Support for Virus Removal
90 views | +0 today
Your new post is loading...
Your new post is loading...
Scooped by mickael
Scoop.it!

How to Remove Msiexec.exe Trojan

How to Remove Msiexec.exe Trojan
mickael's insight:

In the last few weeks we've heard numerous cases of people getting User Account Control (UAC) notifications asking them to allow msiexec.exe tu run. When we got the first e-mail, we thought that the user is experiencing system error but after quite a bit of research we found out that it was a Trojan horse masquerading as msiexec.exe. The Trojan was located in Users directory: C:\Users\[UserName]\msiexec.exe. 

User Account Control
Do you want to allow the following program from an
unknown publisher to make changes to this computer?
Program name: msiexec.exe
Publisher: Unknown
File origin: Hard drive on this computer

The legitimate msiexec.exe program that interprets packages and installs products is located inC:\Windows\System32 folder. But the problem is that cyber criminals try to avoid antivirus detections and confuse users by giving a malicious program the same name of some other legit programs. And when you do a Google search on the word 'msiexec.exe', you're presented with a list of results saying that it's a legitimate Windows program. In this case, the file location of the malicious msiexec.exe program (C:\Users\[UserName]\msiexec.exe) clearly indicates that it pretends to be something it's not. You can upload suspicious files to VirusTotal or Jotti to see if your suspicions were correct. 

The malicious msiexec.exe downloads additional malware onto your computer. Even if you delete it manually, it may reappear after you reboot your computer. That's why we strongly recommend you to scan your computer with anti-malware software. 

Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Read More... 

more...
No comment yet.
Rescooped by mickael from Virus Removal Support
Scoop.it!

Malware may knock thousands off Internet

Malware may knock thousands off Internet | Support for Virus Removal | Scoop.it

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

But tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

Despite repeated alerts, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. Of those still infected, the FBI believes that about 64,000 are in the United States.

Users whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

But that temporary system will be shut down at 12:01 a.m. EDT Monday, July 9.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: http://www.techbuddiesonline.com

Call To Us At +1-855-517-2433 (TOLL FREE)

 


Via Ram Ji
more...
No comment yet.
Scooped by mickael
Scoop.it!

How to Remove vundo

How to Remove vundo | Support for Virus Removal | Scoop.it
At answer.techbuddiesonline.com we provide solutions for all the technical issues. Post a question regarding the problem you are facing and we will post the solution.
mickael's insight:

The Vundo family of Trojans is one of the most common infections we find on user's computers. This infection can cause popups that include advertisements for rogue anti-spyware programs. Some common rogue antispyware programs that are advertised include WinFixer, SysProtect and WinAntiSpyware. Users are normally targeted by false positives, fake alerts, and warning of infections on their computer. An example of this type of misleading advertisement would be popups alerting users that they are infected with a blackworm virus. The most common method of infection is through outdated versions of the Sun Java platform; older versions are being exploited so it is important to firstly make sure that your Java software is fully up to date. This infection is normally detectable by users receiving popups when they use the Internet. Your antivirus program might also notify you via an alert that you have a Vundo Trojan on your computer.

 

Automated Removal Instructions for the Vundo or Virtumonde infection using VundoFix:

 

 

 

Please print these instructions as they will be needed later when Internet access is not available.Save these instructions in word or notepad to the desktop where they can be easily found.Download Vundo Fix and save it to your desktop.When it has completed downloading, double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.


more...
No comment yet.
Scooped by mickael
Scoop.it!

How to Remove United States Cyber Security Ransomware

United States Cyber Security Ransomware

mickael's insight:

In this post we will discuss a new variant of Reveton ransomware, specifically the United States Cyber Security MoneyPak online extortion scam. Reveton related ransomware scams are hardly new. Crooks behind this ransomware traditionally have been targeting European users for years. Not the entire Europe of course, only the wealthiest countries including Germany, France, Sweden, Spain, Italy and probably five or six more. 

But things have started to change recently when cyber crooks released new variants of Reveton ransomware targeting U.S. and Canadian users. First, there was the FBI ransomware, then United States Department of Justice scams followed by other scams mimicking official notices from national police agencies in Canada. So, what we have now is the latest malware variant that mimics United States Cyber Security notice and frightens people into paying fines to avoid prosecution for supposedly downloaded and distributed pirated and illegal content. Needless to say that police authorities would rather knock at your front door rather than send you a warning asking to pay the fine via MoneyPak. Very often cyber crooks use strong language to scare victims into paying the fine, usually 100 or 200 bucks. It could be as low as $50 but we’ve never seen more than$200. 

United States Cyber Security MoneyPak and related scams can be very successful. In fact, a ransom Trojan is very similar to a rogue antivirus program which similarly hijacks your computer and displays fake warnings until you pay the ransom or find a way to remove the malicious application. Don’t pay the fine because most certainly you won’t be able to get your money back. This scam does not rely on credit card payments from victims, there can’t be any chargebacks. Cyber crooks use alternative payment systems, mostly MoneyPak, Ukash and Paysafe. It’s rather easy to pay the fine via MoneyPak. MoneyPak cards are available for purchase at Wal-Mart, Kmart and other retailers. Victim maintains his anonymity but at the same time repeals any valid opportunity to get his money back. That’s an unenviable situation.
Read More...

 

more...
No comment yet.
Scooped by mickael
Scoop.it!

How to File Restore" Malware Removal

At answer.techbuddiesonline.com we provide solutions for all the technical issues. Post a question regarding the problem you are facing and we will post the solution.

mickael's insight:

 

"File Restore" is a bogus diskcleaner and privacy protection tool. We've written about such fake repair tools before. However, only one was actively promoted, called File Recovery. It remains unclear whether this new malicious program will completely replace the previous one. It could be that cyber crooks will promote both programs at the same time hoping to generate more money. Well see.  Suddenly appearing "Serious Disk Error" pop-ups and fake system notifications are the main symptoms of "File Restore" malware sales program infection. There are many variations of fake security alerts such as:"hard drive controller failure", "device initialization failed" and many more. Clicking on fake alerts opens up only the "File Restore" program which you obviously didn't install. The rogue repair tool has this amazingly fast auto-scan mode which detects and displays non-existent had drive reading errors, RAM failures and other supposedly critical system errors. After an auto-scan, "Repair 7 issues" opens up a convenient means to order a fix from this service or to "activate" the repair by purchasing the bogus program. 

What is more, to motivate purchase, all icons and shortcuts have been wiped from the Start Menu, Desktop and from the list if most recently used programs. Now comes the important part, DO NOT delete files from your Temp folder or use any temp file cleaners. I know most of you guys use file cleaners to remove malware remnants and unnecessary files. But this time, DON'T! The rogue program moves certain fails to Windows Temp folder, specifically %Temp%\smtmp. Normally, you'll see something like this in your Temp folder. Note, that this folder is hidden. Quick "File Restore" malware removal:

1. Use the activation key given below to register your copy of File Restore malware. This will allow you to download and run recommended malware removal software and automatically restore hidden files and shortcuts. Don't worry, you're not doing anything illegal and it won't make the situation worse. Select "Trial version. Click to activate" (at the bottom right hand corner of the fake scanner screen).
  Read More... 

 

more...
No comment yet.
Rescooped by mickael from Support for Virus Removal
Scoop.it!

How to Remove Msiexec.exe Trojan

How to Remove Msiexec.exe Trojan

more...
mickael's curator insight, February 27, 2013 10:27 AM

In the last few weeks we've heard numerous cases of people getting User Account Control (UAC) notifications asking them to allow msiexec.exe tu run. When we got the first e-mail, we thought that the user is experiencing system error but after quite a bit of research we found out that it was a Trojan horse masquerading as msiexec.exe. The Trojan was located in Users directory: C:\Users\[UserName]\msiexec.exe. 

User Account Control
Do you want to allow the following program from an
unknown publisher to make changes to this computer?
Program name: msiexec.exe
Publisher: Unknown
File origin: Hard drive on this computer

The legitimate msiexec.exe program that interprets packages and installs products is located inC:\Windows\System32 folder. But the problem is that cyber criminals try to avoid antivirus detections and confuse users by giving a malicious program the same name of some other legit programs. And when you do a Google search on the word 'msiexec.exe', you're presented with a list of results saying that it's a legitimate Windows program. In this case, the file location of the malicious msiexec.exe program (C:\Users\[UserName]\msiexec.exe) clearly indicates that it pretends to be something it's not. You can upload suspicious files to VirusTotal or Jotti to see if your suspicions were correct. 

The malicious msiexec.exe downloads additional malware onto your computer. Even if you delete it manually, it may reappear after you reboot your computer. That's why we strongly recommend you to scan your computer with anti-malware software. 

Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Read More... 

Rescooped by mickael from AOL Support USA & Canada
Scoop.it!

Turn on TopSpeed in AOL 9.0 Security Edition

Turn on TopSpeed in AOL 9.0 Security Edition | Support for Virus Removal | Scoop.it
aol 9.0 security edition turn on top speed, turn on topspeed in aol 9.0 security edition, how to turn on topspeed aol 9.0security edition,

Via hanna boss
more...
hanna boss's curator insight, March 8, 2013 5:28 PM

steps of turn on topspeed in AOL 9.0 security edition. Call us +1-855-517-2433 (Toll Free)

Scooped by mickael
Scoop.it!

How to Remove Win 8 Security System

How to Remove Win 8 Security System | Support for Virus Removal | Scoop.it
At answer.techbuddiesonline.com we provide solutions for all the technical issues. Post a question regarding the problem you are facing and we will post the solution.
mickael's insight:

We came across a new rogue security program called Win 8 Security System a few days ago. It's been quite some time since we discussed rogue anti-virus software. The truth is there wasn't much to say about scareware apart from some slightly modified or extremely buggy pieces of malicious code that couldn't even load properly. Anyway, rogue security products are not completely gone yet but rather replaced with ransomware. On the other hand, second opinion malware scanners confirm that rogue security programs are still the most widely spread threats, holding the top positions. What that means? Well, it means that most antivirus programs fail to detect rogue AVs, especially those that are obfuscated and re-packed very often, sometimes a couple of times a day. 

So, Win 8 Security System is a rogue antivirus program that reports non-existent computer infections and tries to scare less computer savvy users into paying for completely useless antivirus solution. In most aspects, it's a very typical rogue. Win 8 Security System is a very generic term too. As the name suggests, cyber crooks would infect machines running 
Windows 8 rather than Windows XP or Seven. However, this rogue antivirus program works just fine on different versions of Windows. 

Once installed, the rogue program pretends to scan the computer for malicious software. It manages to find a bunch of extremely dangerous and sophisticated malware on perfectly clean computers. The way it presents supposedly infected files would definitely put a smile on your faces if you were security expert. In order to remove supposedly detected malware infections victim has to pay almost 100 bucks. That?s probably the most expensive antivirus 
software you?ve ever seen. 

The rogue antivirus program is configured so that it runs automatically when Windows starts. But that's not the biggest problem. Win 8 Security System has a rather complex self-protection mechanism. It drops a rootkit on infected machine which monitors PC activity and blocks pretty much all attempts to terminate the rogue program or run legitimate antivirus software. This scareware doesn't block Task Manager or Registry editor but that changes nothing. You can't just simply end the offending process and delete associated files. Any attempt to end its process will trigger the following error message.

more...
No comment yet.
Scooped by mickael
Scoop.it!

Quick United States Cyber Security MoneyPak removal instructions

System Restore, may not work for all users
mickael's insight:

 

1. Unplug your network cable and manually turn your computer off. Reboot your computer is SafeMode with Command Prompt. As the computer is booting tap the F8 key continuously 

 

 

 

 

2. Make sure you log in to an account with administrative privileges (login as admin).

3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 2-3 seconds, the United States Cyber Security ransomware will take over and will not let you type anymore.

4. If you managed to bring up Windows Explorer you can now browse into

Read More...

 

 

more...
No comment yet.
Scooped by mickael
Scoop.it!

How to Remove Win 8 Security System

At answer.techbuddiesonline.com we provide solutions for all the technical issues. Post a question regarding the problem you are facing and we will post the solution.

mickael's insight:

 

 

We came across a new rogue security program called Win 8 Security System a few days ago. It's been quite some time since we discussed rogue anti-virus software. The truth is there wasn't much to say about scareware apart from some slightly modified or extremely buggy pieces of malicious code that couldn't even load properly. Anyway, rogue security products are not completely gone yet but rather replaced with ransomware. On the other hand, second opinion malware scanners confirm that rogue security programs are still the most widely spread threats, holding the top positions. What that means? Well, it means that most antivirus programs fail to detect rogue AVs, especially those that are obfuscated and re-packed very often, sometimes a couple of times a day. 

So, Win 8 Security System is a rogue antivirus program that reports non-existent computer infections and tries to scare less computer savvy users into paying for completely useless antivirus solution. In most aspects, it's a very typical rogue. Win 8 Security System is a very generic term too. As the name suggests, cyber crooks would infect machines running Windows 8 rather than Windows XP or Seven. However, this rogue antivirus program works just fine on different versions of Windows. 

Once installed, the rogue program pretends to scan the computer for malicious software. It manages to find a bunch of extremely dangerous and sophisticated malware on perfectly clean computers. The way it presents supposedly infected files would definitely put a smile on your faces if you were security expert. In order to remove supposedly detected malware infections victim has to pay almost 100 bucks. That’s probably the most expensive antivirus software you’ve ever seen. 

The rogue antivirus program is configured so that it runs automatically when Windows starts. But that's not the biggest problem. Win 8 Security System has a rather complex self-protection mechanism. It drops a rootkit on infected machine which monitors PC activity and blocks pretty much all attempts to terminate the rogue program or run legitimate antivirus software. This scareware doesn't block Task Manager or Registry editor but that changes nothing. You can't just simply end the offending process and delete associated files. Any attempt to end its process will trigger the following error message.

Read More...

 

 

more...
No comment yet.
Scooped by mickael
Scoop.it!

Computer Repair, laptop Repair, Data Recovery, Virus Removal, Elk Grove, CA

Computer Repair, laptop Repair, Data Recovery, Virus Removal, Elk Grove, CA | Support for Virus Removal | Scoop.it
SNC offers Computer Repair and Service in Elk Grove, CA. Specializing on data recovery, virus removal, onsite / online PC support. Small business IT supports.
more...
No comment yet.
Scooped by mickael
Scoop.it!

Show Hidden Files and Folders in Windows

Show Hidden Files and Folders in Windows | Support for Virus Removal | Scoop.it

By default Microsoft Windows hides important files from being seen with Windows Explorer in order to protect these files from being modified or deleted by the user. Unfortunately viruses, rogue programs and other type of malicious software may hide files making it hard to find and delete them. Please follow the step-by-step directions below to show all hidden files in Windows. 

Table of Contents:

Windows XPWindows VistaWindows 7 Windows XP

1. Go to Start → Control Panel and choose Folder Options.

2. Double-click on the Folder Options icon. Click on the View tab.

3. Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled Hide protected operating system files. Click OK.

 

 

more...
No comment yet.