Advanced Technical Support

Archive for the ‘Virus & Malware Removal’ Category

So, you’ve been infected with malware and can’t hardly use your computer?

I recommend Malwarebytes if you can use it and the malware will allow you to run the program, but what if you cannot?

Download combofix from Bleeping computer and put it on a flash drive, log out and login as administrator if you can and run combofix from the flash drive. There’s tons of good malware advice on the bleepingcomputer.com webite.

Again, here’s the link for combofix.

Scroll down and click on the bleepingcomputer in blue to download the fix.

This can take some time but the results are well worth the effort and may restore your computer from the malware infection.

Question:

I just ghosted my vista laptop 120 Gigabyte hard disk over to a brand new 640 Gigabyte SATA drive and the laptop just reboots and never shows the vista boot screeen?

Answer:

If you boot the vista boot disk up and fix the boot with advanced options, I it will repair the boot sector and allow Vista to load. Alternatively, you can boot the windows XP cd to command prompt only and run fixboot.

Running fixboot from a windows XP cd will also wipe any boot virus out, if you ever get one that erases your boot sector, or just infects it.

Did not click on this malware but I was able to snap a screen capture for all of you to see.

DO NOT look up this site, it will install malware but, you can see what it looks like.

The proper response to this is to press ALT-F4 to close internet explorer or firefox.

Clicking anything will install this malware on your system. Click the image to enlarge to see the whole thing.

Malware threatscanneri7

There are thousands of variants on how this works, but you need to know that the Alt-F4 trick will work to stop the script as it is waiting on you to click anything with the mouse to install

For all you people who have just been browsing and suddenly find your computer infected with junk!
here’s why.

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218500140

Go here and PLEASE select the fix it and apply it to your computers. the fix it turns off the part of active x that is vulnerable.

Here’s a link to the Conflicker Eye Chart, If some of the images fail to load, you may be infected.

http://www.baylor.edu/its/security/conficker/

Screenshot of antivirus 2010 fake anti-virus software

From the same type of spyware as before (Antivirus 2008, Antivirus 2009) this bug announces to you it has found your system to be full of bugs and errors. (relax, if you’ve got this bug you’re not infected with viruses and Trojans)

It’s goal is to get you to buy antivirus 2010 for $49.99 and it’s a scummy tactic to infect your computer with malware to try to sell you anything.

How did I get infected with this?

Most likely you were browsing the web and clicked on a free scan, or a warning saying you were infected with some bug. then the installer installs this malware on your unit making it a pain in the *SS to use your system.

How do I get Rid of this bug?

Here are the associated files and at the bottom is a link to malware bytes removal tool,

It is shareware but will allow you to remove the infection for free.

If you find yourself the victim of these bugs on a regular basis, I recommend purchasing a license for malware bytes. (I did just because I wanted to support their software development.)

Associated Antivirus 2010 Files:

c:\Program Files\AV2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk

Associated Antivirus 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”

Malware bytes anti-malware tool is effective as a removal method.

Instructions can be Found at http://www.bleepingcomputer.com/malware-removal/remove-antivirus-2010

APPENDED:

If you cannot download the latest version, or get this program to install,

Click HERE for a locally hosted version.

I’ve renamed the installer to keep this bug from preventing it’s execution.

Once installed, open my computer, C:, Program files,Malware Bytes.

Right click mbam.exe and copy

Right click and paste.

You will see a new file called copy of mbam.exe appear,

Execute this version as it will run where the other version has been blocked by antivirus 2009.

In addition:

Please download gmer here (renamed to cmer.exe) and excecute it to be certain you are not infected with a rootkit. If you find yourself infected, please call me immediately.

Thank you.

520-861-1673

Chuck House

Bit Defender is my anti-virus of choice. I Highly recommend this product and have for over 3 years.

Tested against my virus collection this one scored a 100%.

This product uses the least processing power to perform it’s tasks than any of the other products I reviewed.

I have this product installed on 4 computers personally.

I found this software easy to install and use. The interface was clean and worked well.
Tested against my array of viruses, It scored a 99% Effective rating and used less overhead than Norton 360.

Key Technologies

* Protects from viruses, Trojans, worms, spyware, adware
* Scans files, email, and internet traffic
* Protects Instant Messengers
* Protects From Unknown Threats
* Analyzes and closes Internet Explorer vulnerabilities
* Disables links to malware sites / phishing sites
* Global Threat Monitoring (Kaspersky Security Network)
* Blocks all types of keyloggers
* Automatic Database Updates
* Free Technical Support

If you would like to purchase this software and save money, here’s a link.

Save 33% when you purchase 3 year single and multi-user licenses of Kaspersky Internet Security 9.0.

Think you have a hacker?

Free software download for finding & removing Rootkits,

http://www.majorgeeks.com/GMER_d5198.html

GMER is an application that detects rootkits .

hidden processes
hidden services
hidden files
hidden registry keys
hidden drivers
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls

GMER also allows to monitor the following system functions:

processes creating
drivers loading
libraries loading
file functions
registry entries
TCP/IP connections
GMER runs on Windows NT/W2K/XP

Many people ask for help with virus removal when they can not remove the virus because it reinfects as fast as they remove them.

Bit Defender has a bootable rescue cd that you can download and burn with your cd writer sofware.

It is a standard .ISO format.

Boot the cd rom on the infected computer If it’s a dell turn on the pc and press F11 to go to the boot menu and insert the cd rom and choose “Boot from Atapi CD-ROM)

I recommend leaving your computer plugged into the internet for the bitdefender rescue CD to update it’s Virus definitions to get the best results.

(Yes it’s very cool that it boots linux and downloads updates, scans and cleans your computer of viruses)

If you cannot clean an infected file, you may have to delete the file to remove the infection(s).

Again, This is free advice, Use this information in this posting at your own risk. Please don’t blame me if you blow your computer trying to fix your problem.

If this advice helps you remove your virus, please support the good guys like me by clicking the link on your left for bitdefender anti-virus 2009 and purchase a 3 license pack for your family. (Works out to be about $10.00 per computer license.

Not only is this a great value, but it’s also a great anti-virus that will help keep your computer safe.

As always, you can hire me to resolve your virus problem 520-861-1673 as I now offer remote support as well as onsite services.