Monday, May 31, 2010

Strengthen the defense of your computerStrengthen the defense of your computer

How do you strengthen the defense of your computer? You should have instant Firewalls. "Firewall" will separate the internal network and the Internet. The firewall carries out some filtering when two networks communicate. It lets the data that you allow to enter your network, and also block the data that you disallow from your network. It can prevent malwares from changing, copying, or destroying your material. You must keep your firewall update to ensure it work perfectly.

Then, you should prevent virus from entering your computer. You should install the Anti-virus software and start the real-time monitoring process and keep the software and the virus definition file up-to-date by setting the update process in daily mode. You should scan your computer every week with latest updated anti-virus. You should scan your USB pen drive before you plug into your computer as it is one of the fastest ways a virus infecting and spreading in your computer and to other computers.

Finally, you should guard against Spyware. Spyware is a program that is installed without the user authorization. It can obtain the information and send to a third party. Spyware can automatically attach in software, executable image and break into the user computer. They are used to track the computer usage information, record the keyboard hits, or take a screen capture. To get rid from spyware, you should raise the security level of your browser, install software to guard against from spyware and verify with the official website about the software you would like to install. You may install Sandboxie to protect your computer from the attack of spywares.
Thursday, May 27, 2010

Security Master AV Removal GuideSecurity Master AV Removal Guide

Security Master AV Removal Guide
Security Master AV is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Security Master AV start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Security Master AV will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Security Master AV lie to you that it will help protect your PC. It provide an Advanced Security Center which show that it will helps you to manage your Windows Security Settings. Moreover, It warned you that there are a lot of severe/high alerts detected in your PC! If you activate it, you will get ultimate protection against Identifiy Theft, Viruses, Malware and other threats!

Security Master AV must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
std.exe
pe.exe
antigen.exe
SM8d7c.exe
SM345d.exe
DBOLE.exe
sld.exe

Unregister DLL files
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\cid.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Master AV"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Remove Folders and Files
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\ANTIGEN.drv
%Desktop%\Security Master AV.lnk
%AppData%\Security Master AV\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%CommonAppData%\8d7ca11
%AllAppData%\345d567
%AllAppData%\SMNPCTCAV
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%UserProfile%\Application Data\Security Master AV
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\FS.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddl.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk
Sunday, May 23, 2010

Win Antispyware Center Removal GuideWin Antispyware Center Removal Guide

Win Antispyware Center Removal Guide
Win Antispyware Center is a fake antivirus. Win Antispyware Center get into the computer by using trojan which is downloaded by users who are cheated to download wrong program in order to play movies in malicious website. It is installed onto the computer without permission. It will start automatically when the users login to Windows and then start scanning your computer. Win Antispyware Center give false alert that the user computer is infected by malwares.

Win Antispyware Center provide fake features such as scanning, Internet Security, Personal Security, Proactive Defense, Firewall and even full real-time protection! It also provide automatic update to get maximum protection with the latest version!

Win Antispyware Center should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Win Antispyware Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win Antispyware Center"

Remove Folders and Files
%Program Files%\WinAntispywareCenter
Saturday, May 22, 2010

XJR Antivirus Removal GuideXJR Antivirus Removal Guide

XJR Antivirus Removal Guide
XJR Antivirus is a fake antivirus. XJR Antivirus infected your computer through a malicious website or Trojan. XJR Antivirus scan the whole infected computer without any notice. After finish scanning, XJR Antivirus shows false result that there are a lot of malware infections found on the computer. Moreover, the users of the infected computer will receive several warning alerts trying to force the users to purchase the fake full version of XJR Antivirus.

XJR Antivirus always shows your system security status is at risk and your windows is in danger! It also states that your files are infected by Trojans such as Email-Worm.Win32.Meronda.a with alert: High! When you press the button "Remove Threats", it will ask you to register the product.

XJR Antivirus should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
XJR Antivirus.exe
alggui.exe
wpp.exe
%Program Files%\svchost.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_CURRENT_USER\Software\XJR Antivirus
HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd

Remove Folders and Files
%UserProfile%\Desktop\XJR Antivirus.lnk
%UserProfile%\Local Settings\Temp\win1.tmp
%UserProfile%\Local Settings\Temp\win2.tmp
%UserProfile%\Start Menu\Programs\XJR Antivirus
%Program Files%\alggui.exe
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\wpp.exe
%Program Files%\XJR Antivirus
Thursday, May 20, 2010

ByteDefender Removal GuideByteDefender Removal Guide

ByteDefender Removal Guide
ByteDefender (Byte Defender) is a fake antivirus which cheat money from infected computer users. ByteDefender trick users to purchase a useless product. After the trojan enter the system, ByteDefender runs a fake system scan which give fake results stating that the computer is infected with malware.

Removal Guide
Kill Process
(How to kill a process effectively?)
ByteDefender.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteDefender
HKEY_LOCAL_MACHINE\SOFTWARE\ByteDefender
HKEY_CURRENT_USER\Software\ByteDefender

Remove Folders and Files
%UserProfile%\Desktop\ByteDefender.lnk
%Program Files%\ByteDefender Software

Wednesday, May 19, 2010

Fake Windows Activation Screen Removal GuideFake Windows Activation Screen Removal Guide

Fake Windows Activation Screen Removal Guide
Fake Windows Activation Screen is a Trojan which pretends to be a Windows Activation program. The infected computer will show a screen simulating Microsoft Windows Activation which state that Windows needs to be reactivated. Fake Windows Activation Screen will force users to enter their name, contact information and credit card details to cheat their money. After that, the credit card will be charged.

Removal Guide
Kill Process
(How to kill a process effectively?)
$SYSDIR\.exe

Unregister DLL files
%UserProfile%\Application Data\mtl.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\
HKEY_CURRENT_USER\Software\AntiPiracy

Remove Folders and Files
%UserProfile%\Application Data\mtl.dll
$SYSDIR\.exe

Read more:
Constants in manual removal guide

Saturday, May 15, 2010

SystemArmor Removal GuideSystemArmor Removal Guide

SystemArmor Removal Guide
SystemArmor (System Armor) is a fake antispyware program from the WiniGuard family of rogues. System Armor gets into your PC when you download a video codec, or update your flash player. Once active, the fake antivirus starts threatening users with false warning. SystemArmor scans your computer every time you boot your Windows, and send fake warnings and alerts that your computer is in danger. This is a scam and try to cheat users to purchase SystemArmor.

Removal Guide
Kill Process
(How to kill a process effectively?)
SystemArmor.exe
gt.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemArmor"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\SystemArmor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemArmor
HKEY_CURRENT_USER\Software\SystemArmor

Remove Folders and Files
%Temp%\[random]gt.exe
%WINDIR%\system32\[random]gt.exe
%ALLUSERSPROFILE%\Start Menu\Programs\SystemArmor
%ALLUSERSPROFILE%\Desktop\SystemArmor.lnk
%ProgramFiles%\SystemArmor Software

Live Security Suite Removal GuideLive Security Suite Removal Guide

Live Security Suite Removal Guide
Live Security Suite (LiveSecuritySuite) is a fake antivirus program which infect your PC when you download a video codec, or update your flash player. Live Security Suite scans your computer everytime you boot your Windows up, and send fake warnings and alerts that your computer is in danger. This is a scam and try to get users to purchase Live Security Suite. Remove Live Security Suite from the infected system immediately.

Removal Guide
Kill Process
(How to kill a process effectively?)
LiveSS.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%UserProfile%\Application Data\Live Security Suite\unins000.exe

Unregister DLL files
%ProgramFiles%\Live Security Suite\db\WMILib.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URLSS[2.0.3.0]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AVPath" = "\\.\root\SecurityCenter:AntiVirusProduct.instanceGuid="{653E64F8-62B6-4F96-B22D-4FFC6E44130E}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Live Security Suite"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "uniname" = "Live Security Suite_is1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS" = "http://gen-avpay.com/choose/?productid=GENAV3&uid=0&machineid=c3f92274b4b15694ae2311bd2316c727"
HKEY_CURRENT_USER\Software\Live Security Suite
HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "C:\Program Files\Live Security Suite\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Suite_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Live Security Suite

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Desktop\LiveSS.exe.txt
%UserProfile%\Desktop\Live Security Suite.lnk
%UserProfile%\Application Data\Live Security Suite
%Program Files%\Live Security Suite
Saturday, May 8, 2010

Data Protection Removal GuideData Protection Removal Guide

Data Protection Removal Guide
Data Protection (DataProtection) is a rogue anti-spyware program designed to cheat money from Internet users. Data Protection will produce fake scan results to scare the computer user into purchasing useless software. Data Protection will not remove any threats from your computer. Do not become another victim of a cyber scams and remove Data Protection immediately.

Removal Guide
Kill Process
(How to kill a process effectively?)
MSWINSCK.exe
wscsvc32.exe
spam001.exe
spam002.exe
spam003.exe
troj000.exe
datprot.exe
Uninstall.exe

Unregister DLL files
%ProgramFiles%\Data Protection\dathook.dll
%ProgramFiles%\Data Protection\datext.dll
%ALLUSERSPROFILE%\Application Data\fiosejgfse.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Data Protection"
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Data Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Data Protection
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CURRENT_USER\Software\Paladin Antivirus
HKEY_CURRENT_USER\Software\Malware Defense

Remove Folders and Files
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\spam002.exe
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\Data Protection.lnk
%UserProfile%\Desktop\Data Protection Support.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.lnk
%Temp%\wscsvc32.exe
%Temp%\MSWINSCK.exe
%Temp%\4otjesjty.mof
%ALLUSERSPROFILE%\Application Data\fiosejgfse.dll
%ProgramFiles%\Data Protection
%UserProfile%\Start Menu\Programs\Data Protection
Tuesday, May 4, 2010

A-fast Antivirus Removal GuideA-fast Antivirus Removal Guide

A-fast Antivirus Removal Guide
A-fast Antivirus is a fake antivirus that pretends to protect your computer. When installed, A-fast Antivirus will start automatically when Windows starts. A-fast Antivirus will scan your computer and state that there are many infections. However, it will cheat you to purchase the program so that to remove the infections. These scan results are all fake and the files it shows are infections are actually legitimate Windows programs. Therefore, do not manually delete any of the programs stated as infections as you may delete a file that is necessary for Windows to operate properly.

Removal Tool: A-fast Antivirus Removal Tool. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
A-fast.exe

Delete Registry
KEY_CURRENT_USER\Software\A-fast
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DosableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "fast"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Program Files\A-fast\A-fast.exe"

Remove Folders and Files
%UserProfile%\Desktop\A-fast Antivirus.lnk
%ProgramFiles&\A-fast
Monday, May 3, 2010

AKM Antivirus 2010 Pro Removal GuideAKM Antivirus 2010 Pro Removal Guide

AKM Antivirus 2010 Pro Removal Guide
AKM Antivirus 2010 Pro is a rogue antivirus program and a copy of Your PC Protector and Windows Police Pro. AKM Antivirus 2010 Pro may be installed through a trojan horse which creates a conduit in the system for the rogue to enter. The trojan also has the ability to redirect the browser to a fake system scan which produces bogus results claiming the system is infected with malware. The fabricated results will be followed by popups urging the purchase of AKM Antivirus 2010 Pro, which is actually a useless product. Do not become another victim of cyber-crime and have AKMAntivirus2010Pro and the related trojan removed immediately.

Removal Guide
Kill Process
(How to kill a process effectively?)
AKM Antivirus 2010 Pro.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AKM Antivirus 2010 Pro
HKEY_LOCAL_MACHINE\SOFTWARE\AKM Antivirus 2010 Pro
HKEY_CURRENT_USER\Software\AKM Antivirus 2010 Pro

Remove Folders and Files
%ProgramFiles%\AKM Antivirus 2010 Pro