Tuesday, May 29, 2012
Smart Internet Protection 2011
Monday, May 21, 2012
Smart Fortress 2012 Description
Thursday, December 1, 2011
What is MS Antivirus (malware)
Not to be confused with Microsoft Security Essentials, the current legitimate Microsoft Windows anti-malware program , or its predecessors Microsoft Antivirus and Windows Live OneCare.
Developer(s) | Bakasoftware, Innovative Marketing, Inc. |
---|---|
Operating system | Microsoft Windows |
Type | Rogue software |
Names
MS Antivirus has a number of other names. It is also known as XP Antivirus, Vitae Antivirus, Windows Antivirus, Win Antivirus, Antivirus Pro, Antivirus Pro 2009, Antivirus 2007, 2008, 2009, 2010, and 360, Internet Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008, 2009 and 2010, Antivirus Vista 2010, WinPCDefender, Antivirus XP Pro, Anti-Virus-1, Antivirus Soft, Antispyware Soft, Antivirus System PRO, Antivirus Live, Vista Anti Malware 2010, Internet Security 2010, XP Antivirus Pro, Security Tool, VSCAN7, and Total Security.Symptoms of infection
Each variant has its own way of downloading and installing itself onto a computer. MS Antivirus is made to look functional to fool a computer user into thinking that it is a real anti-virus system in order to convince the user to "purchase" it. In a typical installation, MS Antivirus runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user has to either click on a link or a button to remove it. Regardless of which button is clicked -- "Next" or "Cancel" -- a download box will still pop up. This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus. If the user decides not to purchase the program , then they will constantly receive pop-ups stating that the program has found infections and that they should register it in order to fix them. This type of behavior can cause a computer to operate slower than normal.
MS Antivirus will also occasionally display fake pop-up alerts on an infected computer. These alerts pretend to be a detection of an attack on that computer and the alert prompts the user to activate, or purchase, the software in order to stop the attack. More seriously it can cause a picture of a Blue Screen of Death to be pasted over the screen and then for a fake startup image to be displayed telling the user to buy the software. The registry is also modified so the software runs at system startup. The following files may be downloaded to an infected computer:
- MSASetup.exe
- MSA.exe
- MSA.cpl
- MSx.exe
Depending on the variant, the files will have different names and therefore can appear or be labeled differently. For example, Antivirus 2009 will have the .exe file name a2009.exe.
In addition, in an attempt to make the software seem legitimate, MS Antivirus can give the computer symptoms of the "viruses" that it claims are on the computer. For example, some shortcuts on the desktop may be changed to link instead to porn websites.
Malicious actions
Most variants of this malware will not be overtly harmful, as they usually will not steal a user's information (as spyware) nor critically harm a system. However, the software will act to inconvenience the user by frequently displaying popups that prompt the user to pay to register the software in order to remove non-existent viruses. Some variants are more harmful; they display popups whenever the user tries to start an application or even tries to navigate their hard drive, especially after they restart their computer. It does this by modifying the Windows registry. This can clog the screen with repeated pop-ups, potentially making the computer virtually unusable. It can also disable real antivirus program s to protect itself from removal. Whichever variant infects a computer, MS Antivirus always uses system resources when running, potentially making an infected computer run slower than before.
The malware can also block access to known spyware removal sites and in some instances, searching for "antivirus 2009" (or similar search terms) on a search engine will result in a blank page or an error page. Some variants will also redirect the user from the actual Google search page to a false Google search page that states that the user has a virus and should get Antivirus 2009 with a hotlink to the virus’s page.
AntiVirus2009 can also disable legitimate anti-malware program s and prevent the user from opening or re-enabling them. Anti-malware applications disabled by AntiVirus2009 include McAfee, Spybot - Search & Destroy, AVG, Malwarebytes' Anti-Malware, and Superantispyware.
MS Antivirus is constantly updated and re-released to prevent detection by common legitimate anti-virus scannersEarnings
In November 2008, it was reported that a hacker known as NeoN hacked the Bakasoftware's database, and posted the earnings of the company received from XP Antivirus. The data revealed the most successful affiliate earned USD$158,000 in a week.Court actions
On December 2, 2008 the U.S. District Court for the District of Maryland issued a temporary restraining order against Innovative Marketing, Inc. and ByteHosting Internet Services, LLC after receiving a request from the Federal Trade Commission (FTC). According to the FTC, the combined malware of WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus has fooled over one million people into purchasing the software marketed as security products. The court also froze the assets of the companies in an effort to provide some monetary reimbursement to affected victims. The FTC established claims that the companies established an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements.
According to the FTC complaint, the companies charged in the case operated using a variety of aliases and maintained offices in the countries of Belize and Ukraine (Kiev). ByteHosting Internet Services is based in Cincinnati, Ohio. The complaint also names defendants Daniel Sundin, Sam Jain, Marc D’Souza, Kristy Ross, and James Reno in its filing, along with Maurice D’Souza, who is named relief defendant, for receiving proceeds from the scheme.
Learn about more Trojan Viruses like the Zlob Trojan by clicking hereDo you think you have this? learn how to remove MS Antivirus (malware)
Tuesday, July 12, 2011
Windows 7 Repair Virus Removal Guide
Windows 7 Repair is a fake computer optimization application made specifically for Windows 7. Windows 7 Repair will generally infect the computer without user permission and therefore will look like Windows 7 Repair is part of Windows 7 since the user didn’t install the application. By having Windows 7 in the name of the program , there are many users who believe that Windows 7 Repair is a diagnostic tool for Windows 7. The program will display system information on the program to make the user further think that Windows 7 repair is a diagnostic tool. While these issues may exist as shown by Windows 7 Repair, there is a low chance since Windows 7 Repair will display the same messages on all computers. The application will display the same results on all computers and will generally find 11 issues. Windows 7 Repair is designed for Windows 7 but there are also applications for Windows XP and Windows 7. Windows XP Repair is for Windows XP and Windows Vista Repair is for Windows Vista. These three fake applications replace Windows XP Restore, Windows Vista Restore, and Windows 7 Restore. They all have a scanner module, stardard module, and advanced module. Windows 7 Repair will make changes to Windows settings.
We recommend performing research from previous users if you plan to manually remove Windows 7 Repair. The comments posted by users who were infected by Windows Restore, the comments posted by users who were infected by Windows Recovery, and the comments posted by users who were infected by Windows XP Recovery may provide insight into the successful removal of Windows 7 Repair. Windows Restore and Windows Recovery are previous versions of Windows 7 Repair.
If you are unable to run the removal tool, or are unable to run any program s in general, you may need to stop the processes associated with Windows 7 Repair with task manager. If task manager has been blocked by Windows 7 Repair, try using Process Explorer. Also, try renaming the removal tool to iexplore.exe or to a random series of characters, which may allow the program to not be blocked by Windows 7 Repair. If you would rather manually remove Windows 7 Repair, we recommend checking our removal tips which will help to remove Windows 7 Repair.
Important - Windows 7 Repair will hide other files and folders in the computer in an attempt to try and convince the user that there are issues with the hard drive. Therefore, by turning on “show hidden files and folders,” the user will be able to see their files. In Windows 7, you can search “hidden files and folders” in the Windows Search Bar to find the folder options. To bring up the Windows Search Bar, click on the Windows 7 logo in the bottom left hand portion of the screen, which will bring up the program s. In Windows XP, the user will need to go to tools and then go to folder options in the file manager. In folder options, click “View” and scroll down to “Hidden files and folders.” This will allow the user to see the hidden files and folders. In order too make these files unhidden, you will need to go to the following location.
Windows Vista & Windows 7 – C:\Users\
Windows XP – C:\Documents and Settings\
The user will need to locate the folder with their username. They will then need to right click on the folder and left click on properties. This will bring up the properties. Deselect the hidden box and click ok. A box will come up and select to apply changes to the folder, subfolder, and files.
Below are some warnings shown by Windows 7 Repair. Windows 7 Repair is not a diagnostic tool from Microsoft and will display the following warnings on all computers. On a new computer, the following warnings will be shown.
“Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.”
“System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.”
“Critical Error
RAM memory usage is critically high. RAM memory failure.”
Windows 7 Repair, like many other fake fake program s, will also claim that there are many issues with the user’s computer. Some of these issues can be found below.
“Registry Error – Critical Error
Boot sector of the hard drive disk is damaged – Critical Error
RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
RAM memory temperature is 83 Celsius. Optimization is required for normal operation.
Read time of hard drive clusters less than 500 ms – Critical Error
A problem detected while reading boot operating system files
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table – Critical Error
Data Safety Problem. System integrity is at risk.
Hard drive doesn’t respond to system commands – Critical Error
32% of HDD space is unreadable – Critical Error”
Below are additional warnings created by Windows 7 Repair.
“Critical Hard Disk Drive Error
Critical hard disk drive error has been detected!
Windows 7 Repair detected a bad sector on your hard drive.”
“Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hart drive error.”
“Critical Error
Damaged hard drive clusters detected. Private data is at risk.”
“Critical Error
Hard Drive not found. Missing hard drive.”
“Low Disk Space
You are running very low disk space on Local Disk (C:).”
“Windows – No Disk
Exeception Processing Message 0×0000013.”
“Critical Error
A critical error has occured while indexing data stored on hard drive. System restart required.”
As previous mentions, the purpose of these messages are likely just to scare the user into purchasing the fake program and to make them believe that there are major issues in the computer. If there really was a hard drive failure, the computer would not even load Windows. We recommend removing Windows 7 Repair and then restoring the computer to its original state. This can be done successfully by automatically removing the virus or by manually removing it.
It is recommended to use safe mode when removing the virus because Windows 7 Repair will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.
The safe mode with networking option will allow the user to be able to use the internet in safe mode. Windows 7 Repair can be removed by using the removal tool or by manually removing the virus.
View Windows 7 Repair Files
View Windows 7 Repair Keys
Manual Windows 7 Repair Removal – In order to manually remove Windows 7 Repair, the processes associated with Windows 7 Repair must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Windows 7 Repair entered the computer.
Important: Before attempting to manually remove Windows 7 Repair, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus program s since many fake antivirus program s are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Windows 7 Repair. However, please use discretion since these specific comments pertain to other fake antivirus program s.
Stop Windows 7 Repair Processes (Learn How To Do This)
[random].exe
To clarify, [random].exe means that the executable for Windows 7 Repair will be a set of random characters. This executable will be different from computer to computer. There may be multiple random executables associate with this virus. Windows 7 Repair may have two executables with a random name and with the same plication. One executable will run Windows 7 Repair while the other will create the constant pop ups.
Remove Windows 7 Repair Files (Learn How To Do This)
C:\ProgramData\[random].exe
Remove Windows 7 Repair Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Windows 7 Repair
HKEY_LOCAL_MACHINE\SOFTWARE\Windows 7 Repair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows 7 Repair
Remove Windows 7 Repair Startup Entry (Learn How To Do This)
[random].exe
Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Windows 7 Repair.
Sunday, July 10, 2011
Removal Tip – Watch YouTube Videos
YouTube is also good for viewing videos related to performing functions on the computer necessary in order to remove the fake antivirus program . For example, Youtube has great videos on how to use task manager or file manager. If you need assistance with either or these program s, it is advised to go to Youtube and watch some videos related to Windows program s which are needed to remove the fake antivirus program s. YouTube provides a wealth of knowledge related to computers and the visual aspect will be highly beneficial. However, it is also important to scan with antivirus software once the program has been removed to make sure all components of the fake antivirus program are removed. Make sure to update the software before scanning so that the software can have the latest virus definitions. Watching YouTube videos is one of many removal tips for fake antivirus program s.
Friday, July 8, 2011
WINDOWS RECOVERY FAKE WARNING VIRUS MALWARE - REMOVAL
first you need activate task manager
download and double click
http://windowsxp.mvps.org/reg/EnableTM.reg
or clikc windows +r and type regedit strg+f search for DisableTaskMgr change value to zero 0
if you able to show TASKMANAGER find ram resource and kill application
your files external harddisk c d are hidden dont worry about that click and run Unhide.exe
Remove Windows Recovery Virus (Fake Windows Recovery Manual Removal Guide)
Windows Recovery Step-by-Step Removal Instructions
1.The associated files of Windows Recovery to be deleted are listed below:
%AppData%\Microsoft\[random].exe
%UserProfile%\Desktop\Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\
%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk 2.The registry entries of Windows Recovery that need to be removed are listed as follows:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0′
on my computer Turkish was ProgramData
Windows Recovery Description
Windows Recovery is a fake security application which is the same family of Windows Diagnostic and lures users to unknowingly perform corrupt actions on a targeted computer. This fake Microsoft windows recovery program installed without your awareness by a trojan horse that can easily access the targeted system through a backdoor you might not even know about and it won’t let you uninstall it instead of popping up fake security alert. Windows Recovery poses as a so-called security application that displays deceptive warnings and misleading scan results such as suddenly pops up alert in front of the desktop on your computer, announcing that the PC is seriously in risk. It then start scanning and asks for users to purchase it once scanning is completed. But actually it is not true, it just scareware your system to execute certain processes that are nonexistent, it aiming to get your money so you must skip it. Windows Recovery is preventing from scanning by anti-virus and you should remove windows recovery malware completely by manual to make your computer safety.
Windows Recovery Identified as Security Threat by Impressions
Windows Recovery reputation/ rating online is terrible. Windows Recovery is installed/ run without your permission. The official website of Windows Recovery is poorly built without contact info. The payments website of Windows Recovery is suspicious & claims your OS is unsafe. Poor Performance like highly-consumed system resources is caused by Windows Recovery.
Wednesday, July 6, 2011
Windows Efficiency Analyzer
Windows Efficiency Analyzer does not scan computer memory in order to detect viruses or any other kind of threats. It merely notifies of detected threats using random names retrieved from existing reports of genuine security tools. Remove Windows Efficiency Analyzer as yet another piece of fake antispyware, which self-advertises by means of misleading users into believing their computers are overcrowded with particular viruses.
Before you get rid of Windows Efficiency Analyzer, proper security solution will not be capable of solving actual security issues due to the interference with the counterfeit. That is, the program displays hostile behavior in relation to other program s. Weak security solutions that even cannot protect their own processes will not do against it. Click here to download free scanner of strong security solution to dispose of the self-advertising misleading software.
WindowsRescueCenter Technical Details:
* Full name: Windows Efficiency Analyzer
* Version: 2011
* Type: Rogue anti-spyware
* Origin: Russian Federation
Signs of being infected with Windows Efficiency Analyzer
It is only possible to encounter adware detection difficulties, if it shows preliminary popups. The preliminary popups are a kind of introduction to the adware main popups as they are shown first after its installation and do not mention the program name. The design of hackers, obviously, is to make it look as though it is a computer system that informs users of vague threats, and then here comes a program -hero to make an exploit of system survival which provides precise reasons for the system warning of general meaning.
However, the preliminary stage is not always in place as in many cases the adware immediately starts to shows its GUI and threat specific alerts. If you have the adware detection issue or merely need to remove Windows Efficiency Analyzer, click here to start free scan.
Windows Efficiency Analyzer automatical removal:
To ensure Windows Efficiency Analyzer removal is a contribution to overall system disinfection, follow the link below to properly scan your computer system and clean every kilobyte of the computer memory.
Windows Efficiency Analyzer Removal Tool
Manual Removal of Windows Efficiency Analyzer:
Windows Efficiency Analyzer manual removal is safe, if a Windows user perform it in Safe Mode with Command Prompt and double-check entries before their deletion.
Remove Windows Efficiency Analyzer files and dll’s:
%UserProfile%\Application Data\Microsoft\
Unregister Windows Efficiency Analyzer registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ’svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ‘1′