Comments for Threat Center - Spyware and Virus Removal

Comment on W32/Vora.worm!p2p by melaku

melaku — Fri, 20 Nov 2009 06:45:58 +0000

my computer is infected by ravo_2005 ,what should I do?

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Yitayew Birhanu

Yitayew Birhanu — Fri, 20 Nov 2009 06:01:25 +0000

Infacted by RAVO

Comment on FullHouse Drive by ketlareng gale

ketlareng gale — Wed, 18 Nov 2009 11:46:21 +0000

people like playing around with my pc, so i want the virus (fullhouse drive)

Comment on Virus.Win32.Virut.ce by soulless

soulless — Tue, 17 Nov 2009 11:28:19 +0000

ive found that using hirens 10 both in windows and minixp and using the following apps - Kasperky, Malwarebyte, Superantipyware and smitfraudfx manages to get rid of the virus and then just going through the harddrive like c:, temp dirs, Windows, System32, Fonts, system volume information, recycler, Documents and Settings folders and deleting the weired files i find there such as Restorer_32a.exe and Reader_s.exe (Found a new one recently photo_id.exe) and also scanning the reg for them and removing them. This seems to be able to get rid of the virus but ive found a few times there are still bits and peices of it flying around so a few more scans and checking the folders and reg again pretty much cleared it up but Kaspersky can disinect the files but you will proably have to do a repair on you windows again.

In one of the earlier posts someone mentioned that he used a irc prog to connect to his computer and managed to ulter the options of the virus. Im curious to know if this is true.

Comment on TR/Crypt.XPACK.Gen by aleksi

aleksi — Tue, 17 Nov 2009 07:09:51 +0000

I have similar problems with trojan Crypt.XPACK.Gen
I have tried Avira, Malwarebytes and Avast, all of which have not removed the virus. It is in my temp folder and every time I delete it, it pops up under a different file name. Please help.

Comment on Internet Antivirus Pro by Naomi McMillan

Naomi McMillan — Sun, 15 Nov 2009 19:27:27 +0000

I also purchased a 3 year subscription to antivirus pro. How do you get in touch with these people. I paid 89.00 for 3 years. There should be a way to get refunded for this. Where are these people. On their website it only tell you how to uninstall it. I want my money back.

Comment on Security Tool Virus and Internet Search Redirection by John

John — Sat, 14 Nov 2009 13:13:01 +0000

I picked up this nasty virus and this is how I got rid of it. I downloaded MalwareBytes Anti-Malware to a thumb drive from another PC and renamed it “baby pictures”, then I downloaded it to my infected PC. It installed and scanned and removed the Security Tool virus. I had other ways to get rid of this virus but it blocked all attempts. This method worked for me.

Comment on Antivirus 2009 by I Need Help!

I Need Help! — Thu, 12 Nov 2009 19:27:27 +0000

I got duped into buying this Antivirus BS and the numbers given in previous statements aren’t doing anything. 1-800-467-1077 is disconnected I’m guessing b/c it’s telling me “The service you requested is unavailable from your calling area, SDN98″ What is that supposed to mean I thought 800 #s where good to call from anywhere. I don’t know about the 1-866-905-5126 they’re telling me that my Card number isn’t on file. Now that right there is some Bull. I guess I just got scam for my $49.95. I hope somebody catches these punks and take them to court. This is crazy. Some how they pop up on your computer and make you feel like you better buy the product or else your computer will have all kinds of viruses and whatnot. They even kept kicking me off of my home screen. I need a real number with the actual SCAM ARTIST who took my money and on top of things now I’m in the “Dog House” with my girl. Can I get a break??? If anybody can help it would be greatly appreciated. Thanks…

Comment on Vbs:malware-gen by FoxconN^^

FoxconN^^ — Wed, 11 Nov 2009 18:29:31 +0000

you can delete this file with free Avira Antivirus

Comment on Win32/Cryptor by JB

JB — Tue, 10 Nov 2009 18:20:12 +0000

Follow-up to #91

A little later it was obvious the infection was still there. It seemed clean for a little while but then pop-ups again even without using any software manually invoked.

Malwarebytes found more and removed. But this did not permanently remove the problem.

Installed PREVX 3.0 which found three more and with the paid version removed them. There is a coupon available for a 10% discount.

I am not convinced all is gone. I’ve had two weird occurrences still: 1) signed on and no sign of PREVX running (but should) and also no sign within IE 7 of it running, so I logged off. Then, 2) my passwords to accounts did not work.

So I rebooted my PC and then my passwords worked and PREVX is there on logging in and in IE 7.

I guess this is a chapter book.

Comment on Virus.Win32.Virut.ce by overkill

overkill — Tue, 10 Nov 2009 14:54:07 +0000

Here’s a question for you tech-savvy guys:

What exactly is the danger of the port (65520) that this thing uses ? Assuming you are able to clear the infection from your system (disk & memory), then is there any chance that it can re-enter ? I am assuming not.

Comment on W32/Pahati.worm by Rauf

Rauf — Tue, 10 Nov 2009 04:07:59 +0000

Hi
Iam facing problem with virus in my office 150 computers are there.every computer having lot off diffrent typrs of virus
1.word file automaticaly created in computers & pen drive also if i delet again its coming.even i formated.
2.Patah hati.doc this also not going to delet even i format pen drive also.
3.Internet explore auto maticaly disconuted.

Comment on Lsas.Blaster.Keyloger by Rebecca

Rebecca — Mon, 09 Nov 2009 22:48:18 +0000

I followed the instructions the webmaster gave above follow it… If it’s not working it might be because you might not be on the administrator user thingy of the computer!!!! I tried that and worked for me now my computer works!!!

Comment on Win32/Cryptor by JB

JB — Mon, 09 Nov 2009 17:09:58 +0000

I followed the steps in #31 and the initial post by webmaster and it appears Cryptor is gone.

Prior to this AVG had found and quarantined win32/Cryptor in an “\temp\Installer.exe”. But when I would sign onto the one account that seems infected pop-ups would occur again and re-infection would occur. This happens shortly after login without any program being manually started. Only the one account seems infected, not others, the one being a non-administrative account. However, I was not able to write to a DVD.

During this AVG found nothing more, MBam found four executables in “\temp” and removed them, and SuperAntiSpyware reported nothing more than tracking files (e.g. cookies).

I have a remaining concern that I don’t see what actually removed the cause of re-infection. There was no report of removing a rootkit or anything else except the four executables in “\temp” and the various tracking files.

What actually removed the re-infection source?

Comment on W32/YahLover.worm.gen by Ravi Srivastava

Ravi Srivastava — Mon, 09 Nov 2009 05:27:45 +0000

I am unable to see my hidden files. I tried to unhide the files from tools menu but it is not working. Please send me the solution for this problem.

Comment on Trojan Horse Sheur2.gnw by Mark

Mark — Mon, 09 Nov 2009 04:35:52 +0000

I’m currently working on removing the SHeur2.
took the harddrive out and scanned it on another computer.
finding many infected files.
since I’m not using that hddrives os, I should be able to clean it up.
I’ll post my results when I’m finished

Comment on Antivirus 2009 by MslyHrmLess

MslyHrmLess — Sun, 08 Nov 2009 18:56:24 +0000

The Losers the Created these Programs live in Brampton, Ontario. Canada, I will Be back With a more precise location and possibly a home address and phone #

Comment on Zlob.Porn.Ad Adware by Xajeqebk

Xajeqebk — Sun, 08 Nov 2009 18:50:31 +0000

comment6

Comment on Virus.Win32.Virut.ce by Arsby

Arsby — Sun, 08 Nov 2009 17:13:58 +0000

I had a happy ending, I think.
I got this bug on my Vista laptop on Friday by being stupid. Kaspersky slows down my downloads, so I turned it off. I forgot it was off and tried to install an app from the newsgroups. The first thing Virute did was set my system clock forward to 2049, so Kaspersky thought it had expired 40 years ago! Then it started eating my executables.
I took the laptop HD out and put it in a SATA USB enclosure attached to a Kaspersky-protected desktop. I started moving all the files I wanted to save onto the desktop, and ran Kaspersky against the HD in enclosure. I initially thought I fixed it with Kaspersky and moved it back, but it was still infected. I then adjusted the Kaspersky setting to Maximum Protection and pointed it explicitly to the USB drive. It found and deleted a trojan and 216 files (mostly exe’s) that were infected.
This morning, Sunday, I put the HD back into the laptop and turned it on, fully expecting to have to recover and wipe the HD. Signon went well, but it couldn’t find two dll’s. Kaspersky was still working on the laptop, and found nothing during its startup procedure. The internet is working, I’m posting from the laptop now. Some applications aren’t working because the executables are gone, but others, including MS Office, are.
So it looks like a happy ending.
So for the previous poster and others… IF it’s a laptop that’s infected, it’s really easy to pop out a laptop hard drive, then go to Best Buy or something like it and buy a USB enclosure for it. (Warning, there are two types, SATA and another one.) Attach it to another PC that’s virus protected, and have it run a full maximum check against the drive that’s now via USB. Have it delete anything that’s infected. (Kaspersky does the deletions *after* it finished the full scan.) Then put it back into the laptop and see if it works.

Comment on Lsas.Blaster.Keyloger by Cathy

Cathy — Sun, 08 Nov 2009 15:25:29 +0000

Sorry last post should read could NOT remove all infected items. ???

Comment on Lsas.Blaster.Keyloger by Cathy

Cathy — Sun, 08 Nov 2009 15:20:47 +0000

Hi- please help.
Did step 6 in safe mode, but could remove all infected items. I’m no further forward. Any ideas?

Comment on Lsas.Blaster.Keyloger by Simon

Simon — Fri, 06 Nov 2009 00:54:19 +0000

Ok all you guys,

I couldn’t access anything on my computer as it closed automatically (including Task manager, all programs and stuff) except the internet. So I downloaded the software Malwarebytes’ Anti-Malware (mbam-setup.exe) and restarted my computer in Safe MODE. Then I searched (while in safe mode) using start - search: “mbam-setup.exe” and installed the software.

Comment on Anti-Virus Number-1 by Judy Kauffmann

Judy Kauffmann — Wed, 04 Nov 2009 14:54:56 +0000

Hi,
I really need a number to reach you or something. I
am trying to remove you app. for virus proctection
and I can’t get it to remove and I already have protection and I am happy with it. I can’t get on
in site now. Please help me get it off.
Thanks~!

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by ASHEBIR LEMMA

ASHEBIR LEMMA — Wed, 04 Nov 2009 11:34:08 +0000

My computer has infested by the doomsday ravo_5002.
Pls how can i delete/scan it? please i need your help thanx
my E.mail is ashitiok@yahoo.com

Comment on Rootkit.TDSS by tdlwsp.dll | Spyware-Virus Files and Process

tdlwsp.dll | Spyware-Virus Files and Process — Wed, 04 Nov 2009 08:32:42 +0000

[...] Related to: Rootkit.TDSS [...]

Comment on Warning! Fatal Error: All media systems on your computer have been crashed! by Daniela

Daniela — Tue, 03 Nov 2009 19:59:23 +0000

I have the same problem with the Warning Fatal Error!!! Wallpaper. I have Trend Micro Antivirus and didn’t find any infections. I really don’t know how this wallpaper got into my computer and it was not detected by my antivirus. I research how to get rid of that problem. I find a lot of spyware but you have to pay in order to delete the files on your computer. So I find this page and downloaded the Spyware Doctor and I was really tired with this problem because now my screen looks like and old computer screen. The colors and images look like you have like dialup internet with poor signal which make them look bad. I have speed internet with usually all my color and images were great. So I register and pay for the Spyware Doctor to delete this problem and scan my computer. It did find 9 threats and a lot of infections so I delete them. But at the end nothing happened. I still have the same wallpaper fatal error. Please help me!!!! I am tired of this problem.

Comment on Virus.Win32.Virut.ce by DonkeyDolck

DonkeyDolck — Tue, 03 Nov 2009 00:10:16 +0000

Hey.. I got these virus yeasterday (win32/virut and win32/heur) When i read about it that it infected all the .exe and possibly .jpg files i went nuts, turned of my computer unplugged my other 2 drives (D: and E:)on it and installed windows 7 64bit today. Downloaded avg free 9.0 and searched D: and it had 5 infected .exe files. wich it said that it was removed. So it hadn’t have the time to spread that far. Now i wonder if it still might spread into my C: where i have my windows or if it will continue to spread through my D: and E: (havn’t plugged E: in yet, so i don’t know how badly infected it is.) Or shall i just leave them unplugged until a bulletproof removal program for those viruses are released? Really don’t wanna mess up all my pictures and stuff there if it’s possible to avoid.. damn.. pics on there since 2002. :/ What to do? Any help would be mostly appreciated

Comment on Virus.Win32.Virut.ce by Szabolcs

Szabolcs — Sat, 31 Oct 2009 11:11:49 +0000

Confirmed. I agree with the first poster (and the most of you), it sneaked through avast’s protection, I fought this about a week long, that process let me figure out some important stuff.

This malware is probably added by Win32.Agent along with Win32.Delf and b.exe, just to mention the most critical ones and some others (3-4 more)

- It hides on your portable devices such as pendrives portable hard disk or other partitions.
- When you connect to the internet, this will download the whole pack again, causing you more trouble.
- These malware only works on 32-bit based Windows systems. You should consider updating to 64-bit (there are some drawback) or try Windows 7.
- Only Win32.Virut will infect files, others should create their own, which you can find in “C:\” and “C:\Windows\system32″ or in “Documents and Settings”

Note: A new version has come out in October 2009 and even Kaspersky Labs do not have an update for this infection yet. Although, Kaspersky is able to competely eradicate this virus, thanks to it’s more advanced and intelligent being, compered to other virusbusters.

Conclusion: I am now using Windows 7 x64, works quite well that far.

Comment on ~dulla@204 Virus by ephrem

ephrem — Thu, 29 Oct 2009 15:55:51 +0000

This is really bad fortune for Ethiopians that hears Dulla virus has been created by Ethiopian distractive guy or Association. You know creating very_low_risk and very ordinary system virus like Dulla is not a work of proud. Most educated Ethiopians suspect strongly who has created this gadium virus. In my belief the current stated antivirus for Dulla-Tsere Dulla creator has created the virus itself before. Because the name of a virus it self is Amharic word, besides the solution itself has found from Ethiopia by the association they called INSA. Don’t forget also most commercial antivirus producers ignore or don’t care about to get a solution for this virus. And do not forget Dulla virus is a kind of very easy and low risk ordinary virus that even a younger student of computer science student with out experience can create this kind of macro type of virus. If I were a creator of this virus, I would rather participate to create a kind problem solving projects for this poor country. Shame on this virus creator. Let me tell him what is he done is reflect he is ordinary, very easy and useless bastard gay. By the way I am not giving this opinion just being hot or affected by the virus. And let me tell him that even I can create such virus. But I wouldn’t be interested to be criminal. I am sorry to use irrational words.

Comment on ~dulla@204 Virus by tadesse

tadesse — Thu, 29 Oct 2009 09:33:07 +0000

Please send Tsere dulla Antivrus. My documents are at riskThe file already corrupted, so how can i recover the excel files?+

Comment on ~dulla@204 Virus by Alekaw

Alekaw — Tue, 27 Oct 2009 15:16:09 +0000

I appreciate Dull Virus creator man really !! For future I will expect more that used for our country ‘Ethiopia’ and pass to Next Generation !!

Comment on Security Tool Virus and Internet Search Redirection by bev

bev — Sun, 25 Oct 2009 21:13:20 +0000

I have had for a few days now the Security Tool Malware virus on my computer with nothing able to remove it. I have had a lot of help from others, and tried doing everything not only manually but automatically. Nothing is working at all for me. Every little pop up from any kind of software on the computer terminates immediately. I tried downloading a few different things people told me to, but it just won’t let me retrieve the files, let alone open anything. RUN doesn’t work, nor task manager isn’t allowed to pop up without terminating automatically. I have tried safe mode, but when I got to it and click on it, I am brought to a blank blue screen and nothing happens for minutes on end, and at one point a half an hour, nothing changed, nor did it start any further than the blue screen.
What do I do now?

Comment on Win32/Cryptor by Ian Mac

Ian Mac — Sun, 25 Oct 2009 13:06:19 +0000

When you get the choice to save or run the download, click save. You will then get the ’save as’ prompt. It’s at this point that you can change the name.

System restore won’t delete any of your saved files.

Comment on System Guard 2009 by lilkunta

lilkunta — Sun, 25 Oct 2009 00:51:20 +0000

I have been infected by this virus. I am on a toshiba L25 with windows xp SP2. I am logged in as the admin. The virus has disabled the internet (ethernet & wifi) and the registry editor & system restore, telling me to contact the admin, which I AM the admin ! The popups I keep getting are a red thing called ’security tool’ and a blue screen that looks legit(but I know it is fake) called Windows Security Center. It has disabled the task manager and the registry editor and the system restore. Both ’safe mode’ & ’safe mode with networking’ dont work. I have to choose ‘directory services restore mode (windows domain controllers only) ‘ in order for safe mode to load.

How do I get rid of the virus ( or is it a trojan or malware or spyware ?) I cant get online in order to d/l an avg or norton. I cant get into the registry editor and self delte. I am stuck. Thanks.

Comment on Pyagcore by rignator

rignator — Fri, 23 Oct 2009 22:25:26 +0000

mohamed
go to my computer>local disc>program files>kiwee toolbar
not gonna do mauch good though, it protects itself and can’t be erased in some cases…

Comment on XP Antispyware 2009 by hurzwurz

hurzwurz — Fri, 23 Oct 2009 08:32:54 +0000

dear exel support,

please stop all tasks that are running under your user.

remove ikowin32.exe from your autostart.

stop tasks like “9129837.exe” and strange names like that
in the end you should have no programm running!
no virus scanner, no game software nothing!°
just windows itself
than you can install Malwarebytes and run a full scan!

if I hadnt killed these taks the scareware program always restartet my computer when it recognized that a antivirus prog was running…

And Warning these Program changes its Name
to me its known as “Security Tool”

Comment on errorofbrowser.com by No_limits31

No_limits31 — Thu, 22 Oct 2009 19:47:09 +0000

Besides the fact that some are only there to fill the politically correct quotas but seem totally incapable of fulfilling their duties. ,

Comment on Lsas.Blaster.Keyloger by Aaron

Aaron — Thu, 22 Oct 2009 18:51:51 +0000

OR
None of these worked for me, even option 6. Try a slightly different way though:

I tried to go into safe mode, but it wouldn’t let me, so I selected to start up in normal windows.

As it was starting up, I pushed F10, and then maneuvered from back there. Click the tab that has the date, and change the date per option 6. Click save and continue to restart in normal mode. Everything was fixed.

Comment on go.google - go.yahoo by Hyoran

Hyoran — Tue, 20 Oct 2009 17:41:03 +0000

I’ve tried everything to find the TDSSserv.sys including the scan for hardware changes and i still can’t find it. Is there any other hardware you can disable that will help?

Also i seem to have problems with serial and npkcrypt. Why have they stopped working?

Comment on Win32/Cryptor by Caitie

Caitie — Mon, 19 Oct 2009 22:50:12 +0000

AVG picked it up but won’t let me remove the virus, and my Trend Micro Anti-Virus won’t pick it up at all and the virus won’t let it update.
I tired to download Anti-Malware Bytes but I can’t rename the file before downloading and afterwards when I try to rename it I can’t find any of the .exe files and so it won’t open.
I’m thinking maybe a System Restore would help but I would have to go back about 6 months which would really suck

Comment on Win32/Cryptor by Caitie

Caitie — Mon, 19 Oct 2009 22:45:29 +0000

My AVG picked it up but won’t let me get rid of it, I tried to install Anti Malware Bytes but I can’t rename it before it d/ls and when I go into the folder to rename I can’t find any .exe files. I’m thinking I might have to do a full system restore around 5 months back which would really suck.

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:28:46 +0000

yyyyaaaay everyone do post six it works and takes under 3 minutes. go under safe mode to do yayayayayay tytyty

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:26:30 +0000

i did post six still waiting to see if it worked ;)

Comment on TR/Crypt.XPACK.Gen by Mel

Mel — Mon, 19 Oct 2009 07:39:18 +0000

I have tried Avira, Malwarebytes and Spybot, all of which have not removed the virus. It is in my temp folder and every time I delete it, it pops up under a different file name. Please help. It’s starting to drive me insane

Comment on Trojan.Patchep!inf by Andy

Andy — Mon, 19 Oct 2009 02:18:56 +0000

I have tried this and it found the files but failed to remove them. norton did put them in quarantine.

Comment on Trojan-Downloader.Zlob.Media-Codec by SalesMan

SalesMan — Sun, 18 Oct 2009 23:47:05 +0000

?????? ???? ?????? ?? ??????? 2009
???? ????????? ?? ?????????? ????? ???????
???? ????????? ?? ??????? ??????? ???????
???? ????????? ?? ???????????? ???????
???? ????,
???? ? ??????????,
???? ? ????????,
???? ? ???????????????? ???????????????,
???? ?????????? ?????????,
???? ???????? ???????????????? ?????????,
???? ?????????? ?????;
???? ??????? ??????,
???? ??????? ??????????,
???? ??????????? ???????
???? ??????? ??????????? ???????
???? 09 ???????? ??????? ? ??????????? ???????
???? ??? ???????
???? ????????? ??????? ?? ????? ? ???????
???? ??????? ???????
???? ??????? ??????????????? ???????
???? ??????????? ??? ???????
???? ??????????? ??? ???????
???? ?????? - ????? - ???????
???? ?????? ???????????? ???????????? ??????????? ???????

Comment on ~dulla@204 Virus by Biny

Biny — Thu, 15 Oct 2009 11:12:33 +0000

I’m still wondering who developed dulla virus,i’ll b very happy if INSA has something to say abt it.

Comment on Antivirus 2009 by betsy

betsy — Wed, 14 Oct 2009 03:45:26 +0000

i downloaded the software like an idiot 2 days ago under my dads credit card. i hope they dont charge ridiculous things to it. i told him to check with his bank and freeze his account. how bad did i screw up? how bad do they charge the cards? how worried should i be?

Comment on ~dulla@204 Virus by Amaha Fikru

Amaha Fikru — Tue, 13 Oct 2009 06:40:04 +0000

The file already corrupted, so how can i recover the excel files?

Comment on Insecure Internet activity. Threat of virus attack! by TrustFighter : Virus Solution and Removal

TrustFighter : Virus Solution and Removal — Tue, 13 Oct 2009 02:39:56 +0000

[...] Internet browser that may block users Internet access and instead be redirected to “Insecure Internet Activity” page. It will also run its own virus scanner and alert users on loads of infected file. This [...]

Comment on Email-Worm.Win32.Myd by nadia

nadia — Tue, 13 Oct 2009 00:54:08 +0000

no tengo ni idea de como eliminar virus, pero porfavor ayudenme!!! si puden me lo mandan por paso de cada tipo de virus ok =)

Comment on FullHouse Drive by rational

rational — Mon, 12 Oct 2009 22:57:22 +0000

I WANT TO REMOVE FULL HLUSE VIRUS FROM MY PC. I NEEED HELP

Comment on Lsas.Blaster.Keyloger by ceri

ceri — Mon, 12 Oct 2009 13:02:02 +0000

I went to the microsoft site sorted it straight away

Comment on Pyagcore by mohamed

mohamed — Sun, 11 Oct 2009 19:38:21 +0000

hi, after removing it from the task manager, where do you browse the C/:PROGRAM FILES/KIWEE TOOLBAR ??

Comment on Win32/Cryptor by Me

Me — Sat, 10 Oct 2009 22:30:59 +0000

AVG works

Comment on Virus.Win32.Virut.ce by uuzoo

uuzoo — Sat, 10 Oct 2009 12:08:18 +0000

This is a nasty virus! I got hit with it a couple of weeks ago from downloading programs. My antivirus at the time ( avast) detected it but couldn’t do nothing about it. So, I did some research on the net, and was told to download Kaspersky removal tool. It detected it, and was neutralizing it, but the virus was spreading like a forest fire. It got to about 3,000 files infected, and I said forget it. I ended up reformatting and reinstalling OS. It WORKED! What’s really interesting is that I didn’t know it at the time but my flashdrive was connected in the back of the tower, and it got infected. After reinstalling everything. I realized that my flashdrive was in too. I’m thinking oh no. I ran avast but nothing came up. I’ve now installed Vipre and ran scan on the flashdrive and it detected and neutralized the virus. Now I’m using Vipre. Been working well.

Comment on Total Security by kkkohli

kkkohli — Sat, 10 Oct 2009 08:50:37 +0000

i was also cheated by this total security software & i paid them usd 78. They pop message said same thing that your computer is under threat & pop up window was neither closing down nor minimising.There message after pop ups said full money will be refunded within 30 days & now there is no adress of any website. even e-mail is coming make on e-mail id provided on e-mail message by which activation key was sent.Can any tell how to get my money back or to whom to complain againest them

Comment on Generic.dx by webmaster

webmaster — Sat, 10 Oct 2009 08:30:03 +0000

T2 was right, scanning hard drive via USB or Bootable CD is the best way to clean infected hard drive. Booting on the same infected hard disk makes the virus to load on memory and do his things to hide from antivirus programs.

I have brief tutorial how to scan via USB here. Though it requires a tool that cost about $10.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/scanning-infected-hard-disk-via-usb/

Comment on Win32/Cryptor by RHC

RHC — Sat, 10 Oct 2009 03:17:12 +0000

Boris or xXtra or anyone else:

Got cryptor months ago, it fried Malabytes, fried sbybot, fried my restore points, AVG picked it up but wouldn’t remove it, and the last few weeks AVG won’t even run a scan.

Have downloaded Sophos and run a scan. It has picked up 250 entries, mostly .tmp files starting with UAC (example: C:\WINDOWS\Temp\UAC68d.tmp), but also about two dozen random letter files like hjgruimxbfhqpx.dll. Sophos doesn’t recommend cleaning up any of them.

Do I delete everything, all 250? Do just start with the “hjgru” files?

Any advice would be appreciated. I’ve lived with this virus for months, and my system is getting so threadbare that I have a hard time getting the computer to boot at all.

Comment on anykuy.com by pete burke

pete burke — Fri, 09 Oct 2009 16:40:31 +0000

Marcus, you are a star, I have been trying to get that sorted for 11 hours, loads of people with bright ideas, (which don’t work). Shame it took me so long to find your post. Many thanks mate. Pete.

Comment on Antivirus 2010 by Jay

Jay — Thu, 08 Oct 2009 15:58:30 +0000

You were dumb enough to purchase it? moron…. it is due to morons like you that companies release software like this

Comment on Windows Security Alert by gaurav gupta

gaurav gupta — Thu, 08 Oct 2009 09:46:02 +0000

I have got same virus.thanks for this valuable information.

Comment on ~dulla@204 Virus by Ermias

Ermias — Thu, 08 Oct 2009 07:19:21 +0000

Please send Tsere dulla Antivrus. My documents are at risk

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:06:14 +0000

ow also cleaned my external hard drive no problems there. my friend however who apparently didnt have anti-virus. and who waited to long is completely screwed. he cant even dl the avg removal tool

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:04:07 +0000

i only used kaspersky 2010 and the avg link that was mentioned hxxp://www.avg.com/us.virus-removal.ndi-67762
and im done.
took me about 2 hours (because my pc was just rebooted there wasnt mutch to scan)

Comment on Generic.dx by T2

T2 — Wed, 07 Oct 2009 10:22:46 +0000

The best way to get rid of this trojen is to connect infected hard drive to the secondary connector of another pc and run on demand scanner to perform cleanup. The trojan mostly gets attached to cookies.

Comment on Total Security by Fahad

Fahad — Wed, 07 Oct 2009 09:59:36 +0000

This program deleted my san andreas file(not folder only the appication) it alse deleted san andreas multiplayer, downloading them will take a long while so please help me out,i also checked the recycle bin

Comment on Total Security by Nate

Nate — Tue, 06 Oct 2009 18:15:27 +0000

I got rid of this yesterday! Go to malware bytes.org. When you try to download the virus will try and block it accompanied by a flashing bar at the top of the window. Simply go to the middle of the page where it will say ” if your having trouble downloading click here” and click there. This should let the download go through. Once you install malwarebytes anitmalware, it should fing the virus and remove it. This worked on my computer, so hopefully it will help you.

Comment on Trojan Downloader.Agent.OSQ by webmaster

webmaster — Mon, 05 Oct 2009 13:32:36 +0000

Hi Taufik, I believed credit card can be used on international transactions. Which particular antivirus do you want to purchase?

Comment on Trojan Downloader.Agent.OSQ by taufik awarsa kesuma

taufik awarsa kesuma — Mon, 05 Oct 2009 01:51:33 +0000

I want to buy your security,if my Pc has inpected by vyrus.but I am new residence in Singapore and I can’t apply the credit car. Please give the solution how I bu your anti virus,Thanks

Comment on Win32.TDSS.rtk by Kendo

Kendo — Fri, 02 Oct 2009 04:00:39 +0000

Try Malwarebytes mbma (free download)

Worked a treat for me

Comment on Win32.TDSS.rtk by Kendo

Kendo — Fri, 02 Oct 2009 03:59:20 +0000

Hi all ..at last I found a solid if drastic cure for having TDSS.rtk
it appeared after my daughter downloaded some (as she thought) mp3 files. She had saved to desktop, scanned with Spybot and they were announced as clean…moments later , she yelled to come see…jeez , there was a folder with a number of exe files , all disappearing one by one of their own accord after she had opened the first one !
Thereafter , everything went pearshaped..first of all none of my burning software could even see my DVD RW, and when I checked out “problem devices” in Disk management (in XP) , the first thing I saw in horror was just one huge pink block telling me that there were no physical drives present…no partitions ..NOTHING !!
Weird thing was too that windows still worked after a wobbly fashion, desktop all ok etc
Scanned whole pc and found 8 instances of TDS.rtk (corresponding to the number of files she had downloaded and let loose )
Spybot elected to fix them, apparently, giving the usual green tick success story …..NOT !! cuz on the second scan , there they were again, all over the place , in registry etc !!
No matter how many scans I did with various software including AVG, spybot , Adaware etc, they ALWAYS reappeared….PANIC !!!
Got a grip of myself and thought I’d sneak up behind this sucker , by going in XP in Safe Mode … no way , I couldnt even get there..it just went right on into windows welcome every time !!
In frustration I decided to bite the bullet and go for a full reinstall…and guess what , no matter which way I tried , the install failed , mainly cuz Widows installer couldnt find a drive !!
Trawled loads of sites, looking for help and advice…willing to give anything a go .
Found an article that recommended downloading and installing Malwarebytes mbam (freebie)….
Nothing to lose , I gave it a go …..and guess what ? First scan showed up the same 8 instances of our wee friend TDSS.rtk…and mbam offered to do the biz on them.
Fingers crossed and butt cheeks clenched, I hit the button and sure enough , it apparently did its thing.
Second scan run , and again ..guess what ??
TDSS.rtk had been given the heave ho! Call me a cynic , or just paranoid , but I ran a third scan…still clean…fourth one too.
Went back into Disk Management , and lo and behold , there were all my drives and partitions , and not a hint of pink in sight.
Just to be on the safe side though , and having had a poke around in the registry, I decided to follow on my plan to reinstall, just in case TDSS was hiding with its tail between its legs, preparing an even nastier sting in its tail . Drastic measure, I know , but……
Result - full clean reinstallation wthout a hitch. !!!
Aye , even though I’m Scottish , I broke out the wallet , bought meself a wee dram or two at the local pub and drank the health of those fine dudes down at Malwarebytes .
Slainte !!!
Hope this helps …if not , there’s always the Samaritans

Comment on Win32/Cryptor by Kyle

Kyle — Fri, 02 Oct 2009 00:46:47 +0000

I got peggle nights and i put it on my flash drive and when i tried running it it said it had this virus and i was like wtf -.-. now i cant play peggle nights :(

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Blueberry

Blueberry — Thu, 01 Oct 2009 17:50:49 +0000

thanks Alexander Mc, I have removed it :)

Comment on Virus.Win32.Virut.ce by SChalice

SChalice — Thu, 01 Oct 2009 02:34:44 +0000

This virus can get on compact flash sticks. You’ll need to be sure to wipe all those suckers clean or just throw them away if unsure..

Comment on FullHouse Drive by Lizzy

Lizzy — Wed, 30 Sep 2009 13:49:40 +0000

i want to remove FullHouse drive virus from my PC. please i want something free. i am using AVG antivirus. please help me.

Comment on Dropper.Bravix.A by TnMike

TnMike — Wed, 30 Sep 2009 13:46:51 +0000

MalwareBytes will get rid of the virus

Comment on Win32.TDSS.rtk by Jzone09

Jzone09 — Mon, 28 Sep 2009 05:03:03 +0000

I have also found Win32.TDSS.rtk using spybot, I tihn kthis is the reason why my computer keeps restarting at startup, I can only run it by booting it from safe mode with netowrking, what is the fix?

Comment on Pyagcore by eithel

eithel — Fri, 25 Sep 2009 22:55:02 +0000

tengo problemas con el windows police pro, quiero saber como elominarlo de mi computadora, no me deja entrar a internet. expliquenme bien por favor eithel

Comment on Win32/Cryptor by jess m

jess m — Thu, 24 Sep 2009 14:14:49 +0000

Ok, so we did everything that was listed and after running all the spyware/virus detection programs we have not found ANY virus on the computer however, it will still not let us access the internet using an ethernet cord. Anyone else have this issue? Were you able to resolve it?

Comment on ~dulla@204 Virus by Dawit

Dawit — Thu, 24 Sep 2009 08:43:54 +0000

Amanuel Kenna and AreMoh.

I think you two know how to recover pdf files that have been infected by the dulla virus using hex editor. I tried several times and I didn’t succeed. Please help. I am really anxious.

Comment on ~dulla@204 Virus by expertanalyzer

expertanalyzer — Tue, 22 Sep 2009 23:27:08 +0000

send me the teddy afro virus infected file sample i am expert virus anlayzer and i love to help people in my free time if you have teddy afro virus infected file attach and send it to my email: father@safe-mail.net i will give you free removal tool for free.
thanks.

Comment on Rapid Antivirus Firewall has blocked a program from accessing the Internet by Tolebi

Tolebi — Tue, 22 Sep 2009 22:24:55 +0000

U menya net antivirusa!Kak mojno udalit total security

Comment on Win32.Tanatos.m by Nasser

Nasser — Tue, 22 Sep 2009 18:10:23 +0000

I am suffering the same problem with win32/Tanatos.M It has even disabled the exe of AVG and when I click the AVG icon on desktop. It is showing the ‘browse cancel’ dailog box.

From the above discussion I can see a mere discussion about AVG, but no solution. Can anyone please help me with the win32/tanatos.m removal tool?????

Thanks in Advance.
Nasser

Comment on Total Security by john

john — Tue, 22 Sep 2009 16:08:57 +0000

your solution for total security

install revo uninstaller, get it from download.com, run uninstaller in advance mode and follow the prompts, select all files as per screen, uninstall and reboot. Install avira / update,get it from download.com and run full scan, avira will pick up the trojan. Go to program files on your c drive and delete the TS folder, if this folder is locked boot in safe mode F8 and delete the folder.

Comment on W32/Scribble-B by w32 scribble-b

w32 scribble-b — Tue, 22 Sep 2009 13:03:22 +0000

how is this virus removed?

Comment on Virus.Win32.Virut.ce by Joe

Joe — Sun, 20 Sep 2009 22:01:07 +0000

This virus infected my old HD, so I had no choice but to reinstall WinXP. Then today I accidently clicked an old executable on that HD and the virus is reinfected me. I was in no mood to reinstall so this is how I dealt with it.

DO NOT START ANY PROGRAMS YET, THEY WILL GET INFECTED

1. Pull the plug on your internet connection, because it will try to connect to its website (jL.chura.pl and maybe others) and download more crap to your PC

2. Go to Task Manager and kill ANY program that looks unfamiliar (this can be tricky, if you’re a not a computer geek)

3. Run services.msc and you’ll see at least 2 services running which have NO description. Stop them and then disable them (by right clicking). Also stop and disable Remote Access Connection Manager, and Background Intelligent Transfer System, if they are running. These are Windows processes, but I think the virus activates them.

4. Repeat step 2 just in case

5. Now you have a choice:
a)You can run restore, but you have to be very sure that the restore is clean
b) run your antivirus. A full scan is preferable, but at least C:\Windows\ and C:\Program Files\. The virus infected only logonui.exe in my case and changed the HOSTS file, and created a temporary file in the WINDOWS\TEMP directory, but nothing else. However, if you ran any program while the virus was loaded, that program will be infected too.

This is the stage on which I am myself. The virus is removed but my system is still a bit screwed up, because everytime I reboot a hidden process iexplore.exe is started, except it’s not connecting anywhere. I’m not sure what’s starting it, but I dealt with it by killing the process and moving iexplore.exe to a temporary folder.

Comment on Virus.Win32.Virut.ce by Fennec the sysop

Fennec the sysop — Sun, 20 Sep 2009 20:07:51 +0000

This virus is a pain but I have it contained ,my router is a good firewall and I have it set to block all incoming connections on port 65520 and all outgoing connections to Proxima.ircgalaxy.pl so that means the attackers cant use it I have also found that using IRC to connect to my local machine on port 65520 gives you control of this virus so now I am able to change the options and on my machine it only infects explorer.exe too bad it dosent have a disinfect command

Comment on Win32/Cryptor by glen

glen — Sun, 20 Sep 2009 07:55:16 +0000

Sophos anti-rootkit works magic. all other anti-spyware softwares couldn’t solve the problem.

Comment on ~dulla@204 Virus by amanuel girma (haramaya university)

amanuel girma (haramaya university) — Sat, 19 Sep 2009 22:25:35 +0000

HOW TO PARTIAL REPAIR OFFICE DOCUMENTS INFECTED WIZ “~dulla^@204~” VIRUS
Before you start this tutorial clean your pc wiz anti dulla software I recommend
Emopia® Virus Removal Pack (freeware) from emopia.com
Tools needed for this tutorial
• Notepad ++ (absolutely free download and install this software)
• Office 2007
• An infected file
1. Right click on the infected office document >>click “edit with notepad ++” now the document will be opened in notepad++ window
2. Click on “search” from the menu >>click on” find” >> click on “replace” tab
3. Type ‘~dulla^@204~\x00’ (without the quote) on “find what” box>> check the “regular expression” check box >> click on “find next” tab >> click on “replace all” tab >> ok >> done.
4. Click done >> click on the” save” from menu >> close notepad ++ >> open the infected(corrupted) document when a dialog box appear click yes
any question please email me :amangirma@gmail.com

Comment on Total Security by endy

endy — Sat, 19 Sep 2009 07:15:50 +0000

in reply to ujjawal goel

the whole total security lifetime package is a scam! they got your credit card information, so if i were you, call your bank and let them know what happened.

Comment on sc.videofreeforonline.com by Nalaka

Nalaka — Sat, 19 Sep 2009 06:11:38 +0000

It worked with Avast virus scan. It’s a Free ware Home package. I am very much relieved after this.

Comment on Total Security by Stephanie

Stephanie — Fri, 18 Sep 2009 18:25:28 +0000

combofix is the only thing I have seen that removes it. download.com has this file. Malware Bytes is also suppose to remove but it would not on a couple of our computers.

Comment on FullHouse Drive by PHILIP

PHILIP — Thu, 17 Sep 2009 11:15:12 +0000

I want to remove FullHouse Drive virus from my PC. please help me.

Comment on ~dulla@204 Virus by Jiru

Jiru — Thu, 17 Sep 2009 10:22:35 +0000

Ther is a virus named Teddy afro which has characterstic feature of hiding your files and disabling ur cd driver…it is even difficult to remove it with command…i have tried avira, kaspersky,macaffe,avg,and NOD..non of them could remove that.You guys do you have any solution for that?EMOPIA ..it is just fake..it cant detect any virus…

Comment on FullHouse Drive by war10ck

war10ck — Wed, 16 Sep 2009 07:49:05 +0000

Download ComboFix and run on your pc..
I am sure FullHouse icon on your desktop can be delete.
Tested by me and it’s works.

Click above to downlaod ComboFix:-
hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe

Comment on Pyagcore by ORNELLA

ORNELLA — Wed, 16 Sep 2009 07:10:16 +0000

MANY THANKS.. just when I was losing the battle I won the war with this computer .. children are much more easier than technology, haha… but I’m glad I succeded with your help!

This program is great!! it worked!!

Thanks again.

Comment on Your computer is infected! by John

John — Wed, 16 Sep 2009 05:08:34 +0000

Hay Garrett
Turn off your restore and dump it then turn it back on this bugger hides in the hidden files like System volume information file. Most of this is your restore files. If you don’t want to dump your restore you’ll need to make the file accessable so malbytes can get at it.

Comment on Win32/Cryptor by hoangson dinh

hoangson dinh — Tue, 15 Sep 2009 13:52:17 +0000

Response 78 saved my computer.
Thanks to precisesecurity.com, Sophos Anti-Rootkit, Malwarebytes, and Superantispyware.
Thanks to everyone.

Comment on ~dulla@204 Virus by Abdulkerim

Abdulkerim — Tue, 15 Sep 2009 12:02:02 +0000

People! Get over it! There is no method to recover corrupted files, you can see the reason on facebook, just go to emopia.com (they are the one who made emopia virus remover, and are professionals) and join their facebook page and in the discussion board, you can read the reason why dulla corrupted files can’t be recovered.