My Virus Info
I carry these items with me on service calls and I need to keep track of what is what. IF you can use
the info have at it. Please search the Web for more info and/or the latest versions of these programs before using them.
Some of them should only be used IF requested by a knowledgeable Professional -or- Friend -or- Relative. And some of
them may be Operating System(OS) specific. We have many forms of Windows out there. Make sure it will work on your version!!
When you are searching the Web, DO NOT, I repeat, DO NOT allow any program to automagically
install anything on your PC. IF it says you have a Virus ... you probably don't ... UNTIL ... you load their program!!
Check with a knowledgeable compatriot BEFORE loading anything. Some of these look -and- sound
very official... -but- they are not.
Two of them are: Windows Police Pro and Windows XP Recovery
DO NOT click the OK button.
Get out by closing the Browser IF neccessary.
Just DO NOT let it load -or- you will probably be calling me or one of my fellow fixers.
For all virus trouble shooting the first thing to do is turn off System Restore if your
system has it. We don't want to go thru all these procedures only to have them re-appear because of the restore
file(s). You can turn it back on when done, if you so desire.
How-to in Windows XP: Disable Sys Restore in XP
How-to in Windows Vista and 7: Disable in Vista and 7
To use the F8 key to start Windows in Safe mode
There are times when you will be requested to start Windows in a 'Safe Mode'. Safe mode lets you turn off unnecessary
computer programs so that you can find the cause of a problem. Many programs that start with Windows will not start.
There is a selection that lets you start Safe Mode with Networking. Don't use this unless instructed to do so. Sometimes
you will need this mode to get Anti-Virus program updates while in Safe Mode.
- Restart the computer.
- When you see the black-and-white Starting Windows screen, start tapping the F8 key.
(If tapping doesn't work, then press and hold the F8 key.)
- In the Windows Advanced Options Menu, select Safe mode if it is not selected.
If it is not selected, use the arrow keys to select it.
(Only select the mode with Networking when directed to do so.)
- Press Enter.
Windows will then start in Safe mode. (This can take several minutes...
a long time anyway.)
And you will see command lines scrolling up the screen. Your final screen will look
different than your normal screen. And when you go back to Normal Mode your screen
icons will probably look messed up.
Nature of the beast ....
During my recent Net exploits I found this list of Adware culprits. It is generously
provided by the folks who produce System Mechanic 7...
which I will recommend to my customers.
A place you must visit is:
You will find a number of tools that can be obtained for ... Free.
Note 17-Feb-10@9:58am : I have learned -but- can not totally verify at this
time that three anti programs work well together and will protect your system well. I am putting this here
to let others know, so they can try them if desired, and I will add more as I learn/experience more.
A common thought:
Programs are: avast! - ThreatFire - Comodo Internet Security
All 3 are 'Free' for Home use -or- cost for the Pro/Business versions.
From the Net: Using both Avast! and Comodo has worked well for me on both Vista 64 and 32. -But- it appears
that you should only use the Comodo Firewall with avast.
Get rid of the software firewalls and just get a cheap router that has at least NAT and SPI firewall protection.
Use MSconfig to setup for Normal Startup Mode
Vista Cleaning Procedure
- A -
aswclnr - avast! Virus Cleaner - free virus & worm removal tool
List of known worms
avast! Virus Cleaner is currently (in version 1.0.203) able to identify and remove the following worm families:
Many worms - when activated - create additional working files on your hard disk. Even though these files alone
are harmless, they are useless and they should not be there. When avast! Virus Cleaner detects and removes a
known worm from your computer, its working/temporary files are removed as well. The same applies for
worm-specific registry entries etc.
- Win32:Badtrans [Wrm]
- Win32:Beagle [Wrm] (aka Bagle), variants A-L, U, W-Z, AA
- Win32:Blaster [Wrm] (aka Lovsan), variants A-M
- Win32:BugBear [Wrm], including B-F variants
- Win32:Ganda [Wrm]
- Win32:Klez [Wrm], all variants (including variants of Win32:Elkern)
- Win32:MiMail [Wrm], variants A, C, E, I-N, Q, S-U
- Win32:Mydoom [Wrm] (variants A, B, D, F-J - including the trojan horse)
- Win32:Nachi [Wrm] (aka Welchia, variants A-K)
- Win32:NetSky [Wrm] (aka Moodown, variants A-Z, AA-AB)
- Win32:Nimda [Wrm]
- Win32:Opas [Wrm] (aka Opasoft, Opaserv)
- Win32:Parite (aka Pinfi), variants A-C
- Win32:Sasser [Wrm] (variants A-F)
- Win32:Scold [Wrm]
- Win32:Sircam [Wrm]
- Win32:Sober [Wrm], variants A-G
- Win32:Sobig [Wrm], including variants B-F
- Win32:Swen [Wrm], including UPX-packed variants
- Win32:Yaha [Wrm] (aka Lentin), all variants
avast! 4 Home Download
Note: This product is free for home
non-commercial use after registration! at http://www.avast.com/i_kat_207.php?lang=ENG
avast! antivirus software is based on the ALWIL Software Virus, Worm and Trojan
horse scanning technology since 1988. The avast! antivirus portfolio includes
a number of products, providing effective protection at all levels - from
PDAs to large networks.
avast! Home is now Free of charge for HOME users for NON-COMMERCIAL use.
Note: Please see ThreatFire below to use in addition to this.
Works on: Windows 2000, Windows XP, Windows Vista and Windows 7
Ad-Aware - Lavasoft
Most people are familiar with freeware, shareware, cookies, media players, interactive content,
and file sharing. What they may not realize is that some of the aforementioned may contain code
or components that allow the developers of these applications and tools to actually collect and
disseminate information about those using them.
They can track your surfing habits, abuse your Internet connection by sending this data to a
third party, profile your shopping preferences, hijack your browser start page or pages, alter
important system files, and can do this without your knowledge or permission. The security and
privacy implications of these exploits should be quite obvious and undesirable on any system or
Lavasoft is the industry leader and most respected provider of anti Trackware solutions. We
have developed several applications that will provide you with the means to keep your computer
or network free of these compromising and intrusive threats to your privacy.
Free for non-comercial use only.
Supported Operating Systems:
Windows 7 (32 and 64-bit), Windows Vista (32 and 64-bit), Windows XP (32-bit), Windows 2000 Pro
Advertisemen is a new adware out there. described here at Vivid Reflection. Richard from Vivid
Reflection sent me the files via Upload Malware and I have now created a quick removal tool for
advertisemen. RemAdvertisemen is available here.
Download RemAdvertisemen to a convenient place and double click the remadvertisemen.exe.
Once it is running click the "Start Removal" button and wait for the "Done Removal! Please reboot
your computer now." message. Once you see that Click ok and then reboot your computer.
Works on: Windows 2000, Windows XP
Admit One - Windows Password Access Manager
Admit One lets you enable and disable all Windows password prompts with just one mouse click -
You won't be bothered by passwords while at home, and you'll always be prompted to prevent
unauthorized use when on the go. Great for desktop PC's as well, where privacy and security are
needed. Admit One - don't leave home without it!
Compatible with: Windows 7, Windows Vista, XP, 2000; 32-bit and 64-bit.
The following Table of info from: Security Stronghold
Download Alcan.zip or AlcanFix.zip and unzip it to your desktop.
||Name of the threat: ALCAN.B
|Command or file name: winupdate.exe
|Threat type: Worm
|Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)
# Reboot into Safe Mode - Very Important!
# Enter the AlcanFix folder and double-click AlcanFix.bat to run the tool.
# When the tool has finished, please reboot back to normal mode.
This is an extract from the forum for this site.
Appears to be Freeware.
Risk Impact: High
File Names: Aports.exe
Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows XP
This threat is a stand-alone application, does not drop files, and does not modify the registry.
This hack tool displays a Graphical User Interface (GUI) showing the processes and applications
as they are mapped to port numbers. Also, it shows the IP address of the user accessing open ports.
The publisher also offers an API for a fee. Aports.exe is freeware in its GUI form.
Works on: (Windows NT/2000/XP)
apt - Freeware process termination tool for Windows NT/2K/XP
Advanced Process Termination is a simple but powerful utility that provides
nine (9) different process termination techniques - all at the click of a button.
Process Guard also has powerful anti-hook capabilities to prevent other programs
from hooking critical functions (something often done by trojans to prevent their
processes from being seen or terminated). In addition to process termination, APT
also allows you to Suspend and Resume processes, and also serves as a useful
process list utility.
Works on: Windows NT, Windows 2000, Windows XP
ATF-Cleaner.exe was once upon a time just my personal temp file cleaner. There became a need for a
good temp file cleaner that could do the job safely and without removing files that are crucial to
windows, so I decided I'd share it with the public.
ATF-Cleaner has recently picked up alot of interested in the various communities online.
ATF-Cleaners options are fairly straight forward and its simplicity is part of its charm.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
This program is for XP and Windows 2000 only.
Autoruns for Windows v9.57
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor,
(mainly cause it is from Microsoft themselves)
shows you what programs are configured to run during system bootup or login, and shows you the entries in
the order Windows processes them.
Microsoft - Windows Sysinternals
- B -
Bazooka Adware and Spyware Scanner v1.13.01
Bazooka Adware and Spyware Scanner search for CoolWebSearch, Gator, GAIN, Bargain Buddy, CommonName,
FlashTrack, IPInsight, n-CASE, NetRatings, SaveNow, Wurldmedia, etc. The complete list is available in the
online encyclopedia. To stay up-to-date with the new spyware and adware the latest threat definition is always
available from the Bazooka web site.
Bazooka is Freeware and Windows 95/98/ME/NT/2000/XP compatible.
BraveSentry is a rogue anti spyware program that hijacks the web browser and it is known to issue fake
warnings on your computer in order to manipulate you into buying its full commercial version. It can also
be installed from the BraveSentry website and has been forced onto the computer without EULA and users
knownledge of installation. It does not actually detect parasites, but targets harmless system and
software objects as threats in attempt to trick the user into purchasing the full version of Brave Sentry.
BraveSentry is related to SpySheriff and Spware-no.
Brave Sentry Removal
This is a detector only. You will need to purchase the removal version.
- C -
CCleaner (Crap Cleaner) & ASC (Advanced System Care)
CCleaner (Crap Cleaner) is a (used to be freeware) system optimisation tool. That removes unused and
temporary files from your system - allowing it to run faster, more efficiently and giving you
more hard disk space. The best part is that it's fast! (normally taking less that a second to
run) and Free. :)
Cleans the following:
Internet Explorer Cache, History, Cookies, Index.dat.
Recycle Bin, Temporary files and Log files.
Recently opened URLs and files.
Third-party application temp files and recent file lists (MRUs).
Including: Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce and more...
Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more...
Backup for registry cleaner.
This software is completely Freeware and contains no Spyware.
CCleaner Beginers Guide
CC and ASC
Works on: Windows (All Versions)
ComboFix is a program written by sUBs, that removes spyware, malware, rogue antispyware apps and Vundo
infections. Also it deletes a bunch of files related to the infections and is updated fairly regularly.
When Combofix finished, it will produce a report for you. Power user can use the report to search and
remove infections that are not automatically removed.
It is suggested you save the program under a different name. Some of these pieces of malware are checking
for the names and preventing the anti-virus programs from installing/running. You should also make your first
run from SafeMode.
Use this with caution. And only on 32bit Windows XP.
Windows Built in System File Checker... sfc /scannow
This is here to be used in conjunction with -or- instead of the above ComboFix.
Sfc /scannow will inspect all of the important Windows files on your computer,
including Windows DLL files. If System File Checker finds an issue with any of these protected files,
it will replace it.
It is run from the Command Prompt which you should open with 'Run as Administrator'.
Note: System File Checker may or may not prompt you to restart but even if it doesn't,
you should restart anyway.
For: Windows 2000, XP, Vista and Win7
Comodo Internet Security
Comodo Internet Security is the free, multi-layered security application that
keeps hackers out and personal information in.
Built from the ground upwards with your security in mind, CIS offers 360°
protection by combining powerful Antivirus protection, an enterprise class
packet filtering firewall, and an advanced host intrusion prevention system
Unlike the stripped down versions of commercial software that other software
vendors offer for free, this is the full, completely functional version of the
For COMODO internet security, there is a feature that was giving my customers a
hard time at first until we found a fix for people that are very novices for computer.
The fix is to disable the Proactive Defense, but leave the firewall
The reason is; that the Proactive Defense was giving out way too many pop ups for any action, any
application, on the system took. So, when they wanted to install a new application, such
as Quake 4 Arena multiplayer game, they would get dozens of DEFENSE alerts. If you are new
to computers and dont have the necesary level of expertise to be able to discern what
application is a legiimate application and what should be ‘blocked’, then just disabling
the Proactive Defense, just that feature, is a good idea. Afterall, just with the firewall
and the antivirus enabled should give you a good protection.
Note: Please see ThreatFire below and avast! above
to use in addition to this.
Freeware -or- Pro version for $49/year
Comodo Free Products
Crucial Windows XP Vulnerability Fixer
A Critical Security Vulnerability Exists in Windows XP. (Surprise) Actually,
as we know, there are many, but we'll handle them one at a time. This
particular vulnerability allows the files contained in any specified
directory on your system to be deleted if you click on a specially formed
URL. This URL could appear anywhere: sent in malicious eMail, in a chat
room, in a newsgroup posting, on a malicious web page, or even executed
when your computer merely visits a malicious web page. It is already being
exploited on the Internet.
Gibson Research Corporation
A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen
other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they
update, you can use this to completely remove the hijack.
- D -
DyFuCA is a porn dialer that may use your modem to connect to porn servers. When DyFuCA connects to these servers,
your phone line may be charged expensive rates. DyFuCA may automatically launch each time you start your computer,
and DyFuCA may also download and install other adware and spyware onto your computer without your permission.
DyFuCA may be distributed via the Internet as an Internet Optimizer Utility.
Free to try; $29.99 to buy
in Windows 2000 and XP Professional
Services are programs that run in the background and take in requests over
the network from
other computers. Microsoft ships Windows 2000 and XP Professional with many
different services enabled that you will never have any use for. More to
the point, a lot of these services were poorly written and will happily take
requests, such as "delete all the files on the
hard drive", or, "blanket the screen with pornographic
This section details how to turn off various unused services on your computer.
In addition to making your computer run a little faster, your computer will
also be somewhat safer. If you have decided to keep a firewall running, then most malicious traffic
to these services will be blocked. However, adding another layer of redundancy to secure your machine is always recommended.
Disabling the Messenger Service
Disabling the messenger service will prevent the possibility of an attack
through this service. There
are already documented, unpatched vulnerabilities that take advantage of
a Messenger service buffer overflow. You can disable
the messenger service by performing the following:
If the Messenger service is currently enabled on the system, you will be prompted as to
whether you want to disable it. To do so, click the Disable Messenger button.
Microsoft's DCOM really is useless to the average user. DCOM's insecurity is the culprit for the Blaster and Welchia worms which
currently pose such a huge problem for Windows users everywhere. Thus it is common sense to disable DCOM even on a patched machine.
It should be noted that another DCOM vulnerability was found just a short time after the first patch was released. Why bother repeatedly
patching a useless piece of software when one can disable it in just a few seconds?
Click on the DCOMbobulate Me! tab, then click the Disable DCOM button. The changes will take effect on your next restart.
Disabling the Universal Plug and Play service
Universal Plug and Play is not related the the Plug and Play hardware standard.
It is a network service which effectively opens ports on your machine which
have been proven in the past to be insecure. Although it is automatically
started by default on all Windows XP machines, this service is not widely used and it is unlikely
that you will need it. It is recommended to be disabled.
If the UPnP service is currently enabled on the system, you will be prompted as to
whether you want to disable it. To do so, click the Disable UPnP button.
Disabling the Windows Scripting Host
One preventive measure that you can take to protect yourself from viruses
that come as .vbs attachments is to disable or uninstall the Windows Scripting
Host (WSH). Because Windows Scripting Host is an optional part of Windows,
it can be safely removed from your computer. This feature can easily be
if it is required in the future. Remember that there are many other viruses
that do not use the Windows Scripting Host, so it is critical that you
continue to use Symantec Antivirus protection with
the most up-to-date virus definitions.
- Download the Symantec
Noscript.exe utility to a folder on the hard
- Double-click the Noscript.exe icon. The Norton
Script Disabler/Enabler appears.
the WSH is currently enabled on the system, you will be prompted as to
whether you want to disable it. To do so, click Disable, and then click
Disable WinXP and 2000 raw sockets
As part of my struggle to convince Microsoft not to ship Windows XP with
full raw sockets, I created this "SocketLock" utility. It easily enables
and disables the system's raw socket capabilities to show that, contrary to
Microsoft's claims, raw sockets are not, and never were, needed by any
applications or users.
Gibson Research Corporation
- E -
EasyCleaner is a small program which searches the Windows registry for entries that are pointing nowhere.
EasyCleaner also lets you delete all kinds of unnecessary files such as temps and backups. You can search
for duplicate files and you can view some interesting info about your disk space usage! You are also able
to manage startup programs, invalid shortcuts and add/remove software list.
Up to and including Windows XP.
Let Error Nuker, your amazing FREE PC Diagnostics tool, identify the precise problems in your Windows registry so you can determine exactly what your PC is suffering from.
Even if your PC is perfectly fine, you should try the diagnostics tool if you want to avoid serious problems before they happen.
Best of all you can keep the tool and find out if your PC has
problems for FREE as often as you like.
Free to try;
$29.95 to buy now Free
At least up to Windows XP
- F -
Free software serial port monitor, Com Rs232 sniffer with communication packet data analyzer. This
monitoring utility can spy, capture, view, analyze, test com ports activity performing com port
connection and traffic analysis with data acquisition and control. You can use this system as device
interface testing tool, modem data transfer viewer and so on.
At least up to Windows XP
- G -
- H -
HijackThis is a tool, that lists all installed browser add-on, buttons, startup items
and allows you to inspect, and optionally remove selected items. The program can create
a backup of your original settings and also ignore selected items. Additional features
include a simple list of all startup items, default start page, online updates and more.
Intended for advanced users.
Supposed to work on 2000, XP, Vista and Win7
- I -
- J -
- K -
KillBox will delete those annoying files that will not let themselves be deleted, no matter what you do.
Download this file, extract it, and run the killbox.exe file.
When it loads type the full path to the file you would like to delete in the field
and press the Delete File button (looks like a red circle with a white X).
It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.
klwk.com utility for virus fighting
Some malicious programs prevent Antivirus package from functional mode work when installed and more often they simply block it. To fight such problems Kaspersky Lab introduces klwk.com utility which you can download from: ftp.kaspersky.com/utils/klwk/klwk.zip. If your computer has been infected by some of the viruses that klwk.com utility can fight to help the Antivirus package full functional work you should do the following
# Download klwk.com utility from: ftp.kaspersky.com/utils/klwk/klwk.zip (it is recommended to save the executable utility file either in a special folder or on a separate media type)
# Unpack klwk.zip in the folder where you saved the archive file
# Start the executable klwk.com file without any parameters: utility will do memory scanning and will terminate the viruses processes
# Wait the scanning process to finalize
# Start the executable klwk.com file with /s: parameter and the utility will do the hard disc scanning and files deletion that are supposed for atomized start by system launching and contain the malicious code
# Wait the scanning process to finalize
Note: list of klwk.com utility additional parameters you may need while working with the program is available here: ftp.kaspersky.com/utils/klwk/readme.txt
Note: you should remember that utility is supposed to fight the active copies of theses malicious programs the list of which is given below. If the infected object is e.g, in the post data base then Kaspersky Antivirus will detect and delete the object itself.
Note: if you local network has been infected then before you cure the computer switch it off the net, cure it with klwk.com utility and only after that switch it on back.
Utility has been worked out to fight the following malicious programs:
I-Worm.Zafi.b, I-Worm.Bagle.at, I-Worm.Bagle.au, Virus.Win32.Implinker.a, Not-a-virus.AdWare.Visiter
- L -
What is Look2Me?
Before using this you should know what you are doing
and/or have a knowledgeable friend available. Would also be nice to have
another 'Puter avaiable to search the Web and get help.
Look2Me is an advertising and information network that uses a shell extension to attach itself
to Windows and display pop up advertising for its clients. It monitors visited web sites and
submits this information to a server.
You could also have the latest version of VX2. See VX2 below in the V section.
Download L2mfix from one of these two locations:
..and look at the manual removal at:
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract
the files and follow the prompts, then open the newly added l2mfix folder on your desktop.
Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter.
This will scan your computer and it may appear nothing is happening, then, after a minute or 2,
notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft
windows applications. choose close to terminate the application.."...then please use option 5 or
the web page link in the l2mfix folder to solve this error condition. do not run the fix portion
without fixing this first.
Appears to be Freeware.
- M -
Magical Jelly Bean Keyfinder
The Magical Jelly Bean Keyfinder is a freeware utility that retrieves your Product Key (cd key)
used to install windows from your registry. It has the options to copy the key to clipboard,
save it to a text file, or print it for safekeeping. It works on Windows 95, 98, ME, NT4, 2000, XP,
Server 2003, Office 97, and Office XP. This version is a quick update to make it work with
Windows Server 2003.
McAfee AVERT Stinger
stinger.exe v2.5.6 [1,186,311 bytes] (8/16/2005)
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a
substitute for full anti-virus protection, but rather a tool to assist administrators and
users when dealing with an infected system. Stinger utilizes next generation scan engine
technology, including process scanning, digitally signed DAT files, and scan performance
optimizations. This version of Stinger includes detection for all known variants, as
of August 16, 2005:
Stinger is Free.
mwav - VIRUS SCANNER FOR YOUR COMPUTER
MicroWorld AntiVirus Toolkit Utility (MWAV)
Scans your computer completely and provides reports of any viruses that it finds.
It finds the viruses for free but it will cost $9.95 to get a version that will also remove them.
- N -
- O -
- P -
Free PopUp Blocker! Completely FREE!
After installation, you will find a new toolbar in your Internet Explorer (as below) and the tool
will automatically block popup ad windows for you when you surf in IE.
No Cost! No Configuration! No Popup! CleanMyPCTM Free PopUp Blocker help you get rid of the
annoying popups when you surf Internet and say goodbye to popup ads forever! Just Enjoy It!
PAL Spyware Remover
Spyware & Adware are files that can be installed on your computer, even if you don't want them,
without you knowing they are there! They allow companies to monitor your Internet browsing patterns,
see what you purchase and even allow companies to inundate you with those annoying "pop up" ads!
If you've downloaded some music, files or documents and suddenly started getting annoying ads popping
up on your screen, you could definitely be infected with SpyWare and/or AdWare!
SpyWare Remover will scan your PC Absolutely FREE and let you
know if you have any files that are infecting your PC! You have to purchase the remover.
Kill pop-up ads before they even appear - it's 100% free and accessible directly from your browser!
Create "safe lists" for pop-ups you want to appear (media player, etc.)
No Spyware. No Adware.
Comes with FREE MyWebSearch accessible directly from your browser, plus Search Assistant - relevant search results in response to misspelled or incorrectly formatted browser address requests.
Also includes free FunWebProducts such as Smiley Central\u2122, CursorMania\u2122, and Popular Screensavers\u2122!
Personal firewall leakage tester
Ensure that your PC's personal firewall can not be easily fooled by malicious
"Trojan" programs or viruses. Thanks to this first version of LeakTest, most
personal firewalls are now safe from such simple exploitation.
Gibson Research Corporation
PestBot Spyware Remover 1.08 for Windows
PestBot Spyware Remover scans your computers processes, memory and system registry for hidden and
dormant spyware, adware, Trojans, dialers, worms and other forms of Malware!
Free to try,$29.95 to buy
- Q -
- R -
With Registry Mechanic for Windows you can safely clean and repair Windows registry problems with a few simple mouse clicks!
Problems with the Windows registry are a common cause of Windows crashes and error messages.
By using a registry cleaner regularly and fixing your registry your system should not only be more stable but it will
also help Windows and your software run faster.
Free Trial - Actual $29.95
Registry Rescue scan, removes, clean up and repairs invalid entries, references and links in your Windows registry.
Errors in your registry, and stuff left behind by other programs in your registry are one of the main causes of system slow down,
computer crashes and lockups, also a potential privacy threats.
By repairing errors in the registry your system's performance will be visibly increased.
This software is a shareware. You will be able to download and test Registry Rescue during a certain period of time, then, if it does what you need,
you will have to buy the full version from Registry Rescue publisher.
The Registry Rescue 2.0 free trial version contains an installer and an uninstaller, and has a size of 1057 Kilobytes.
Only one minute will be needed to get it on a DSL connection,
or up to 3 minutes if you are using a 56k modem to download Registry Rescue 2.0.
Registry Rescue 2.0 will run on Windows 95 / 98 / Me / 2000 / XP.
For information and support request related to Registry Rescue, please contact
directly Registry Rescue publisher.
Regsvr32 - info
This command-line tool registers .dll files as command components in the registry.
regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname
Top of page
/u : Unregisters server.
/s : Specifies regsvr32 to run silently and to not display any message boxes.
/n : Specifies not to call DllRegisterServer. You must use this option with /i.
/i:cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u,
it calls dll uninstall.
dllname : Specifies the name of the dll file that will be registered.
/? : Displays help at the command prompt.
Extremely effective Registry Cleaner designed to fix Windows Registry Errors, remove all registry
inconsistencies and enhance performance of your PC. Eliminates all windows registry errors, hence
optimizing your PC.
Cost US$ 39.95
Registry Repair Pro
Windows Registry Repair Pro scans the Windows registry for invalid
or obsolete information in the registry. When you fix this information
it will make your PC run faster and will make your PC error free. By
using a registry cleaner regularly and fixing your registry, your
computer will become more stable and help Windows and your software
Shareware Price: $9.99
can search for items, uninstall applications, clear histories, clean your registry,
and more. It includes a powerful registry cleaner and can display various informations like
your startup entries, several histories (even index.dat files), installed applications and
much more. You can search for any item inside your registry, export/delete the results, open
them in the registry. It also includes a tweaks panel to optimize your OS. It also includes
a file tool to search for duplicate files, bad shortcuts and more.
- S -
Starter is yet another startup manager.
As a primary purpose, Starter allows one to view and manage all the programs that
are starting automatically whenever operating system is loading. It enumerates all the
hidden registry entries, startup folders' items and some of the initialization files,
so that the user could choose to temporarily disable selected entries, edit them, create
new, or delete them permanently.
Secondary purpose is to list all the running processes with possibility to view extended
process' information (such as used DLLs, memory usage, thread count, priorities etc.), and
to terminate selected process (even a Windows NT service, having enough access rights).
Starter is a real Freeware and is not crippled in any way among the similar products. The user
interface is pretty simple and has lots of options that are self-explanatory.
Startup Control Panel
Startup Control Panel is a nifty control panel applet that allows you to easily configure
which programs run when your computer starts. It's simple to use and, like all my programs, is very
small and won't burden your system. A valuable tool for system administrators!
Startup Control Panel is compatible with all modern versions of Windows,
including Windows 95, 98, 98SE, ME, NT 4.0, 2000, and XP.
Startup Control Panel is 100% Free.
Home Page: Startup Control Panel
SmitFraudFix is a tool that can remove Desktop Hijack malware. It can remove for example:
Smitfraud, Win32.puper, AVGold, Security iGuard, Spyware Vanisher, quicknavigate.com,
updateSearches.com, startsearches.net, Virtual Maid, SpySheriff, PSGuard, SpyAxe, WinHound,
AlphaCleaner, AdwarePunisher, SpywareQuake, SpywareSheriff, PestTrap, MalwareWipe,
Spyware Soft Stop, BraveSentry, SpyGuard, AdwareSheriff.
Computer Infection Problems Driving You Nuts?...
You Just Found The Only Complete Solution Because...
SpyZooka Annihilates All Your Spyware Problems
In 24 Hours Or Less...
By Removing 100% Of Your Infection - Guaranteed!
(No Other Company Makes This Claim)
SpyZooka Makes Your Computer Trouble-Free
Forever Since It Prevents Future Infection
Spybot - Search & Destroy
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer.
Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover.
If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your
browser crashes, or if you browser start page has changed without your knowing, you most probably
have spyware. But even if you don't see anything, you may be infected, because more and more
spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile
of you that will be sold to advertisement companies.
Need to be carefule here with what you keep as Resident. Can cause conflicts and slow downs if
you don't have the proper amount of memory... or a fast enough processor.
Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)
I found this when looking for info on 2020search. It looked interesting so I decided to try it. It appears
to be quite similar to Spybot above. Will have to check. 01 May 07
Freeware...well supposed to be
SearchAssistant - Removal
1. Download Ad uninstaller.
2. Select 'Save' to save the nCASEAdsUninstaller.exe to your hard drive.
3. Make a note of where you save the uninstaller executable.
4. Locate the nCASEAdsUninstaller.exe you saved and double-click on it to run it.
5. Select 'Yes', to confirm you want to uninstall.
6. Select OK that you are connected to the internet.
7. Select OK at the "Uninstallation Complete" message.
uninstall program for 180searchassistant
System Restore - WinME / WinXP - info
To turn off System Restore in WinME:
1. Select Start > Settings > Control Panel > System
2. Select the Performance tab
3. Click the File System button
4. On the Troubleshooting tab, click the Disable System Restore check box,
click OK and Close
5. You will be prompted to restart your computer
To turn off System Restore in WinXP:
1. Select Start > Settings > Control Panel > System
2. Select System Restore tab.
3. Check Turn Off System Restore.
4. You will be prompted to restart your computer
Steve's multipurpose Windows gizmo
Wizmo is a lightweight "Windows Gizmo" offering a wide array of handy Windows
commands. With a single click it can power down monitors, trigger a screen saver,
set audio volume, and much more. Wizmo also includes an intriguing highly
customizable "Graviton" screen saver.
Gibson Research Corporation
ScanSpyware - Protect your PC from spywares
ScanSpyware - The best solution for providing a 100% protection against most of the
spywares and malicious software running on your computer, stealing your personal information,
showing you annoying Popups, Advertisments and making your computer slower day by day. Using
ScanSpyware you can cleanup your PC from such parasites and get a better internet speed with
a complete satisfaction for keeping personal information secure.
Free Trial - Actual $29.95
Free Trial Download
REMOVES SPYWARE, ADWARE, SPYBOTS, VIRUSES, TROJANS,
WORMS, WEB BUGS, DIALERS, BROWSER HIJACKERS (BHOs),
Key Loggers, Spyware Cookies, Malware, Attack-Ware, and more.
Claims to be Free
SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
Editors Note: If you receive an error that files are missing when starting SpywareBlaster,
please download the Microsoft Visual Basic Run Time files.
Claims to be Free
This self-extracting archive is a stand-alone fix package that incorporates the Damage
Cleanup Engine and Template. It replaces the traditional fix tool by addressing a wide
variety of system infections rather than a specific malware infection.
This tool supports the following features:
o Terminate all malware instances in memory
o Remove malware registry entries
o Remove malware entries from system files
o Scan for and delete all malware copies in all local hard drives
Appears to be free.
- T -
PCs are under constant attack from viruses, spyware and identity theft. Every day you hear
about a new threat to your PC. They're coming faster than ever before, they're getting harder
to stop and traditional antivirus products are not able to keep up.
Will your antivirus software catch the latest malware that just came out today? In most cases,
no, because it simply does not know how to detect it yet. But ThreatFire's ActiveDefense technology
does, and has proven to provide up to 243% more protection when combined with traditional AntiVirus
products. See the table below.
Note: Please see avast! and Comodo Internet Security above
to use in addition to this.
Freeware -or- $39.95.
Anti-Trojan System for Windows
First released in 1997, TDS (Trojan Defence Suite) is one of the longest established
anti-trojan programs in existence and today is widely considered to be the most powerful
and comprehensive anti-trojan program by the Internet security community. It is the only
anti-trojan program that has free daily database updates and is the only anti-trojan
program supported by a fulltime team of dedicated internationally recognised anti-trojan
professionals including Wayne Langlois, Gavin Coe and Jason Annice. You can even talk to
them at the forum!
WARNING: Trojans are NOT viruses! Anti-virus scanners are unable to detect or deal with
trojans at the same level TDS can.
Free Trial - Actual $49.00
Trojan Hunter's sophisticated multifaceted detection capabilities allow it to detect insidious modern trojans
with an ease that is only bettered by TDS-3. Unlike TDS-3, it has a friendly user interface which means that
it can be used even by inexperienced users. As a trojan remover its performance was outstanding. Add to that
the fact that it's fast, technically sophisticated and is very well supported and you have a winning
Free for 30 days. Price: $49.00
Trojan Remover was written to aid in the removal of Trojan Horses from a computer when standard
anti-virus software has either failed to detect the Trojan Horse or is unable to effectively
eliminate it. The majority of Virus and Trojan scanners are well able to detect malicious Trojan
Horses but are not very efficient in removing them if they have already been triggered. Trojan
Remover was written. This is the top Trojan Remover program!
Removes trojan horses after they have been triggered.
First 30 days Free - Actual $24.95
ToolbarCop is a browser extensions manager which can disable or eliminate the following browser add-ons
selectively from Internet Explorer:
* Browser Helper Objects (BHO)
* Standard Toolbar buttons
* Context menu Extensions
* Download managers
* Protocol Handlers
* Horizontal / Vertical Explorer Bars (side-search bars)
* Startup applications originating from RUN registry keys.
ToolbarCop is not rules based, nor has any database. This utility just lists all the browser add-ons
installed in your system. The list may contain legitimate items as well as the add-ons added by a Malware.
You're the judge who determines which add-on to delete and which one not to delete. However, to gather
the information on a particular add-on, select the item, and click the (i) button in the toolbar.
Alternately, use the CTRL + I shortcut.
Windows XP Fixes
- U -
Universal Plug & Play management
As originally urged by the FBI, and still urged by prominent security experts,
our UnPnP utility easily disables the dangerous, and almost always unnecessary,
Universal Plug and Play service. If you don't need it, turn it off.
(For ALL versions of Windows.)
Gibson Research Corporation
- V -
Virus Text - info
At 4/6/04 01:26 AM, MR_IMPOSSIBLE_GAMEX wrote:
: : in WINNT/SYSTEM32:
: : CS4P028.exe
: : O.bat
: : bs5-nt15v.exe
: : biH.exe
: : ClrSchP028.exe
: : in10bH.dll
: : bsx32.ini
: : O (no extension)
: ahhhh you lost me
just follow the list and delete it. how straight forward is that?
easier instructions by request:
1) hit ctrl+alt+delete and go to your task manager.
end the task CS4P028.exe if it's running.
2) go to your windows/system32 or winnt/system32 or whatever/system32 and
O (no extension)
3) go to c:\program files and
the EARN folder
the bargain buddy folder
the eZula folder
4) do a search from your start menu for t8f.exe and DELETE it.
in DOCUMENTS AND SETTINGS:
really glad to hear this is of some help to people!
I am having the same problems, I just instaled this antivirus,
that detected another trojan in my computer.Try this one:
Or you can try the online scan from RAV:
I Installed the Ad-Aware from:
It's better than the spy bot.
I hope this helps.
Malware is a shortened version of 'malicious software code'. Malicious software
can include anything from trojans, hijackers, spyware and adware to computer
worms and viruses. Any piece of content and code that acts in a way contrary to
xpectations could be deemed as malware. Therefore by this definition irritating
opups and unsolicited email (spam) can be forms of malware.
VX2 is one of the most problematic applications to remove from your computer. While Ad-Aware SE
effectively deals with most VX2 variants, there are a few that none of today's available anti-spyware
applications can detect or remove. VX2 Cleaner v1.03 is a stand-alone removal tool for menacing VX2 applications.
This is only needed for Ad-Aware versions before 2006. The later versions have this protection in them already.
How does it work?
- Close Ad-Aware SE if it is currently open.
- Download VX2 Cleaner. After installation, re-start Ad-Aware SE before running the VX2 Cleaner.
Note: If you have already attempted to run Ad-Aware SE to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains. If you have already attempted to remove VX2 with Ad-Aware SE, follow these steps:
- Before running the VX2 Cleaner, close all anti-virus or anti-spyware applications.
- Run the VX2 Cleaner. If your computer is infected with VX2, a dialog box saying "New VX2 variant found" or "VX2 variant 1 found" will appear.
- Select "Clean" and a dialog box saying "The first phase is complete. Please reboot and perform a Smart Scan." will appear. After saving your work, reboot your system manually.
- Repeat this until the VX2 Cleaner reports "System clean". Select "Close" to exit.
- Run Ad-Aware SE one more time and scan your computer to make sure all VX2 variants have been found and removed.
VX2 is primarily a data mining form of spyware that monitors your activity and phones home.
It can also install additional programs without you knowing which has a tendency to bring in
pop ups and other bugs. There isn't anything good that comes from this and should be removed
immediately. This can be pretty hard to completely remove from your system.
VX2, NetPal, Sputnik, VX2 RespondMiter, VX2.ABetterInternet, Transponder,
Blackstone Data's Transponder, Blackstone Data's Transponder
and Ad-Aware Anniversary Edition
- W -
Files: wcpu31a.exe & wcpu330.exe
WCPUID/XCPUID is the program that displays the CPU information of your personal computer.
Shows Frequency, Multiplier, Chipset Info. etc ...
WCPUID is a program that displays detailed information about your CPU. it
shows Frequency, Multiplier, Chipset Info, Cache information, System info
and a lot more. it also includes several tweaks (if available for your chip)
like disabling the Intel processor serial Number, Cache latency, AMD Athlon
Level 2 cache speed settings and others. In addition, WCPUID includes a real-time
CPU speed clocking gauge.
Windows Malicious Software Removal Tool
The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, Windows XP, Windows 2000,
and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious
software -- including Blaster, Sasser, and Mydoom. When the detection and removal process is complete,
the tool displays a report describing the outcome, including which, if any, malicious software was detected
and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
IF needed, a 64-bit version is available. Check sites below.
and/or More Descriptive
The 64-bit version is available here: Microsoft 64-bit Version
Pfind is a program that scans common locations on your hard drive for files that match certain
patterns known to be used by malware. It will also provide exports of certain registry keys that
are used by various malware.
Usage Instructions: Download WinPFind.zip and extract it to your C:\ folder. This will create a
folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe.
Double-click on this file to launch the program. Once it is launched, click on the Start Scan button
and wait for it to finish. This program will scan large amounts of files on your computer for known
patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then
paste the contents of the log in your clipboard as a reply to where you are receiving help.
Note: It is important to note that not all files found with this program are necessarily bad. Please
use extreme caution when deleting these files as it may cause problems with applications running on your
machine. As always if you unsure, ask for help in the
Forums. I have included a reference
to the Forum from where is was obtained.
Note 2: As of now please do not distribute this file as there are numerous changes that will be slated
for future releases.
- X -
XoftSpy 2005 Edition
XoftSpy Detects and Removes Over 30,000 Parasite Definitions.
In just a few minutes you can detect and eliminate all these harmful PC threats:
Spyware, Spybot, Hijackers,
Adware, Malware, Keyloggers,
Worms, Hacker Tools, PC Parasites,
Trojan Horses, Spy Programs, Trackware
Free Trial - Actual $39.00
- Y -
- Z -
Ad-ware Spy-ware List
Some Free Stuff
Copyright © 2004-2010
All rights reserved.