Comments for Threat Center - Spyware and Virus Removal

Comment on Anti-Virus Number-1 by Judy Kauffmann

Judy Kauffmann — Wed, 04 Nov 2009 14:54:56 +0000

Hi,
I really need a number to reach you or something. I
am trying to remove you app. for virus proctection
and I can’t get it to remove and I already have protection and I am happy with it. I can’t get on
in site now. Please help me get it off.
Thanks~!

Comment on Rootkit.TDSS by tdlwsp.dll | Spyware-Virus Files and Process

tdlwsp.dll | Spyware-Virus Files and Process — Wed, 04 Nov 2009 08:32:42 +0000

[...] Related to: Rootkit.TDSS [...]

Comment on Warning! Fatal Error: All media systems on your computer have been crashed! by Daniela

Daniela — Tue, 03 Nov 2009 19:59:23 +0000

I have the same problem with the Warning Fatal Error!!! Wallpaper. I have Trend Micro Antivirus and didn’t find any infections. I really don’t know how this wallpaper got into my computer and it was not detected by my antivirus. I research how to get rid of that problem. I find a lot of spyware but you have to pay in order to delete the files on your computer. So I find this page and downloaded the Spyware Doctor and I was really tired with this problem because now my screen looks like and old computer screen. The colors and images look like you have like dialup internet with poor signal which make them look bad. I have speed internet with usually all my color and images were great. So I register and pay for the Spyware Doctor to delete this problem and scan my computer. It did find 9 threats and a lot of infections so I delete them. But at the end nothing happened. I still have the same wallpaper fatal error. Please help me!!!! I am tired of this problem.

Comment on Virus.Win32.Virut.ce by DonkeyDolck

DonkeyDolck — Tue, 03 Nov 2009 00:10:16 +0000

Hey.. I got these virus yeasterday (win32/virut and win32/heur) When i read about it that it infected all the .exe and possibly .jpg files i went nuts, turned of my computer unplugged my other 2 drives (D: and E:)on it and installed windows 7 64bit today. Downloaded avg free 9.0 and searched D: and it had 5 infected .exe files. wich it said that it was removed. So it hadn’t have the time to spread that far. Now i wonder if it still might spread into my C: where i have my windows or if it will continue to spread through my D: and E: (havn’t plugged E: in yet, so i don’t know how badly infected it is.) Or shall i just leave them unplugged until a bulletproof removal program for those viruses are released? Really don’t wanna mess up all my pictures and stuff there if it’s possible to avoid.. damn.. pics on there since 2002. :/ What to do? Any help would be mostly appreciated

Comment on Virus.Win32.Virut.ce by Szabolcs

Szabolcs — Sat, 31 Oct 2009 11:11:49 +0000

Confirmed. I agree with the first poster (and the most of you), it sneaked through avast’s protection, I fought this about a week long, that process let me figure out some important stuff.

This malware is probably added by Win32.Agent along with Win32.Delf and b.exe, just to mention the most critical ones and some others (3-4 more)

- It hides on your portable devices such as pendrives portable hard disk or other partitions.
- When you connect to the internet, this will download the whole pack again, causing you more trouble.
- These malware only works on 32-bit based Windows systems. You should consider updating to 64-bit (there are some drawback) or try Windows 7.
- Only Win32.Virut will infect files, others should create their own, which you can find in “C:\” and “C:\Windows\system32″ or in “Documents and Settings”

Note: A new version has come out in October 2009 and even Kaspersky Labs do not have an update for this infection yet. Although, Kaspersky is able to competely eradicate this virus, thanks to it’s more advanced and intelligent being, compered to other virusbusters.

Conclusion: I am now using Windows 7 x64, works quite well that far.

Comment on ~dulla@204 Virus by ephrem

ephrem — Thu, 29 Oct 2009 15:55:51 +0000

This is really bad fortune for Ethiopians that hears Dulla virus has been created by Ethiopian distractive guy or Association. You know creating very_low_risk and very ordinary system virus like Dulla is not a work of proud. Most educated Ethiopians suspect strongly who has created this gadium virus. In my belief the current stated antivirus for Dulla-Tsere Dulla creator has created the virus itself before. Because the name of a virus it self is Amharic word, besides the solution itself has found from Ethiopia by the association they called INSA. Don’t forget also most commercial antivirus producers ignore or don’t care about to get a solution for this virus. And do not forget Dulla virus is a kind of very easy and low risk ordinary virus that even a younger student of computer science student with out experience can create this kind of macro type of virus. If I were a creator of this virus, I would rather participate to create a kind problem solving projects for this poor country. Shame on this virus creator. Let me tell him what is he done is reflect he is ordinary, very easy and useless bastard gay. By the way I am not giving this opinion just being hot or affected by the virus. And let me tell him that even I can create such virus. But I wouldn’t be interested to be criminal. I am sorry to use irrational words.

Comment on ~dulla@204 Virus by tadesse

tadesse — Thu, 29 Oct 2009 09:33:07 +0000

Please send Tsere dulla Antivrus. My documents are at riskThe file already corrupted, so how can i recover the excel files?+

Comment on ~dulla@204 Virus by Alekaw

Alekaw — Tue, 27 Oct 2009 15:16:09 +0000

I appreciate Dull Virus creator man really !! For future I will expect more that used for our country ‘Ethiopia’ and pass to Next Generation !!

Comment on Security Tool Virus and Internet Search Redirection by bev

bev — Sun, 25 Oct 2009 21:13:20 +0000

I have had for a few days now the Security Tool Malware virus on my computer with nothing able to remove it. I have had a lot of help from others, and tried doing everything not only manually but automatically. Nothing is working at all for me. Every little pop up from any kind of software on the computer terminates immediately. I tried downloading a few different things people told me to, but it just won’t let me retrieve the files, let alone open anything. RUN doesn’t work, nor task manager isn’t allowed to pop up without terminating automatically. I have tried safe mode, but when I got to it and click on it, I am brought to a blank blue screen and nothing happens for minutes on end, and at one point a half an hour, nothing changed, nor did it start any further than the blue screen.
What do I do now?

Comment on Win32/Cryptor by Ian Mac

Ian Mac — Sun, 25 Oct 2009 13:06:19 +0000

When you get the choice to save or run the download, click save. You will then get the ’save as’ prompt. It’s at this point that you can change the name.

System restore won’t delete any of your saved files.

Comment on System Guard 2009 by lilkunta

lilkunta — Sun, 25 Oct 2009 00:51:20 +0000

I have been infected by this virus. I am on a toshiba L25 with windows xp SP2. I am logged in as the admin. The virus has disabled the internet (ethernet & wifi) and the registry editor & system restore, telling me to contact the admin, which I AM the admin ! The popups I keep getting are a red thing called ’security tool’ and a blue screen that looks legit(but I know it is fake) called Windows Security Center. It has disabled the task manager and the registry editor and the system restore. Both ’safe mode’ & ’safe mode with networking’ dont work. I have to choose ‘directory services restore mode (windows domain controllers only) ‘ in order for safe mode to load.

How do I get rid of the virus ( or is it a trojan or malware or spyware ?) I cant get online in order to d/l an avg or norton. I cant get into the registry editor and self delte. I am stuck. Thanks.

Comment on Pyagcore by rignator

rignator — Fri, 23 Oct 2009 22:25:26 +0000

mohamed
go to my computer>local disc>program files>kiwee toolbar
not gonna do mauch good though, it protects itself and can’t be erased in some cases…

Comment on XP Antispyware 2009 by hurzwurz

hurzwurz — Fri, 23 Oct 2009 08:32:54 +0000

dear exel support,

please stop all tasks that are running under your user.

remove ikowin32.exe from your autostart.

stop tasks like “9129837.exe” and strange names like that
in the end you should have no programm running!
no virus scanner, no game software nothing!°
just windows itself
than you can install Malwarebytes and run a full scan!

if I hadnt killed these taks the scareware program always restartet my computer when it recognized that a antivirus prog was running…

And Warning these Program changes its Name
to me its known as “Security Tool”

Comment on errorofbrowser.com by No_limits31

No_limits31 — Thu, 22 Oct 2009 19:47:09 +0000

Besides the fact that some are only there to fill the politically correct quotas but seem totally incapable of fulfilling their duties. ,

Comment on Lsas.Blaster.Keyloger by Aaron

Aaron — Thu, 22 Oct 2009 18:51:51 +0000

OR
None of these worked for me, even option 6. Try a slightly different way though:

I tried to go into safe mode, but it wouldn’t let me, so I selected to start up in normal windows.

As it was starting up, I pushed F10, and then maneuvered from back there. Click the tab that has the date, and change the date per option 6. Click save and continue to restart in normal mode. Everything was fixed.

Comment on go.google - go.yahoo by Hyoran

Hyoran — Tue, 20 Oct 2009 17:41:03 +0000

I’ve tried everything to find the TDSSserv.sys including the scan for hardware changes and i still can’t find it. Is there any other hardware you can disable that will help?

Also i seem to have problems with serial and npkcrypt. Why have they stopped working?

Comment on Win32/Cryptor by Caitie

Caitie — Mon, 19 Oct 2009 22:50:12 +0000

AVG picked it up but won’t let me remove the virus, and my Trend Micro Anti-Virus won’t pick it up at all and the virus won’t let it update.
I tired to download Anti-Malware Bytes but I can’t rename the file before downloading and afterwards when I try to rename it I can’t find any of the .exe files and so it won’t open.
I’m thinking maybe a System Restore would help but I would have to go back about 6 months which would really suck

Comment on Win32/Cryptor by Caitie

Caitie — Mon, 19 Oct 2009 22:45:29 +0000

My AVG picked it up but won’t let me get rid of it, I tried to install Anti Malware Bytes but I can’t rename it before it d/ls and when I go into the folder to rename I can’t find any .exe files. I’m thinking I might have to do a full system restore around 5 months back which would really suck.

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:28:46 +0000

yyyyaaaay everyone do post six it works and takes under 3 minutes. go under safe mode to do yayayayayay tytyty

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:26:30 +0000

i did post six still waiting to see if it worked ;)

Comment on TR/Crypt.XPACK.Gen by Mel

Mel — Mon, 19 Oct 2009 07:39:18 +0000

I have tried Avira, Malwarebytes and Spybot, all of which have not removed the virus. It is in my temp folder and every time I delete it, it pops up under a different file name. Please help. It’s starting to drive me insane

Comment on Trojan.Patchep!inf by Andy

Andy — Mon, 19 Oct 2009 02:18:56 +0000

I have tried this and it found the files but failed to remove them. norton did put them in quarantine.

Comment on Trojan-Downloader.Zlob.Media-Codec by SalesMan

SalesMan — Sun, 18 Oct 2009 23:47:05 +0000

?????? ???? ?????? ?? ??????? 2009
???? ????????? ?? ?????????? ????? ???????
???? ????????? ?? ??????? ??????? ???????
???? ????????? ?? ???????????? ???????
???? ????,
???? ? ??????????,
???? ? ????????,
???? ? ???????????????? ???????????????,
???? ?????????? ?????????,
???? ???????? ???????????????? ?????????,
???? ?????????? ?????;
???? ??????? ??????,
???? ??????? ??????????,
???? ??????????? ???????
???? ??????? ??????????? ???????
???? 09 ???????? ??????? ? ??????????? ???????
???? ??? ???????
???? ????????? ??????? ?? ????? ? ???????
???? ??????? ???????
???? ??????? ??????????????? ???????
???? ??????????? ??? ???????
???? ??????????? ??? ???????
???? ?????? - ????? - ???????
???? ?????? ???????????? ???????????? ??????????? ???????

Comment on ~dulla@204 Virus by Biny

Biny — Thu, 15 Oct 2009 11:12:33 +0000

I’m still wondering who developed dulla virus,i’ll b very happy if INSA has something to say abt it.

Comment on Antivirus 2009 by betsy

betsy — Wed, 14 Oct 2009 03:45:26 +0000

i downloaded the software like an idiot 2 days ago under my dads credit card. i hope they dont charge ridiculous things to it. i told him to check with his bank and freeze his account. how bad did i screw up? how bad do they charge the cards? how worried should i be?

Comment on ~dulla@204 Virus by Amaha Fikru

Amaha Fikru — Tue, 13 Oct 2009 06:40:04 +0000

The file already corrupted, so how can i recover the excel files?

Comment on Insecure Internet activity. Threat of virus attack! by TrustFighter : Virus Solution and Removal

TrustFighter : Virus Solution and Removal — Tue, 13 Oct 2009 02:39:56 +0000

[...] Internet browser that may block users Internet access and instead be redirected to “Insecure Internet Activity” page. It will also run its own virus scanner and alert users on loads of infected file. This [...]

Comment on Email-Worm.Win32.Myd by nadia

nadia — Tue, 13 Oct 2009 00:54:08 +0000

no tengo ni idea de como eliminar virus, pero porfavor ayudenme!!! si puden me lo mandan por paso de cada tipo de virus ok =)

Comment on FullHouse Drive by rational

rational — Mon, 12 Oct 2009 22:57:22 +0000

I WANT TO REMOVE FULL HLUSE VIRUS FROM MY PC. I NEEED HELP

Comment on Lsas.Blaster.Keyloger by ceri

ceri — Mon, 12 Oct 2009 13:02:02 +0000

I went to the microsoft site sorted it straight away

Comment on Pyagcore by mohamed

mohamed — Sun, 11 Oct 2009 19:38:21 +0000

hi, after removing it from the task manager, where do you browse the C/:PROGRAM FILES/KIWEE TOOLBAR ??

Comment on Win32/Cryptor by Me

Me — Sat, 10 Oct 2009 22:30:59 +0000

AVG works

Comment on Virus.Win32.Virut.ce by uuzoo

uuzoo — Sat, 10 Oct 2009 12:08:18 +0000

This is a nasty virus! I got hit with it a couple of weeks ago from downloading programs. My antivirus at the time ( avast) detected it but couldn’t do nothing about it. So, I did some research on the net, and was told to download Kaspersky removal tool. It detected it, and was neutralizing it, but the virus was spreading like a forest fire. It got to about 3,000 files infected, and I said forget it. I ended up reformatting and reinstalling OS. It WORKED! What’s really interesting is that I didn’t know it at the time but my flashdrive was connected in the back of the tower, and it got infected. After reinstalling everything. I realized that my flashdrive was in too. I’m thinking oh no. I ran avast but nothing came up. I’ve now installed Vipre and ran scan on the flashdrive and it detected and neutralized the virus. Now I’m using Vipre. Been working well.

Comment on Total Security by kkkohli

kkkohli — Sat, 10 Oct 2009 08:50:37 +0000

i was also cheated by this total security software & i paid them usd 78. They pop message said same thing that your computer is under threat & pop up window was neither closing down nor minimising.There message after pop ups said full money will be refunded within 30 days & now there is no adress of any website. even e-mail is coming make on e-mail id provided on e-mail message by which activation key was sent.Can any tell how to get my money back or to whom to complain againest them

Comment on Generic.dx by webmaster

webmaster — Sat, 10 Oct 2009 08:30:03 +0000

T2 was right, scanning hard drive via USB or Bootable CD is the best way to clean infected hard drive. Booting on the same infected hard disk makes the virus to load on memory and do his things to hide from antivirus programs.

I have brief tutorial how to scan via USB here. Though it requires a tool that cost about $10.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/scanning-infected-hard-disk-via-usb/

Comment on Win32/Cryptor by RHC

RHC — Sat, 10 Oct 2009 03:17:12 +0000

Boris or xXtra or anyone else:

Got cryptor months ago, it fried Malabytes, fried sbybot, fried my restore points, AVG picked it up but wouldn’t remove it, and the last few weeks AVG won’t even run a scan.

Have downloaded Sophos and run a scan. It has picked up 250 entries, mostly .tmp files starting with UAC (example: C:\WINDOWS\Temp\UAC68d.tmp), but also about two dozen random letter files like hjgruimxbfhqpx.dll. Sophos doesn’t recommend cleaning up any of them.

Do I delete everything, all 250? Do just start with the “hjgru” files?

Any advice would be appreciated. I’ve lived with this virus for months, and my system is getting so threadbare that I have a hard time getting the computer to boot at all.

Comment on anykuy.com by pete burke

pete burke — Fri, 09 Oct 2009 16:40:31 +0000

Marcus, you are a star, I have been trying to get that sorted for 11 hours, loads of people with bright ideas, (which don’t work). Shame it took me so long to find your post. Many thanks mate. Pete.

Comment on Antivirus 2010 by Jay

Jay — Thu, 08 Oct 2009 15:58:30 +0000

You were dumb enough to purchase it? moron…. it is due to morons like you that companies release software like this

Comment on Windows Security Alert by gaurav gupta

gaurav gupta — Thu, 08 Oct 2009 09:46:02 +0000

I have got same virus.thanks for this valuable information.

Comment on ~dulla@204 Virus by Ermias

Ermias — Thu, 08 Oct 2009 07:19:21 +0000

Please send Tsere dulla Antivrus. My documents are at risk

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:06:14 +0000

ow also cleaned my external hard drive no problems there. my friend however who apparently didnt have anti-virus. and who waited to long is completely screwed. he cant even dl the avg removal tool

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:04:07 +0000

i only used kaspersky 2010 and the avg link that was mentioned hxxp://www.avg.com/us.virus-removal.ndi-67762
and im done.
took me about 2 hours (because my pc was just rebooted there wasnt mutch to scan)

Comment on Generic.dx by T2

T2 — Wed, 07 Oct 2009 10:22:46 +0000

The best way to get rid of this trojen is to connect infected hard drive to the secondary connector of another pc and run on demand scanner to perform cleanup. The trojan mostly gets attached to cookies.

Comment on Total Security by Fahad

Fahad — Wed, 07 Oct 2009 09:59:36 +0000

This program deleted my san andreas file(not folder only the appication) it alse deleted san andreas multiplayer, downloading them will take a long while so please help me out,i also checked the recycle bin

Comment on Total Security by Nate

Nate — Tue, 06 Oct 2009 18:15:27 +0000

I got rid of this yesterday! Go to malware bytes.org. When you try to download the virus will try and block it accompanied by a flashing bar at the top of the window. Simply go to the middle of the page where it will say ” if your having trouble downloading click here” and click there. This should let the download go through. Once you install malwarebytes anitmalware, it should fing the virus and remove it. This worked on my computer, so hopefully it will help you.

Comment on Trojan Downloader.Agent.OSQ by webmaster

webmaster — Mon, 05 Oct 2009 13:32:36 +0000

Hi Taufik, I believed credit card can be used on international transactions. Which particular antivirus do you want to purchase?

Comment on Trojan Downloader.Agent.OSQ by taufik awarsa kesuma

taufik awarsa kesuma — Mon, 05 Oct 2009 01:51:33 +0000

I want to buy your security,if my Pc has inpected by vyrus.but I am new residence in Singapore and I can’t apply the credit car. Please give the solution how I bu your anti virus,Thanks

Comment on Win32.TDSS.rtk by Kendo

Kendo — Fri, 02 Oct 2009 04:00:39 +0000

Try Malwarebytes mbma (free download)

Worked a treat for me

Comment on Win32.TDSS.rtk by Kendo

Kendo — Fri, 02 Oct 2009 03:59:20 +0000

Hi all ..at last I found a solid if drastic cure for having TDSS.rtk
it appeared after my daughter downloaded some (as she thought) mp3 files. She had saved to desktop, scanned with Spybot and they were announced as clean…moments later , she yelled to come see…jeez , there was a folder with a number of exe files , all disappearing one by one of their own accord after she had opened the first one !
Thereafter , everything went pearshaped..first of all none of my burning software could even see my DVD RW, and when I checked out “problem devices” in Disk management (in XP) , the first thing I saw in horror was just one huge pink block telling me that there were no physical drives present…no partitions ..NOTHING !!
Weird thing was too that windows still worked after a wobbly fashion, desktop all ok etc
Scanned whole pc and found 8 instances of TDS.rtk (corresponding to the number of files she had downloaded and let loose )
Spybot elected to fix them, apparently, giving the usual green tick success story …..NOT !! cuz on the second scan , there they were again, all over the place , in registry etc !!
No matter how many scans I did with various software including AVG, spybot , Adaware etc, they ALWAYS reappeared….PANIC !!!
Got a grip of myself and thought I’d sneak up behind this sucker , by going in XP in Safe Mode … no way , I couldnt even get there..it just went right on into windows welcome every time !!
In frustration I decided to bite the bullet and go for a full reinstall…and guess what , no matter which way I tried , the install failed , mainly cuz Widows installer couldnt find a drive !!
Trawled loads of sites, looking for help and advice…willing to give anything a go .
Found an article that recommended downloading and installing Malwarebytes mbam (freebie)….
Nothing to lose , I gave it a go …..and guess what ? First scan showed up the same 8 instances of our wee friend TDSS.rtk…and mbam offered to do the biz on them.
Fingers crossed and butt cheeks clenched, I hit the button and sure enough , it apparently did its thing.
Second scan run , and again ..guess what ??
TDSS.rtk had been given the heave ho! Call me a cynic , or just paranoid , but I ran a third scan…still clean…fourth one too.
Went back into Disk Management , and lo and behold , there were all my drives and partitions , and not a hint of pink in sight.
Just to be on the safe side though , and having had a poke around in the registry, I decided to follow on my plan to reinstall, just in case TDSS was hiding with its tail between its legs, preparing an even nastier sting in its tail . Drastic measure, I know , but……
Result - full clean reinstallation wthout a hitch. !!!
Aye , even though I’m Scottish , I broke out the wallet , bought meself a wee dram or two at the local pub and drank the health of those fine dudes down at Malwarebytes .
Slainte !!!
Hope this helps …if not , there’s always the Samaritans

Comment on Win32/Cryptor by Kyle

Kyle — Fri, 02 Oct 2009 00:46:47 +0000

I got peggle nights and i put it on my flash drive and when i tried running it it said it had this virus and i was like wtf -.-. now i cant play peggle nights :(

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Blueberry

Blueberry — Thu, 01 Oct 2009 17:50:49 +0000

thanks Alexander Mc, I have removed it :)

Comment on Virus.Win32.Virut.ce by SChalice

SChalice — Thu, 01 Oct 2009 02:34:44 +0000

This virus can get on compact flash sticks. You’ll need to be sure to wipe all those suckers clean or just throw them away if unsure..

Comment on FullHouse Drive by Lizzy

Lizzy — Wed, 30 Sep 2009 13:49:40 +0000

i want to remove FullHouse drive virus from my PC. please i want something free. i am using AVG antivirus. please help me.

Comment on Dropper.Bravix.A by TnMike

TnMike — Wed, 30 Sep 2009 13:46:51 +0000

MalwareBytes will get rid of the virus

Comment on Win32.TDSS.rtk by Jzone09

Jzone09 — Mon, 28 Sep 2009 05:03:03 +0000

I have also found Win32.TDSS.rtk using spybot, I tihn kthis is the reason why my computer keeps restarting at startup, I can only run it by booting it from safe mode with netowrking, what is the fix?

Comment on Pyagcore by eithel

eithel — Fri, 25 Sep 2009 22:55:02 +0000

tengo problemas con el windows police pro, quiero saber como elominarlo de mi computadora, no me deja entrar a internet. expliquenme bien por favor eithel

Comment on Win32/Cryptor by jess m

jess m — Thu, 24 Sep 2009 14:14:49 +0000

Ok, so we did everything that was listed and after running all the spyware/virus detection programs we have not found ANY virus on the computer however, it will still not let us access the internet using an ethernet cord. Anyone else have this issue? Were you able to resolve it?

Comment on ~dulla@204 Virus by Dawit

Dawit — Thu, 24 Sep 2009 08:43:54 +0000

Amanuel Kenna and AreMoh.

I think you two know how to recover pdf files that have been infected by the dulla virus using hex editor. I tried several times and I didn’t succeed. Please help. I am really anxious.

Comment on ~dulla@204 Virus by expertanalyzer

expertanalyzer — Tue, 22 Sep 2009 23:27:08 +0000

send me the teddy afro virus infected file sample i am expert virus anlayzer and i love to help people in my free time if you have teddy afro virus infected file attach and send it to my email: father@safe-mail.net i will give you free removal tool for free.
thanks.

Comment on Rapid Antivirus Firewall has blocked a program from accessing the Internet by Tolebi

Tolebi — Tue, 22 Sep 2009 22:24:55 +0000

U menya net antivirusa!Kak mojno udalit total security

Comment on Win32.Tanatos.m by Nasser

Nasser — Tue, 22 Sep 2009 18:10:23 +0000

I am suffering the same problem with win32/Tanatos.M It has even disabled the exe of AVG and when I click the AVG icon on desktop. It is showing the ‘browse cancel’ dailog box.

From the above discussion I can see a mere discussion about AVG, but no solution. Can anyone please help me with the win32/tanatos.m removal tool?????

Thanks in Advance.
Nasser

Comment on Total Security by john

john — Tue, 22 Sep 2009 16:08:57 +0000

your solution for total security

install revo uninstaller, get it from download.com, run uninstaller in advance mode and follow the prompts, select all files as per screen, uninstall and reboot. Install avira / update,get it from download.com and run full scan, avira will pick up the trojan. Go to program files on your c drive and delete the TS folder, if this folder is locked boot in safe mode F8 and delete the folder.

Comment on W32/Scribble-B by w32 scribble-b

w32 scribble-b — Tue, 22 Sep 2009 13:03:22 +0000

how is this virus removed?

Comment on Virus.Win32.Virut.ce by Joe

Joe — Sun, 20 Sep 2009 22:01:07 +0000

This virus infected my old HD, so I had no choice but to reinstall WinXP. Then today I accidently clicked an old executable on that HD and the virus is reinfected me. I was in no mood to reinstall so this is how I dealt with it.

DO NOT START ANY PROGRAMS YET, THEY WILL GET INFECTED

1. Pull the plug on your internet connection, because it will try to connect to its website (jL.chura.pl and maybe others) and download more crap to your PC

2. Go to Task Manager and kill ANY program that looks unfamiliar (this can be tricky, if you’re a not a computer geek)

3. Run services.msc and you’ll see at least 2 services running which have NO description. Stop them and then disable them (by right clicking). Also stop and disable Remote Access Connection Manager, and Background Intelligent Transfer System, if they are running. These are Windows processes, but I think the virus activates them.

4. Repeat step 2 just in case

5. Now you have a choice:
a)You can run restore, but you have to be very sure that the restore is clean
b) run your antivirus. A full scan is preferable, but at least C:\Windows\ and C:\Program Files\. The virus infected only logonui.exe in my case and changed the HOSTS file, and created a temporary file in the WINDOWS\TEMP directory, but nothing else. However, if you ran any program while the virus was loaded, that program will be infected too.

This is the stage on which I am myself. The virus is removed but my system is still a bit screwed up, because everytime I reboot a hidden process iexplore.exe is started, except it’s not connecting anywhere. I’m not sure what’s starting it, but I dealt with it by killing the process and moving iexplore.exe to a temporary folder.

Comment on Virus.Win32.Virut.ce by Fennec the sysop

Fennec the sysop — Sun, 20 Sep 2009 20:07:51 +0000

This virus is a pain but I have it contained ,my router is a good firewall and I have it set to block all incoming connections on port 65520 and all outgoing connections to Proxima.ircgalaxy.pl so that means the attackers cant use it I have also found that using IRC to connect to my local machine on port 65520 gives you control of this virus so now I am able to change the options and on my machine it only infects explorer.exe too bad it dosent have a disinfect command

Comment on Win32/Cryptor by glen

glen — Sun, 20 Sep 2009 07:55:16 +0000

Sophos anti-rootkit works magic. all other anti-spyware softwares couldn’t solve the problem.

Comment on ~dulla@204 Virus by amanuel girma (haramaya university)

amanuel girma (haramaya university) — Sat, 19 Sep 2009 22:25:35 +0000

HOW TO PARTIAL REPAIR OFFICE DOCUMENTS INFECTED WIZ “~dulla^@204~” VIRUS
Before you start this tutorial clean your pc wiz anti dulla software I recommend
Emopia® Virus Removal Pack (freeware) from emopia.com
Tools needed for this tutorial
• Notepad ++ (absolutely free download and install this software)
• Office 2007
• An infected file
1. Right click on the infected office document >>click “edit with notepad ++” now the document will be opened in notepad++ window
2. Click on “search” from the menu >>click on” find” >> click on “replace” tab
3. Type ‘~dulla^@204~\x00’ (without the quote) on “find what” box>> check the “regular expression” check box >> click on “find next” tab >> click on “replace all” tab >> ok >> done.
4. Click done >> click on the” save” from menu >> close notepad ++ >> open the infected(corrupted) document when a dialog box appear click yes
any question please email me :amangirma@gmail.com

Comment on Total Security by endy

endy — Sat, 19 Sep 2009 07:15:50 +0000

in reply to ujjawal goel

the whole total security lifetime package is a scam! they got your credit card information, so if i were you, call your bank and let them know what happened.

Comment on sc.videofreeforonline.com by Nalaka

Nalaka — Sat, 19 Sep 2009 06:11:38 +0000

It worked with Avast virus scan. It’s a Free ware Home package. I am very much relieved after this.

Comment on Total Security by Stephanie

Stephanie — Fri, 18 Sep 2009 18:25:28 +0000

combofix is the only thing I have seen that removes it. download.com has this file. Malware Bytes is also suppose to remove but it would not on a couple of our computers.

Comment on FullHouse Drive by PHILIP

PHILIP — Thu, 17 Sep 2009 11:15:12 +0000

I want to remove FullHouse Drive virus from my PC. please help me.

Comment on ~dulla@204 Virus by Jiru

Jiru — Thu, 17 Sep 2009 10:22:35 +0000

Ther is a virus named Teddy afro which has characterstic feature of hiding your files and disabling ur cd driver…it is even difficult to remove it with command…i have tried avira, kaspersky,macaffe,avg,and NOD..non of them could remove that.You guys do you have any solution for that?EMOPIA ..it is just fake..it cant detect any virus…

Comment on FullHouse Drive by war10ck

war10ck — Wed, 16 Sep 2009 07:49:05 +0000

Download ComboFix and run on your pc..
I am sure FullHouse icon on your desktop can be delete.
Tested by me and it’s works.

Click above to downlaod ComboFix:-
hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe

Comment on Pyagcore by ORNELLA

ORNELLA — Wed, 16 Sep 2009 07:10:16 +0000

MANY THANKS.. just when I was losing the battle I won the war with this computer .. children are much more easier than technology, haha… but I’m glad I succeded with your help!

This program is great!! it worked!!

Thanks again.

Comment on Your computer is infected! by John

John — Wed, 16 Sep 2009 05:08:34 +0000

Hay Garrett
Turn off your restore and dump it then turn it back on this bugger hides in the hidden files like System volume information file. Most of this is your restore files. If you don’t want to dump your restore you’ll need to make the file accessable so malbytes can get at it.

Comment on Win32/Cryptor by hoangson dinh

hoangson dinh — Tue, 15 Sep 2009 13:52:17 +0000

Response 78 saved my computer.
Thanks to precisesecurity.com, Sophos Anti-Rootkit, Malwarebytes, and Superantispyware.
Thanks to everyone.

Comment on ~dulla@204 Virus by Abdulkerim

Abdulkerim — Tue, 15 Sep 2009 12:02:02 +0000

People! Get over it! There is no method to recover corrupted files, you can see the reason on facebook, just go to emopia.com (they are the one who made emopia virus remover, and are professionals) and join their facebook page and in the discussion board, you can read the reason why dulla corrupted files can’t be recovered.

Comment on [Site] is BANNED you fool, The adminstrators didn’t write this program guess who did??” by emily

emily — Tue, 15 Sep 2009 08:33:01 +0000

thx ps i tried c:\heap41a and it really works!!!

Comment on Total Security by ujjawal goel

ujjawal goel — Tue, 15 Sep 2009 04:13:02 +0000

i had purchased the total security lifetime package, but they have cheated me. they charged USD 99.00 and i did not recieve any code to activate. please inform me what can be done.
i am very unhappy.

Comment on Pyagcore by alfredo

alfredo — Sun, 13 Sep 2009 20:49:09 +0000

hola
espero que me ayuden con este problema que tengo con mi computadora este es el problema:
es que cada que intento abrir el windos Live Messenger
NO se puede por que dice:

pyagscore.searchdetection
['Traceback (most recent call last):/n',' File"c://pyagcore//pyagcore/_init_.py", line 3, in /n',ImportError: NO module named shell/n']

nesesito que me digan que significa y por que causa sucedio esto y tambien como solucionar este problema por que ya me quiero conectar en windows live messenger si me puden ayudar?

ESPERARE SU RESPUESTA SII!

¡muchas GRACIAS por atenderme!

Comment on Anti-Virus Number-1 by Megan

Megan — Fri, 11 Sep 2009 22:41:15 +0000

is there a way to get my money back?

Comment on Kiwee Toolbar by Kelley

Kelley — Fri, 11 Sep 2009 20:24:56 +0000

I have a vista 64 bit and had this problem awhile ago. the unlocker thing doesnt really work for vista 64 bit. You have to put your comp in safe mode and delete the file while your in safe mode. best of luck!

Comment on STOP! Adware Detected by megan fox

megan fox — Fri, 11 Sep 2009 15:41:54 +0000

Sign: umsun Hello!!! rcuwwymhyw and 48ssgfhphzye and 1462I love your site. :) Love design!!! I just came across your blog and wanted to say that Ive really enjoyed browsing your blog posts.

Comment on Dropper.Bravix.A by Jeroen

Jeroen — Fri, 11 Sep 2009 15:25:15 +0000

Yes, correct, AVG 8 detects it, but does not remove it. Does anybody have a trusted removal tool on how to get rid of this trojan? I got rid of AVG and used the latest Norton A.V., but that is not abel to completely erase the trojan either. True, it blocks all the outgoing spam, but that’s it. It does not completely erase the Dropper. Bravix.

HELP!!

Comment on Win32/Cryptor by Boris

Boris — Fri, 11 Sep 2009 14:26:51 +0000

Im glad that someone have found quicker help with my recommendation (#73), cause the fighf with virus took me over 90 hours before i found the Sophos Anti-rootkit.

Comment on Win32/Agent.ODG by Pipo

Pipo — Fri, 11 Sep 2009 08:16:13 +0000

Use GMR or Dr Web-CureIt
;)

Comment on Total Security by Ian Heisel

Ian Heisel — Thu, 10 Sep 2009 18:17:22 +0000

I need a customer service number to get my money back, anyone who has a number would be appreciated

Comment on Malware Activity Rises in August 2009 by mike

mike — Thu, 10 Sep 2009 16:48:47 +0000

I recently got the cryptor virus and shuer2 trojan. I’ve tried system restore but i get message that it has been disabled through group user policy. Does anybody have an suggestions as to how to get around this and where to look in my registry to remove these problems. My antivirus isn’t removing them. Thanks

Comment on STOP! Adware Detected by angelina jolie

angelina jolie — Thu, 10 Sep 2009 16:13:36 +0000

I love your site. :) Love design!!! I just came across your blog and wanted to say that I?ve really enjoyed browsing your blog posts. Sign: ndsam

Comment on AntivirusPro 2009 by angelina jolie

angelina jolie — Thu, 10 Sep 2009 16:12:45 +0000

I love your site. :) Love design!!! I just came across your blog and wanted to say that I?ve really enjoyed browsing your blog posts. Sign: ndsam

Comment on STOP! Adware Detected by sandrar

sandrar — Thu, 10 Sep 2009 12:55:53 +0000

Hi! I was surfing and found your blog post… nice! I love your blog. :) Cheers! Sandra. R.

Comment on Trojan Horse Sheur2.gnw by jagdish

jagdish — Thu, 10 Sep 2009 07:08:22 +0000

i have a trojan horse SHeur2.BCBT on my pc….need help to remove it…anyone kind enough?

Comment on Win32.TDSS.rtk by Spetto

Spetto — Wed, 09 Sep 2009 19:01:27 +0000

I found TDSS using Spybot but it couldn’t remove vsfoce files from system32.
So I run Windows Recovery Console and deleted them manually.
After that I used regedit to delete most of its entries but I had to change the permissions first.
I also couldn’t delete one of the entries. Any ideas?

Comment on AntivirusPro 2009 by Sandra R

Sandra R — Wed, 09 Sep 2009 17:01:13 +0000

Hi! I was surfing and found your blog post… nice! I love your blog. :) Cheers! Sandra. R.

Comment on FullHouse Drive by Aimar Eric

Aimar Eric — Wed, 09 Sep 2009 11:43:51 +0000

I want to remove FullHouse Drive virus from my PC but I want something free.

Comment on XP Police Antivirus by kendidit7

kendidit7 — Tue, 08 Sep 2009 20:24:20 +0000

Thank goodness malwarebyte fixed my problem 59 objects. We are so blessed to be able to communicate with each other in order to resolve things like this. Thanks everyone be careful and take care.

Comment on Email-Worm.Win32.Net by jakecue

jakecue — Tue, 08 Sep 2009 01:20:20 +0000

Well, you can use MBAM for this one. Make sure that you can computer while in SafeMode.
http://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware/

Comment on Win32/Cryptor by Lee

Lee — Mon, 07 Sep 2009 23:07:42 +0000

Hi all. I’ve had this bug for about a week now, and nothing seems to work. I have AVG and Malwarebytes installed, but neither will scan or run. I downloaded Sophos minutes ago, but it won’t install. I’m so out of ideas… any help is appreciated. And thanks to everyone sharing their knowledge.

Comment on Win32/Cryptor by Steven

Steven — Mon, 07 Sep 2009 22:25:48 +0000

response 31 worked for me and i did not even have to go in safe mode( my safe mode wont work lol i get blue screen of death…..but thats a whole nother problem) i also unplugged my internet and the adds stopped coming while i was fixing the problem( I alrdy had malewarebytes and avg downloaded)

Comment on ~dulla@204 Virus by AreMoh

AreMoh — Mon, 07 Sep 2009 19:55:09 +0000

for Solution For Every Thing(160) what about *.xls or *.xlsx files? I need help.