Tampilkan postingan dengan label Rogue programs. Tampilkan semua postingan
Tampilkan postingan dengan label Rogue programs. Tampilkan semua postingan

Rabu, 04 September 2013

Antivirus Security Pro Virus Removal Guide

Antivirus Security Pro is a form of malware and besides not doing what it says it will do, i.e. protecting your computer from…er…malware, in the more unpleasant scenarios it can actually infect your PC with even more unwanted software. It belongs to the Win32/Winwebsec malware family.

Scareware or rogueware, as it is also known, is slippery. It makes you think you need it when you don’t and just like the product itself its makers are equally cunning in their ways to ensure that it ends up installed on their victim’s machines.

Once it’s been installed on your computer you will then notice that you keep getting pop-up windows that tell you that you have this amount of unwanted items slowing your computer down or that you have that amount of viruses or malwares infecting your system. This window will very nicely ask you if you would like it to run a scan so it can tell you exactly what these problems are. You’re worried so you click ‘yes’ or ‘run scan’, then you sit back and wait as the software does…absolutely nothing (although it may show you a fake screen that looks like it’s scanning your files).


Once the pretend scan has taken place you’ll then be told that, yes, you have lots of potentially harmful issues on your PC and to remove them all you need to do is to enter your credit card details to upgrade to the full version of the security software. It’s the perfect scam – it plays on your vulnerabilities by making up fake issues and then offers you an instant solution. Only, you have to pay for that solution – and for those of us who have been sent into panic mode thinking that our online security is being compromised or that our files are going to be corrupted, it may well seem worth entering our payment details to make the 'problems' go away there and then.

When running, Antivirus Security Pro will display fake security alerts warning you about suspicious activities and dangerous network attacks. Less computer-savvy users may think these security warnings are coming from Windows security. After all, they do look quite convincing. However, most of the time, Antivirus Security Pro changes security settings and disables Windows security center.



It will also block your web browser saying that it's infected with Conflicker and similar malware.


What is more, this rogue can close other applications, modify security settings, block access to specific websites and even download additional malware onto your computer. To remove Antivirus Security Pro virus and related malware from your computer, please follow the removal instructions below. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Antivirus Security Pro virus removal using activation key:

1. Open Antivirus Security Pro scanner window. Click the "Buy Full Edition" link in lower right hand corner of the scanner window or simply choose to "Remove threats".



You should now see the payment page. Click "I already have activation key".

Enter the Antivirus Security Pro activation key given below and click "OK" to activate the rogue security program. Don't worry, this is completely legal since it's not genuine software.

AF03E-A1B69411-5E496BEE-92A70D00-1AD697F6



Once this is done, you are free to install recommended anti-malware software and remove Antivirus Security Pro virus from your computer.

2. Download recommended anti-malware software and run a full system scan to remove this malware from your computer.
  • Malwarebytes Anti-Malware
  • SUPERAntispyware
  • Spybot S&D
NOTE: if you can't run anti-malware software, rename the installer to winlogon.exe and try again.


Method 2: Antivirus Security Pro virus removal in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software and run a full system scan to remove this malware from your computer.
  • Malwarebytes Anti-Malware
  • SUPERAntispyware
  • Spybot S&D
NOTE: if you can't run anti-malware software, rename the installer to winlogon.exe and try again.


Associated Antivirus Security Pro files:

Files:
  • %CommonAppData%\UpEoq3B1\
  • %CommonAppData%\UpEoq3B1\DD1
  • %CommonAppData%\UpEoq3B1\UpEoq3B1.exe
  • %CommonAppData%\UpEoq3B1\UpEoq3B1.exe.manifest
  • %CommonAppData%\UpEoq3B1\UpEoq3B1.ico
  • %CommonAppData%\UpEoq3B1\UpEoq3B1kassgxDq.in
  • %CommonAppData%\UpEoq3B1\UpEoq3B1kassgxDq.lg
Registry keys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AA2014" = "%CommonAppData%\UpEoq3B1\UpEoq3B1.exe"

Kamis, 15 Agustus 2013

How to Get Rid of Antiviral Factory 2013 Malware

Most of us are at least a little aware of the dangers caused by malicious software but what if there was a form of malware that purported to be safe and to protect you from harm when in actual fact it was the very thing that was infecting your PC and inflicting damage on your computer or your bank account? It all sounds very underhand doesn’t it, but that’s exactly what rogue security software called Antiviral Factory 2013 does.

Let’s take a closer look at the issue because in some situations, this one included, ignorance is most definitely NOT bliss.

Antiviral Factory 2013 can be very dangerous and if you’re not completely sure what you’re looking for if you wish to install security software on your PC or laptop, you may well end up downloading and paying for something that is either useless – or worse – malicious. And even more galling is the thought that you’ve been conned and are merely being used to line the pockets of unscrupulous cyber criminals.


As more and more of us are getting more computer savvy it is easy to fall into the trap of thinking that we know what we’re doing online and what we’re downloading but that may not be the case.

Antiviral Factory 2013 works by convincing you that your computer is riddled with viruses and that it has lots of different forms of malware or unwanted software installed on it.

It usually finds its way on to your machine either after you have unwittingly visited a malicious web site or it will exploit some vulnerable lapse in your PC’s existing security. You will then see a pop up window which will normally look very professional or will have even been designed to emulate a reputable anti-virus software brand. The pop up box will ask you if you want to run a scan on your computer and guess what happens if you click ‘yes’? After pretending to have scanned your machine the fake software will return results telling you that you have dozens of potentially very dangerous issues on your system. Now that’s a surprise!



You are probably already one step ahead of me at this point and have already guessed that if you want the software to ‘remedy the problem’ you will need to pay for it. Not only will entering your credit card details into the software’s system mean that you are in effect paying for absolutely nothing, but you’re also handing over sensitive information to people whose aim is to extort money out of innocent web users. Antiviral Factory 2013 isn’t cheap either; often retailing for somewhere in the region of $50 to $100 per time. But when you’re faced with a realistic looking warning from what you believe to be a computer program that is trying to help you, and you believe that your online security, files, documents and data are at risk, doesn’t it seem so much easier just to get rid of the threat there and then by clicking the ‘pay now’ button.

In order to get rid of Antiviral Factory 2013 malware, please follow the removal instructions below. Even though you can remove the core files of this malware manually, I highly recommend you scanning the system with anti-malware software. Very often, this rogue security program comes bundled with Trojans and rootkits. If you won't remove these, you may end up with even worse situation than this. If you have any questions or suggestions, please leave a comment below. Your thoughts are always welcome. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Antiviral Factory 2013 removal guide using activation key:

1. Open Antiviral Factory 2013. Click the "Registration" button.



Enter the Antiviral Factory 2013 activation key given below and click "Activate" to activate the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

AA39754E-715219CE




Once this is done, you are free to install recommended anti-malware software and remove Antiviral Factory 2013 malware from your computer.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this malware from your computer.





NOTE: if you can't run anti-malware software, rename the installer to winlogon.exe and try again.


Method 2: Antiviral Factory 2013 removal in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this malware from your computer.





NOTE: if you can't run anti-malware software, rename the installer to iexplore.exe and try again.


Method 3: Antiviral Factory 2013 manual removal guide:

1. First of all, go to your Desktop and right click the Antiviral Factory 2013.lnk shortcut file and select Properties.



2. Select Shortcut tab. Find the location of Antiviral Factory 2013 executable file (target location). It should be a randomly named file. Simply click the Find Target button.



3. Browser to the executable file. Rename it, for instance to virus.exe. Restart Windows.



4. Download recommended anti-malware software (direct download) and run a full system scan to remove this malware from your computer.





NOTE: if you can't run anti-malware software, rename the installer to winlogon.exe and try again.

    Senin, 12 Agustus 2013

    How to Get Rid of PC Defender 360

    The main aim of PC Defender 360 is to trick you into believing that it is something that will benefit you by keeping you safe and secure when you’re online however nothing could be further from the truth. Unlike genuine security software, PC Defender 360 is completely fake and give you scant, or in the majority of cases, no protection whatsoever. What it will do, however, is to generate alerts in the form of pop-up windows which attempt to coerce you into handing over your hard earned cash for a product which is virtually useless.


    PC Defender 360 is also often called ‘scareware’ – and for good reason. This rogue security program deceives you into thinking it is the real deal and instead of you purchasing something which you believe is going to protect your computer, you may actually be wasting your money, handing over your credit card details to a less than honest third party and simply walking right in to the trap that these cyber criminals have laid for you.

    So why should you be aware of PC Defender 360? You might think the chances of you being a target are minimal but I'm sorry to say that no computer user is exempt and not only that but the number of rogue security software scams are on a slight increase.

    So what can you do to protect yourself, your computer and your bank account and how can you prevent yourself from falling for a scam? First of all do not fall for their scare tactics. If you do see pop-up windows extolling sinister sounding warnings, for example PC Defender 360 Firewall Alert, when you’re browsing the web immediately be on your guard.


    One other thing to look out for is that the makers of PC Defender 360 try and trick you into thinking they’re genuine by making their pop-up messages look just like those of real providers.

    What is more, this rogue security program changes Windows registry keys, so that you won't be able to use your web browser, anti-virus and even Paint. Pretty much every application on your computer will be blocked claiming that it's infected and may harm your machine. But we all know that this is a big fat lie.

     If you can't remove it from your computer, please follow the removal guide below. I wrote a few possible solutions and I'm pretty sure at least one of them will work for you. Please note that this infection is not the same for everyone. PC Defender 360 is often bundled with other malware, so there's a good chance that you have a combination of a rogue program and rootkit, or rogue program and password stealing trojan. These combos are very popular, that's why you should scan your computer with recommended anti-malware software. If you have any questions, please leave a comment below. Good luck and be safe online!

    Written by Michael Kaur, http://deletemalware.blogspot.com


    Method 1: Manual activation and PC Defender 360 removal:

    1. Open PC Defender 360 and select Registration or simply choose to remove threats and manually activate the rogue antivirus program. Enter the following key and click Activate.

    ?O?Z?L?W?I?T?F?Q?C?N?Y?K?V?H?S?E



    2. Then download recommended anti-malware software (direct download) and run a full system scan to remove this rogue security program and related malware from your computer.


    Method 2: Get rid of PC Defender 360 in Safe Mode with Networking:

    1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


    NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

    2. Then download recommended anti-malware software (direct download) and run a full system scan to remove the rogue program from your computer.


    Method 3: Manual PC Defender 360 removal instructions:

    Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

    Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
    • Hide extensions for know file types
    • Hide protected operating system files
    Click OK to save the changes.


    1. Right click on the "PC Defender 360" icon, click Properties in the drop-down menu, then click the Shortcut tab.



    In the Target box there is a path to the malicious file. You can simply click the Target button to open the target folder.



    In my case the malicious file was located in: C:\Documents and Settings\All Users\Application Data\ifdstore folder.

    2. The malicious file was called pcdefender.exe, but I'm sure that the file name will be different in your case.



    Rename pcdefender.exe to virus.exe and click Yes to confirm file rename. Restart your computer!



    3. After a restart, copy all the text in bold below and paste to Notepad.

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


    5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

    6. Open your web browser. Download FixExec utility an run it.

    7. Download recommended anti-malware software (direct download) and run a full system scan to fully remove this malware from your computer.

    Sabtu, 13 Juli 2013

    Remove "Antivirus System" malware, removal instructions

    In this article we’re going to take a look at a new rogue security program called "Antivirus System" and what effect it can have on your computer. If your computer is infected with this malware, please follow the removal instructions below.

    Antivirus System is a form of malicious software and is a type of internet fraud that manipulates you into paying money to have your computer scanned for viruses which it will then claim to delete. The thing with this rogue security software is that not only is it not checking your computer for viruses or dangerous malware – it is actually installing them on your computer instead! There was a rogue antivirus program with the same name two years ago. It was called Antivirus System 2011 and it belonged to completely different malware family than then current one - Antivirus System 2013.


    For the main part Antivirus System malware relies on social engineering and it will find its way on to your computer by finding a loop hole in your PC’s security system. One way of doing this is by telling you via a pop-up message that your computer has been infected with a virus, or is running extremely slowly and it will attempt to convince you to buy and install its ‘anti-virus software’ – which of course is fake. This is also known as scareware – a name which is pretty self-explanatory!

    The majority of these scareware have a Trojan horse component. Other ways the Trojan horse may sneak its way onto your computer is via software that has been shared on a peer-to-peer file sharing website or through an online malicious software scanning service.

    There are others rogue security software programs that are ‘drive-by downloads’ which means that they have installed themselves on your computer by way of a web browser, PDF viewer or through an email client. Again, the malware finds and exploits holes in their security.

    The distributors of malicious software jumped on the SEO bandwagon by using illegitimate methods to ensure that their malicious links appear at the top of the page when someone searches for a certain topic. These URLs will be infected and the unlucky user who clicks on them will be directed to a website and then told that their computer is infected. It is then that the "Antivirus System" makers will push a trial of their product and try and get you to click on it and thus install their malware.

    When you’ve installed the malware the ever-so-helpful rogue security software will normally then try and tempt you into purchasing the ‘full’ version of their program or other software that you ‘need’. They will usually do this by telling you your computer is seriously infected with malware (the irony!) or that you have illegal adult content stored on your PC. They might also show you an animated screen which simulates your system crashing. What is more, it will block pretty much everything on your computer, including web browsers and anti-malware software of course. It stays active in Safe Mode too.

    Antivirus System Firewall Alert
    chrome.exe is infected with Trojan-Clicker.JS.Agent.op


    Another fake security alert claiming that your computer is infected with Trojan.JS.Fraud.ba.


    Antivirus System purchase page. I have to admit that this time cyber crooks made a really good looking payment page. They even added CNET, AV-Test logos and mentioned that Softpedia, Chip.de and commentcamarche.net rated "Antivirus System" as a full 5-start "Excellent" software download.


    So how can you prevent Antivirus System malware from infecting your computer and conning you out of your hard earned cash? Number one; install a reputable genuine anti-malware software program on your PC and ensure it runs regularly. This is the best defense you can have against all types of malware.

    It is also wise to be as vigilant as possible when using your computer so familiarize yourself with your anti-virus software provider’s name, logo and the look of their pop-ups so that in the event you do get a pop up box you’ll know whether it’s from your genuine provider or from an imposter.

    To remove Antivirus System from your computer, please follow the removal instructions below. After successful removal you will probably have to fix certain system files because this malware usually messes with Windows files pretty badly. But don't worry everything can be fix rather easily using the right tool. If you have any questions, please leave a comment below. Good luck and be safe online!

    Written by Michael Kaur, http://deletemalware.blogspot.com


    Method 1: Antivirus System removal instructions in Safe Mode with Networking:

    1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


    NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

    2. Then download recommended anti-malware software (direct download) and run a full system scan to remove the rogue program from your computer.


    Method 2: Manual Antivirus System malware removal instructions:

    Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

    Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
    • Hide extensions for know file types
    • Hide protected operating system files
    Click OK to save the changes.


    1. Right click on the "Antivirus System" icon, click Properties in the drop-down menu, then click the Shortcut tab.



    In the Target box there is a path to the malicious file. You can simply click the Target button to open the target folder.



    In my case the malicious file was located in: C:\Documents and Settings\All Users\Application Data\pavsdata folder.

    2. The malicious file was called 21.4.exe, but I'm sure that the file name will be different in your case.



    Rename 21.4.exe to virus.exe and click Yes to confirm file rename. Restart your computer!



    3. After a restart, copy all the text in bold below and paste to Notepad.

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


    5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

    6. Open your web browser. Download FixExec utility an run it.

    7. Download recommended anti-malware software (direct download) and run a full system scan to fully remove this malware from your computer.

    Jumat, 31 Mei 2013

    System Doctor 2014 Virus Removal Guide

    System Doctor 2014 malware is a very serious problem and one that can have huge knock on effects on everything from your files to your online bank account. Read on as we tell you a little more about this rogue security software and the things you need to look out for so that you can protect yourself against it.

    Every computer should have a decent anti-virus or security software program installed and hackers know this, which is why unscrupulous computer programmers have marked it out as a lucrative business and one which they can exploit for their own gain. Generally speaking there are three ways they can do this. Let’s take a look at what they are:

    One: by profiting from the sale of rogue security software that simply doesn’t work.

    Two: by selling fake security software that contains malware that has been programmed to steal your personal data so they can commit identity theft or plunder your bank account, System Doctor 2014 is a great example.


    Three: by selling rogue security software that contains malware that has been programmed to steal your personal data so they can sell your personal details, bank account information or credit card numbers on to a third party.

    It’s a win win situation for these cyber criminals as they are not only getting paid for an ineffective program which took them little or no effort to create but many of them are stealing your personal information too.

    And if you are a victim not only are you paying for a useless program and leaving yourself vulnerable to bank account fraud or identity theft, but the malware can also do serious damage to your computer’s operating system by infecting it with a virus which can lock down your system, destroy your web connectivity or corrupt your files. Not to mention that it display very annoying security center alerts claiming that your computer is infected.


    So how does this fake antivirus program work? Firstly, the malware will be called something that is very similar to genuine security software in an attempt to get you to download it. This of course is an obvious ploy but how many of us know all the names of real security software brands anyway? System Doctor 2014 credible sounding, right? Wrong: it's a rogue security application.

    The cyber criminals are clever marketers too and will further attempt to fool you and entice you in to buying their program by offering you ‘free’ or ‘trial’ versions of the software or by advertising ‘free upgrades’.

    They may also target you with fake pop-up windows that warn you that your computer is infected with a virus or is running slowly because you have unnecessary files stored on your hard drive – and they’ll tell you that by clicking on the window you’ll be able to clean your computer.

    Another sneaky way of attempting to get you to download their fake security software is by manipulating search engine results pages so that their own infected website appears as the top result. The majority of us click on the first search result so for a rogue malware programmer this is highly effective. Once you click on the link you’ll be redirected to a home page which will tell you that your computer has a virus – oh but help is as hand because they just so happen to have a free trial for their (rogue!) security software right there.

    Another thing to look out for is spam email from so-called software security companies who will send you the bargain of a lifetime – if you just click on the link that they’ve sent you.

    So apart from being alert, how else do you protect yourself and make sure you don’t become a victim of one of these scams? Firstly having a genuine security software or anti-virus program installed on your computer is an absolute must. If you’re not sure which names to look out for and are now paranoid about being duped speak to a friend who knows a little more about computers, ask in your local PC store or read online PC magazines to get an idea of what to look for. However it’s not enough just to have security software installed; you also need to make sure that it is up to date and has the latest patches.

    Put simply, if you have an outdated anti-virus or worse you don’t have ANY security software installed – do it right now! If you have encountered this malware, please follow the System Doctor 2014 removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!

    Written by Michael Kaur, http://deletemalware.blogspot.com


    System Doctor 2014 removal instructions in Safe Mode with Networking:

    1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


    NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

    2. Open Internet Explorer and download TDSSKiller. Run the utility and click Start Scan to anti-rootkit scan.

    3. Then download recommended anti-malware software (direct download) and run a full system scan to remove the rogue program from your computer.


    Manual System Doctor 2014 removal instructions:

    1. Power off and restart your computer. As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key.


    NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

    2. Right click on the "System Doctor 2014" icon, click Properties in the drop-down menu, then click the Shortcut tab.



    In the Target box there is a path to the malicious file. You can simply click the Target button to open the target folder.



    NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

    Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

    - Hide extensions for known file types
    - Hide protected operating system files

    Click OK to save the changes. Now you will be able to see all files and folders in the Application Data/Program Data directory.

    3. Remove malicious files.

    File location, Windows XP:
    C:\Documents and Settings\[UserName]\Application Data\[RandomFolder]\[random].exe

    File location, Windows Vista/7:
    C:\Users\UserName\AppData\Roaming\[RandomFolder]\[random].exe



    Delete the entire folder or at least the main executable file which in my case was RLViNf4K.

    4. Restart your computer. The malware should be inactive after the restart.

    5. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.

    6. Download recommended anti-malware software (direct download) and run a full system scan to remove System Doctor 2014 virus from your computer.


    System Doctor 2014 associated files and registry values:

    Files:
    • C:\Users\UserName\AppData\Roaming\[RandomFolder]\[random].exe (Win Vista/7)
    • C:\Documents and Settings\[UserName]\Application Data\[RandomFolder]\[random].exe (Win XP)
    Registry values:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
    Share this information with other people: