SEARCH :

Custom Search

Wednesday, November 24, 2010

Win32.Elkern A/B/C - Download Remover

Download the following three files ( rmelkern.exe, rmvirus32.nt, rmvirus.dos) and run the rmelkern.exe file.

You can also specify the disks (or partitions) to heal as a command parameters, e.g. : "rmelkern C: D: ". If the command is used without parameters, it heals all disks (partitions) on computer.


Successful running of the removerrequires administrator rights. For proper functionality of the remover it is necessary to save the rmvirus32.nt and rmvirus.dos into the same folder as rmelkern.exe. After the healing process please run the rmelkern.exe again to make sure your computer is virus-free.

Download the following three files here:

rmelkern.exe

rmvirus32.nt

rmvirus.dos

Worm.Lovsan

When the timeout message appears that you will be disconnected in some time period, please click on START button -> RUN and type this command here:
SHUTDOWN -a
and click OK then. The timeout will be stopped then and you will be able to download and install the security patch to your operating system.

  • You have to download and install the security patch to your operating system first (it repairs a bug in the DCOM RPC). You can find it on Microsoft internet pages.
  • Run the registry editor (START -> RUN -> type REGEDIT and click on OK button) and find this registry key:
  • Please right click on the name "windows auto update" and choose REMOVE/DELETE.
  • After this please reboot your computer to the "Save mode with command prompt" and type here these commands:
    CD WINDOWS (enter)
    CD SYSTEM32 (enter)
    DEL MSBLAST.EXE (enter)
  • Then run your antivirus likes AVG, MSE, or Avira to complete remove virus and check virus.

I-Worm/Bugbear.C - Removal Tool

Download the remover rmbugbear.exe and run it on infected computer. Then restart your PC normally and run the rmbugbear.exe.

If the infected computer is connected to LAN, it is neccessary to disconnect this computer from LAN before removing the virus and re-establish the connection in the moment when ALL computers in LAN are cleaned.

Exceptions:
If you are using Windows ME or Windows XP operating systems, there might be a problem in removing infected files from the _Restore folder (Windows ME) or System Volume Information folder (Windows XP). For the correct removal of these infected files, it is necessary to disable the system restore function.


download removal tools here:

remover rmbugbear.exe

Vcleaner (Virus Cleaner)

Download the remover (Vcleaner) vcleaner.exe. Restart your computer in Safe mode and run the remover on the infected computer. Vcleaner removal utility will detect and remove following viruses:
  • I-Worm/Stration
  • Worm/Generic.FX
  • Agent.A-AN
  • BackDoor.Agent.A-Z, AA-BG
  • Downloader.Agent.AS
  • I-Worm/Atak.A-I
  • Bagle.DA-IU
  • I-Worm/Bagle.A-Z, AA-JD
  • I-Worm/Bugbear.D
  • I-Worm/Mytob.A-GC
  • I-Worm/Netsky.A-Z, AA-AD
  • I-Worm/Sasser.A-F
  • I-Worm/Zafi.A-E
  • PSW.Bispy.A-E
  • Win32/Gaelicum
  • Win32/Hidrag

Note: Some viruses can stop the action during the removal process. In this case rename the vcleaner.exe to some different exe file (e.g. something.exe). Restart your computer in Safe mode (recommended) and run the remover on the infected computer.


download vcleaner here:

Vcleaner.exe

SVX Backdoor (LOP.AH/Backdoor.Generic3.SVX) - Trojan Remover

Download two files (rmbg3svx.exe and rmbg3svx.nt) and run the rmbg3svx.exe file (Trojan Removal Tool). Then restart your PC normally and run rmbg3svx.exe.


Successful running of the trojan horse remover requires administrator rights. For proper functionality of this free removal tool it is necessary to save the rmbg3svx.nt into the same folder as rmbg3svx.exe.


download the following two files :

rmbg3svx.exe

rmbg3svx.nt

Thursday, October 28, 2010

Virus:W32/Alman.A

Name : Virus:W32/Alman.A
Detection names : Virus.Win32.Alman.a
Category : Malware
Type : Virus
Type : Net-Worm
Platform : W32


Details

Registry Modifications :
Creates these keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RioDrvs
DisplayName = "RioDrvs Usb Driver"
ImagePath = "system32\Drivers\RioDrvs.sys"

Virus:W32/Alman.A infects all executable files in the system. The virus propagates over a network. It also has rootkit capabilities and is capable of contacting a remote server to forward information about the infected system.

A later variant of this virus, Virus:W32/Alman.B is also in the wild.

Variants of this family may be detected by the Generic Detection, Virus:W32/Alman.gen!A.


Infection


Alman.A infects all .EXE files in the affected system. It appends its code to the target file and sets this as an additional code section. It searches for files to infect in all fixed, shared, and removable drives.

It skips infecting files located in the following directories:

Local Settings\Temp
Windows
WinNT

Execution

Upon execution, this network-propagating virus drops the following files:

[Windows Directory]\linkinfo.dll - infector component
[Windows System Directory]\drivers\DKIS6.sys - rootkit component
[Windows System Directory]\drivers\RioDrvs.sys - rootkit component

The dropped file RioDrvs.sys is registered as a service. The file linkinfo.dll is injected into explorer.exe and is hidden by the rootkit components.

This virus terminates processes with names that match the following strings:
c0nime.exe,cmdbcs.exe, ctmontv.exe,explorer.exe,fuckjacks.exe, iexpl0re.exe,iexplore.exe,internat.exe,logo_1.exe,logo1_.exe, lsass.exe,lying.exe,msdccrt.exe,msvce32.exe,ncscv32.exe,nvscv32.exe, realschd.exe,rpcs.exe,run1132.exe,rundl132.exe,smss.exe,spo0lsv.exe, spoclsv.exe,ssopure.exe,svch0st.exe,svhost32.exe,sxs.exe,sysbmw.exe, sysload3.exe,tempicon.exe,upxdnd.exe,wdfmgr32.exe, wsvbs.exe.

However, the path of the files associated with the above mentioned processes should not contain the following strings:

\com\
\program files\
\system\
\windows\
\winnt\

Once the process is terminated, the corresponding file is also deleted.

You Can Download Win32/Alman here : (Download the following two files)
Alman Removal.exe
Alman Removal.nt

You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmalman C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

Note:
Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmalman.nt into the same folder as rmalman.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

Win32.Tanatos

Win32.Tanatos.M, also detected as Tanatos.M is a harmful worm threat that infects Windows operating system. Generally, Win32.Tanatos.M is installed after clicking on annoying adsin spam e-mail or via pornographic related sites and P2P downloads. After infecting the
computer Tanatos worm will use exploit to disable security and drop harmful Dll and Exe
files into Windows system. The Win32.Tanatos.M worm is a critical security risk!

Aliases / Asociated Infections:
Win32/Tanatos, Win32.Tanatos.k, Win32.Tanatos.l, Win32.Tanatos.b.dam, Win32.Tanatos.b, W32/Bugbear.gen@MM, W32/Bugbear-B, Win32.Tanatos.p, Trojan.PWS.Hooker, I-Worm/Bugbear.G, Win32.HLLM.Bugbear.2, Win32.BugBear.1.Gen@mm, Win32.Tanatos.c,W32.Bugbear@mm, Worm/BugBear.B.dll, Win32.Tanatos.r

Symptoms of Win32.Tanatos.M worm threat:

* Abnormal Tanatos.M malware files running in system task manager, endless tower speaker beep sounds
* Corrupt system files, registry keys and dlls files causing "Blue Screen Of Death"
* Desktop screen saver and background picture hijacked by irritating messages
* Pc flooded with irritating adult related pop-ups, inactivated pop up blocker tool
* Redirected search engine results and Web browser home page
* Especially difficult to delete Tanatos.M manually, repair and reactivate its files after manual erasure
* Decreased Internet bandwidth, sluggish connection and surfing speed

Behaviors of Win32.Tanatos.M:

* Tanatos.M infects Windows system through security holes via e-mail attachments, messenger and freeware programs
* Tracks system activity and registry settings, tracks surfing activity to generate equivalent popup advertisements
* Infects system in stealth mode to bypass antivirus and firewall programs and sends private financial records to outlying hackers

You can Download Tanatos Removal :
Tanatos Removal

This virus removal tool helps you with Win32/Tanatos infection - A, H, I, M variants

If the infected computer is connected to LAN, disconnect it and re-connect only after all other computers have been checked and cleaned.

Download Tanatos Removal.

  • Then run the tool for removal of infected files. The tool will automatically scan all available discs and will try to heal the infected files. If an active virus is found in memory, the tool will ask the user to reboot the computer. Healing will be performed during operating system boot-up sequence, so any active virus cannot interfere with the healing process.

  • Update you AVG if you have after restart and run a complete test.

Wednesday, October 27, 2010

Win32.Virut.ce

Virus.Win32.Virut.ce can also block access to security websites by modifying the Windows Hosts file and will inject a malicious iframe on web files such as .HTM, .PHP or .ASP. Virus. Win32.Virut.ce tend to communicate with a server outside the user's computer.

This step-by-step guide can help you completely removeVirus.Win32.Virut.ce.

Step 1: End the relative process toVirus. Win32.Virut.ce with Windows Task Manager.

1 Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC.

2 Click Start button and then go to Run. Type in taskmgr in the open box and press OK.

3 Right-click on the blank area of the Task Bar and then select Windows Task Manager.

Step 2: Download and install the latest version of Malwarebytes' Anti-Malware to your desktop and update it.

Step 3: Open the main interface of Malwarebytes' Anti-Malware and make sure the the Perform full scan option is selected. Then press Scan button .



















Step 4: After the scanning process you will be presented with a dialogue box like below:










Click Yes to go on scanning.

Step 5: After the scan, you should be promoted by a dialogue box saying: The scan completed successfully, click Show Results to display all objects found. Click Yes to proceed.

Step 6: Click Show Results to export the scanning results. Then click Remove Selected to get rid of Virus.Win32.Virut.ce.

Step 7: The scanning results should be displayed in a notepad. Close and then the log will be saved to the logs folder.

Step 8: Then you will be prompted to restart your computer to completely remove Virus.Win32.Virut.ce. Click Yes to allow the reboot.

Step 9: After the reboot, scan again with Malwarebytes' Anti-Malware, after that reboot again to make sure your system clean.

Trojan W32/Virut.CE

Virus.Win32.Virut.ce

Type: Trojan

The infected system will be Very slow, and infected computer Shuts down after a couple of minutes when user logged in with a dialog box showing an Red X mark and countdown timer. This Trojan infects or copies its files to *.dll and *.exe windows\system32 folder and to C, D drives.

Some Known files names for Virus. Win32.Virut.ce are perrdlm.exe, klpllsm.exe and more

This trojan makes Startup Registry entries at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
“cdmmslpo”=”C:\\WINDOWS\\system32\\klpllsm.exe”
“qaswww”=”C:\\WINDOWS\\system32\\perrdlm.exe”
“shccde”=”C:\\WINDOWS\\system32\\ipismd.exe”


If you delete these files and entries, it will restore again after a system restart, Since virus infected on other files. So it is very hard to remove this trojan manually. So here we can use this removal.

you can Download the following two files removal tools :
rmvirut.exe
rmvirut.nt

run the rmvirut.exe file.


Note:
You can also specify the disks (or partitions) to heal as a command parameters.
e.g.: “rmvirut C: D:”. If the command is used without parameters, it heals all disks (partitions) on computer.

For example you want to scan a folder in d drive, folder name is tools
d:\rmvirut.exe D:\tools
this command is executed from
Start – Run, In the run Command Menu box type Full path including rmvirut.exe with path of folder or drive to scan.
type Command, Press Ok to run ( In vista Confirm Allow to continue)

For Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmvirut.nt into the same folder as rmvirut.exe.

Tuesday, October 12, 2010

How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah Win32/Sality.q

a lot of people visiting us to find about Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah
so we now put a way for how to remove and clean the infected PC from Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah just follow these steps :

1- If you have an anti virus that detected the infected files don’t delete any of infected file because if you did the system will be broken. so you must use an anti virus to clean virus not for delete virus with that files.


2- Go to any clean PC and download an anti virus to clean virus from files. you can use anti virus likes miscrosoft security essentials, kapersky tools, etc...


3- When you finish the download an anti virus put the exe file of anti virus in a compressed file zip file recommended (we put it in compressed file to protect the exe file from getting infected ).


4- Now go back to the infected PC and reboot with the safe mode some viruses disable the safe mode you can download a registry file from ( here ) to fix the safe mode problem.


5- start and scan your computer and clean all virus.


you can download Microsoft Security Essentials:


Microsoft Security Essentials for XP


Microsoft Security Essentials for Vista - 64bit


Microsoft Security Essentials for Vista


you can download Kapersky Removal Tools :


Kapersky removal tools


Monday, September 27, 2010

Win32/Conflicker.C

Type: Worm
Category : Win32

Win32/Conficker.C is a worm capable of blocking security related websites, terminating system security services and
downloading component files using time-based generated URLs.

When executed, Win32/Conficker.C drops a copy of itself using a random filename in the %System% directory. It may also
drop copies of itself in the following directories:

%Program Files%\Windows Media Player
%Program Files%\Internet Explorer
%Program Files%\Movie Maker

For these and other dropped files, Win32/Conficker.C:

* Sets Read Only, Hidden and System file attributes
* Generates a file creation/access time-stamp based on that of "kernel32.dll"
* Creates access control entries
* Exclusively locks the file, thus restricting access and privileges

Note: %System% and %Program Files% are variable locations. The malware determines the locations of these folders by
querying the operating system. The default installation location for the System directory for XP and Vista
is C:\Windows\System32. A typical location for the Program Files folder would be C:\Program Files.

In order to automatically execute at each startup, it adds the registry entry below:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
= "rundll32.exe , "

Conficker also registers a service with a random name created by combining a word from this list:
"App,Audio,DM,ER,Event,help,Ias,Ir,Lanman,Net,Ntms,Ras,Remote,Sec,SR,Tapi,Trk,W32,win,Wmdm,Wmi,wsc,wuau,xml"

for this worm you can use "Microsoft Security Essentials", Microsoft Security Essentials can remove this worm.
Microsoft Security Essentials is not make you computer working hard. you will be receive update from Microsoft
Security Essentials server if Microsoft Security Essentials send notifications for new update.

you can download this Microsoft Security Essentials in this link :

download here for XP!!

download here for vista!!

download here for vista 64-bit!!