Category: virus removal

COMPUTER VIRUS – DETECTION AND REMOVAL TIPS

Computer virus is nothing but a software program that has the ability to reproduce itself and affect the application program in the system. This spreads from one system to another through network files or through memory devices like floppy disks, pen drives and DVD discs. Most of systems are attacked by the types of virus like Trojan horse and other computer worms. These programs are unnecessary and should be detected and removed so that it does not crash the whole hard disk memory. These virus programs can break the security maintained and spreads easily. The virus programs targets the application program and executes their source code when user tries to run the infected application. Thus the virus program takes the full control of the application program.

 

There are many anti virus programs that can be used to detect the virus programs residing in system. But virus programs uses various methods to hide itself from being detected by the anti virus software. Some virus programs interrupts the request of the anti virus request and diverts to itself instead of OS. Some virus programs make use of encrypted codes to hide itself from the view of anti virus software. If the virus programs are left undetected it affects the operating system files which result in failure of booting process. This is the worst effect produced by the virus program. This makes computer trouble shooting as a difficult task to be carried out.

 

There is much software available for virus removal and also malware removal. System restore is one of the options that are available in windows OS and this option can be used for removing the virus program. Some virus programs can be removed by reinstalling the operating system which is the trivial solution for the virus affected systems. There also anti virus software like MacAfee, Avira anti virus etc that can be used to safe guard systems. In order to make the best use of these anti virus programs it is necessary to download these from a clean computer. It is also mandatory to remove the internet connection of the affected system. Thus by following these computer tips one can safeguard and if affected can take the best action against the virus.   

 

Recover your Gmail and Orkut accounts from Bom Sabado attack

orkut Exploiting cross-site scripting flaw on Orkut, “Bom Sabado” worm is spreading like a plague on Orkut. Bom Sabado means ““Good Saturday” in Portuguese. It sends “Bom Sabado ” scraps to your friends and automatically joins your profile on some adult communities. It’s a cookie stealing script in action.

Am I infected?

If you have seen “ Bom Sabado! “ scrap on orkut, on your scrapbook or your friends scrapbook, or seen this scrap on Gmail’s web interface, you are infected.

Don’t panic !

What should you do?

  • Clear your cookies and cache.
  • Change your Google account password immediately by visiting the following link and don’t login to Orkut till Google engineers fix this issue.

https://www.google.com/accounts/EditPasswd?hl=en

 

changepasswd

 

  • Change the security question too

securityqn

  • Keep your Mobile phone no. updated for getting password reset code.
  • Don’t try to open Orkut or messages from Orkut by e-mail. (SMTP & POP users may view the message in plain text)
  • Stop visiting the scrapbooks of others till they fix this issue.
      How can you help to avoid its spreading?

     

    • Login to mobile version of Orkut http://m.orkut.com from Opera Mobile and delete all “ Bom Sabado! “ scraps

    Alternatively,

    Pass this information to your friends. Stay tuned for further updates.

     

    UPDATE from Google:

     

    Hi all,

    This is to inform you all that we've contained the "Bom Sabado" virus and have identified the bug that allowed this and have fixed it.

    We're currently working on restoring the affected profiles.

    Thanks a ton to each of you who's made an effort to alert everyone else about this.

    Thayet Myo Hacking Day!” virus/trojan, then \system32\hal.dll missing

    “Thayet Myo Hacking Day!” virus/trojan, then <Windows root>\system32\hal.dll missing? Or how to remove Hacking day virus?

    This is very common virus these days. It corrupt the dll file too.when you login to your  computer,you will find that there are two strange boxes flying around my desktop, entitled “Thayet Myo Hacking Day!”. You wont be able to open up task manager, and caps lock keeps going on and off, by itself.
    You may remove this virus manually by the following method.
    Start the system in SAFE mood.
    how to remove Hacking day virus?
    Delete the explorer.exe files in C:\RECYCLER, c:\Windows\Backup and C:\.

    Open the Regedit and delete explorer.exe in hkey_local_machine/software/microsoft/windows/current version/run (or) hkey_current_user/software/microsoft/windows/current version/run.

    You also need to uninstall the programs if the shortcut to that programs appear as archive icon.

    But even after doing this it will give you error on rebooting the pc.
    It will show the error message as
    Windows could not start because the following file is missing or corrupt:
    <Windows root>\system32\hal.dll
    Please re-install a copy of the above file.
    SO you may need to repair the corrupt dll file
    The hal.dll file is a hidden file that is used by Windows XP to communicate with your computer’s hardware.
    To repair the dll file:
    Follow these easy steps to restore the damaged/corrupted or missing hal.dll file from the Windows XP CD using the Recover Console
    How:
    Here’s How:

    1.      Enter Windows XP Recovery Console.
    2.      When you reach the command prompt (detailed in Step 6 in the link above), type the following and then press Enter:

    expand d:\i386\hal.dl_ c:\windows\system32\hal.dll

    Using the expand command as shown above, d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\windows represents the drive and folder that Windows XP is currently installed on. Again, this is most often the case but your system could be different.
    3.      If you’re prompted to overwrite the file, press Y.
    4.      Take out the Windows XP CD, type exit and then press Enter to restart your PC.

    If the above diesnt work for you then try our ALL TIME WORKING method 🙂

    Now you pc should work fine. Thanks for reading this post. Feel free to comment.Thank you

    Free Tools For Spyware Removal

    There are lot of PC users who know only little about “Spyware”, “Malware”, “hijackers”, “Dialers” & many more. This article will help you avoid pop-ups, spammers and all those baddies.

    What is spy-ware?
    Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.The term spyware suggests software that secretly monitors the user’s behavior.Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited etc.

    How to check if a program has spyware?
    It is this little site that keeps a database of programs that are known to install spyware.

    Check Out: SpywareGuide

    How To Block Pop-Ups?
    If you would like to block pop-ups (IE Pop-ups) there are tons of different tools out there, but these are the two best, I think.

    Try: Google Toolbar – This tool is a Freeware.
    Try: AdMuncher – This tool is a Shareware.

    How To Remove Spywares?
    If you want to remove spwares then you may try the following tools/programs

    Try: Lavasoft Ad-Aware – This tool is a freeware.
    Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

    Try: Spybot-S&D – This tool is a freeware.
    Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

    Try: Spy Sweeper – This tool is a shareware.
    Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.

    Try: BPS Spyware and Adware Remover – This tool is a shareware.
    Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you’d like to remove.

    How To Prevent Spyware?
    To prevent spyware attack you can try the following tools.

    Try: SpywareBlaster – This tool is a freeware.
    Info: SpywareBlaster doesn’t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

    Try: XP-AntiSpy – This tool is a freeware.
    Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people

    Drive not opening on double click?? autorun.inf virus

    Many time many of us have faced this problem that on double clicking the drives they don’t open instead it will ask to “open with” ..

    what the hell.. how can u open your drives with some other soft??

    its happening because your system is affected with some virus which has created autorun.inf file in your drives.

    try to find the root cause of it.. some copy.exe virus or some stupid virus has caused it and is still active.

    so open the task manager and see the process tab and try to identify the unknown process and click on end task after selecting it

    process explorer from microsoft might help u if you are not good in these stuffs.. you may download it after googling for link

    after killing the process delete its entry from startup too..[registry startup also]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    then our task is to remove the autorun.inf file

    click on start>run>then type cmd and press enter

    type the following commands

    cd\

    attrib -s -h -r autorun.inf

    del autorun.inf

    repeat these commands for each drive you have

    for changing drives in cmd you may type

    like for d:

    just type

    d: and press enter

    simple 🙂

    removing virus manually

    Virus Problems..

    common symptoms..
    1.folder options will not be visible
    2.taskmanager disabled
    3.regedit disabled
    4.on double clicking on any window.. it will open in new window even if your settings are correct
    etc etc..
    HOW TO REMOVE VIRUS MANUALLY.
    Tools required
    1.restriction removal tool
    link: http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml
    http://www.esnips.com/doc/c90f7814-42e8-4586-bc4e-4140696e8fc7/RRT
    2.unhackme
    http://www.greatis.com/unhackme/download.htm
    3.hijackthis
    http://www.esnips.com/doc/83f6253f-00a5-4763-bd59-8252244158fd/hijackthis_sfx
    http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
    4.process explorer
    from microsoft site

    If your pc is affected with some virus the most common of all is your folder otion will be disabled,you may not be able to open task manager, etc etc..


    now 1st step is to identify the virus process
    process explorer will help u and u may see the path of the installed file on ur system

    now use restriction removal tool to remove the task bar ..folder option restrictions…etc…

    now our aim is to remove the running virus process..
    use hijackthis and select the virus process. it will remove the process from startup registry also..

    finally try unhackme.. to remove the rootkits



    many virus can be removed in this way but many still remain on ur pc.. in such situations.. try to google for its removal methods manually.. once the restrictions are removed u may be able to use taskmanager and able to use regedit command

    Restriction Removal Tool [RRT]



    Simple to Use

    Just click on restriction

    and after selecting them click on “Check All”

    Hijack This


    Its used to remove the entries of the process from registry.

    You may use this to view all the running process and their path.

    Just scan once..mark the ones to be deleted and then click on “fix checked”

    if you wish you may save the log file also

    I think i have give useful information about removing viruses manually from your system
    still if you find some problem you are free to contact me either through my communities
    1.Hacking and Virus Writing [http://www.orkut.com/Community.aspx?cmm=26828468]
    2.Virus Writing [http://www.orkut.com/Community.aspx?cmm=1450780]
    or through mail.
    egunda@gmail.com

    Remove: Shut Down Virus

    if your Getting

    “svchost.exe” errors with RPC messeges and reboots

    OR

    “NT Authority…shut down in 1 min”

    Soundslike youve got the “Blaster Worm”
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    This is the hole it exploits
    Your computer is being accessed. Download the MS03-026 patch from Microsoft.
    http://www.microsoft.com/security/security_bulletins/ms03-026.asp

    Fixes Available here
    http://support.microsoft.com/?kbid=823980

    More Links
    http://www.cert.org/advisories/CA-2003-19.html

    Automatically Remove the Virus with
    http://www.sophos.com/misc/blastsfx.exe

    Download and run it, it will create a directory called SOPHTEMP

    From Command line type

    C:SOPHTEMPRESOLVE.COM -DF=BLASTERA.DAT -NOC

    How do I remove W32/Blaster-A manually?
    To remove W32/Blaster-A manually on Windows 95/98/Me and Windows NT/2000/XP:

    ensure you have installed Microsoft patch MS03-026 and implemented as many of the steps mentioned above as is feasible.
    press Ctrl+Alt+Del
    in Windows NT/2000/XP click Task Manager and select the Processes tab
    look for a process named msblast.exe in the list
    click the process to highlight it
    click the ‘End Process’ (in Windows 95/98/Me ‘End Task’) button
    close Task Manager.
    Search for the file msblast.exe in the Windows system folder (usually a subfolder of Windows or WINNT) and delete it.

    In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

    At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.
    Before you edit the registry, you should make a backup. If in doubt, contact your network administrator. Incorrect editing of the Windows Registry can cause system failure.
    Locate the HKEY_LOCAL_MACHINE entry:
    HKLMSoftwareMicrosoftWindowsCurrentVersionRun

    in the righthand pane select

    windows auto update = msblast.exe

    and delete it if it exists.
    Close the registry editor.
    You should reboot your computer and repeat the above process to ensure all traces of the worm have been removed from your system.

    Which systems are affected?
    Windows 95/98/Me and Windows NT/2000/XP are potentially affected
    Apple-based workstations, Unix and other platforms (including PDAs and games consoles) cannot be infected with W32/Blaster-A
    If a W32/Blaster-A file is found on a computer, it has been dropped there by an infected computer, or it has been executed locally.

    How did my computer become infected?
    W32/Blaster-A scans the internet and local networks looking for computers vulnerable to Microsoft’s DCOM RPC security exploit. When it finds one it causes the remote computer to use TFTP to download a copy of the worm. This is saved as msblast.exe in the Windows system folder and the registry on that computer is changed so that the worm will be run when the computer restarts.

    My computer is continuously rebooting, how can I download RESOLVE?
    Often when a computer is infected with W32/Blaster-A it restarts every few minutes, usually with a message similar to “Windows must now restart because the Remote Procedure Call (RPC) Terminated Unexpectedly”. This prevents the required patches and files from being downloaded.

    On Windows XP you may be able to prevent the computer from rebooting by turning on the inbuilt firewall.

    To do this:

    go to Network Connections
    click on your internet connection (LAN or dial-up)
    on the lefthand window click ‘Change settings of this connection’
    click Advanced
    click ‘Protect my computer…..’
    you will probably then be able to download the files you need.
    Where possible, download the RESOLVE W32/Blaster-A self-extractor on another computer. Save it to floppy disk and run the self-extractor on the affected computer.

    If you cannot download on another computer, disable Distributed COM to prevent this rebooting.

    Windows XP

    Select Start|Run and type
    dcomcnfg.exe.
    Select Console Root|Component services.
    Open the Computers subfolder.
    Right-click on My Computer|Properties.
    Click the Default Properties tab.
    Deselect ‘Enable distributed COM’, click Apply then click OK.
    Restart the computer.
    Set the options back to normal after applying relevant patches

    Windows NT/2000

    Select Start|Run and type
    dcomcnfg.exe.
    Select the Default Properties tab.
    Deselect ‘Enable distributed COM on this computer’, click Apply then click OK.
    Restart the computer.i
    Set the options back to normal after applying relevant patches

    Safe Computing (-:

    => Credit:: Orkut UnderGround   
    create new post