The ultimate resource for malware removal and virus protection
09.04.2013 | Malware Type: Rogue Anti-Spyware
System Care Antivirus does precisely what all the fake security programs out there do, i.e. manipulate people in order to eventually get revenue. This program scans your computer for infections and always – with no exceptions – detects stuff. In this case though, detection is in no way related to the routine that legitimate antiviruses stick to. It simply displays the results that look spooky but have nothing to do with the real state of affairs. This is a scare tactic aiming at ripping the most credulous users off. In addition to the above-mentioned scans running each time you start Windows, System Care Antivirus pops up system tray alerts and other warning messages, just to add some persuasiveness to the whole deal. Another aspect of this rogue AV is about blocking certain processes that might prevent it from staying on your PC unimpeded. That usually applies to authentic security software, so it might be a good idea to boot into Safe Mode (hit F8 key during startup) and try launching your solution against this pest. Yet another trait of this virus is that it leverages tricky obfuscation techniques which make it really complicated to locate the associated files manually. In the end of the day, it’s an absolute must to address the issue of System Care Antivirus playing havoc with your system. This set of instructions should help you combat this little beast.
26.03.2013 | Malware Type: Rogue Anti-Spyware
The scareware propagation business is alive and well, AVASoft Professional Antivirus being an unequivocal evidence of that. Although this rogue product appeared a few days ago, the number of infected users is quite similar to the scopes we saw around 2008 when this industry was close to its peak. This seems pretty interesting – are we entering a new upswing right now? Could be; hopefully not. Anyway, AVASoft Professional Antivirus represents the WinWebSec family which has been known for years. It looks professional indeed, bearing all the outer key attributes of AV software. It seems to feature system scanning, privacy protection, update options, customer support, and pretty comprehensive settings. Now let’s peek a little deeper into this utility’s essence. When it runs scans (and this happens on a regular basis), it detects spyware, adware, backdoors, Trojans, dialers keyloggers, e.g. SVCHOST.Stealth.Keylogger, – even on a clean OS. That’s because the app was programmed to report things that are not there. It thus uses a scare tactic to induce users into going ahead and registering the full version for a certain amount of money. Also, the rogue might prevent some legitimate processes from executing. Yet another trait of this little program has to do with the uninstall, that is, it prevents users from removing it. Due of the latter, it typically takes an automated solution to weed this aggressive thing out. Stick to the recommendations below to get rid of AVASoft Professional Antivirus scam without harm to your system.
21.03.2013 | Malware Type: Rogue Anti-Spyware
Antivirus Security 2013 is one of those applications that look right but act really, really bad. More precisely, this is a rogue security product created by cybercriminals. Its prime objective is to invade one’s computer through the use of Trojans, typically, and then display loads of false positives alerting the user about tons of security problems. Antivirus Security 2013 gets configured to start once a Windows session is initiated; moreover, it begins running with priority, meaning that its executable overruns some other applications from your startup list. Having made all these changes to your system, it triggers a scan which is followed by a fabricated report stating that there are Trojan horses, spyware, worms, adware, tracking cookies, and other nasty things like that detected on your machine. It then calls for action, recommending you buy the license to activate the fully functional version which is claimed to be capable of removing these purported threats. Now, guess what happens if you actually pay the scammers? Basically nothing, because the ‘deleted’ infections were never there to begin with. Since uninstalling Antivirus Security 2013 is not a trivial task, it’s advised to use a genuine AV tool to spot and sweep this fraud away.
26.01.2013 | Malware Type: Rogue Anti-Spyware
Here is how easily you might get in trouble these days: you visit a web page you deem perfectly trusty, click through and see some luring ad or file to be downloaded. What a whole lot of users do next is click on this attractive thing, and voila – you end up observing something really weird upon the next reboot. Something like Security Defender which you can see on the snapshot below. Do you know what kind of app that is? We’ll tell you in this post. This is a utility that will never provide any genuine computer safety reports, for one very simple cause: it isn’t meant to be informative, in the positive sense. Security Defender says you have viruses, but guess what – those aren’t there. It states that it can help you get rid of those infections, but it certainly won’t because, again, they aren’t there. Imitation of benign activity and good intensions is everything this program is about. The symptoms of this infestation are fake scan results and noxious alerts it keeps displaying over and over, e.g. ones about 66 critical system objects detected, about iexplore.exe being struck by Trojan-Clicker.Js.Agent.op or Trojan.JS.Fraud.ba, about the unknown program named Porn-Tool.Win32.StripDance.d allegedly scanning your registry right now, etc. Once (and if) you happen to fall for this nonsense, chances are you do what the bad app tells you to, i.e. register it online by paying for the product license. Now, make sure you never do a thing as thoughtless as that! Security Defender is not there to help secure your workstation. It’s a money harvesting instrument inspired and designed by criminals who simply strive to get hold of a certain amount from your credit card. Hopefully you now understand how you should treat this disgusting piece of scam.
12.07.2012 | Malware Type: Toolbars
There’s evidently a trend (not a good one) out there which consists in people having problems getting rid of things associated with web browsers, such as add-ons, toolbars etc. The aggressive marketing probably presupposes no easy uninstalling, we guess. FunMoods browser extension toolbar is a straightforward example of this phenomenon. You may install it consciously, hoping that it will facilitate your web search activities and add some entertainment into your Internet browsing routine. That’s not quite so though. Whether or not you find this one annoying, it’s not nearly as informative and helpful as it should be. Now, when you get to the point where removing FunMoods toolbar becomes your choice, you start running into odd things. First of all, even after the regular Control Panel removal, which might seem successful at first, the issue tends to persist. On the other hand, the toolbar itself does not appear to have an uninstall option of its own that works. Sounds like a problem. Moreover, one of the ways FunMoods acts is it redirects your searches to advertising networks, thus bringing its creators income through leads or CPA campaigns. Whether you like it or not, the only efficient method of getting FunMoods toolbar off your computer is by using an automated security solution that will find the kernel of the adware’s components, and sweep it all away. Follow the section below to learn how this is doable.
16.05.2012 | Malware Type: Trojan Horses
Trojan.Ursnif is a piece of malicious software which indulges in stealing one’s private information and sending it over to Internet scammers. This fraudware can intrude into your computer during the installation of some applications and games received from the Net, or when you work with media content online i.e. listen to music, play videos etc. If you’ve spotted the slowdown of system performance or the speed of the Internet connection – you’ve probably gotten infected. Such virus establishes permanent connection to a remote server to transmit the sensitive data from the infested PC to a remove server controlled by fraudsters. Furthermore, this trojan may masquerade as just some popular plugins, freeware games or extensions so that it penetrates into browser processes and messes up your regular web activities, steals passwords and logins and modifies your Internet connection settings. All these actions are quite dangerous as by using such scareware, cybercriminals may take your machine under total permanent control. Trojan.Ursnif can also download some additional malware from the worldwide web and contaminate your OS yet more badly. There is a possibility to detect and remove the trojan from the PC, however you’d better not do this manually as this may damage the whole system. There are malware removal utilities that can do the trick for you. You can try one of them – see below for details.
13.05.2012 | Malware Type: Rogue Anti-Spyware
A new threat has recently appeared to the worldwide web. Its name is Windows Be-on-Guard Edition. This malicious software acts and looks just like a legitimate antivirus, though this is indeed a nightmare for a computer user. The fraudware intrudes on the machine via drive-by downloads from Internet pages containing malicious scripts. These could be either special doorway pages with lots of teasing ads and links, or hacked legitimate web resources such as search systems and social networks etc. The problem is that this rogue penetrates into the system and installs without your permission or personal concern. It creates false registry entries to run within the OS and due to this may even block the Task Manager. Furthermore, removing this bug is likely to be a problem as there’s also no uninstall option included into Windows Be-on-Guard Edition distributive: no wonder – the malware authors are not interested in their product being easily removable. So the cleaning process could be only possible using special utilities. One of the main dangers about this scamware is it is in charge of blocking your trustworthy anti-spyware system and creating new fabricated scanners and pseudo filters to produce numerous fake virus alerts and notifications concerning the system’s condition. Such warnings, as well as fabricated scan results are intended to scare the user and prompt him/her to buy the commercial version of this software. This is what it’s all about – stealing your money is the main aim of the cybercriminals who have developed this program. To protect oneself from the danger, one should be cautious about visiting unfamiliar Internet pages and keep the legitimate antivirus constantly turned on and updated. Furthermore, it’s a must to get this one off of your computer system – below is the tutorial to help you with that.
11.05.2012 | Malware Type: Rogue Anti-Spyware
If your computer is infested by Windows Abnormality Checker, this is a serious problem. To start off, let’s see where you might have got it from. This malicious software can be caught on popular web resources that had been compromised, or chances are you got it via drive-by downloads where you have no idea what you are actually downloading. For instance, you may have been redirected to a page containing contagious scripts. It installs on the PC without the awareness of the user and is in the one to blame for modifying and configuring the targeted system in order to boot within Windows startup. Windows Abnormality Checker creates new registry entries and may even block the Task Manager so that you will have no possibility either to find out what’s wrong with the machine, or to remove the threat as there is no uninstall option and no traces left after the execution. Furthermore, this scamware is not displayed on Control Panel. As you might have understood, the app is a real horror, though we haven’t mentioned the most dangerous feature. This feature deals with your security i.e. the legitimate antivirus you use. Windows Abnormality Checker smashes this anti-malware protection and creates misleading fake scanners and filters instead. You’ll definitely be deceived as all the fabricated virus alerts, warnings and scan reports will look just as the real ones. What is more, the scareware tells you to purchase its license for the supposedly spotted bad items to get eliminated. Externally, this malicious utility is like all the actual anti-malware protection systems. The only dubious trait about it is the annoying reminder constantly offering you to purchase the commercial version of the product. Remember this is trap and you won’t get anything useful after paying money. Don’t let yourself to be cheated!
19.04.2012 | Malware Type: Fake Security Programs
Out of all the fake optimization tools we’ve seen, this appears to be pretty non-trivial and ‘original’ to a certain extent. First off, that’s because the name is kind of blurred as it encompasses three components: S.M.A.R.T. HDD, S.M.A.R.T. Repair and S.M.A.R.T. Check, the latter two being standalone features of the same fraudulent kit. What happens is the rogue optimizer invades your computer through a complex process which typically exploits an application vulnerability, i.e. a flaw of some software you’ve got installed on your machine; a drive-by download scheme, or blackhat SEO techniques. Anyways, the more active a web surfer you are, the greater chances are that you fall victim to this disaster. Having infiltrated your computer system, the affiliated trojan or rootkit strictly sticks to a well-paved path of installing the actual rogue. This phase being completed, S.M.A.R.T. HDD will commence the mind attack it is meant to carry out, displaying literally tons of pop-ups and system scans every single one of which is counterfeit. The scareware reports problems with your OS, such as hard drive boot sector reading errors, system blocks that failed to be found and other malfunctions that should normally not be neglected. But in this case, considering the fact that these detection reports are all fake, you needn’t worry about these errors potentially disrupting your computer’s work or whatnot. Still, what you do need to take care of is the S.M.A.R.T. HDD, S.M.A.R.T. Repair, S.M.A.R.T. Check badware operating inside your workstation. Also, it’s definitely a no-no to do what this program tells you to, i.e. purchase its license for alleged fix of the supposedly spotted problems. So switch your mindset from that of a cyber victim to something more rational and judicious – get rid of this scam without fail.
19.04.2012 | Malware Type: Rogue Anti-Spyware
Let’s have a look at Windows Antivirus Care – a piece of malicious software which spreads on the web and may easily attack the average computer. The traces of its performance can be noticed while working with a PC – the user literally loses control over it and becomes partially incapable of browsing the Internet and doing other routine actions. So how can one pick up this virus? The answer is very simple – through software vulnerabilities or via drive-by downloads from the infested sites (they actually contain contagious scripts). After such trojan is received, it installs the rogue on to your system. It doesn’t require any permission or confirmation from the machine owner. This ‘feature’ could be considered the worst, however it’s definitely not. Apart from this, Windows Antivirus Care tends to disable the legitimate antivirus software, if there is one installed on the machine, and prevent you from opening up the Task Manager. The experienced users will probably understand something wrong is happening, but it turns out to be complicated to remove this scamware as there is no uninstall function as well as no functional corresponding icons, items on ‘Add / Remove Programs’ menu or on the desktop. The only way to eliminate such bogus product is to ask for qualified specialist’s help to get the fake registry values and files deleted and the default configuration of the system restored. Unless this is done, Windows Antivirus Care will annoyingly demand you to purchase its commercial version. It is not recommended to do this, unless you are Arabian sheikh. Beware of this rogue. Here is a simple and effective method to get rid of Windows Antivirus Care scareware: