Remove Epoclick virus manually

November 12, 2010 By

Epo Click virus removal instructions

Epoclick virus is a browser redirect virus and DNS hijacker that has some really annoying features,  it’s been redirecting people to epoclick.com. The virus has evolved since then and now, going under the name Epoclick Virus, it’s threatening to pretty much destroy the internet as we know it.

The Epoclick Virus is still mostly mysterious, and it’s hard to say whether it’s a really bad virus or just a somewhat bad one. In any case, it’s been spreading in a big way, and you probably don’t want to let it hang around too long.

How to Remove Epoclick Virus Manually

Before we get started, you should backup your system and your registry.
Remove Epoclick Virus registry values:

HKEY_CURRENT_USER\Software\Microsoft\adver_id

Delete Epoclick Virus files:

C:\Users\[user]\AppData\Roaming\avdrn.dat
C:\Users\[user]\AppData\Roaming\apiqfw.dat

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools:


Download Super Anti Spyware

OR

Download Malware Bytes Anti-Malware

Filed Under: 1: Spyware Removal Tagged With: , ,

Remove Malware Defender 2009 virus

November 10, 2010 By

Malware defender 2009 is a rogue spyware application from the makers of System Guard 2009 and Spyware Guard 2009/2008. It uses the proven method to gather your credit card details by showing a fake windows security center message stating that your PC is infected with various parasites. Also, you are bombed with various popups and fake alerts that try to convince you to buy Malware Defender 2009. If you try scanning PC with this scamware, it will show fake positives: Most of “infected files” are legitimate and necessary system processes. You whould criple your computer if you follow this rogue advice.

You can get Malware defender 2009 by several ways. The first and most popular one is bundled downloads in file sharing networks and infected websites. Fake video codecs might be used to spread this malware as well. And it comes not alone. You will get an additional trojans and rootkits to help Malware defender destroy your PC and force you to give your Credit card details to its maker. We strongly suggest first scanning the PC with legitimate free spyware scanner to check versions of parasites that have infected the system.

Update:
Malware defender 2009 website, Malwaredefender2009.com is hosted in Ukraine, IP 67.43.237.75, on the same ip as SytemGuard2009.com and SystemGuard2009m.com – websites of notorious parasite SystemGuard. You should block these websites, and add the IP address to untrusted list as well. The website itself is registered under non-existing address, proving once more that Malware Defender2009 Can not be trusted.

Malware Defender 2009 is Extremaly dangerous

Malware Defender 2009 is a corrupt Anti-Spyware program
Malware Defender 2009 may spread via Trojans
Malware Defender 2009 may display fake security messages
Malware Defender 2009 may install additional spyware to your computer
Malware Defender 2009 may repair its files, spread or update by itself
Malware Defender 2009 violates your privacy and compromises your security

Manual Malware Defender 2009 removal:

Stop these Malware Defender 2009 processes:
malwaredef.exe
install.exe

Disable these Malware Defender 2009 DLL files::
hdddriver.dll
vifwnhzqoe.dll
wcenter.exe

Remove these Malware Defender 2009 Registry Entries:
HKEY_CLASSES_ROOT\CLSID\{3F0691F1-70E6-44A9-938A-1DC356674878}
HKEY_CLASSES_ROOT\CLSID\{8B2C743A-D44A-4A93-8233-ABEE8BF8ED62}
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Malware Defender 2009

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “updater”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run “malwaredef”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\ShellServiceObjectDelayLoad “DriversLoad”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ShellServiceObjectDelayLoad “HardwareDrivers”

Remove these Malware Defender 2009 files:
c:\Program Files\Malware Defender 2009
c:\Program Files\Malware Defender 2009\conf.cfg
c:\Program Files\Malware Defender 2009\malwaredef.exe
c:\Program Files\Malware Defender 2009\mbase.vdb
c:\Program Files\Malware Defender 2009\quarantine.vdb
c:\Program Files\Malware Defender 2009\queue.vdb
c:\Program Files\Malware Defender 2009\uninstall.exe
c:\Program Files\Malware Defender 2009\vbase.vdb
c:\Program Files\Malware Defender 2009\quarantine
c:\WINDOWS\reged.exe
c:\WINDOWS\spoolsystem.exe
c:\WINDOWS\sys.com
c:\WINDOWS\syscert.exe
c:\WINDOWS\sysexplorer.exe
c:\WINDOWS\vmreg.dll
c:\WINDOWS\system32\wcenter.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
c:\Documents and Settings\All Users\Application Data\Microsoft\win.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\vifwnhzqoe.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
%UserProfile%\Start Menu\Programs\Malware Defender 2009
C:\Windows\System32\wcenter.exe

=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools:

Download Super Anti Spyware

OR

Download Malware Bytes Anti-Malware

Filed Under: 1: Spyware Removal Tagged With: , , , ,

Rootkit win32 TDSS Tidserv malware trojan

November 9, 2010 By

How to remove malware belonging to the family Rootkit.Win32.TDSS
A rootkit is a program or a suite of programs designed to obscure the fact that a system has been compromised.

For Windows operating systems, the term rootkit stands for a program that infiltrates the system and hooks system functions (Windows API). By hooking and modifying low-level API functions, such malware can effectively hide its presence in a system. Moreover, rootkits as a rule are able to conceal in the system any processes, folders and files on a disk as well as registry keys described in its configuration. Many rootkits install own drivers and services (hidden as well) into the system.

It is possible to disinfect a system infected with malware family Rootkit.Win32.TDSS using the utility TDSSKiller.exe.

Disinfection of an infected system

Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

When run without parameters, the utility will:

The registry is scanned for hidden services. The utility will remove the services identified as belonging to TDSS.
Otherwise, the user is prompted to eliminate the service.
The services are eliminated upon a reboot.

System drivers are scanned for infection. In case an infection has been detected, the utility will search for an available backup copy of an infected file.
If an available backup copy of an infected file has been detected, the utility will restore the file from it. Otherwise, the utility will attempt to disinfect the file.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

When its work is over, the utility prompts for a reboot to complete the disinfection.
The driver will execute all scheduled operations and kill itself upon the next system reboot.

Command line parameters to run the utility TDSSKiller.exe

-l – write log to a file.
-d – search for a specific malicious service name.

For example, if you want to scan the PC with a detailed log saved into the file report.txt (it will be created in the folder with TDSSKiller.exe), use the following command:

TDSSKiller.exe -l report.txt

Symptoms of an infection

Symptoms of infection with Rootkit.Win32.TDSS first and second generation (TDL1, TDL2)
Experienced users may try to monitor the following kernel function hooks:

IofCallDriver;
IofCompleteRequest;
NtFlushInstructionCache;
NtEnumerateKey;

NtSaveKey;
NtSaveKeyEx.

Using the utility Gmer.

http://www.gmer.net/

Symptoms of infection Rootkit.Win32.TDSS third generation (TDL3)

An infection can be detected with utility Gmer. It detects replacement of a “device” object of the system driver atapi.sys.

===End===

Filed Under: 2: Trojan Removal Tagged With: , , , , ,

Malware Destructor 2011

November 9, 2010 By

Malware Destructor 2011 Description
Malware Destructor 2011 is a rogue malware remover similar to Antimalware Doctor. Malware Destructor 2011 uses Trojans to redirect the browser to a fake warning page which claims the PC is riddled with infections. Bogus pop-ups will urge hapless users to purchase Malware Destructor 2011 to remove the so-called threats. Do not fall for this blatant scam and have Malware Destructor 2011 removed immediately using a reliable malware remover.

While MalwareDestructor2011 is running, it will display fake security alerts about infected files, hacker attacks and other malicious activities on your computer that may lead to data loss or identity theft. These fake alert messages are:

“Automatic Updates
System Security Pack Update
System Pack 2010.78.932 (Malware Destructor Upgrade; KB943379)”

“Warning! Your system is infected! [number] dangerous objects have been found during last system scan. It is strongly recommended to remove them immediately.”

What is more, it will block legitimate security programs and disable certain system utilities. Web browsers will be hijacked as well. As you can see, Malware Destructor 2011 has only one goal – yo make think that your computer is infected and to scare you into purchasing the program. If you find that your computer is infected with this bogus program please use the removal instructions below to remove it. We strongly recommend you to use such anti-spyware software as Spyware Doctor to remove the infected files and the rogue program from the system. If you have purchased the rogue program please contact your credit card company and dispute the charges.

Malware Destructor 2011 Manual Removal Instructions

Backup Reminder: Always be sure to back up your PC before making any changes.

Step 1 : Use Registry Editor to Remove Malware Destructor 2011 Registry Values
Locate and delete “Malware Destructor 2011″ registry entries:
%UserProfile%\Start Menu\Programs\Startup\Malware Destructor.lnk
%UserProfile%\Start Menu\Programs\Malware Destructor\Uninstall.lnk
%UserProfile%\Start Menu\Programs\Malware Destructor\Malware Destructor.lnk
%UserProfile%\Start Menu\Malware Destructor.lnk
%UserProfile%\Desktop\Malware Destructor.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Destructor.lnk
%UserProfile%\Application Data\[random characters]\local.ini
%UserProfile%\Application Data\[random characters]\[random characters]7.exe
%UserProfile%\Application Data\[random characters]\KB1323587.exe
%UserProfile%\Application Data\[random characters]\enemies-names.txt

Step 2 : Detect and Delete Other Malware Destructor 2011 Files
Remove the “Malware Destructor 2011″ processes files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “KB1323587.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Destructor
HKEY_CURRENT_USER\Software\Malware Destructor Inc

Auto Removal:

To remove this virus Automatically, We Suggest the following removal tools:

Download Super Anti Spyware

OR

Download Malware Bytes Anti-Malware

Filed Under: 1: Spyware Removal Tagged With: , , ,