Tips Removing Fake Antivirus & Antispyware

Tips Removing Fake Antivirus & Antispyware

There are currently 304 detected fake antivirus circulating and infecting thousands of computers in Indonesia. In addition to flash past, this virus can be spread via e-mail by sending false messages containing attachments.

Virus action by giving a fake message that resembles the Windows program, which seemed to tell that your computer is spyware / virus, then install the fake antispyware program called 'XP Antispyware 2009'.

To clean it, there are several steps that need to be done. Here's how:

1. Disconnect the computer that will be cleared from the network.
2. Scan your computer using the removal tool. You can use the removal tool from Norman to clean (you can download here)

leaner.exe http://download.norman.no/public/Norman_ ...

3. Remove string registry that was created by the virus. To make it easier to use the following registry script.

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, "reg edit.exe" "% 1" ""
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Bar, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, AntiVirusDisableNotify, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, FirewallDisableNotify, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, UpdateDisableNotify, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows, AppInit_DLLs, 0
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"

[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, braviax
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, brastk
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2, (706ab86c-937e-11dd-a04c-000c290bc510)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Executions Options, Explorer.exe

Use the notepad, then save with the name "repair.inf" (use the Save As Type option to All Files to avoid mistakes). Run repair.inf with right click, then select install. Should create a file on the computer repair.inf clean, so the virus is active again.

4. For optimal cleaning and prevent re-infection, you should use the updated antivirus and recognize all the installation files are a good virus. (seconds)

Continue Reading >>

How To Remove virus, Trojan & Spyware Manually

This article is intended to remove new viruses and virus Indo undetectable by antivirus on the computer used. And also create a bete if I have to scan for computer viruses for hours but this way at least 10 minutes wrong. May be useful and beneficial.

Netter for the computer like a virus, probably following guidelines below can be useful. In theory this could kill 90% of supply, macro viruses only (word, excel) and viruses that destroy files (EXE extension) is difficult to be cleaned this way, although transmission can be prevented.

Eradicate the virus with the Windows Command

When you feel netter computer virus, trojan and spyware (in this case we categorize it as a virus aja), which is usually the indication there that do not normally display on the desktop, the program used and the browser. Should immediately take the following steps:

1. Stage One, Turn off the Virus in Memory

Press Ctrl + Alt + Del to display the Windows Task Manager - Then to the "Processes", continue to click the "User Name" to sort the files that are processed in memory. After that, there are parts that look suspicious or not. If many of the loading on the memory, should be turned off before the automatic startup was loading at the bottom right (the speaker and clock icons). Turn off all the icons in a way "quit" or "exit" from the program.

Loading into memory the virus is usually in the form of EXE files. This step to prevent the virus to spread first through our memory. Turn off all the loading EXE file in our memory that we have the previous listing under "User Name". Do not turn off file the category "System", "Local Service", and "Network Service", because it can make our system Hang or Freeze.

2. Second Stage, Disable Virus on Startup

To disable the virus so that no terloading into memory, we must throw it in the startup. How we can use the MSCONFIG command, click Start menu> Run> msconfig - when it will perform "System Configuration Utility". Then choose "Startup", in this case should netter who do not understand where the loading which is not a virus, you should select "Disable All". New netter later reactivate the desired startup if the virus was clean.

If netter who understand where the files are loading the necessary files, and what is not, or where the virus or not, should menbuang stain (check box) in the box to the left of the suspected virus. This will disable the virus in our startup.

3. Third Stage, Delete Files from the Computer Virus

Find out by using the facility "search" in Windows, click Start menu> Search, and then look for the virus EXE file (example: Happy.exe) before loading on the memory or the startup. This file is usually stored by the manufacturer in the Windows or System32 folder of Windows. Once found, delete or remove the file.

4. Fourth stage, Remove Virus from the System Registry

This stage is the final stage. We must use the command REGEDIT to change and to delete the virus from our registry. Choose Start> Run> regedit - then to the menu "Edit" select "Find" (or press Ctrl + F). Enter the name of the virus file that we wish to delete (examples: Happy.exe), then select "Find Next". If found virus files, delete all the registry that contains the virus (next to the folder if any).

Then continue by pressing the "F3" or in the menu select "Edit" on "Find Next". Usually the virus file is placed in several places in the registry. So make sure netter delete everything clean, in the sense that the computer registry free of the virus load. Because if not this job be in vain.


Eradicate the virus With Other Programs Help

There are some very useful tools for netter to facilitate eradication of the virus, among others:

CProcess - Tools of this function as "Windows Task Manager" (Ctrl + Alt + Del). These tools are great to identify where the virus or not because it contains detailed information about the files in memory terloading. As examples of the correct file (not a virus) are always written the name of the manufacturer companies (examples: Windows made Microsoft Corp.).

Hijack This - Tools are very good as a replacement for MSCONFIG command. Often the deadly virus of our access rights to the MSCONFIG so that we can not remove the virus files were loading when startup. Now this program serves to replace the MSCONFIG is not active. Also this program can detect more detail such as spyware that inject in our browser (BHO), and can turn it off ..

CCleaner - Tools this one useful to replace than REGEDIT command, also can clear the virus in the registry automatically. Also CCleaner can also speed up your Windows access by cleaning all the garbage in your registry.

PCMAV - artificial antivirus program PC Media has proved very effective to remove viruses Indo sometimes like to rese.

AVG 8 Free Edition - free antivirus program that is very powerful to overcome the virus from abroad.

Continue Reading >>

How To Turn Off Automatic Virus Scan in Firefox during Download

Since the release of Firefox version 3, Mozilla has invested auto virus scanning of every file that you downloaded in Firefox browser. This is done mozilla to give extra protection, especially protection from malicious files or files that are infected by the virus code and malicious code. Auto scanning feature of firefox you can only enjoy in Windows-based operating system and will only work if there are antivirus applications installed on your windows. With virus scanning auto fitus this then firefox will do a virus scan immediately after the file download process is complete.

Auto firefox virus scanning will also be doing a virus scan when you do run the file, open the containing folder, open the download page or copy download link. The scanning process only takes a few seconds longer but it will increase in line with the large size of the file.

Indeed this feature is highly recommended to stay active and proven to increase your security when downloading files from the internet. But one thing that might make this feature you do not really need, namely that the new anti-virus, antivirus are now equipped with realtime protection that will scan just before the file accessed or executed.

If you already use antivirus and internet security is a relatively new, so almost all provide realtime protection, so the auto feature of virus scanning is not firefox you need more. The good news is, you can turn off the auto feature of firefox virus protection.

Here's how to turn off auto virus scanning feature of firefox, before switching off this feature, make sure if you already have an antivirus with real-time protection:

1. open firefox

2. in the address bar type about: config and press enter

3. Just click the notification button I'll be careful, I Promise!

4. In the filter field type and press enter browser.download.manager.scanWhenDone

5. Browser.download.manager.scanWhenDone will appear with the default preference value indicating true auto firefox virus scanning active set

6. To disable it, double click the browser.download.manager.scanWhenDone preference. When you double-click, then it becomes false value indicating that the virus auto scan feature has been disabled.

7. After doing the above step, Firefox will no longer do after you finish scanning downloaded files, etc.. To activate it, you can change back to true value.

Continue Reading >>