Core Data Recovery

Archive for January, 2009

So, you’ve blown up you qwest modem.

Never fear, We can get you up and running.

If you can find it, you should retrieve your inital letter, called the welcome letter from qwest.

This comes when you signed up for your dsl service.

Can’t find it?, Ok

You need to find a bill from qwest (Last month’s is perfect)

Call this number – Qwest DSL Support – 1-888-777-9569,  Option 1

You need your DSL NUMBER and your last 4 digits from your account number (On your last bill)

With the computer plugged into the network physically, open the modem in internet explorer

http://192.168.0.1

User is admin

Password is admin

Click the connect button, Enter the username and password provided to you by qwest for your account to get you up and running again.

You should setup your wireless if you wish to have wireless.

You should also change your router password from the default.

If that doesn’t get you up and running, give me a call.

Chuck House

(520) 861-1673

I’ve reviewed a 4 TB External RAID (Redundant Array Of Independent Disks)

For backup purposes, Or high speed storage these rock.

These Raid array boxes come complete with (4) 1 TB Western digital 7200 rpm drives.

They can be configured with striped mode (4TB high speed with up to 3Gbps transfer) great for high speed backup or video editing.

Or they can be setup with raid 0 + 1, Striped and mirrored (for High speed & mirrored operation (2 TB size))

Below are the specs, I’ve ordered one in for myself, if anyone out there needs one of these, just call

520-861-1673
Specs:
4TB Quad Bay RAID SATA to USB & eSATA

RAID 0+1, 0, JBOD RAID Subsystem

USB 2.0 (480mbps)/eSATA (3.0Gbps)

Windows ME/2000/XP/Vista, Mac OSX

Package Information:

• 4TB eSATA & USB Quad Bay External RAID Subsystem x 1
• eSATA Cable x 1
• USB 2.0 Cable x 1
• Power Cord x 1
• Manual x 1
• 3 Year Warranty

From the same type of spyware as before (Antivirus 2008, Antivirus 2009) this bug announces to you it has found your system to be full of bugs and errors. (relax, if you’ve got this bug you’re not infected with viruses and Trojans)

It’s goal is to get you to buy antivirus 2010 for $49.99 and it’s a scummy tactic to infect your computer with malware to try to sell you anything.

How did I get infected with this?

Most likely you were browsing the web and clicked on a free scan, or a warning saying you were infected with some bug. then the installer installs this malware on your unit making it a pain in the *SS to use your system.

How do I get Rid of this bug?

Here are the associated files and at the bottom is a link to malware bytes removal tool,

It is shareware but will allow you to remove the infection for free.

If you find yourself the victim of these bugs on a regular basis, I recommend purchasing a license for malware bytes. (I did just because I wanted to support their software development.)

Associated Antivirus 2010 Files:

c:\Program Files\AV2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk

Associated Antivirus 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”

Malware bytes anti-malware tool is effective as a removal method.

Instructions can be Found at http://www.bleepingcomputer.com/malware-removal/remove-antivirus-2010

APPENDED:

If you cannot download the latest version, or get this program to install,

Click HERE for a locally hosted version.

I’ve renamed the installer to keep this bug from preventing it’s execution.

Once installed, open my computer, C:, Program files,Malware Bytes.

Right click mbam.exe and copy

Right click and paste.

You will see a new file called copy of mbam.exe appear,

Execute this version as it will run where the other version has been blocked by antivirus 2009.

 

In addition:

Please download gmer here (renamed to cmer.exe) and excecute it to be certain you are not infected with a rootkit. If you find yourself infected, please call me immediately.

 

Thank you.

520-861-1673

Chuck House