Main menu
Home Page
Shields Up!
Lavasoft
Malwarebytes
avast!
ZoneAlarm
CodeStuff
Scan Complete
My Virus Whatis
VirusList.com
Another List
BleepingComputer
MajorGeeks
Disable SysRestore
Security Center
CounterExploitation
Annoyances!!
Ans That Work
Glossary
           Virus Info

Virus Info Section

     Without your knowledge or explicit permission, the Windows networking technology, which connects your computer to the Internet, may be offering some or all of your computer's data to the entire world at this very moment!

Update:  Two programs have become very important in dealing with all this malicious software. They are: Malwarebytes and ThreatFire. (These are in addition to avast! and Ad-aware.)
And a 3rd: Combofix

    You must realize that 99% of avoiding viruses is how you act on the internet. Just piling on AV and firewall programs isn't going to do much if you have a tendency to download strange programs and run scripts without really knowing who made them.

    Good vs Evil: Mr. Gates and company, along with Intel, and various manufacturers, have strived to make the task of computing easy. Unfortunately, security was not high on the list when all this first started. We didn't have the criminal elements then... or they were few and far between. Then Pranksters came in. These were knowledgeable people who played innocent jokes on their fellow workers. Not harmful ... but at times very irritating. These were overlooked.

     Then entered the criminal and malicious individuals...or ones who turned that way out of revenge. They pounced on the "easy" ways of DOS and Windows coding. The "Ease of Use" priority over "Security" jumped up and bit. Some of those innocent Pranks were turned into obnoxious, vicious and malicious malware that would make your previously user friendly PC an animal, or worse, wipe out a lot, or all, of your Hard Drive.

    Now then, you didn't pay for, nor did you request any of these viruses. Therefore, you really shouldn't have to pay for a fix. But, then again, the fixer needs to make a living also. However, there are some "free" solutions. All you have to do is find them and then take the time to understand how to use the code. Most of the free items are easy. HOWEVER BEWARE!! Free can be horrendous unless you check out what you are gettin' for free. If you start getting a lot of ads popping up on your screen, then the last piece of software that you loaded onto your 'Puter was NOT free. IF I get a call to help someone in these situations, my services are very low cost. (Exchanges of Love and Friendship for Relatives and Neighbors, small charges for time and gas to others.) There is enough info on the Net to allow you to fix almost any problem yourself. You just just have to bite the bullet, dig in, investigate, research and then fix the problems. But ... I understand that ... just like cars... people don't want to work on them... only use them.

    Now to the rest of the story....... which assumes that you still have access to the Internet via yours, or preferably someone else's PC. Hopefully, all of the items I have given references to, are still available. IF not, go to and search for another.

    Why so many anti-virus, anti-adware programs??   Because ... ta, ta, tahhhh ... there are many and various pieces of malware. Annnnd ... it may take two or more of the fixers to rid your PC of its ills. The only other alternative is to wipe your system and re-load the OS... and all your extra programs... and all your data...
  (that you have so righteously saved ... ummmm backed-up ... right?? ?)

Now then, on that same note; You CAN NOT have more than one Anti-Virus program running at one time. You CAN NOT have avast!, Norton, AVG and McAfee all running at the same time. You CAN, and I do, have avast!, AdAware and Gibson Tools loaded and running at the same time. The Free version of AdAware does not run automatically or continuously. It must be seperately executed once a week or once a month. The Gibson Tools are self explanatory. avast! will run continuously and periodically, usually daily, update itself. When you first fire up your PC you will notice a lot of activity and operations will be a little slower in the first few minutes. This is caused by avast! checking your system and updating itself. Give it a few to do its job. Go get your coffee, or tea or soda and all should be well when you return.
Update Note:  Seems that you can, and may want to, have another running with avast!. It is called ThreatFire.

    The following three, well actually four, items are your main path to security and peace of mind. They are "Free for Home Use" and cost little for "Work Use". Sometimes the "free", as in use part, is not obviously listed. So patiently look around on the site(s) and check them out.

Shields Up!     A means of testing your security is available from a very fine individual by the name of Steve Gibson at Gibson Research Corporation. Access to his site is listed as Shields Up! in the menu on the left. Steve is one of the good guys. He is trying to help make the Internet more secure and user friendly. Follow his advice, use his software (free and/or purchased) and you will also help to bring security back to the Internet.

Lavasoft     Another Company offering free and purchasable software is Lavasoft. They offer some excellent programs to dump and stop spyware. The main one: 'AdAware' is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components.

avast!     Another is avast! HOME EDITION Free antivirus software providing desktop security and data protection. avast! detects and removes all forms of malware, including spyware, rootkits and trojans. Free for home users.

Routers    Another item, besides the Software above, that will aid in securing your 'Puter is a Router.
From How Stuff Works: 'How do routers protect you?'

  • Routers can possess a number of features which fine-tune what the router will let pass and what it will flag as potentially dangerous or unnecessary.
  • Routers can be equipped with authentication and encryption features to monitor packets entering your network.
  • Routers can have firewalls to block unwanted entry.

    Even though a Router is primarily for using more than one computer on an Internet connection, it could be used as part of your protection in a single PC environment. However, Wireless routers are not as secure as the hard wired ones. Check out the following:

    Now then, I want to say this about that. I am providing information here, that is from both, experience, and other people. However, things change, and in the Computer PC industry, changes are fast. Therefore, use any info from here at your own risk. I, nor any of the individuals, or Companies that I mention will take any responsibility for your choices, actions or screw-ups. There shouldn't be a need for any of these kinds of software programs but, we still have many unscrupulous individuals amongst us.

  • Spyware:
    Individual programs that embed themselves within your computer and monitor your internet browsing activities. They can "spy" on your confidential information (ie. passwords, credit card info, etc).
  • Spybot Worm:
    The spybot worm is a virus that attacks your computer system through Instant Messenger or Kazaa. If you are infected by spybot then your anti-virus software may become disabled.
  • Adware:
    Programs that relay your personal information and internet browsing patterns from your PC to another PC for advertising purposes. Adware are software applications that display advertising banners and pop-ups. If you get inundated with pop-ups chances are you have been infected by adware.
  • Malware:
    It is the short term for malicious software. Malware are more commonly referred as viruses, trojans, and worms. Malware self-propagates and hide themselves within another program. Malware are designed to annoy but they have been known to wipe out the an entire hard drive. The most common form of being infected by Malware is through opening of an email attachment.
  • Trojan:
    Software that breaks through computer security and disguises itself as something benign, such as a game or directory lister. Trojans do not replicate themselves and are usually installed by "freeware and shareware" programs. They are detected as back door.

    How to tell if a PC has a Virus

    

Specific Info

    Microsoft Messenger: - Beginning with Windows NT, Microsoft included the Windows Messenger Service, and it's been built-in to each subsequent version and release of Windows over the past several years. It is not being used for its original purpose but is being used for malicious intents. It is highly recommended that you disable it.

Shutting off Windows Messenger Service will have no effect on any of the popular "instant messaging" systems you might be using; they don't rely on Windows Messenger Service (irrespective of its name) to function. You can do it yourself or, assuming you have installed AD-aware, load the Lavasoft plugin, Messenger-Control, that gives you control over this service.
Also See: Disable MS Messenger and Shoot The Messenger

    Hex Dump: - With many files (cookies for example) there's no easy way to view any information about them. The HexDump extension for Ad-aware lets you view a hexadecimal version of a file turned up in a scan, along with an "English" translation of the hex code.

This is an aid I would recommend that you install. Even though Computers talk in a funny language, there are some helps that will assist in making what they say more human readable.

    Layered Service Providers (LSP): - Small pieces of software that can be added or inserted into the Windows TCP/IP handler by other software. Data outward bound from your computer to a legitimate destination on the Internet can be intercepted by an LSP and sent somewhere other than where you intend it to go.

This is another plugin, LSP Explorer, for Ad-aware that I would highly recommend you use.

The Internet Threats

Threat Risk
Hacking attempt Unauthorized access to your computer (total control of your system and all your files).
Viruses and remote attacks Loss of your data (files and documents), system crashes, unstable computer operation.
Trojan horses Unauthorized access to your computer (total control of your system and all your files).
Malicious web page content Loss of your privacy.
SpyWare Loss of your privacy.

Firewalls

    There are two kinds of Firewalls, hardware and software. These can be, and are, used together or separately. I personally have the hardware version which is as a result of my local network. When you share a cable connection with the other members of your family, you need a router. This causes a change in the IP addresses of your local machines to the Private range which is:

  • 10.0.0.0 with the subnet mask 255.0.0.0
  • 172.16.0.0 with the subnet mask 255.240.0.0
  • 192.168.0.0 with the subnet mask 255.255.0.0
The above addresses can not be used on, or accessed from, the Internet. So how can, do you communicate? Through the router. It will have the original IP address that your ISP assigned to you. The router will translate and "route" the messages to and from the correct machine.

Avast!4 - Free Home Version (and the one I recommend)
This antivirus software is based on the ALWIL Software Virus, Worm and Trojan horse scanning technology since 1988. The avast! antivirus portfolio includes a number of products, providing effective protection at all levels - from PDAs to large networks.

ZoneAlarm is a very good software firewall. They have three different versions. The lowest version is free but provides adequate security for most casual users. It blocks dangerous Internet threats, guarding your PC from many of the tactics used by hackers and data thieves. It does not, however, guard you from e-mail viruses. To get that requires one of the higher levels which cost money.

AVG Free Edition is now available for all single home users worldwide! Download, install and use AVG Free Edition and get:
  • AVG Resident Protection
  • AVG e-mail Scanner
  • AVG On-Demand Scanner
  • Basic Scheduled Tests
  • Free Virus Database Updates
  • Automatic Update feature
  • Easy-To-Use Interface
  • Automatic Healing of infected files
  • AVG Virus Vault for safe handling of infected files

AIM security

    Online Safety/Security FAQ The biggest problem with AIM is the same as with Email... Attachments. Good Anti-Virus software will help but... Read the truth about E-mail viruses.

    

Answers to some of your Questions

    If and when you use some of the tools I am recommending, you will need to know which items you should remove and/or disable. Two places have provided excellent information. The first I'll mention is Bleeping Computer. It has a number of selectable Tabs on its Home Page and the one we are mainly interested in is the Tab "Startup List". If you use the Startup Manager from CodeStuff you will get a list of programs that are started when you fire up your PC. Not all of these are needed... leastwise they are not necessarily needed at startup. This list will tell you which ones to leave alone and which ones you can remove or disable. Unnecessary startups slow down you 'puter, waste resources and ... well you get the idea.

    The table below is setup in the same format as the tables on the Answers that work pages. All I have done, and/or am doing, is add what I run into that isn't in their list. Again, this is a list of programs that you may, or may not, want to remove or disable.

Task List Name Program & Manufacturer What it is
and what you can do
gwremind Microsoft Greetings Workshop Reminders that you need??? Probably not.
Wnsapisv
or
WINSERVS or sear1 		Clickspring / PuritySCAN An Addware program.
It will drop a copy of itself in the Windows StartUp folder as wnsapisv.exe or WINSERVS.EXE. This copy will load at start-up and spawn massive quantities of large popup ads when the user is online.
Edit your startup folder manually or with one of the available programs on the Internet. A good one is StarterSetup from CodeStuff.
Wupdater Kazaa
Prefetch, Perfectnav, and Incredifind		 A spyware program.
Another program that gets loaded into your Startup. Edit your startup folder and remove it.
In general, these programs generate popup ads and may hijack web searches. Wupdater.exe seems to be a background update task. We'd recommend removing this file. You'll probably find it in C:\Program Files\Common files\updater\wupdater.exe.

The above info also will be of assistance when using the HiJack this program.

Some Startup Folder Fiascos

avacyptj.exe and mcfg32c.exe

    These two jewels are placed by totempole. They can be found in the startup folder and the actual programs are found in \\Windows\\system directory. This information is thanks to Jack on Annoyances.org. In order to remove them you will have to reboot and startup in Safe Mode.

bxxs5 or BookedSpace

     BookedSpace is an adware browser helper object. Installed silently. The controlling server is www.bookedspace.com and 66.225.192.199. Again this can be found in your startup folder.

Win32:Trojan-gen - removal

I swiped this info from a Bullguard forum. The gentleman, Emilio from Slovakia, seemed to be very knowledgeable. I am including his info and the above reference for your convenience. I had a client with this Win32:Trojan-gen problem and it was a nightmare. It slowed down her PC considerably. The only other alternative would be to wipe out the system and re-load Windows. I for one am getting tired of that particular scenario.

Download CCleaner
www.ccleaner.com/

Download Advanced Process Termination
(you don't have to install it....it's only executable utility)
Advanced Process Termination is a simple but powerful utility that provides nine (9) different process termination techniques - all at the click of a button. Process Guard also has powerful anti-hook capabilities to prevent other programs from hooking critical functions (something often done by trojans to prevent their processes from being seen or terminated). In addition to process termination, APT also allows you to Suspend and Resume processes, and also serves as a useful process list utility.
Windows 2000, Windows XP, and Windows 2003 are supported.


Procedure:
1.DISABLE SYSTEM RESTORE
   Windows ME and XP utilize a restore utility that backs up selected files automatically to
   the C:\_Restore folder. This means that an infected file could be stored there as a
   backup file, and VirusScan will be unable to delete these files. You must disable the
   System Restore Utility to remove the infected files from the C:\_Restore folder.
2.REBOOT TO THE SAFE MODE
   Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode,
   only the specific components that are needed to run the operating system are loaded.
   Safe mode does not allow some functions, such as a connection to the Internet. Safe
   mode also loads a standard video driver at a low resolution. Due to the low resolution,
   your programs and the Windows desktop may look different than usual and the desktop
   icons may have moved to different locations on the desktop.

The F8 key is used to enter Safe mode. It can be, and many times is, tricky to get it to work. If you can not get the F8 key entry to safe mode, then follow the directions presented by Symantec in the reference above.

3.SHOW HIDDEN FILES
   The system files are normally hidden. Since some of these are pretending to be system
   files we need to open up the system to show them.
4.RUN HIAJCKTHIS:
 Check:
  R3 - Default URLSearchHook is missing
  O4 - HKLM\..\Run: [jUSnC] C:\WINDOWS\dpexao.exe
  O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Takrst.exe
  O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Prlvgv.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
 FIX CHECKED........

5.RUN ADVANCED PROCESS TERMINATION
 Kill these processes(select then press "ALL" button in PROCESS CONTROL OPTIONS)
  C:\WINDOWS\dpexao.exe
  C:\WINDOWS\System32\Takrst.exe
  C:\WINDOWS\System32\Prlvgv.exe

6.FIND AND DELETE THESE FILES:(some files may not exist)
  C:\WINDOWS\dpexao.exe
  C:\WINDOWS\System32\Takrst.exe
  C:\WINDOWS\System32\Prlvgv.exe

7.SCANS:
  do some scans with applications which you can download mentioned in other posts....
AD-AwareSE,SpyBot,SysClean and so on..
  • run scan with Ad-AwareSE (full system scan, scan volume for ADS)
  • run scan with SpyBot
  • run scan with ScanSpyware (do complete scan)
  • run scan with Stinger
  • run scan with Mwav (all scan options)
  • run scan with SysClean
    Notice: Sysclean is not meant to protect your computer from viruses. Sysclean only scans your computer and removes any viruses it finds. You need to purchase antivirus software for full real time protection.
  • run scan with TDS-3 (choose all choices to scan in SCAN CONTROL)
Ad-Aware SE.......Install, click Check for Updates now and get any updates, then exit.
Ad-Aware VX2 Cleaner Plug-In.....Install only
avast! antivirus software..........Install
CCleaner.............Install only, then exit
Spybot................Install, do the search for updates now and get any updates, then exit.
SpywareBlaster...Install, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. It does a great job of blocking known vulnerabilities as well as known malicious websites.
McAfee AVERT Stinger.....No installation required! Ready to run as is.
CWShredder......No installation required! Just unzip it to a folder.
Kill2me..............No installation required! Just unzip it to a folder.
about:Buster......No installation required! Just unzip it to a folder. Click Update and download any before scanning.
HSRemove........No installation required! Ready to run as is. (Only for WinNT, 2K, XP)

8.CLEANING
run CCleaner (analyze---run cleaner)

9.RE-ENABLE SYSTEM RESTORE

10.REBOOT

    

    

Remove: AntiVirusGold

AntivirusGold is an adware application. Antivirus Gold is installed by some trojans without asking for user permission. The deskop wallpaper is modified & advertisement is displayed urging the user to buy Antivirus Gold. Upon clicking on the message, a web explorer is opened to point to www.AntiVirus-Gold.com. The purpose of this trojan is to install itself & pretend that only AntiVirus Gold can remove it.
Home Page:   SpywareDB removal tool

DyFuca.InternetOptimizer

DyFuca.InternetOptimizer is a variant of the DyFuca page hijacker. Unknown-server errors, page-missing errors, server errors and even password-required errors are redirected to Internet Optimizer's controlling server at www.internet-optimizer.com. The 'DyFuCA Active Alert' component can open pop-up 'alerts' when directed by its controlling server. And can download and execute arbitrary unsigned code from its controlling server, as an update feature.
Home Page:   Spython removal tool

ABetterInternet

ABetterInternet runs at your system's start-up and may track your Internet activity. If A Better Internet gathers personal information about yourself and your web browsing habits, it may target pop-up advertisements at you, redirect certain URLs, and automatically update itself and install third-party software, files and desktop icons.
Home Page:   Spywareremove

2ndThought

2nd Thought may download and display advertisements, and may reset your home page and report your web activity to its parent company.
Home Page:   Spywareremove

Twain-Tech

Twain-Tech Removal - This bug is adware. Comes as both a BHO and a toolbar. If you'd like to send them some love visit their site. Also read below and also send the software company who installed it on you some love as well. Free programs that are sponsored by ads are not truly free. If you want to profit from making software please go the 15 day trial route cause ads will only make people hate you.
Home Page:   I am not a Geek

Addclicker

Runs in the background and periodically pops up a warning that there is a problem with your computer. Can display a warning message from the system tray that your computer has spyware. Clicking the warning message will take you to a website to download antispyware software that does not do what it claims.
Home Page:   Spyware Guide

Home Page:   

Home Page:   

Home Page:   
Bravenet.com


Copyright © 2004-2010 All rights reserved.