Sunday, June 29, 2008

ESET SysInspector

ESET SysInspector is a new programme from Eset used to generate and save a detailed log about the registry,running processes, files, etc. for malware infections. It also possesses Anti-Stealth technology for detecting rootkits. Log entries are assigned a color code risk level for easy idenfications of malware infections. But however, Eset Sysinspector will not remove the infections for you. You can post it on IT expert websites for them to analyze for you.

Note: ESET SysInspector is still in Beta stage.

If you are interested, you can get more info and download it from here

Monday, June 16, 2008

General List of FAKE Antispyware Programs

Keep a lookout about this list of fake antispyware programs stated below. Don't allow these to run on your computer. If you found any of these in your computer, you may download RogueRemover FREE from Malwarebytes from here, and download Malwarebytes Anti-Malware from here. Run the program one at the time and update it and do a scan with it. Remove any entries found.

- IE AntiVirus (April 2008)
- Image:New.gif Malware Bell (April 2008)
- Awola6 (March 2008)
- Microsoft Windows Adapter 5.1.3214 (March 2008) A fake one, of course!
-Internet Explorer Toolbar (March 2008)
- Pest-Capture (March 2008)
- VirusHeat (February 8, 2008)
- AntiSpyGuard (November 2007)
- VirusRay (October 2007)
- AntiVirGear (September 2007) May require extra removal instructions
- VirusProtectPro 3.6 and 3.7 (August 2007)
- VirusProtectPro (July 2007)
- Privacy Protector (June 2007) in addition to hijacking the desktop with a ominous red and black background, this rogue can produce a fake and persistent [Malware Alert]. It may also produce a bogus [Security Center Warning] when it connects to livewinupdates.com - a very infective Cool Web Search (CWS) domain - to download additional components.
- ContraVirus (June 2007)
- SpyCrush (Feb 2007 with re-emergence June 8, 2007)
- SpyLocked (April 2007)
- Malware Stopper - a SpySheriff clone (April 18, 2007)
- Adware Remover, AntiVirus Protector (April-March 2007)
- Antivirus Solution, Spyware IT, (April-March 2007)
- AntiSpyZone,StartGuard (April-March 2007)
- MalwaresWipeds, SpyHeals (April-March 2007)
- Video Access ActiveX Object, Internet Security (Added February 2007)
- SpyDawn, SpyCrush, AntiVermeans (Added February 2007)
-System Registry Cleaner- beware of this fake alert - it claims to be by "Microsoft Certified Partner" (Added January 2007)
- PestCapture, SpySoldier (Added January 2007)
- SpywareKnight, WinAntiSpyPro (Added January 2007)
- AntiVerminser (added January 2007)
- AntiVermins (added December 2006)
- VirusBursters 6.3 (added November 2006)
- VirusBurster and VirusBursters (added October 2006)
- VirusBurst(added August 2006)
- Titan Shield(added June 2006)
- SpywareQuake (added 25-March-2006)
- SpyFalcon (added 8-Feb-2006)
- SpywareStrike (added 7-Jan-2006)
- SpyAxe
- Smitfraud
- Security IGuard
- Virtual Maid
- Search Maid
- AntiVirusGold or AV Gold
- PSGuard
- SpySheriff
- Spy Trooper
- Security Toolbar
- WinHound
-AlphaCleaner

Sunday, June 01, 2008

SDFix

Download SDFix and save it to your Desktop.(Advanced malware cleaning software)

* Run the SDFix by double clicking on it.
* Allow it to install into the default location which is normally c:\SDFix
* Now please reboot your computer into Safe Mode (Press F8 when computer restarts )
* When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Attach the Report.txt file to your next message.


Notes for possible problems running SDFix:

* If this error message is displayed when running SDFix:

The command prompt has been disabled by your administrator. Press any key to continue . . .

Please goto Start Menu > Run > then copy and paste the following line:

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Press OK then run SDFix again

* If the Command Prompt window flashes on then off again on XP or Windows2000

Please goto Start Menu > Run > then copy and paste the following line:

%systemdrive%\SDFix\apps\FixPath.exe /Q

Reboot and then run SDFix again

* If SDFix still doesnt run, check the %comspec% variable

Goto Start Menu > Right click My Computer > click properties > click Advanced Click Environment Variables and check that the ComSpec variable points to cmd.exe %SystemRoot%\system32\cmd.exe

* SDFix uses ERUNT to create a registry backup in this location: %SystemRoot%\ERUNT\SDFix\

To see what types of malware SDFix could solve, see SDFix Changelog

Copyright goes to Majorgeeks

Monday, May 26, 2008

Removing "Hacked by Moozilla" from Internet Explorer

Details how to remove it manually apart from using antivirus.

1. Boot to safe mode (Press F8 when computer restarts)

2. Take out the USB storage devices if any plugged in. Any flash or thumb drives.

3. Go to control panel, folder options, under view, tick the box "Click Show hidden files and folders."
Uncheck the box Hide extensions for known file types.

Uncheck the box Hide Protected Operating system files (Recommended).

4. Click Start and click Run Type C:\ and hit enter.

5. Look out for the files named autorun.inf and ISSDLL.dll.vbs. Select them one by one and hit shift+delete keys together.

Navigate to the windows folder under C:\drive and look for the same files and sgift+delete them.


6. In the same way, follow the steps for all the drives listed under MY Computer.

7. Click Start and click Run. Type regedit and click OK. This will open the registry editor.

8. Back up the registry before making any changes to it as it may cause dangerous implications to the machine.

9. Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ and delete Start Page on the right hand side.


Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ and delete Window Title on the right hand side.

Navigate to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete MS32DLL on the right hand side.

10. Restart computer, and open IE again, to see if the "hacked by moozilla" is still there. Done!

Removing VBS/Butsur Worm

If u encounter problems like: Double clicking on drives will not open the drives. Instead, you will have to right-click on the drive and select open. You will see an Autoplay option when you right click the drive. You might be infected with this worm.

To remove this worm, first try to do a virus scan with yur resident antivirus, or do a online scan with ESET at here and remove it, or download a free trial from them and scan, OR follow the steps below to remove it.

1. Boot to safe mode (press F8 when computer restarts)

2. Go to the task manager by pressing Ctrl+Alt+Delete or Ctrl+Shift+Esc

3. Go to the processes tab and stop all wscript.exe processes.

4. Open Windows Explorer and go to Tools > Folder Options.

5. In Folder Options, uncheck the following options:

1. Hide extensions for known file types
2. Hide protected operating system files

Also ensure that Show hidden files and folders option is selected and press apply.

6. Go to the registry editor by typing regedit in the Run window.

7. Go to the key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"

8. There should be a key called MS32DLL or something to that effect. The value for that should be C:\Windows\MS32DLL.dll.vbs. This file name can change depending on what your Windows path is and what variant of the worm you have. However, the different versions of the worm that I have seen all install themselves in the registry and this will help you in removing the worm. Anyway, note the name and check that there is a file with the same name in the root of C:.

9. Delete this file as well as autorun.inf from your C: drive as well as all other drives. Be careful not to double click on any drive to go to it as you’ll have to start deleting the files from the beginning.

10. Delete the file from your Windows folder.

11. Delete the offending key from the registry.

12. Some variants, maybe even all, modify the title bar of Internet Explorer to show the title of the web page, followed by the text “Hacked by Godzilla” or “Hacked by Moozilla” or something else, again depending on the variant. This isn’t really a problem, but if you want the original text back, go to the registry entry at HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. The key to be modified here is WindowTitle (I think). IE7 doesn’t seem to have an entry here, so I’m not too sure about the actual key text. Anyway, just change it to whatever you want, the default is “Microsoft Internet Explorer”

13. Restart the computer and check all drives to make sure that the Autoplay entry is no longer there on the right-click menu.

14. Done.

Friday, May 23, 2008

Combofix

Details on how to use combofix (advanced virus removal tool)

Note: Only use combofix under the supervision of a properly trained malware remover person. Use at your own risk.

You may download the tool from here

1. Close all other applications, and do not touch the computer at all when Combofix is running.It will stall the computer.

2. Double click on the icon of Combofix.

3. You will see a security warning , just ignore it and click run.

4. You will then see a disclaimer, press 1 and enter to continue.

5. Soon, your registry will be backed up. Once the Windows Registry has finished
being backed up, ComboFix will disconnect your computer from the Internet.
Therefore, do not be surprised or concerned if you receive any warnings stating
that you are no longer on the Internet as your connection will be completely
restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This
procedure can take some time, so please be patient.

6. While the program is scanning your computer, it will change your clock format, so
do not be concerned when you see this happen. When ComboFix is finished it will
restore your clock settings to what they were previously. You will also see the
text in the ComboFix window being updated as it goes through the various stages of
its scan.

7. When ComboFix has finished running, you will see a screen stating that it is
preparing the log report.

8. This can take a while, so please be patient. If you see your Windows desktop
disappear, do not worry. This is normal and ComboFix will restore your desktop
before it is finished. Eventually you will see a new screen that states the
program is almost finished and telling you the programs log file, or report, will
be located at C:\ComboFix.txt.

9. When ComboFix has finished, it will automatically close the program and change
your clock back to its original format. It will then display the log file
automatically for you.

10. You are done. You can attach the log to some of the well known forum for
analyzing of the logs. Example include: Bleeping Computer, Castle Cops, Safer
Networking.


Copyright goes to Bleeping Computer

Sunday, March 23, 2008

Windows Vista SP1 is available for download!

Hi everyone, u can download Windows Vista SP1 32bit from here

Saturday, March 01, 2008

Ccleaner Slim

CCleaner Slim (Crap Cleaner) is a freeware system optimization tool. That removes unused and temporary files from your system - allowing Windows to run faster, more efficiently and giving you more hard disk space. The slim version is free of toolbar. Try it!! You can download it from below, or on the right under LINKS section.


Download Ccleaner Slim

Thank you for visiting my site

Hi everyone, thanks for visiting my site.. take a look at the links of popular softwares on the right under LINKS section, which is recommended by me and other professionals around the world.. Give it a try!! Thanks once again..


*All copyrights belong to their respective owners*