Tuesday, February 28, 2012

How to Remove Smart Fortress 2012 (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Smart Fortress 2012 is a scam that you should really be aware of. Such malicious software is usually referred to as rogue anti-virus program that pretends to scan your computer for viruses and malware. As you may guess it reports a bunch of non-existent infections and urges you to take necessary steps to remove your allegedly infected computer. In other words, Smart Fortress 2012 attempts to lure you into participating in fraudulent transactions. Needless to say, you shouldn't purchase this rogue anti-virus program.

The graphical user interface of Smart Fortress 2012 GUI when it's not registered (trial).



Smart Fortress 2012 GUI when the rogue program is registered (full version).



Color is the only difference. It seems that malware authors know color meanings very well. Pink color means danger, infected. Something that requires your attention. Blue means everything is OK. Calm down. Color psychology is a science and it's true that colors effect human behavior.

There are basically two concerns related to rogue anti-virus programs: false sense of security when you think that your computer is bullet proof and protected against the latest malicious code but it's not and identity theft. If you fall victim to a rogue anti-virus program or fraudulent security alert, you should contact your credit card company and dispute the charges. Whoever distributes this malicious program has to keep the number of charge backs as low as possible to be able to stay in the game. Otherwise, they will be banned from the network. Identity thieves may use gathered information for their further malicious activities or simply sell the information on illegal credit card marketplaces. One way or another, it's a huge risk.

Smart Fortress 2012 Version 3.1 is distributed in a numbers of ways, including via infected websites, fake online malware scanners, spam and social engineering. Keep in mind that rogue security programs can get installed on your computer without any interaction from your side. Your computer could be infected simply by visiting an infected website. It's called a 'drive-by download'. This method is very popular among cyber criminals who use exploit kits, mostly BlackHole, to distribute malware. The scheme is very simply - join a rogue AV affiliate network, choose a rogue anti-virus product Smart Fortress 2012 and generate your unique software build. Then you need to buy targeted traffic and you are ready to push some scareware. Thankfully, it's rather difficult to join fake AV affiliate networks nowadays.

Smart Fortress 2012 is probably the most aggressive scareware we've ever seen. It blocks pretty much everything on the compromised computer and constantly displays fake security alerts. It doesn't even allow you to rename its main executable file. You can't open any .exe, .com or .pif file. What is more, the rogue antivirus program stays active in Safe Mode. It basically takes over the whole user account.

Warning! Your computer is infected - fake balloon notification claiming that your computer is infected with spyware.



Another fake security alert claiming that your machine is infected by a Trojan horse TrojanSPM/LX.



Such fake security alerts may look completely official. It may be very convincing to the unsuspecting users, and the prospect of being infected by Trojans and spyware can be very scary, which is why they may fall victim to this scam.

Smart Fortress 2012 might perform many other activities. It may install additional modules and files to monitor your computer use, install backdoor Trojans and hijack your web browser.

If your computer is infected by Smart Fortress 2012, stop work immediately as this may provide identity thieves with more information about you. To remove Smart Fortress 2012 and associated malware from your computer, please follow the steps in the removal guide below. Some other sites on the internet will probably show you how to remove this virus manually. However, this isn't a good idea. This malware modifies Windows registry and makes some serious changes to your machine that you may not be able to handle properly. If you need extra help removing this virus from your computer, please leave a comment. Good luck and be safe online!


Quick Smart Fortress 2012 removal instructions:

1. Open Smart Fortress 2012 scanner. Click the "Registration" button (top right corner). Enter the following debugged registration key and click "Activate" to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

AA39754E-715219CE




Once this is done, you are free to install recommended anti-malware software and remove Smart Fortress 2012 virus from your computer properly.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer. That's it! Your computer should be virus free.

Tips for avoiding rogue security software:
  • Turn on automatic updates. Install all Windows and software updates.
  • Install a reliable antivirus program and firewall. Make sure your antivirus program is up to date.
  • Use caution when following links on social networks and websites that visit for the first time.
  • Use a standard user account instead of an administrator account, especially when visiting suspicious websites or opening potentially harmful files.
  • Don't download software from unknown sources.
  • Back up your critical files.

Associated Smart Fortress 2012 files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].exe
Windows Vista/7:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Tell your friends:

Monday, February 27, 2012

How to Remove Windows Basic Antivirus (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Windows Basic Antivirus is a phony anti-virus product that pretends to scan your computer for viruses. It supposedly fights spyware, Trojans and other malicious software. Malware authors and identity thieves use rogue security products to scare users into paying for completely bogus security products. It's very convenient for identity thieves because they don't have to install additional spyware modules on compromised computers in order to steal credit card numbers, passwords and any other personally identifiable information. Unsuspecting users enter all the required information and basically give away their sensitive information to malware authors. Therefor, DO NOT purchase Windows Basic Antivirus and do not follow on screen instructions. Ignore false scan results and fake security alerts claiming that your computer is infected with some very sophisticated malware. It is a false claim meant to extort money out of you.

Rogue antivirus programs have plagued computer users for months. Windows Basic Antivirus is a fresh variant but we have had three occurrences of it already this day. We believe it will spread for two or three days more. It won't last for a week. That's for sure. Malware authors would rather release a re-branded version of the same malware instead of pushing the old one. Malware authors use 'human engineering' to trick users into installing malicious software, Windows Basic Antivirus. We should also mention drive-by download and spam campaigns. These are the most popular infection vectors.

To remove Windows Basic Antivirus, please follow this removal guide (don't worry, it's the same malware but with a different name).

How to protect yourself from becoming a scareware victim again.
  • Update your operating system and software immediately.
  • Install reliable antivirus software and keep it up to date. You may also consider installing application that provides proactive protection.
  • Scan every file before opening it.
  • Don't click on suspicious web links.
Windows Basic Antivirus splash screen:



Windows Basic Antivirus GUI:



Windows Basic Antivirus payment form. Rogue program loads information from online-secure-pay.info where the actual order form is located.



Tell your friends:

Saturday, February 25, 2012

Windows Secure Kit 2011 Browser Hijack

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Windows Secure Kit 2011 is a fake online virus scanner which claims that your computer is infected with malicious software. It attempts to scare you into downloading rogue security products to remove non-existent viruses. While these fake pop-ups are not malicious they may still lead many unsuspecting users to malware (simply visiting such fake scanners is not enough to infect the system, user interaction is required). If you experience fake Windows Secure Kit 2011 pop-ups, you should scan your computer with legit anti-malware software. Be careful with your mouse because simply clicking on the fake malware scanner can actually start the rogueware download. If you think you have accidentally installed a rogue anti-virus program, please let us know. Good luck and be safe online!
Windows Secure Kit 2011 has found critical process activity on your PC and will perform fast scan of system files!


Fast scan results, assumed malware infections. Pay attention to the fact how Windows Secure Kit 2011 impersonates Windows GUI. Do not follow on screen instructions and close your web browser. If this browser hijacker does not allow you to close your web browser, simply use Alt-F4 keyboard shortcut.



Tell your friends:

SysWatch Giveaways And Deals

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
SysWatch Personal - Free 1 Year License

SysWatch Personal proactive protection for Microsoft Security Essentials. Add some extra protection on your computer and prevent system changes made by malicious software. Especially useful when using MSE as only virus protection software. This program uses behavioral-based detection, so it shouldn't conflict with other security products, anti-spwyare, etc.

For more details, please visit http://www.safensoft.com/home/free/personal/

Tell your friends:

Thursday, February 23, 2012

Remove Antivirus Protection 2012 (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Antivirus Protection 2012 is rogue (low quality) anti-virus program which claims that your computer has been infected by Trojan horses, keyloggers, rootkits and other sophisticated malware without any specific evidence. The moment Antivirus Protection is installed on your computer, it will begin to scan your system for malicious software. Malware scan takes just few seconds, whereas a legit antivirus program may take a few hours to complete the scan. Once the scan is finished, the rogue anti-virus program will report finding dozens of infections on your computer to scare you into compliance. Furthermore, it will display fake security alerts. These alerts (see images below) often look very realistic. Masked as anti-virus program, Antivirus Protection 2012 will claim that you need to pay money to register the software in order to remove found threats. It's very important to research any software before purchasing it. Especially, if it suddenly pops up on your computer and tells you that you are infected.



It's not a new family of malicious software. Early versions first surfaced three years ago under various names such as Security Monitor 2012, AntiVirus System 2011, etc. The graphical user interface hasn't changed much since then. High conversation rates is perhaps the most likely reason why they've used the same GUI over the years. We have to admit that Antivirus Protection 2012 and fake security alerts often mimic and look very much like the actual Windows Security Center and Windows system warnings. Thus they may look quite legitimate to unsuspecting users.

How does rogue security software get on my computer? Simply visiting a website is enough for an attacker to infect your computer with Antivirus Protection 2012 malware. This is known as a "drive-by download". Malware authors use commercial crimeware kits, BalckHole is probably the most popular, to exploit software vulnerabilities and install malicious code. So, basically, you don't even need to click or download anything. Malware is getting more serious, not less. Cyber crooks get better at repacking and avoiding detection by anti-virus software. You MUST update Windows and the software installed on your computer. This is very true for Adobe, Java and some other software. A significant percentage of successful malware attacks comes through social engineering techniques as well. Needless to say, we shouldn't forget spam even thought the global spam volume dropped significantly since last summer.

Fake Security Center Alert claiming that your computer has been infected by Sft.dez.Wien virus. Never heard of it. Must be a new one ;)



Another fake security alert claiming that your computer is sending out an enormous volume of spam.



System critical warning!
You have been infected by a proxy-relay trojan server with new and danger "SpamBots".

Antivirus Protection 2012 payment page "Secure transaction browser".



Let's proceed to the most important part of this article: Antivirus Protection 2012 removal. This rogue anti-virus has payloads worse than fake security alerts. It blocks certain Windows utilities and legit anti-malware software rendering your computer pretty much useless. You may not be able to run your favorite malware removal tool in Normal Mode. If so, please reboot your computer in Safe Mode with Networking. Fake AVs usually stay inactive while working in Safe Mode. To remove Antivirus Protection 2012 and associated malware from your computer, please follow the steps in the removal guide below. Users needing further assistance with this malware, please let us know. Simply leave a comment below. Good luck and be safe online!

Source: http://spywareremovalx.blogspot.com


Quick Antivirus Protection 2012 removal guide:

1. Use this debugged serial key LIC-00A5-3F5G-BHA5-KJB8-579F-CVH9-M935-QW45-89M5-19AB to register the fake antivirus in order to stop the fake security alerts. Just click the Activate button and enter the reg key manually. Don't worry, this is completely legal.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this Antivirus Protection 2012 from your computer.


Alternate Antivirus Protection 2012 removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: ToolsInternet OptionsConnections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this Antivirus Protection 2012 from your computer.

Tell your friends:

Wednesday, February 22, 2012

How to Bypass Surveys? Online Surveys and Your Privacy

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Several times a day, most days of the week, we receive email from our readers asking the same question: how to bypass surveys? (mostly sharecash, CPALead and file ice). We love getting email, however, it's not always possible for us to reply individually and we are starting to get a little bored.

We think surveys is pretty much always a sign of a scam, so probably no one's going to like this answer. Here's how it works. CPA (cost per action) ad networks pay only when the desired action has occurred; for example, an online survey has been successfully completed. Affiliate marketers make commission based off your submission of information to a company database. It can be email address, phone number or any other information about you. This information can and probably will be used in future marketing campaigns.



Let's say you want to watch your favorite TV show online. You found a website which looks legit and has your favorite TV show. You're about to watch it but the website brings you to a survey that you have to fill out to get to the content. Usually, you can choose from several offers. My all time 'favorite' is the Love Thermometer. Basically, you need to sign up for the Love Thermometer by entering your phone number. It costs $10 per week to send your 'scores'. Bonus: they will send ads to your phone. Isn't that great? Honestly, it doesn't worth the risk. The truth be told, there are literally hundreds of fake internet survey websites. So, I wouldn't fill out paid surveys if I were you. After all, you may not get the requested file or video simply because it doesn't exist. There are many free and safe websites that offer file downloads and video streaming without annoying pop-up surveys.

Recently we stumbled upon another potentially harmful online survey which encourages users to install free 'Coupon Printer'. Everyone wants to save money, so Coupon Printer isn't such a bad idea after all. However, you need to read every single line very carefully before installing 'printers' and other software recommend in surveys. In our case, the 'Coupon Printer' offer came with an extra 'ingredient' -- MyWebSearch adware. We couldn't even finish the survey because our antivirus software blocked it.

Unfortunately, there's no easy way to bypass surveys on websites. Let's take Share Cash surveys for instance. You can't really bypass their extremely annoying surveys and it's not because we haven't tried, it's because the way they laid it out. Disabling JavaScript in your web browser won't help. Using XJZ survey remover and NoScript add-on won't help you either. None of these tools can actually fill out or skip surveys for you. They are designed to reveal premium (protected) content in a slightly different way. Please note, surveys ≠ 'premium' content lockers. However, you might get lucky with other survey websites.

Bypassing surveys:

1. Survey-remover.com, formerly known as XJZ Survey Remover. This bookmarklet was designed to reveal protected areas on websites. Removes surveys most of the time but it doesn't work if the survey leads to a download (sharecash). Works on Mozilla Firefox and Google Chrome. For more details, please visit this website: http://survey-remover.com/bookmarklet/

2. Use NoScript. A great web browser add-on trusted by many PC users. It was designed to block malicious JavaScript files but in some cases it may help you to bypass pop-up surveys too.

3. Disable JavaScript. This method is the most easiest one. However, we have to admit it rarely works. Most likely, you will get an error message followed by step-by-step instructions on how to enable JavaScript in your web browser.

4. If you get surveys from websites that normally do not serve them or surveys simply pop-up on your computer screen then your computer might have been infected with malware. Cyber criminals use surveys to monetize traffic. Download and scan your computer with recommended anti-malware software to make sure that the system is malware free.

We hope this helps. If you have any questions that aren't answered here, please feel free to contact us. Simply leave a comment below. Also, if you know how to bypass specific surveys sites, please share the information with our readers. Good luck and be safe online!

Tell your friends:

Monday, February 20, 2012

Windows Smart Warden Removal

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Windows Smart Warden is a rogue anti-malware program that gains access to a system mostly by means of fake online virus scanners and hacked websites. More specifically speaking it's a Trojan horse disguised itself as anti-malware software. The most common goal of Windows Smart Warden is to steal personal information: name, credit card number, etc. Once installed, this rogue anti-malware program will state your computer is badly infected and that found malware can be only removed if the full version of the rogue software is purchased. It can be very difficult to properly remove Windows Smart Warden. Especially, if it comes bundled with rootkits and spyware modules. Detailed manual instructions on removing this rogue anti-malware software can be found by clicking here (this removal guide was written for the same malware, although it is being distributed with a different name now).

Windows Smart Warden GUI and some fake security alerts:



Fake error notification



Another error message claiming that your computer is infected with spyware



Warning! Virus detected Trojan-SMS



Tell your friends:

Saturday, February 18, 2012

Foodpuma, Datingpuma, Carpuma and Browser Redirects

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
I know this post may seem off-topic, but it isn't. It's about malware, redirects and strange search results. Probably one of the most common symptoms of malicious software that our readers report is being taken to spammy websites after clicking on search results. This problem has been going on for some time now. Google did a great job of improving search results and eliminating sites that may lead to malware. So, it's not Google's fault (most of the time). You can't blame your web browser either. If your search results are being redirected to/through one the websites listed below, your PC is infected by malicious software, variously known as TDSS and Alureon or ZeroAcces and Sirefef.
  • eyepuma.com
  • debtpuma.com
  • carpuma.com
  • buffpuma.com
  • stopsmokingpuma.com
  • foodpuma.com
  • cigarpuma.com
  • iphonepuma.com
  • creditpuma.com
  • datingpuma.com
  • gamblingpuma.com
  • loanpuma.com
  • internetpuma.com
Very often these websites return sponsored or irrelevant search results and redirect you somewhere you din't intend to go. Malware may take you to infected websites, install adware, rogue security programs and misleading toolbars or even steal your personal information such as credit card number and passwords. Malware is often installed on your computer when you visit certain websites. Sometimes, these are good and even well known sites that have been compromised by cyber criminals, and other times, they are simply malicious websites built to distribute all kinds of malicious software. Malware may be also installed when you download a file that appears to be legitimate and safe but it actually isn't.

Our readers usually call it the "Google redirect virus" or just simply the "redirect virus". However, it's not actually a virus but a combination of a Trojan horse and a rootkit. If you think or confirm that you've already got redirect malware, you can use anti-malware software to detect and remove it. Unfortunately, not all anti-malware programs are capable of removing malware that cause foodpuma.com, datingpuma.com and other redirects. You may need to use more than one to detect and completely remove it from your computer. Before you start downloading every possible anti-malware software you know, please follow our removal guides that have been created to help you to remove the "redirect virus": Remove Google redirect virus and ZeroAccess/Sirefef/MAX++ Rootkit Removal.

To avoid malware from infecting your computer, upgrade your operating system and all of your software to the latest versions. Simply turn on automatic updates if you often forget to check for new updates manually. Don't click on suspicious links and do not download files from a source that you don't trust. And finally, make sure you are running up-to-date anti-malware software. Browse safely!

Tell your friends:

Wednesday, February 15, 2012

Remove Windows Protection Master (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Windows Protection Master is a rogue anti-virus program. It claims that your computer is infected with spyware, Trojan-Spy, NetTool, PSWTool and other malicious software to trick you into purchasing a fully licensed version of the bogus product. Rogue security programs usually have either very misleading or catchy names. Windows Protection Master is a catchy one (or maybe funny?). Either way, it provides false sense of computer protection and reports false security threats/infections. The graphical user interface is not so bad and was probably designed to look like an official Microsoft product. It's evident that cyber crooks aim at the unaware Windows users but I'm sure that most of you guys knew (hopefully) it was fake right away. Windows Protection Master is a real bear to remove. Should you try to remove it manually? No, not really. Windows Protection Master is one of many rogue security programs that comes bundled with sophisticated malware. So, to properly remove Windows Protection Master, please follow the removal instructions below.



Windows Protection Master runs every time you turn on your computer and blocks legit anti-virus programs. To cap it all, this pesky virus disables Task Manager, Registry Editor and some other very useful Windows system utilities. You can't really run any malware removal tools in Normal Mode because the virus will block them producing pop-up warnings "Application is infected", and promoting you to purchase the rogue program in order to remove non-existent infections. We have to admit that some of the fake security alerts and notifications are very creative.

Warning! Identity theft attempt detected. Someone is apparently gathering your bank account details which is impossible unless Windows Protection Master comes bundled with spyware and you've logged on to your bank's online banking system while your PC is infected. That would be a shame.

Error Keylogger activity detected. Once again, cyber crooks want to scare you into thinking that every key stroke you make is recorded.



Torrent Alert. Torrent link detected! Have you ever heard about SOPA? Get anonymous connection. That's right. They suggest you to act against the rules of SOPA. It goes without saying that legit anti-virus product wouldn't recommend such things.



As you can see, Windows Protection Master is truly rogue and useless anti-virus program. Having anti-virus protection and doing frequent scans for threats is a good idea. But not with this rogue security product. If you are one of those unlucky people who purchased Windows Protection Master, you should contact your credit card company immediately and dispute the charges. Then, please follow the removal instructions below to remove Windows Protection Master and associated malware from your computer. If you have any questions, please leave a comment. Good luck and be safe online!


Windows Protection Master removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: ToolsInternet OptionsConnections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download and run TDSSKiller. Wait for the scan and disinfection process to be over.

4. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Security Scanner from your computer.

5. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Associated Windows Protection Master files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\[User Name]\Application Data\Inspector-[3 RANDOM CHARACTERS].exe
  • C:\Documents and Settings\[User Name]\Application Data\NPSWF32.dll
  • C:\Documents and Settings\[User Name]\Application Data\result.db
  • C:\Documents and Settings\[User Name]\Desktop\Windows Protection Master.lnk
Windows Vista/7:
  • C:\Users\[User Name]\AppData\Roaming\Inspector-[3 RANDOM CHARACTERS].exe
  • C:\Users\[User Name]\AppData\Roaming\NPSWF32.dll
  • C:\Users\[User Name]\AppData\Roaming\result.db
  • C:\Users\[User Name]\Desktop\Windows Protection Master.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Tell your friends:

Tuesday, February 14, 2012

Remove Security Scanner (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Security Scanner is a rogue anti-spyware program that supposedly fights spyware, viruses and other malicious software. It is being used by cyber crooks to scare you into buying rogue security software. They will take your money but don't give you any protection. Don't be fooled! Security Scanner and similar malware is often distributed through spam, IM programs, social networks and infected websites. Unfortunately, legit and popular websites can be compromised and may lead users to malware as well. It is very important to be well educated in good computer security practices. Some typical symptoms of Security Scanner infection are:
  • Overall computer slowness
  • Pop-ups indicating that your computer is infected with Spyware.IEMonster, Backdoor:Win32/Samsteal.A.dr, Trojan.Win32.KillWin.bl, etc.
  • Pop-ups asking you to purchase rogue anti-spyware program
  • Misleading web browser security warnings
Security Scanner GUI

It's worth mentioning that Security Scanner doesn't spread from one computer to another. It can't delete your files or gather personal and financial information either. Admittedly, scammers very rarely spread rogue AV without the help of Trojan droppers and Trojan downloaders. Usually, it's a combination of a Trojan Dropper and a RogueAV. It means, a Trojan horse loads Security Scanner rogueware and drops additional malware onto the infected computer. Sadly, but the additional malware is a lot more sophisticated than Security Scanner - a TDL 3/4 rootkit.

Security Scanner 2012 runs every time the system starts and pretends to scan your computer for malicious software. It's no wonder, this rogue anti-spyware finds a bunch of non-existent infections on your computer. Ignore them. The rogue AV blocks legit anti-virus programs may even modify Windows proxy settings and Windows Hosts file. What is more, Security Scanner floods the infected computer with fake security alerts and baloon notifications.

Warning! 21 infections found! Possible harm includes: system crash, permanent data loss, system startup failure and more.


Security Scanner WarningSpyware.IEMonster process is found. This is virus that is trying to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) for the third-parties.Click here to protect your data with Security Scanner.


Security Scanner Protect your PC on new level hijacks Internet Explorer and other web browsers. It blocks every single website making it nearly impossible to download malware removal tools.



Scammers decided to use their own payment page, eliminating the need for Internet Explorer or any other web browser to make an online transaction.



If your computer is infected by Security Scanner, stop work immediately. Do not purchase it and do not follow the on-screen instructions. If you though, it was a real thing and bought it, please contact your credit card company and soon as possible and dispute the charges. To remove Security Scanner, please follow the removal instructions below. If you need help removing this rogue anti-spyware program, please leave a comment. Good luck and be safe online!


Quick Security Scanner removal:

1. Use this debugged serial key 64C665BE-4DE7-423B-A6B6-BC0172B25DF2 to register Security Scanner in order to stop this rogue AV. Just click the Register button and then select "Activate manually". Don't worry, this is completely legal.




Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download and run TDSSKiller. Wait for the scan and disinfection process to be over.

3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Security Scanner from your computer.

4. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Alternate Security Scanner removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: ToolsInternet OptionsConnections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download and run TDSSKiller. Wait for the scan and disinfection process to be over.

4. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Security Scanner from your computer.

5. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Associated Security Scanner files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\[User Name]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
Windows Vista/7:
  • C:\Users\[User Name]\AppData\Local\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Tell your friends:

Tuesday, February 7, 2012

How to Remove DNS Changer (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
If you haven't already, we recommend that you take a few minutes to determine if your computer has been affected by the DNS Changer virus. There are still nearly half a million computers infected by this malicious software or at least using the Rove Digital domain name servers in Europe and the U.S. This DNS infrastructure was formerly used by botnet czars to redirect unsuspecting victims to infected websites, alter user searches, replace ads, block legit anti-virus software and promote fake security products. Cyber crooks earned millions of dollars display false advertisements and redirecting users to wrong websites.

The FBI arrested six Estonians who ran the botnet that infected millions of computers worldwide and took over the control of rogue DNS servers. They now produce correct DNS answers but only until March 8th, 2012 Update: DNS servers will be shut down on Monday, July 9. That's official. The FBI will discontinue to provide this service. Then what? Infected computers will not longer be able to look up names using those name servers. In other words, users who are still affected by this DNS Changer malware won't find anything on the internet. If that had happened, Internet Explorer for example, would say something like "Internet Explorer cannot display the webpage", "No such server", etc.



While there's a slight chance that the FBI will continue to provide this service, I don't think that keeping your computer infected is a good idea. Not only DNS Changer virus causes a computer to use rogue DNS servers, it also disables security updates and blocks anti-virus software/websites. It can also change the DNS settings within small (home) office routers. As you can see, it's rather sophisticated piece of malicious code that very often comes with additional payloads (Trojan.DNSChanger, Trojan.Fakealert, Trojan.Generic). It is thus very important to remove DNS Changer virus. And it isn't only the job of FBI and PC repair technicians. You have to take responsibility for your own security as well. Good luck and be safe online!


So, are you infected?

1. You can check your DNS settings by simply visiting one of the following websites:
RED = your computer is using the DNS Changer rogue name servers and is therefore probably infected.


GREEN = your computer appears to be looking up IP addresses correctly.



2. Visit FBI's website and enter your IP address: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

If your computer is infected, you'll see the following notification.



3. Check your DNS settings manually. If your computers' DNS settings use the follow ranges, then you likely have been affected by the DNS Changer virus.

Between this IP...
... and this IP
77.67.83.1 77.67.83.254
85.255.112.1 85.255.127.254
67.210.0.1 67.210.15.254
93.188.160.1 93.188.167.254
213.109.64.1 213.109.79.254
64.28.176.1 64.28.191.254

Here's a very helpful document that explains how to check your DNS settings to see whether you are using bad DNS servers. Please see DNS-changer-malware.pdf

4. Check your router. Compare the DNS servers listed to those in the rogue DNS servers table above. If your router is configured to use one or more of the rogue DNS servers, your computer may be infected with DNSChanger malware. Please reset your router to default factory settings and change passwords.


How to restore DNS settings to default?

Changing DNS server settings on Microsoft Windows XP:

1. Go to Control PanelNetwork Connections and select your local network.
2. Right-click Properties, then select Internet Protocol (TCP/IP).
3. Right-click and select Properties.
4. Click Properties. You should now see a window like the one below.



5. Select Obtain DNS server address automatically and click OK to save the changes.

Changing DNS server settings on Microsoft Windows 7:

1. Go to Control Panel.
2. Click Network and Internet, then Network and Sharing Center, and click Change adapter settings.
3. Right-click Local Area Connection, and click Properties.
4. Select the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and then click Properties.
5. Click Advanced and select the DNS tab. Select Obtain DNS server address automatically and click OK to save the changes.


How to remove DNS Changer malware?

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for scanning to finish. Select Cure and click Continue to cure found threat.



3. A reboot might require after disinfection. Click Reboot computer.



4. Download recommended anti-malware software (direct download) and run a full system scan to remove DNS Changer malware from your computer.

That's it! If you have any questions or need extra help removing DNSChanger virus, please leave a comment below.

Tell your friends:

Sunday, February 5, 2012

AV Security Essentials (Uninstall Guide)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Here's another anti-spyware program that we've added to the list of scareware, called AV Security Essentials. As you see in the image below, it impersonates legit anti-virus software from Microsoft. The rogue anti-spyware program states that your computer has been infected with Trojans, keyloggers, spyware and other malware. It then asks you to give your credit card details to upgrade AV Security Essentials in order to remove non-existent viruses. The rogueware also displays greatly exaggerated security alerts and pop-ups stating your PC is in great danger.





Since it's not a new virus, but a slightly modified and re-brander variant of previous scareware, I won't go into details this time. You can read more detailed analysis of this scareware here and here. Just don't purchase it and do not follow the on-screen instructions. AV Security Essentials cannot delete your files or gather and then send personally identifiable information to remote servers. Don't worry about that. To remove AV Security Essentials and associated malicious software from your computer, please follow the quick removal guide below. It does not get any simpler than this. You can follow the manual removal guide too, if the removal guide below is not acceptable. If you have any questions or need extra help removing this malware from your computer, please leave a comment bellow. Good luck and be safe online!


Quick AV Security Essentials removal guide:

1. Click the "Click here if you already have an Activation" button and register the rogue program using any of these debugged registration keys:

U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB

Entering debugged reg key makes the removal procedure a lot easier. You can then download recommend anti-malware program to remove AV Security Essentials from your computer.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Associated AV Security Essentials files and registry values:

Files:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
  • %AppData%\AV Security Essentials\
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
  • %UserProfile%\Desktop\AV Security Essentials
  • %UserProfile%\Start Menu\AV Security Essentials
  • %UserProfile%\Start Menu\Programs\AV Security Essentials.lnk
Registry values:
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\AV Security Essentials = "%AllUsersProfile%\Application Data\78b634\AV83d_9025.exe" /s /d
  • HKEY_CURRENT_USER\software\3
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
Tell your friends:

Thursday, February 2, 2012

Avira Giveaways And Deals

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Avira AntiVir Premium 2012 - 1 Years license $18.86

You may however choose a 3 years license for just $38.19. For every online purchase, Avira allocates 5 Euro to the Auerbach Foundation. Key components: system scanner, anti-phishing, antiAd/spyware and anti-rootkit.

For more details, please visit https://avira.cleverbridge.com/30/purl-xmas_prem_30off?x-origin=web&x-web=webEN&x-campaigns=xmas&x-xmas=s_freeEN

Bitdefender Giveaways And Deals

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
BitDefender Lifetime License. Save up to 70% a year.

Get this BitDefender PC lifetime edition and safe. One time payment, no renewals. You can choose either Internet Security 2012 or Antivirus Plus 2012. Both products are great providing PC users with antivirus, anti-spyware and anti-spam protection. Internet Security 2012 includes parental controls and and social network protection.

For more details, please visit http://www.bitdefender.com/2012/lifetime-affn/

Ad-Aware Giveaways And Deals

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
40% Off Ad-Aware Total Security

All-in-one security solutions for home users. Core features include complete malware protection, anti-rootkit engine, anti-phishing, parental controls and online back up and many more.

For more details, please visit http://go.lavasoft.com/totalsecurity/EN/join.asp?mkey1=newsJuneEN

ZoneAlarm Giveaways And Deals

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Up to 50% Off ZoneAlarm 2012 Security Suites

ZoneAlarm Antivirus + Firewall
ZoneAlarm Internet Security Suite
ZoneAlarm Extreme Security

This is a great opportunity to get award winning PC security for half price.

For more details, please visit http://www.zonealarm.com/security/en-us/cdn/2012/display/2012_hp.htm

 
//PART 2