Archive for April 2010

AP Manager or Copyright violation alert Ransomware Removal Guide

See these Forums for Guides/Assistance

***************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area, no sign in required

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

*************************************************************************************************

AP Manager is a variant of the I-Q Manager ransomware program. This version has the Trojan masquerading as a download manager for copyrighted games, movies, and music. If you visit certain sites that are affiliated with this malware and attempt to download copyrighted media, it will be added to the AP Manager download list and it will pretend to download the file to your computer. When downloading, The AP Manager will show information such as how much time is left, the speed of the download, the amount of KB transferred etc, but in reality this information is all fake as nothing is actually being downloaded to your computer

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in this guide to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. If this is not possible, see the <<RescueCD>> section on home page.

Step 1.

Bleeping Computer’s

How to Remove the AP Manager or Copyright violation alert Ransomware

Malwarebytes’ Tutorial *****by Bleeping Computer

Bleeping Computer Self-Help Guides

Microsoft How to Get Rid of Malware

*************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR but Not Both

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

*************************************************************************************************

Self-Help Removal

ATF For cleaning of Temp Files & the Java cache

See Screenshots

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>

Please download Malwarebytes’ Anti-Malware to your desktop.

Click the Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR  :)

If Malwarebytes’ will not install see  HERE for a random named Mbam installer

Or*****HERE*****

When Malwarebytes’ will not run see  HERE or the tutorial above

Malwarebytes’ Self-Help Guides

Common Issues,Questions,and their Solutions

*************************************************************************************************

Step 2. If Needed

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

*********************************

Dr.Web CureIt!

****************************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

<<<<<<<<<<>>>>>>>>>>

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them:

C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page  HERE

*************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, restart computer, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

*************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

*************************************************************************************************

Online Scanners

That Detect and Remove for Free!

*************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure  😦

AP Manager Associated Files:

%UserProfile%\Application Data\APManager
%UserProfile%\Application Data\APManager\apmanager.exe
%UserProfile%\Application Data\APManager\settings.ini
%UserProfile%\Application Data\APManager\uninstall.exe
%UserProfile%\Application Data\APManager\wallpaper.jpg
%UserProfile%\Application Data\APManager\files\
%UserProfile%\Application Data\APManager\iplog\
%UserProfile%\Application Data\APManager\ispinfo\
%UserProfile%\Application Data\APManager\languages\
%UserProfile%\Application Data\APManager\languages\Czech.lng
%UserProfile%\Application Data\APManager\languages\Danish.lng
%UserProfile%\Application Data\APManager\languages\Dutch.lng
%UserProfile%\Application Data\APManager\languages\English.lng
%UserProfile%\Application Data\APManager\languages\French.lng
%UserProfile%\Application Data\APManager\languages\German.lng
%UserProfile%\Application Data\APManager\languages\Italian.lng
%UserProfile%\Application Data\APManager\languages\Portuguese.lng
%UserProfile%\Application Data\APManager\languages\Slovak.lng
%UserProfile%\Application Data\APManager\languages\Spanish.lng
%UserProfile%\Application Data\APManager\languages\template.lng
%UserProfile%\Application Data\APManager\metafiles\
%UserProfile%\Application Data\APManager\metafiles\6118105874ba58b303121337299673e7.torrent
%UserProfile%\Desktop\AP Manager.lnk

AP Manager Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “apmanager.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\APManager\apmanager.exe”

Issues that “may” be in a HijackThis log:

O4 – HKCU\..\Run: [apmanager.exe] %UserProfile%\Application Data\APManager\apmanager.exe silent

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

Post your HijackThis log  HERE and I will advise what needs to be done. Please read the Tutorial so that you have a understanding of how this works.

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of what software’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

*************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

**************************************************************************************************


Advertisements

Posted April 29, 2010 by Wide Glide in Virus Removal

Antispyware Soft Removal Guide

*************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area!

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

**************************************************************************************************

Antispyware Soft is a rogue from the same family as Antivirus Soft and Antivirus Suite. This rogue is promoted through malware that will install the program on to your computer without your permission or knowledge. In fact, when the program is installed it will stay running in the background and perform no actions until some later date when it then starts to display its warnings and program screen. This program is also configured to start automatically when Windows loads, and once running, will scan your computer and state that your computer has numerous infections. If you try to remove any of these infections, though, the program will not allow it until you purchase the program. This is a scam, as the infections this program displays do not actually exist on your computer. Instead they are being showed to scare you into purchasing it.

NOTE:

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in this guide to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. A CD+R is best because it is read only and will prevent infecting the clean computer you have downloaded from if you have to use it to get more downloads. If this is not possible, see the RescueCD section on home page.

Step 1.

Bleeping Computer’s Antispyware Soft (Uninstall Guide)

Complete all the steps in the Bleeping Computer guide first and then in normal windows mode do the same steps again to make sure that your computer is clean or see the suggestions if necessary below

RKill – What it does and What it Doesn’t – A brief introduction to the program

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs. Disable all security software if possible to run

#3.Vista and Windows 7 users, right click and click run as administrator.

Disable security software before using rkill

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Malwarebytes’ Tutorial *****by Bleeping Computer

Malwarebytes’ Antispyware Soft Removal Guide

Microsoft How to Get Rid of Malware

**************************************************************************************************

For Rootkit Removal if needed

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

**************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

*************************************************************************************************

Self-Help Removal

ATF For cleaning of Temp Files & the Java cache

See Screenshots

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>

Please download Malwarebytes’ Anti-Malware to your desktop.

The Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR

If Malwarebytes’ will not install see*****HERE*****

For those having trouble running Malwarebytes Anti-Malware

How to Rename Malwarebytes’

Common Issues,Questions,and their Solutions

Step 2. If Needed

<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

*********************************

Dr.Web CureIt!


***************************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

<<<<<<<<<<>>>>>>>>>>

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them:

C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH CheckedApplications and Applets
      Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page  HERE

**************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

**************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

**************************************************************************************************

Online Scanners

That Detect and Remove for Free!
**************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure

Antispyware Soft Associated Files:

%UserProfile%\Local Settings\Application Data\<random>
%UserProfile%\Local Settings\Application Data\<random>\<random>tssd.exe

Antispyware Soft Windows Registry Information:

HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “<local>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”

Issues that “may” be in a HijackThis log:

O4 – HKLM\..\Run: [<random>] %UserProfile%\Local Settings\Application Data\<random>\<random>tssd.exe
O4 – HKCU\..\Run: [<random>] %UserProfile%\Local Settings\Application Data\<random>\<random>tssd.exe

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

Post your HijackThis log  HERE and I will advise what needs to be done. Please read the Tutorial so that you have a understanding of how this works.

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of what software’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

*************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

**************************************************************************************************



Posted April 26, 2010 by Wide Glide in Virus Removal

TrustDoctor Removal Guide

See these Forums for Guides/Assistance

****************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area, no sign in required

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

*************************************************************************************************

TrustDoctor is a rogue anti-spyware program from the Wini family of rogues. This program is promoted through fake porn sites that pretend to show free pornographic videos. If you click on one of these videos it will fail to show and an alert will be displayed stating that you need to download a video codec in order to properly view the video. This supposed video codec, though, is actually a Trojan that will then install TrustDoctor on to your computer. While installing TrustDoctor, the Trojan will also create numerous harmless files within your C:\Windows\ and C:\Windows\System32 folders that contain random names similar to c:\WINDOWS\101213zo9m49d5.cpl and c:\WINDOWS\system32\77481tzoj56fc.bin. When TrustDoctor scans your computer it will then find these files and state that they are infections. The results, though, are all a lie and should not be a cause for alarm.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in these guides to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. A CD+R is best because it is read only and will prevent infecting the clean computer you have downloaded from if you have to use it to get more downloads. If this is not possible, see the RescueCD section on home page.

Bleeping Computers TrustDoctor (Uninstall Guide)

Before you can do anything you must first end the processes that belong to TrustDoctor so that it does not interfere with the cleaning procedure. To do this use the Rkill and then run Malwarebytes’ as instructed by Bleeping Computer.

RKill – What it does and What it Doesn’t – A brief introduction to the program

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs. Disable all security software if possible to run

#3.Vista and Windows 7 users, right click and click run as administrator.

Disable security software before using rkill

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Malwarebytes’ Tutorial*****by Bleeping Computer

Microsoft How to Get Rid of Malware

*************************************************************************************************

For Rootkit Removal if Needed

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

********************************************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

*************************************************************************************************

The tools needed for this removal are:

ATF For cleaning of Temp Files & the Java cache

See Screenshots

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>

Please download Malwarebytes’ Anti-Malware to your desktop.

Click the Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR  :)

If Malwarebytes’ will not install see  HERE for a random named Mbam installer

Or*****HERE*****

When Malwarebytes’ will not run see  HERE or the tutorial above

Common Issues,Questions,and their Solutions

***************************************************************************

SUPERAntiSpyware Tutorial :)

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

SUPERAntiSpyware Portable Scanner

DrWeb CureIt!


Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

<<<<<<<<<<>>>>>>>>>>

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them.


C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page HERE

*************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open and set to full scan and running or the ESET Online scanner below. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

*************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

VMSAR Virus/Rogue Removal Guide

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

*************************************************************************************************

Online Scanners

That Detect and Remove for Free!
*************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure

TrustDoctor Associated Files:

c:\Documents and Settings\All Users\Desktop\TrustDoctor.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustDoctor
c:\Documents and Settings\All Users\Start Menu\Programs\TrustDoctor\1 TrustDoctor.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustDoctor\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustDoctor\3 Uninstall.lnk
c:\Program Files\TrustDoctor Software\
c:\Program Files\TrustDoctor Software\TrustDoctor\
c:\Program Files\TrustDoctor Software\TrustDoctor\TrustDoctor.exe
c:\Program Files\TrustDoctor Software\TrustDoctor\uninstall.exe
c:\WINDOWS\101213zo9m49d5.cpl
c:\WINDOWS\10566wormz5e.dll
c:\WINDOWS\system32\2325viruz9.dll
c:\WINDOWS\system32\15274hzcktool3d59.bin
c:\WINDOWS\system32\77481tzoj56fc.bin
c:\WINDOWS\system32\<random>.exe
%Temp%\<random>.exe

TrustDoctor Windows Registry Information:

HKEY_CURRENT_USER\Software\TrustDoctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustDoctor
HKEY_LOCAL_MACHINE\SOFTWARE\TrustDoctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “TrustDoctor”

Issues that “may” be in a HijackThis log:

O4 – HKLM\..\Run: [TrustDoctor] C:\Program Files\TrustDoctor Software\TrustDoctor\TrustDoctor.exe -min
O4 – HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of whatsoftware’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

********************************************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

**************************************************************************************************



Posted April 24, 2010 by Wide Glide in Virus Removal

My Security Engine Removal Guide

See these Forums for Guides/Assistance

*************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area, no sign in required

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

*************************************************************************************************

My Security Engine is a rogue anti-spyware program from the same family as Security Guard. This rogue is installed and promoted through the use of Trojans and fake online anti-malware scanners. When the program is installed by the Trojans, it will be configured to start automatically when you login into Windows. The installer will also create numerous files that will be detected as malware when My Security Engine scans your computer. The list of fake malware files that it may create are:

%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys

When the program finishes scanning your computer it will state that the above files are infections, but will not allow you to remove them until you first purchase the program. In reality, though, the above files are harmless and can cause no harm to your computer. They are only being created to try and convince you that your computer is infected and that you should purchase My Security Engine to protect it. As these infections are all fake, please do not purchase the program based upon anything that this program displays.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in these guides to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. A CD+R is best because it is read only and will prevent infecting the clean computer you have downloaded from if you have to use it to get more downloads. If this is not possible, see the RescueCD section on home page.

Step 1. Use this removal guide first. Use the others if issue has not been resolved

Bleeping Computer’s My Security Engine (Uninstall Guide)

Before you can do anything you must first end the processes that belong to My Security Engine so that it does not interfere with the cleaning procedure by using Rkill.

RKill – What it does and What it Doesn’t – A brief introduction to the program

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with My Security Engine and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by My Security Engine when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate My Security Engine . So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the guide.

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs. Disable all security software if possible to run

#3.Vista and Windows 7 users, right click and click run as administrator.

Disable security software before using rkill

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Now you should download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes’ Anti-Malware Download Link

Malwarebytes’ Tutorial *****by Bleeping Computer

Once through running Mbam, use the suggestions at Bleeping Computer

Malwarebytes’ My Security Engine Removal Guide

Microsoft How to Get Rid of Malware

*************************************************************************************************

For Rootkit Removal if needed

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

**************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

********************************************************************************************************************************

Self-Help Removal

ATF For cleaning of Temp Files & the Java cache

See Screenshots

****************************************

Please download Malwarebytes’ Anti-Malware to your desktop.

Click the Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR

If Malwarebytes’ will not install see*****HERE*****

Or*****HERE*****

When Malwarebytes’ will not run see*****HERE*****

Common Issues,Questions,and their Solutions

******************************************************

Step 2. If Needed

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.



******************************************

Dr.Web CureIt!

******************************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

*******************************************************************

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

***********************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them:


C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page  HERE

**************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

*************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

VMSAR Virus/Rogue Removal Guide

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

**************************************************************************************************

Online Scanners

That detect and remove for Free!

*************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure.   😦

My Security Engine Associated Files:

c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\2322.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\MSHOLE\
c:\Documents and Settings\All Users\Application Data\MSHOLE\MSJKEJCCE.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

My Security Engine Windows Registry Information:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” =”http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%&#8221;
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Engine”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”

Issues that “may” be in a HijackThis log:

O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 – Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 – Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 – Hosts: 74.125.45.100 urs.microsoft.com
O1 – Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 – Hosts: 74.125.45.100 paysoftbillsolution.com74.125.45.100 protected.maxisoftwaremart.com
O1 – Hosts: 67.212.177.251 http://www.google.com
O1 – Hosts: 67.212.177.251 http://www.google-analytics.com
O1 – Hosts: 67.212.177.251 http://www.bing.com
O1 – Hosts: 67.212.177.251 search.yahoo.com
O1 – Hosts: 67.212.177.251 http://www.search.yahoo.com
O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe” /s /d

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of whatsoftware’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

********************************************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

*************************************************************************************************



Posted April 23, 2010 by Wide Glide in Virus Removal

I-Q Manager or Copyright violation alert Ransomware Removal Guide

See these Forums for Guides/Assistance

************************************************************************************************

The icpp-online.com or I-Q Manager Antipiracy foundation scanner is a new scam that pretends to be a scanner devised by a law firm that represents a variety of copyright associations. When this Trojan is installed it will pretend to be a scanner that scans your computer for copyrighted materials such as Torrents. It will then display warnings that state copyrighted material have been found and information about this material has been sent to law enforcement agencies and copyright holders. It then suggests that you either pay a settlement of $399.85 or pass your case to the courts where you will be tried by a judge. The scanner will also link to a fake web site called icpp-online.com as well as show proof of your copyright infringement. All of this is a scam, though, and you should not give them your credit card information for any reason.

Bleeping Computer’s

I-Q Manager or Copyright violation alert Ransomware Removal Guide

Administrative privileges to uninstall a program

#1. Click on the Start button and then select Control Panel.

#2. When in the Control Panel, double-click on one of the options below depending on your version of Windows

#1. For Windows XP double-click on the Add or Remove Programs icon.

#2. For Windows Vista and Windows 7, double-click on the Uninstall Program option.

#3. When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them.

I-Q Manager

When you double-click on each of the above entries to uninstall them, please follow the default prompts and allow it to remove all files and all configuration information related to this program. If any of the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the programs listed above.

#4. When you are done, you can close the Control Panel screens.

Your computer should now be free of the I-Q Manager or Copyright violation alert program.

Also See

AP Manager or Copyright violation alert Ransomware Removal Guide

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR but Not Both

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

***********************************************************************************************************************

Associated I-Q Manager or Copyright violation alert Files:

%UserProfile%\Application Data\IQManager
%UserProfile%\Application Data\IQManager\iqmanager.exe
%UserProfile%\Application Data\IQManager\settings.ini
%UserProfile%\Application Data\IQManager\torrents
%UserProfile%\Application Data\IQManager\uninstall.exe
%UserProfile%\Application Data\IQManager\wallpaper.jpg
%UserProfile%\Application Data\IQManager\languages
%UserProfile%\Application Data\IQManager\languages\Czech.lng
%UserProfile%\Application Data\IQManager\languages\Danish.lng
%UserProfile%\Application Data\IQManager\languages\Dutch.lng
%UserProfile%\Application Data\IQManager\languages\English.lng
%UserProfile%\Application Data\IQManager\languages\French.lng
%UserProfile%\Application Data\IQManager\languages\German.lng
%UserProfile%\Application Data\IQManager\languages\Italian.lng
%UserProfile%\Application Data\IQManager\languages\Portuguese.lng
%UserProfile%\Application Data\IQManager\languages\Slovak.lng
%UserProfile%\Application Data\IQManager\languages\Spanish.lng
%UserProfile%\Application Data\IQManager\languages\template.lng
%UserProfile%\Desktop\I-Q Manager.lnk

Associated I-Q Manager or Copyright violation alert Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “iqmanager.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\IQManager\iqmanager.exe”

Issues that “may” be in a HijackThis log:

O4 – HKCU\..\Run: [iqmanager.exe] %UserProfile%\Application Data\IQManager\iqmanager.exe silent

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of whatsoftware’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

********************************************************************************************************************************

Other Useful Infromation:

Statement From the Editor

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

***********************************************************************************************************************


Posted April 14, 2010 by Wide Glide in Virus Removal

Digital Protection Removal Guide

*************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area, no sign in required

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

*******************************************************************************************************************************

Digital Protection is a rogue anti-spyware program from the same family as Your Protection . This rogue is installed on your computer through the use of Trojans that display fake security alerts on your computer that state your computer has a security problem. When you click on one of these alerts, Digital Protection will be installed on to your computer without your permission or knowledge. Once Digital Protection is installed, it will be configured to start automatically when Windows starts. The installer will also attempt to uninstall various security applications in order to protect itself from being removed. Some of the security applications that it attempts to uninstall are:

F-Secure

Nod32

Malwarebytes’ Anti-Malware

Norton Internet Security

Avira AntiVir

AVG8

AntiVir

Agnitum Outpost Security Suite

avast!

When Digital Protection starts it will scan your computer and then state it has found numerous infections on your computer. These infections though are either fake or legitimate Windows programs. Therefore, please do not delete any of the files it states are infections as you may remove a legitimate Windows application that is required for Windows to operate properly.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in this guide to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. A CD+R is best because it is read only and will prevent infecting the clean computer you have downloaded from if you have to use it to get more downloads. If this is not possible, see the RescueCD section on home page.

Screenshots of this Rogue

Bleeping Computer Digital Protection (Uninstall Guide)

Print out these instructions as you will need to close every window that is open later in the fix.

Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:


Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. If you are having trouble entering safe mode, then please use the following tutorial:

How to start Windows in Safe Mode

Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

mbam-setup.exe

Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named mbam-setup.exe and this will start the installation of Mbam onto your computer

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.  Use the tutorial to know how to use Mbam

Malwarebytes’ Tutorial *****by Bleeping Computer

Malwarebytes’ Digital Protection Removal Guide

RKill – What it does and What it Doesn’t – A brief introduction to the program

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs. Disable all security software if possible to run

#3.Vista and Windows 7 users, right click and click run as administrator.

Disable security software before using rkill

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Microsoft How to Get Rid of Malware

********************************************************************************************************************************

Rootkit Removal

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

******************************************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

********************************************************************************************************************************

Self-Help Removal

ATF For cleaning of Temp Files & the Java cache

See Screenshots

****************************************

Malwarebytes’ Anti-Malware

.

Please download Malwarebytes’ Anti-Malware to your desktop.

The Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR

If Malwarebytes’ will not install see*****HERE*****

Or*****HERE*****

When Malwarebytes’ will not run see*****HERE*****

Common Issues,Questions,and their Solutions

******************************************************

Step 2. If Needed

SUPERAntiSpyware

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.


******************************************

Dr.Web CureIt!


******************************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

*******************************************************************

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

***********************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them:


C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page  HERE

***********************************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

************************************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

VMSAR Virus/Rogue Removal Guide

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

*******************************************************************************************************************************

Online Scanners

That Detect and Remove for Free!

*******************************************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure.  😦

Digital Protection Associated Files:

c:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
%UserProfile%\Desktop\Digital Protection Support.lnk
%UserProfile%\Desktop\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection
%UserProfile%\Start Menu\Programs\Digital Protection\About.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Buy.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Scan.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Settings.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Update.lnk
c:\Program Files\Digital Protection
c:\Program Files\Digital Protection\about.ico
c:\Program Files\Digital Protection\activate.ico
c:\Program Files\Digital Protection\buy.ico
c:\Program Files\Digital Protection\dig.db
c:\Program Files\Digital Protection\digext.dll
c:\Program Files\Digital Protection\dighook.dll
c:\Program Files\Digital Protection\digprot.exe
c:\Program Files\Digital Protection\help.ico
c:\Program Files\Digital Protection\scan.ico
c:\Program Files\Digital Protection\settings.ico
c:\Program Files\Digital Protection\splash.mp3
c:\Program Files\Digital Protection\Uninstall.exe
c:\Program Files\Digital Protection\update.ico
c:\Program Files\Digital Protection\virus.mp3
%Temp%\4otjesjty.mof
%Temp%\asd1.tmp
%Temp%\c865.tmp
%Temp%\davclnt.exe
%Temp%\dhdhtrdhdrtr5y
%Temp%\dig.dat
%Temp%\digr.dat

Digital Protection Windows Registry Information:

HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Digital Protection”

Issues that “may” be in a HijackThis log:

O4 – HKCU\..\Run: [Digital Protection] “C:\Program Files\Digital Protection\digprot.exe” -noscan

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of whatsoftware’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

********************************************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

*******************************************************************************************************************************


Posted April 11, 2010 by Wide Glide in Virus Removal

Statement From the Editor

These removal guides are posted as Self-Help Guides. This blog and Editor receives NO monetary gain from this blog and desires none, now or ever.  Times are hard for everyone, and this is my way of giving something back. May not be much, but at least I tried. I also answer questions at Yahoo Answers/Computers and Internet/Security(link on right sidebar) if anyone has any questions or you need to contact me. Look for the “My best Friend” avatar like the one at bottom of Home page.

If you can not complete any of these suggestions because of the infection, then special tools will be required. Please refer to the following suggestions to receive help.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR but Not Both

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

Be patient while waiting for help, it may take up to 48hrs. to receive a response from the helpers at these forums because of the amount of people needing help. Once you start receiving help make sure you do only as instructed, take no actions on your own as this will only cause to make the removal to take longer.  If you need any suggestions please ask in the comment areas here at this blog and I will be more than glad to help as far as I can. Good Luck.

Special Thanks To:


Grinler for the posting of the removal guides.

Without the years of dedication this man has put in to helping others and fighting malware, none of this would be possible. And the rest of the staff and helpers at the forum goes a big Thank You and God Bless each and every one of them.

Special Thanks to:



Metallica for the posting of the removal guides.

RubbeR DuckY, AdvancedSetup, Firefox, exile360, YoKenny1, Buttons, TeMerc, miekiemoes and all the rest of the Staff and Honorary members, again goes a special Thanks and God Bless them all.

And a Thank You to:

Thank You One and all from the editor of VMSAR

Wide Glide

🙂 🙂 🙂

**************************************************************************************************

Posted April 11, 2010 by Wide Glide in Uncategorized

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.