Archive for the ‘Virus/Spyware Cleanup’ Category

Favourite antispyware tools – March 2011

13 March 2011

As for March 2011, my current favorite anti spyware tools are:

1. Spyware Doctor from PC Tools (click link on RHS)

Use discount code friedman15 for 15% off

If you are VAT registered, add the VAT registration code to remove the VAT charges

I do not recommend auto-renew in case something better comes along, but I do recommend the two year license which covers three computers

Remember that with increased protection there is usually a trade-off with speed. If the computer becomes too slow then turn off inteliguard

Also recommend setting “Auto Fix” when scanning

2. Malwarebytes Antimalware

Very effective in removing spyware infections – in particular in safe mode.

The paid version will automatically update and scan.

Advertisements

MS Antivirus XP 2008, TDSSserve.sys and go.google

2 February 2009

All the above are nightmare viruses/Trojans/spyware that can take hours and hours to cleanup.

I have a client that managed to get infected by all three in one go while trying to install what I suspect was a fake Google Earth.

The result was that all anti spyware was disabled, connectivity to the Internet was affected, all search results in Google were altered, regedit was disabled and view folder options went missing.

Other possible symptoms:
* Often see “Blue Screen of Death” after restart
* Changes the desktop background
* IE and Firefox slows down after getting infected by go.google
* Infects e-mail attachments, messenger, spyware scanners etc.

Basically, TDSSserv.sys is a service redirecting all software updates to 127.0.0.1 (your own computer) so that won’t update

To prove that you are infected with TDSS, run Rootkit Revealer and  click “Scan”. If it shows any entry with TDSS then you are infected.

What a nightmare!

Here is an amazing quick fix to the problem:

First of, run SDfix  in safe mode which you can download from here or here. For more instructions on using SD fix, see here

Once SDFix has completed its two rounds of cleanup, restart the computer
Then in regular Windows mode
Right click on “My Computer”, then “Properties” and find “Device Manager” (in XP this will be under “Hardware, in Vista it will just be on the left hand side)

In Device Manager, click “View” and then “Show Hidden Devices”
Scroll down to “Non-plug and Play Drivers” and click the plus sign to expand the folder
Look for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: do not select “Uninstall” as it will re-install after reboot
Restart your pc

You can now update your Antivirus/Spyware software and run full scans to cleanup to mess

Recommended scans:
Malwarebytes Anti-Malware
Spybot Search & Destroy
SuperAntiSpyware
CCleaner – use this to clean all temp files and orphan registry entries

Then scan for viruses using AVG or AntiVir

Finally SpywareBlaster – use this to create a system snapshot when clean

Note: You may need to re-enable regedit and bring back Folder options
You may also want to delete all “TDSS” entries in the registry and might need to ensure permissions are set correctly to delete them

Tools, Folder options is disabled

2 February 2009

The problem:
In Windows Explorer, clicking on “tools” you should see “folder options” as the fourth option. Sometimes this is missing.

The Cause:
Often this is virus or spyware related to prevent you from viewing hidden files on the computer.

The Solution:
Click “Start”, then “Run” and then “regedit”
Click through to:

HKEY_CURRENT_USER,
SOFTWARE ,
MICROSOFT ,
WINDOWS ,
CURRENT VERSION ,
POLICIES,
EXPLORER
Then delete every entry listed starting from the bottom entry.

Note: If you cannot get into the registry, see here for a solution

Regedit is disabled

2 February 2009

The problem:
Regedit is disabled preventing access to the windows registry (applies to Windows XP and Vista).

You see an error like “Regedit is disabled by the administrator”

The Cause:
Some nasty viruses and spyware disable access to the registry to make virus removal more difficult.

The Solution:
With a big thanks to Doug Knox.
http://www.dougknox.com/security/scripts_desc/regtools.htm

This little utility will re-enable regedit.

regtools.vbs – Disable/Enable Registry Editing tools in Windows
© Doug Knox – rev 01/10/2000 This code may be freely distributed/modified.
Usage: Download regtools.vbs Save the file to the folder of your choice. Double click the VBS file.

Unable to delete entry in registry

2 February 2009

The problem:
you want to delete an entry from the registry using “regedit” but are unable to.
Pressing delete kept showing me an error message “cannot delete xxxxx: Error while deleting key”

The Cause:
It is possible to restrict user rights to certain keys in the registry.

The solution:
Ensure you have administrative rights.

If you right click on any entry in the windows registry (on the left hand side), you get a menu. Simply click the “permissions” option and you can edit the security settings for the key. Simply click the options for “full control” and then apply. If there is no user listed, you may need to search the name of the user first.

Antivirus Pro 2009 and spyware

16 November 2008

If you have ever heard of Anti Virus Pro 2009, then I would expect it may be associated with an annoying experience.

The name of this software is completely misleading – this is in fact “malware” or “spyware” which tried to trick you into spending money to fix a problem that it created!

I think this practice is completely immoral, but sadly it generates a huge income for those involved.

Trying to find some kind of analogy, it is like a car mechanic who throws nails all over the road in the hope that you will ask him to replace or fix a tyre.

Anti virus pro 2009 puts an annoying icon near the time on the bottom right hand side popping up with messages telling you that you computer is infected.

Please do not panic if you see this – it should not destroy your computer!

Googling “anti virus 2009” comes up with all sorts of solutions, including manual removal and other products you can buy to remove it!

My suggestions are as follows:

1. (a) First try a system restore and take the system back to before the problem started.
note: your data will be safe perfoming this procedure.

(b) In XP or Vista, just click “Start”, “All programs”, “Accessories”, “System tools” and then “System restore”

(c) Select a date to restore from the calendar that appears.
Give the computer some time to restart and implement the restore (anything from 10-15 mins).

If the problem is still there, it seems that you computer is heavily infected, in which case try the following procedures – which are good to do even in general to keep you computer clean:

2. (a) download and install cc cleaner – run a full cleanup
Link to download in on the Top right hand side
a full scan and cleanup can take 10 – 30 mins
note – you may not want to delete cookies if you have important website data stored

(b) download, install and update spybot search and destroy
Link to download in on the Top right hand side
Run a full scan and clean everything it find (can take 10-30 mins to scan)
The system may require a restart

(c) download, install and update super anti spyware
Link to download in on the Top right hand side
Run a complete scan (not just the quick one) and clean everything it finds (can take upto an hour)
The system may require a restart

(d) if you do not have a reliable anti virus installed, then download AVG
Link to download in on the Top right hand side
Install this, update it and run a full scan (can take upto 3 hours)

(e) Finally, head to C:program files and delete “Antivirus pro 2009” (use Shift+Delete so that it does not go to the recycle bin).
If this does not work, you may need to use control+alt+delete to go to task manager and end tasks for any of these listed below:

av2009.exe
Antivirus2009.exe
AV2009Install.exe
av2009[1].exe
AV2009Install_880405[1].exe
AV2009Install_880405[2].exe
c:Program FilesAntivirus 2009av2009.exe
c:WINDOWSsystem32ieupdates.exe
Power-Antivirus-2009.exe
AV2009Install[1].exe
ieexplorer32.exe
%PROGRAMFILES%Antivirus 2009av2009.exe
AntivirusPro2009.exe

If this still doesn’t work, try to delete the folder in safe mode (press F8 during system start-up).

Once the folder is deleted, run cc cleaner again, but this time run a registry cleanup.

Hopefully that should do it!