Posts Tagged ‘virus removal’

Re-Enable Portable Regedit Saver After Virus Infection

Friday, September 4th, 2009

Most of the viruses, malware, spyware or trojan that infects Windows systems, sometimes disable regedit, task manager, system restore and command prompt. As a result we can not delete those files easily.

For some people who have enough computing skills and knowledge, they still can access regedit, task manager, system restore and command prompt. But for who with limited knowledge, it will be different.

If we do not know how to do it, here’s a free application called Re-Enable Portable 1.0.0.0, which can still access registry editing, after the computer was infected by spywares.

More than that, this program will also do re-enable Cmd / Taskmgr / System restore Config / config folder options and the Run command.

As quoted from Softpedia, Friday (4/9/2009) this 36.7 MB software can run on OS Windows XP, Vista, or 7. If you are interested to try this freeware please download the following link.

Tags: , , , , ,
Posted in Applications, Security, Tips And Tricks, Virus | No Comments »

Steps To Remove Conficker.dv Manually

Tuesday, September 1st, 2009

This is another series of virus removal tips:

Also Known As:
TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Win32/Conficker.A (CA)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)
W32.Downadup.B (Symantec)
Trojan-Downloader.Win32.Agent.aqfw (Kaspersky)
W32/Conficker.worm (McAfee)
Trojan:Win32/Conficker!corrupt (Microsoft)
W32.Downadup (Symantec)
WORM_DOWNAD (Trend Micro)
Confickr (other)

This virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection , If we look more deeply this virus using mostly lame virus technique included all in one packet. but in advanced the virus maker understand and really know how really weak windows protection is.

Detection of conficker: There are many signs like, Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will start downloading some image files and create temporary files then build himself LAME.

Once virus build completed it will start disabling some windows services, Virus will blocking any string he found on each active application, here is the list:
Ccert – sans. – bit9. – windowsupdate – wilderssecurity – threatexpert – castlecops – spamhaus – cpsecure – arcabit – emsisoft – sunbelt – securecomputing – rising – prevx – pctools – norman – k7computing – ikarus – hauri – hacksoft – gdata – fortinet – ewido – clamav – comodo – quickheal – avira – avast – esafe – ahnlab – centralcommand – drweb – grisoft – nod32 – f’prot – jotti – kaspersky – f’secure – computerassociates – networkassociates – etrust – panda – sophos – trendmicro – mcafee – norton – symantec – microsoft – defender – rootkit – malware – spyware – virus

Lame technique (again) virus will try download and executed some images files from some website, Virus will make firewall rule that can make your computer attacked from outside and totally control your computer (scary…. some people know this as botnet).

Virus Spreading:
Brute force default share administrator account.
Lame autorun.inf and hidden file on recycler folder (mostly on each drive with hidden attributes)
SVCHOST.exe exploited (that’s why there is microsoft update).

Alright enough, here are the 7 simple steps to remove conficker:

  1. Unplug every computers from network.
  2. Deactivated system restore service (XP/Vista)
  3. Kill active virus in background service, you can use Norman Malware Cleaner (Click To Download). (Since this virus using UPX compression, the easiest way to detect it is by using Ansav Utility and killed any UPX packet in background)
  4. Delete fake SVSHOST.exe in registry.
  5. Delete “Schedule Task” that virus created (%systemrot%\WINDOWS\Tasks)
  6. Repair your registry using code below or download repair.inf[Version]
    Signature=”$Chicago$”
    Provider=Nobody

    [DefaultInstall]
    AddReg=UnhookRegKey
    DelReg=del

    [UnhookRegKey]
    HKCU, Software\Microsoft\Windows\CurrentVersion\
    Explorer\Advanced, Hidden, 0×00000001,1

    HKCU, Software\Microsoft\Windows\CurrentVersion\
    Explorer\Advanced, SuperHidden, 0×00000001,1

    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00000001,1

    HKLM, SYSTEM\CurrentControlSet\Services\BITS, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\ERSvc, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\wscsvc, Start, 0×00000002,2
    HKLM, SYSTEM\CurrentControlSet\Services\wuauserv, Start, 0×00000002,2

    [del]
    HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, dl
    HKCU, Software\Microsoft\Windows\CurrentVersion\Applets, ds
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, dl
    HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Applets, ds
    HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, TcpNumConnections

    *NOTE: For files active on startup you can disabled it from msconfig or using hijackthis or deleted it manually in registry “HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

    7. Scan with your best and updated antivirus to stop virus coming back in the future, and update your computer with this patch http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Tags: , , ,
Posted in Security, Tips And Tricks, Virus | No Comments »

BitDefender Antivirus 2010 For Maximum Security and Maximum Speed

Saturday, August 29th, 2009

For detail and purchase, please follow this link.

BitDefender Antivirus 2010 provides advanced proactive protection against viruses, spyware, phishing attacks and identity theft, without slowing down your PC.

Minimal system requirements

* Windows XP SP2, Vista, Windows 7
* 800MHz processor
* RAM:
o 512 MB (Windows XP)
o 1 GB (Windows Vista and Windows 7)
* 450 MB available hard disk space
* Internet Explorer 6

BitDefender Antivirus 2010 provides affordable, industry leading protection against viruses, spyware, and identity theft…. without slowing down your PC. It features: IM Encryption, for confidential chatting; Gamer Mode, for secure gaming at top speed; Laptop Mode, for prolonged battery life; automatic hourly updates; and more!

For 2010, We’ve Made:

* The industry’s strongest security, even stronger!
* Blazing fast performance, even faster!
* Ease of use, even easier

Securely download music, movies, and files from the Web, friends, and family!

* Scans and removes viruses and spyware
* NEW! Advanced protection that continually monitors your system to catch threats that lay dormant, before they attack
* Scans all Web, e-mail and instant messaging traffic in real-time
* Proactively protects against new virus outbreaks using advanced heuristics

Protect your identity: shop, bank, listen, and watch… privately and securely!

* Stops attempted identity theft (phishing)
* Prevents personal information from leaking via e-mail, Web or Instant Messaging
* Blocks concealed programs that track your online activities

Security that won’t slow your PC down!

* NEW! Scans 60% faster than even last year’s lightning-fast edition!
* Uses minimal system resources
* Laptop Mode prolongs battery life

Guard your conversations with top-of-the-line encryption!

* Instant Messaging Encryption (Yahoo! and MSN Messenger)

Gamer Mode!

* Reduces the system load and postpones scans/ updates, allowing for secure gaming at top speed

Be in control, stay in control!

* Manages the security of your entire home network from one PC
* Use the dashboard to fix security issues with just one click
* Automatically decides best security actions to take

Designed for ease of use!

* NEW! User Profiles (Standard, Parent, Gamer, Custom) – set up your security to best match your computing activities
* NEW! See only what you need! Select from Novice, Intermediate, and Advanced views

Tags: , , , ,
Posted in Applications, Security, Virus | No Comments »