:
There are multiple versions of this software, primarily involving only a name & domain change. Known versions include "SpyTrooper" "PestTrap" and "SpywareNO!"
Files and process known to be related to Adware-SpySheriff are:
1. uninstall.exe
2. spysheriff.exe
3. spysheriff.dvm
4. removed.wav
5. procmon.dll
6. notfound.wav
7. iesecurity.dll
8. heur00_.dll
9. spysheriff.lnk
10. base.avd
Symptoms:
SpySheriff Pop-Ups, Taskbar Icon, Security Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Sunday, May 28, 2006 |
|
|
|
|
| Saturday, May 27, 2006 |
Overview:
NDotNet is not a virus or a trojan. It is detected as a "potentially unwanted program." It utilizes low-level integration with a system's networking to provide resolution of additional unofficial top-level domains (eg: .shop, .xxx, .inc, .tech, .med, and others) which are controlled by New.net. A Browser Helper Object (BHO) is installed in Internet Explorer and a new provider is added into the Layered Service Provider (LSP) stack. This BHO-LSP combination intercepts requested URLs containing applicable top-level domains and maps the requests to the appropriate new.net subdomain. Default address bar searches and 404 "page not found" errors are redirected to http://find.reliableresults.info .
Characteristics:
NDotNet may display a license agreement when installed (in some instances, such as a bundeled version of the Adware-Quickbar installer, no license agreement was shown). Although not observed during analysis, the agreement outlines both automatic upgrades and possible third party content or services being delivered via the software.
Files and process known to be related to NDotNet are:
1. sporder.dll
2. ndnuninstall6_38.exe
3. uninstall6_38.exe
4. readme.html
5. newdotnet6_38.dll
6. (username)@www.new[#].txt
7. Newdotnet3_88.dkk
8. Nnezt388.exe
9. tldctl2.inf
10. tldctl2.ocx
Symptoms:
Internet browser redirection.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Removal Tool:
1. Download NDotNet Removal Tool provided by Symantec. click here
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
Adware-DesktopMedia is not a virus or a trojan. It is a Browser Helper Object (BHO) that may redirect web browsing and/or produce intermittent popup advertisements (typically in Chinese - see for an example) while the user browses the web with Internet Explorer. Upon execution, the application contacts dmcast.com for random links to advertisement websites.
Characteristics:
Adware-DesktopMedia application displays an End User License Agreement (EULA) in Chinese during installation. The agreement covers licensing/usage obligations and the user authorizes the popup advertisements upon installation. It may also be installed with other ad-supported applications which may display a varied version of the EULA. This agreement is not available on the vendor's dmcast.com website.
Files and process known to be related to Adware-DesktopMedia are:
1. dmbar.dll
2. dmshell.dll
3. dmipn.dll
4. dmsched.exe
5. dmplayer.dll
6. uninstall.exe
7. dmdaemon.dll
Symptoms:
Chinese Installer, 89178.com.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
Adware-SpyFalcon is an anti-spyware or security software applications that use either various forms of deception and/or unethical means or show a history of negligent false positives to goad the end user to make a purchase.
Characteristics:
Adware-SpyFalcon is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an anti-spyware application claiming to remove unwanted malicious spyware programs. It is a re-branding of Adware-Spyaxe , which is known to be installed by a Trojan that displays fake warnings (some appearing to be Microsoft Security Center or Windows Update warnings) which may lead you to believe that your computer is infected with malicious spyware programs. In order to clean or delete any files labeled as “malicious spyware”, you must first enter a valid serial number to activate the full version or click on the “Buy Online” button and purchase the full version.
Files and process known to be related to Adware-SpyFalcon are:
1. uninst.exe
2. syg.db
3. spyfalcon.url
4. spyfalcon.exe
5. msvcr71.dll
6. msvcp71.dll
7. blacklist.txt
8. english.ini
9. spyfalcon 2.0.lnk
10. spyfalcon 2.0 website.lnk
Symptoms:
SpyFalcon Pop-Up, Taskbar Icon, Threat Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
SpywareQuake is a Security Risk that is installed without user notification or consent by a Trojan.
Characteristics:
SpywareQuake is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an anti-spyware application claiming to remove unwanted malicious spyware programs. In order to clean or delete any files labeled as “malicious spyware”, you must first enter a valid serial number to activate the full version or click on the “Buy Online” button and purchase the full version. This has been reported to be distributed in wild via exploits and trojan downloaders.
Files and process known to be related to SpywareQuake are:
1. blacklist.txt
2. English.ini
3. msvcp71.dll
4. msvcr71.dll
5. ref.dat
6. SpywareQuake.exe
7. SpywareQuake.url
8. uninst.exe
9. SQLanguage.ini
10. ref.dat
Symptoms:
SpywareQuake License Agreement, Taskbar Icon, Threat Warning.
Source: MCAfee Threat Center
MCAfee User Removal: click here
How to Remove SpywareQuake
Please use Removal Method 1. Cick here.
|
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
This is not a virus or a trojan. It is detected as a "potentially unwanted program." It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. For example, a cookie from the winfixer.com domain was detected, along with several shortcuts that were pointing to valid existing targets. Although some detected items may be legitimate, the fact that clearly benign items are cited as problems is questionable. The primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections. .
Characteristics:
This is a program that when active on a computer, can display pop-up advertising, and may also redirect browsers to websites controlled by the makers of this program. The EULA also allows updates and further programs to be installed on a computer running this application.
Other incarnations of this software exist with the same model and similar web presences, coming from the same IP address range. For example, ErrorSafe (www.errorsafe.com, 66.244.254.63) claims to protect a user from system errors, corrupt data, and crashes
Symptoms:
Winfixer 2005 Pop-Ups, Taskbar Icon, Threat Warning .
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
Adware-ZangoSA is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Characteristics:
Adware-ZangoSA is a program that when active on a computer, can display pop-up advertising, and may also redirect browsers to websites controlled by the makers of this program. The EULA also allows updates and further programs to be installed on a computer running this application.
When run, it may contact one or more of the following sites to download updates and advertising banners:
- ping.180solutions.com
- config.180solutions.com
- bis.180solutions.com
- downloads.180solutions.com
- tv.180solutions.com
Symptoms:
Pop-Ups, Internet Explorer redirection.
Source: MCAfee Threat Center
MCAfee User Removal: click here
Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
This malawre may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Characteristics:
Adware-abetterintrnt gathers system and browsing information and sends this to domains within abetterinternet.com, such as c.abetterinternet.com, .abetterinternet.com and download2.abetterinternet.com
Files and process known to be related to Adware-abetterintrnt are:
1. sfbnsp.dll
2. ALCXMNTR.EXE
3. wmpservice.exe
4. wldepl40.exe
5. xyfnf.exe
6. hnrvvb.exe
7. apphelp.exe
Symptoms:
Loss of internet access.
Source: MCAfee Threat Center
Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu
4. Run a full scan and delete infections that are detected.
note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.
5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu
6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner
If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
|
Overview:
This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Characteristics:
Adware-Look2Me is not a virus or trojan. It is a direct-marketing adware application. This application monitors internet surfing habits in a variety of different browser software, to personalize ad content.
Files and process known to be related to Adware-Look2me are:
1. Digital Signature [8 digit number].htm
2. no.exe
3. nsdtmp09.dll
4. RH.DLL
5. RH.exe
6. SE.exe
7. SED.exe
8. UpdInstall.exe
9. InetFuel.exe
10. [random file name].dll
Symptoms:
Pop-Ups, Internet Explorer redirection.
Source: MCAfee Threat Center
Removal:
Download Removal Tool Here |
| posted by hitech-leiza @ Saturday, May 27, 2006 |
|
|
|
|
| Free Stuff |
|
| Ads |
|
Sidebar
|
| Archives |
|
|
| Powered by |
 |
|
