Tuesday, March 31, 2009

How to update your PC and remove ConfickerHow to update your PC and remove Conficker

How to update your PC and remove Conficker
The following steps should prevent infection by Conficker and eliminate the worm, if your PC has it. One positive side effect is that you'll enjoy a computer with up-to-date patches:
  • Step 1. Attempt to run Microsoft Update. The Conficker worm can infect vulnerable computers merely by connecting to them remotely via the Internet. For this reason, you should first try to patch Windows before removing Conficker, lest your machine quickly become infected again. It's particularly important to install Microsoft patch 958644 (security bulletin MS08-067). This patch closes a hole in Windows' Remote Procedure Call, which Conficker exploits.

    If you can't find Microsoft Update (or the more limited Windows Update) on your PC's Start menu, visit the Microsoft Update page on the Web. Internet Explorer is required.

    Microsoft Update might complete successfully, or you might not be able to access Microsoft.com at all. In either case, do Step 2.

  • Step 2. Attempt to update your third-party security software. Having the latest antivirus signatures will help eradicate Conficker and other malware that may be lurking on your PC. Use your security software's menu to manually update to the latest defenses.

    Have no security software? Read the WS Security Baseline, which summarizes the products that are currently rated the highest by respected reviewers.

    • If your updated security software deems your PC to be cleaned up, but you couldn't previously access Microsoft.com, go back to Step 1 and run Microsoft Update.

    • If you couldn't access your security vendor's site at all, do Step 3.

    • If you finished both Steps 1 and 2 successfully, you should be able to skip Step 3 and do Step 4.

  • Step 3 (optional). Run a standalone Conficker removal tool, if need be. The Conficker Working Group — a coalition of Microsoft, Cisco, SRI, F-Secure, Kaspersky, and many other security vendors — maintains a list of certified detection and repair tools, any of which should remove Conficker. (My thanks to Susan Bradley for her help with this tip.)

    Unfortunately, most the links in the Working Group's list are inaccessible on a Conficker-infected PC. A victim can't even reach the Working Group's site, because it has in its URL the string conficker, which triggers the worm's blocking behavior.

    As I mentioned earlier, security firm BitDefender has set up a new domain from which users can download free Conficker disinfectant utilities. This site, BDTools.net, is not currently blocked by the worm, to the best of my knowledge. The site offers three options: (a) a free online scan; (b) a free, downloadable Single PC Removal Tool for individual users; and (c) a free Network Removal Tool, an .exe file that IT admins can use to disinfect an entire LAN.

    BDTools.net: Visit BitDefender's download site.

    If you can't access BDTools.net or any other security site from your PC, find a machine that isn't infected (such as a public-access workstation at a library). Don't use a search engine to look for removal tools, some of which are bogus. Instead, download a removal tool from the Working Group's certified list onto a USB drive, and then use that drive to run the software on the infected PC.

    • After removing Conficker, if you couldn't previously complete Steps 1 and 2 successfully, go back now and finish those steps to update Windows and your security software.

    • Once you've completed Steps 1 and 2, do Step 4.

  • Step 4. Run Secunia's Software Inspector to catch missing application patches. Third-party applications, especially media players, are more likely to suffer from security holes than Windows itself is. The security firm Secunia.com offers a free scan, informing you when your PC is running an insecure version of an application that has a security patch available.

    Like BDTools.net, the Secunia Software Inspector offers three options: (a) a free online scan; (b) a free download for individual users; and (c) a LAN utility for IT admins. Unlike BDTools' network tool, which is free, Secunia's LAN product costs €5,000 (U.S. $6,500) per year and up, depending on the size of your company.

    To run Software Inspector, see Secunia's vulnerability scanning page.

    In my opinion, everyone should use Software Inspector at least once a month, right after installing Microsoft's patches the week of Patch Tuesday.

  • Step 5 (optional). Advanced users — use OpenDNS to restrict infected PCs. OpenDNS, a San Francisco–based company, provides a free, real-time service that prevents PCs from accessing phishing and hacker sites, among others. Admins of small and large LANs can use OpenDNS as a Domain Name System server.

    The firm introduced on Feb. 9 a new, Conficker-specific feature. If an infected PC on a LAN somehow evaded detection, OpenDNS will prevent it from contacting Conficker's control servers. Best of all, admins can read a report showing which PC tried to connect to a Conficker server.

    For details, read Dan Gookin's Register article and OpenDNS's announcement.

New instructions from the worm's author will probably make the bots disable a PC's access to BDTools, Secunia, and many other sites that were not on Conficker's original block list. Some security researchers have speculated that an update to Conficker will even prevent infected PCs from installing MS08-067.

It's best to strengthen your defenses before April 1 rather than waiting to see what bad things might happen.

(Forward from Windows Secrets Newsletter.)

Tuesday, March 24, 2009

Tools used in removing virus manuallyTools used in removing virus manually

Tools used in removing virus manually
These are the tools used in removing virus manually:
  1. Process Explorer
    The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

  2. a-squared HiJackFree
    a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.

  3. Trend Micro HijackThis
    HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.

  4. Unlocker
    It is used to delete any file including access-denied files.

  5. Security Task Manager
    Security Task Manager shows comprehensible information about programs and processes running on the computer. For each Windows process, it improves on Windows Task Manager, providing unique security risk rating, comments from our experts and user community, free online scan with all known Antivirus engines, full directory path and file name, process description, CPU usage graph, embedded hidden functions and process type.
Thursday, March 19, 2009

Warning! Download Adobe Flash Player only at Adobe.com!Warning! Download Adobe Flash Player only at Adobe.com!

Warning! Download Adobe Flash Player only at Adobe.com!
Warning! Download Adobe Flash Player only at Adobe.com!

All computer users should be aware of this warning and never download an Adobe Flash Player through any source other than the Adobe.com website.

If you are ever uncertain of a Flash Player Update it may be best to cancel the operation and navigate to http://www.adobe.com and download the update.

Why? As virus spread through fake Adobe Flash Player such as Adobe_Player11.exe downloaded from other website.

Monday, March 9, 2009

Remove all viruses in pendriveRemove all viruses in pendrive

Remove all viruses in pendrive
How to remove all viruses in pendrive? These are the ways:
  1. Use any anti-virus with latest updated virus definitions to scan the pendrive and remove the detected viruses.

  2. Goto command prompt.

  3. Type X: and press enter. You should change the X letter to the drive of the pendrive. Usually, the drive of the pendrive is E, F, G, H or I.

  4. Type dir /AS /S *.* and press enter.

  5. Wait for a little while until it lists all file with system attributes.

  6. Delete the listed file if the file you are sure are not belong to your pendrive. To delete the file, type del /F /A [path of the file] and press enter.
    (Example: del /F /A "X:\abc\debug_32.exe")

  7. If you are sure your pendrive just contain files which are not hidden or system only, you can try this method in command prompt to delete other suspicious virus files.
    Type del /F /AS /S *.* and press enter.
    Type del /F /AH /S *.* and press enter.

  8. Type Exit and press enter.

  9. Done!
Read also:

Why use Firefox rather than IE?Why use Firefox rather than IE?

Why use Firefox rather than IE
Why use Firefox rather than IE?
  1. Internet Explorer (IE) become one of the major targets of the hackers around the world. They like to hack IE. They feel so delighted after successufully hacking in it. They make lots of trojans and worms to attack IE.

  2. The speed for Firefox in loading a page is much faster than IE. You can try yourself. Download Firefox here.

  3. There are a lot of add-ons provided in Firefox but IE does not have such good features.

  4. We can update Firefox easily compared to IE.

  5. Firefox is free, but IE is integrated in original Windows which cost hundred of dollars.

  6. Firefox can be made portable but IE can't. Portable Firefox can be brought to anywhere by using a pen drive or removable drive.

  7. Firefox provide us a very good download manager add-on (DownThemAll) which increase the download speed for about 400% but IE does not have such features. The download manager provided is not good as the download speed is very slow.

Read also:
Friday, March 6, 2009

new_folder.exe removal guidenew_folder.exe removal guide

new_folder.exe is a virus which infects computer through autorun.inf (to disable autorun.inf, click here) in removable drive. It will disable your task manager, folder option, command prompt and even your anti-virus. When you start any program which contain the words related to antivirus, it will terminate the programs. Thus, antivirus or any famous anti-spyware also cannot remove it completely. However, we can clean it manually by following the procedures:
  1. Download a-squared HiJackFree , install it and rename its executable file (a2HiJackFree.exe) to other name which is not related to antivirus, such as dfskjhfds743 so that it will not be terminated immediately after running.

  2. Run the renamed executable file. It may be terminated by the virus. Thus, you should rerun it a few times until you can kill the virus's process.

  3. Use it to kill the following processes:
    compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe
    (how? click here.)

  4. Repeat step 2 and step 3 until you successfully kill the processes.

  5. Enable your command prompt, task manager, folder options, registry editor etc with RRT or download the tool created by me here. You may need to enable them a few times as the worm will disable them automatically.

  6. Delete compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe in command prompt. (How to enter command prompt? click here.) In command prompt, type:
    cd\ and press enter
    del /A /F /S dmadmin_1.exe and press enter
    del /A /F /S compmgmt.exe and press enter
    del /A /F /S system.exe and press enter
    del /A /F /S debug_32.exe and press enter
    exit and press enter

  7. Goto registry editor, remove all keys and values related to compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe

  8. Done!
Read also:
Wednesday, March 4, 2009

Anti-Virus-1 Removal ToolAnti-Virus-1 Removal Tool

Anti-Virus-1 Removal Tool

License: Freeware
File size: 58 KB
Anti-Virus-1 is a rogue anti-spyware program similar to Antivirus2010. Anti-Virus-1 was created to trick you into believing your computer is infected with spyware to then offer Anti-Virus-1's full version to remove the supposed threats. Anti-Virus-1 may enter your computer system with the help of Trojans (such as Zlob or Vundo). Once the Trojan is installed, you'll receive numerous popups and fake system alert notifications informing you about imaginary infections. In addition, Anti-Virus-1 is able to perform a fake system scan and generate a list of spyware as a result. Anti-Virus-1 will use all its fraudulent mechanisms to finally redirect you to a malicious website that sells Anti-Virus-1 as a legitimate spyware remover.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Anti-Virus-1 1.0 at Softpedia
Download source code of Anti-Virus-1 Removal Tool

Anti-Virus-1 manual removal guide
Kill Process
(How to kill a process effectively?)

Delete Registry
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "AV1"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV1"
HKCU "Software\AV1"

Remove Folders

Read more:
Constants in manual removal guide
Monday, March 2, 2009

Correct way of using Browser to surf internetCorrect way of using Browser to surf internet

Correct way of using Browser to surf internet
Correct way of using Browser to surf internet is as below:
  1. Use Mozilla Firefox rather than Internet Explorer. Why? Click here.

  2. Don't use browser to download things from website which provide pirated software or music.

  3. Run your browser in Sandbox. How? Why? Click here.

  4. Update your browser to the latest version.

  5. Don't use browser to browser pornography site, your computer will be infected by virus!

Read also:

Repair Windows System FilesRepair Windows System Files

Repair Windows System Files
How to repair Windows System Files if they are corrupted? Windows has provided us a simple tool, SFC, to repair the system files.
  1. Enter Command Prompt. (How? Click here. Vista user should enter command prompt as Administrator)

  2. type sfc /SCANNOW and press enter to scans integrity of all protected system files and repairs files with problems when possible.

  3. type sfc /VERIFYFILE=c:\windows\system32\kernel32.dll and press enter to verify the integrity of the file with full path . No repair operation is performed. Replace the path of the file to verify the file you like.

  4. type sfc /VERIFYONLY and press enter to scan integrity of all protected system files. No repair operation is performed.
Read also:
Sunday, March 1, 2009

Delete Access Denied FileDelete Access Denied File

Delete Access Denied File
How to delete Access Denied file? There is a program called Unlocker which can be used to kill any access denied file.

It has many other flavors:

Cannot delete file: Access is denied
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is not currently in use.

How to use the program?
  1. Simply right click the folder or file and select Unlocker

  2. If the folder or file is locked, a window listing of lockers will appear

  3. The list box will give you a few options: Delete, Rename and Move. After select your option, it will carry out for you at once.

Download the latest version for Windows 2000 / XP / 2003 / Vista - Unlocker is Freeware

Read also: