Core Data Recovery

Archive for the ‘Virus & Malware Removal’ Category

So, you’ve been infected with malware and can’t hardly use your computer?

I recommend Malwarebytes if you can use it and the malware will allow you to run the program, but what if you cannot?

Download combofix from Bleeping computer and put it on a flash drive, log out and login as administrator if you can and run combofix from the flash drive. There’s tons of good malware advice on the bleepingcomputer.com webite.

Again, here’s the link for combofix.

Scroll down and click on the bleepingcomputer in blue to download the fix.

This can take some time but the results are well worth the effort and may restore your computer from the malware infection.

Question:

I just ghosted my vista laptop 120 Gigabyte hard disk over to a brand new 640 Gigabyte SATA drive and the laptop just reboots and never shows the vista boot screeen?

Answer:

If you boot the vista boot disk up and fix the boot with advanced options, I it will repair the boot sector and allow Vista to load. Alternatively, you can boot the windows XP cd to command prompt only and run fixboot.

Running fixboot from a windows XP cd will also wipe any boot virus out, if you ever get one that erases your boot sector, or just infects it.

For all you people who have just been browsing and suddenly find your computer infected with junk!
here’s why.

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218500140

Go here and PLEASE select the fix it and apply it to your computers. the fix it turns off the part of active x that is vulnerable.

Here’s a link to the Conflicker Eye Chart, If some of the images fail to load, you may be infected.

http://www.baylor.edu/its/security/conficker/

From the same type of spyware as before (Antivirus 2008, Antivirus 2009) this bug announces to you it has found your system to be full of bugs and errors. (relax, if you’ve got this bug you’re not infected with viruses and Trojans)

It’s goal is to get you to buy antivirus 2010 for $49.99 and it’s a scummy tactic to infect your computer with malware to try to sell you anything.

How did I get infected with this?

Most likely you were browsing the web and clicked on a free scan, or a warning saying you were infected with some bug. then the installer installs this malware on your unit making it a pain in the *SS to use your system.

How do I get Rid of this bug?

Here are the associated files and at the bottom is a link to malware bytes removal tool,

It is shareware but will allow you to remove the infection for free.

If you find yourself the victim of these bugs on a regular basis, I recommend purchasing a license for malware bytes. (I did just because I wanted to support their software development.)

Associated Antivirus 2010 Files:

c:\Program Files\AV2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk

Associated Antivirus 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”

Malware bytes anti-malware tool is effective as a removal method.

Instructions can be Found at http://www.bleepingcomputer.com/malware-removal/remove-antivirus-2010

APPENDED:

If you cannot download the latest version, or get this program to install,

Click HERE for a locally hosted version.

I’ve renamed the installer to keep this bug from preventing it’s execution.

Once installed, open my computer, C:, Program files,Malware Bytes.

Right click mbam.exe and copy

Right click and paste.

You will see a new file called copy of mbam.exe appear,

Execute this version as it will run where the other version has been blocked by antivirus 2009.

 

In addition:

Please download gmer here (renamed to cmer.exe) and excecute it to be certain you are not infected with a rootkit. If you find yourself infected, please call me immediately.

 

Thank you.

520-861-1673

Chuck House

Bit Defender is my anti-virus of choice. I Highly recommend this product and have for over 3 years.

Tested against my virus collection this one scored a 100%.

This product uses the least processing power to perform it’s tasks than any of the other products I reviewed.

I have this product installed on 4 computers personally.

I found this software easy to install and use. The interface was clean and worked well.
Tested against my array of viruses, It scored a 99% Effective rating and used less overhead than Norton 360.

Key Technologies

* Protects from viruses, Trojans, worms, spyware, adware
* Scans files, email, and internet traffic
* Protects Instant Messengers
* Protects From Unknown Threats
* Analyzes and closes Internet Explorer vulnerabilities
* Disables links to malware sites / phishing sites
* Global Threat Monitoring (Kaspersky Security Network)
* Blocks all types of keyloggers
* Automatic Database Updates
* Free Technical Support

If you would like to purchase this software and save money, here’s a link.

Save 33% when you purchase 3 year single and multi-user licenses of Kaspersky Internet Security 9.0.

Think you have a hacker?

Free software download for finding & removing Rootkits,

http://www.majorgeeks.com/GMER_d5198.html

GMER is an application that detects rootkits .

hidden processes
hidden services
hidden files
hidden registry keys
hidden drivers
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls

GMER also allows to monitor the following system functions:

processes creating
drivers loading
libraries loading
file functions
registry entries
TCP/IP connections
GMER runs on Windows NT/W2K/XP

Many people ask for help with virus removal when they can not remove the virus because it reinfects as fast as they remove them.

Bit Defender has a bootable rescue cd that you can download and burn with your cd writer sofware.

It is a standard .ISO format.

Boot the cd rom on the infected computer If it’s a dell turn on the pc and press F11 to go to the boot menu and insert the cd rom and choose “Boot from Atapi CD-ROM)

I recommend leaving your computer plugged into the internet for the bitdefender rescue CD to update it’s Virus definitions to get the best results.

(Yes it’s very cool that it boots linux and downloads updates, scans and cleans your computer of viruses)

If you cannot clean an infected file, you may have to delete the file to remove the infection(s).

Again, This is free advice, Use this information in this posting at your own risk. Please don’t blame me if you blow your computer trying to fix your problem.

If this advice helps you remove your virus, please support the good guys like me by clicking the link on your left for bitdefender anti-virus 2009 and purchase a 3 license pack for your family. (Works out to be about $10.00 per computer license.

Not only is this a great value, but it’s also a great anti-virus that will help keep your computer safe.

As always, you can hire me to resolve your virus problem 520-861-1673 as I now offer remote support as well as onsite services.

I write this mainly because the Antivirus 2009 is a malware infection that is particularly difficult to remove.

You can’t just uninstall it easily even though there is an uninstaller on the add remove window, it doesn’t work.

Antivirus 2009 claims to find all kinds of trojans and problems when run and then offers to fix them if you buy the full version. Here’s what it looks like when it is run.

What’s insidious is that this program claims you are infested with all sorts of bad things even if none of them are actually present on your system. What’s for certain is that you should NEVER buy this product, it’s computer extortion.
If you have purchased this antivirus 2009 software to get rid of this stupid thing, call and cancel the charges with your credit card company.

Free tools and advice.

Hijack This is a useful utility for identifying malware and other things that go bump in the night.

Hijack This may have the following registry entries

O2 – BHO: &Research – {037C7B8A-151A-49E6-BAED-CC05FCB50328} – C:\WINDOWS\system32\winsrc.dll
O4 – HKCU\..\Run: [75319611769193918898704537500611] C:\Program Files\Antivirus 2009\av2009.exe
O4 – HKCU\..\Run: [ieupdate] “C:\WINDOWS\system32\ieupdates.exe”

I recommend this method as it is easiest and works well.

Feel free to print out this page before you download and perform the uninstall.

1. Download Malware-Bytes malware removal software by clicking on the words in this sentence. Save it to your desktop.
2. Close all of your windows down that you can and doubleclick the malware-bytes exe on your desktop.
3. take all the default settings and click finish.
4. Malware-Bytes will automatically start and ask to update, do so.
5. quick scan should be defaulted, click SCAN.
6. when the scan is finished, click show results button in the lower right.
7. Click remove selected button.
8. Your computer should now be freed from the grips of Antivirus 2009

Malware-Bytes is considered one of the next generation of anit-malware technology.

If you like their software, please consider purchasing the full version to defend your computer at the link below:

http://www.malwarebytes.org/mbam.php

For what this is worth, use these instructions at your own risk, don’t blame me if your computer self destructs while it is infected with bugs.

 

APPENDED:

If you cannot download the latest version, or get this program to install,

Click HERE for a locally hosted version.

I’ve renamed the installer to keep this bug from preventing it’s execution.

Once installed, open my computer, C:, Program files,Malware Bytes.

Right click mbam.exe and copy

Right click and paste.

You will see a new file called copy of mbam.exe appear,

Execute this version as it will run where the other version has been blocked by antivirus 2009.

 

In addition:

Please download gmer here (renamed to cmer.exe) and excecute it to be certain you are not infected with a rootkit. If you find yourself infected, please call me immediately.

 

Thank you.

520-861-1673

Chuck House