Networking Reviews

How to Remove Personal Antivirus Virus

The Personal Antivirus virus is a fraudulent anti-spyware that was made by a company called Innovagest 2000. It has cloned itself after the Internet Antivirus Pro as well as General Antivirus.

Trojans are responsible for introducing it into many computers as a false security alert. The alert will say that your computer contains viruses, or that it found Malware running. When a person clicks on part of these alerts, the Personal Antivirus will be installed on your computer.

After the Personal Antivirus is installed and running, it will continually tell you that viruses and spyware have been detected, and the only way to get rid of them is to purchase their software program. These are bogus, as there are no actual viruses running, other then the Personal Antivirus program.

When the virus is running, it will keep coming up with security warnings that look like they’re coming from Windows Security Center, telling you to buy the Personal Antivirus. You’ll also have warnings from Internet Explorer when you’re trying to access a webpage.

One solution to the problem is go and download a program called Malwarebytes’ Anti-Malware or MBAM, and save it to your desktop.

  1. Once you have it saved to your desktop, close all other programs that are running, including windows.

    2.  

  2. Then double click on the icon on your desktop named mbam-setup.exe.
  3. After you double click on the icon, it will install it into your computer.
    When the installation process is started, it will prompt you to choose certain factors, just keep on following the prompts, and it will continue.
  4. Keep the default settings the same as when it is first installed, no need to change anything.
  5. Leave the ‘update Malwarebytes’, ‘AntiMalware’, and ‘Launch Malwarebytes AntiMalware’ checked.
  6. Then click finish.
  7. After the installation is complete, MBAM will automatically be launched on you desktop. It will suggest getting any updates available before starting any scanning, clicking OK, the box will close and it will update itself.
  8. After you click OK, as stated above, the main program will be shown. You’ll see a ‘scanner tab’ with ‘perform quick scan’ option, make sure this tab is selected, and then click on the ‘scan’ to start scanning your PC for the Personal Antivirus, and all its related files.
  9. MBAM will begin to scan your computer for any and all ‘malware’.
  10. This process can take a little while, so you’d be best served to find something else to do while the scanning is taking place, of course be sure you’re checking back on it occasionally.
  11. When MBAM is finished scanning, it will show a message stating that it is done, just click on OK to close the message and continue on with the removal of the Personal Antivirus process.
  12. When you get back to main MBAM panel, click on the ‘show results’ button.
  13. This will bring up a screen that will display any and all of the malware that it discovered. You can now go ahead and click on the ‘remove selected’ button so that MBAM can remove and quarantine all the found viruses and malware.
  14. Most of the time, you’ll need to re-boot you computer for the entire process to be completed.

 
From my experience, the free version of MBAM is not guaranteed to find and clean personal antivirus. I would suggest using the PCTools’ Spyware Doctor for getting rid of Personal Antivirus permanently.

Removing Antivirus 2009-How to Remove Antivirus 2009 Permanently

Antivirus 2009 is a new rogue virus that comes from the same origins as Antivirus 2008. It is advertised and displayed through several misleading websites.

You’ll see fake security warnings saying that you computer has been infected with malicious spyware, and then it will prompt you to click on their warning message to get rid of the spyware and viruses.

Once you click OK, Antivirus 2009 will be installed. It will then tell you that only way to get rid of all the malicious intruders is to buy their software program. All these warning messages can look very official, coming from sites like Google, or from your Internet Explorer or Windows.

These rogue viruses are typically not harmful to your system, but rather they use all sorts of forms of deceptive advertising and trickery to sell as many copies as possible. This means misleading websites that offer free computer virus scans. Once you accept their invitations for a free scan, Antivirus 2009 will be downloaded onto your computer. Of course, it is a fake security scanner, so DO NOT buy it.

There are several places to find some legitimate software programs that will remove Antivirus 2009. You can also try to remove Antivirus 2009 on your own manually which however is not recommended since you can damage your computer operating system.

Automatic removal is the recommended method to remove Antivirus 2009. The most trusted Antivirus 2009 remover is Spyware Doctor from PCTools. You can download the free version and perform a full system scan of your PC. When the Spyware Doctor detects the virus, you can get the full registered version and have it clean Antivirus 2009 and any remnants of it automatically.

A summary of the manual method of removing Antivirus 2009 follows below.

  1. There are three different steps that you need to follow to remove Antivirus 2009. On your keyboard press ’Alt+Ctrl+Delete’
  2. Then click on ‘Task Manager’.
  3. Find these two processes; AVP2009.exe and AntivirusPro2009.exe,
  4. Click ‘End Process’.

 
Continue to search for the malicious file of Antivirus 2009 which are as follows:

  1. C:\Program Files\AntivirusPro2009 –
  2. C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
  3. C:\WINDOWS\system32\AVP2009.cp – C:\Program Files\AVP2009\AVP20091.dat
  4. C:\Program Files\AVP2009\avp2009.dat C:\Program Files\AVP2009\avp2009.cpl
  5. C:\Program Files\AVP2009\AVP2009.exe
  6. C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk
  7. C:\Documents and Settings\Admin\Desktop\AntivirusPro2009.lnk
  8. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009
  9. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk
  10. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk

Click start, then click search. You’ll want to type the above named in there and let your computer find them. When any are found, just delete them.

The next step in how to remove Antivirus 2009 from your computer is as follows.

  1. Click start, then click ‘run’ then type in ‘regedit’ then hit OK.
  2. This opens you registry editor.
  3. Then you want to scroll down until you find these registries to edit.

 
3.1  HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009

3.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

3.3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2009″

3.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus”

3.5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”

3.6 HKEY_CURRENT_USER\Software\AVP2009

3.7 HKEY_CURRENT_USER\Software\AntiVirus

While it is very possible to remove Antivirus 2009 on you own, it is only recommended that you try the manual removal only if you consider yourself an expert.

If you damage the registry it can cause more serious operating problems then Antivirus 2009 ever could.

If you’re inexperienced then buy yourself a software program that will automatically scan, find, and destroy all remnants of Antivirus 2009.

All you’ll do is find a legitimate antivirus software make such as PCTools’ Spyware Doctor, download their program, and run the scan feature. It will find all the files and registries of Antivirus 2009 and remove them automatically, thus ensuring that you don’t do further damage to your computer.

Protect your children on the Internet

Many parents ask how they can protect their children while they surf on the Internet. Recently a mother was worried that her children spend too much time on sites like Orkut, MySpace and Facebook. These concerns were not because of time loss from such activities but mainly because she didn’t know with whom the children were communicating in these social networks and whether the children were giving any personal information to unknown people. After several references on the press about the hazards hidden in the Internet social networks, the mother decided to block some sites on the children computer.

The only problem was that the mother was not aware of parental control software like Net Nanny or Norton Internet Security, which also cost some money. Before you decide to block some addresses (something that the children will be opposed), try a few other things:

First of all, educate your children and tell them about the dangers that exist when they share information with strangers. Family members should discuss the security and confidentiality of data in the web. You can place the computer in an area where you can easily check the screen to get an idea of what your children do and which sites they visit frequently. Furthermore, Orkut is a social network which means that one can easily see what friends your children have and what data is exchanged.

Finally, to block specific sites on your child’s computer with Windows without paying any money, follow the procedure below.

* Start – Run
* Enter notepad c: \ windows \ system32 \ drivers \ etc \ hosts
* Go to last line and add:

127.0.0.1 orkut.com
127.0.0.1 facebook.com
127.0.0.1 myspace.com

* Save the file and quit notepad

You can block any site you want with this technique. If you want later to unblock a certain site, simply remove the appropriate line with the same procedure. You should know however that usually your children are very smart and they will find out about the above technique sooner or later. So maybe a parental control software might be more appropriate.

How to Remove the Conficker – Downadup – Kido Worm

The new worm blast that affects almost all Windows versions listens to the name of Conficker or Downadup or Kido. It is estimated that around 50000 computers per hour are being infected with the Conficker worm all over the world. This worm spreads itself by exploiting the Microsoft vulnerability MS08-067. It is a very clever malware as it tries to break passwords by brute force attacks in order to take administrator access to the infected machines. It uses also network shares to copy itself over to other hosts. The worm code is so complicated that researchers are aggressively digging into it in order to engineer a cure for it. The new version of the worm is Conficker C and as known so far, on April 1st all the infected hosts will be taken under the control of a secret master bot network.

To remove the worm, first you need to patch your windows machine for vulnerability MS08-067. After that, you need a solid antispyware tool. You can download XoftSpySE below for a free scan of your computer for Conficker Worm

free download xoftspyse

Adobe Reader and Acrobat JBIG2 Processing Multiple Vulnerabilities

Description:
Adobe Acrobat is a program designed to create, manage and view Portable Document Format (PDF) and Adobe Reader is designed to only view and print PDF’s. Both Adobe Acrobat and Reader have buffer overflow vulnerabilities while handling JBIG2 streams inside a PDF file. JBIG2 is an image encoding standard for encoding bi-level images. One of the flaws is due to a four byte value which represents the number of values in a table and is used to allocate a buffer. This value is taken from the file without adequate checking and a specially crafted PDF file can be used to overflow the buffer. The other flaw is due to a malformed JBIG2 symbol dictionary segment contained in a malicious PDF file. There are still some other unspecified errors in the processing of this JBIG2 streams. Potential vectors of attack are sending the malicious PDF document as an email attachment, or enticing the victim to visit the website that has malicious document – which can be achieved via iframes, or placing the document on a file share. In either case the attacker has to convince the victim to open the files. Successful exploitation can lead to code execution. Some technical details are publicly available.

Affected:Adobe Acrobat Standard 8.1.3 and prior
Adobe Acrobat Standard 7.0.8 and prior
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1 and prior
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader (UNIX) 7.0.1 and prior
Adobe Acrobat Reader 8.1.3 and prior
Adobe Acrobat Reader 7.0.9 and prior
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1 and prior
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.3 and prior
Adobe Acrobat Professional 7.0.9 and prior
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1 and prior
Adobe Acrobat Professional 7.1
Adobe Acrobat 7.0.3 and prior

Microsoft Buffer Overflow Vulnerability on Graphical Device Interface GDIPlus EMF

There is a Critical Microsoft vulnerability discovered these days affecting almost all windows versions:

Description:

Graphics Device Interface (GDI) is an application programming interface by Microsoft Windows. It’s a core operating system component responsible for representing graphical objects. Microsoft Windows GDI has integer overflow vulnerability in gdiplus.dll while processing Enhanced Metafile (EMF) files. Possible vectors to exploit the flaw are: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF image file attachment and convincing the user to view it or (c) embedding the malicious image file in an Office document and convincing the user to open it. Successful exploitation might lead to code execution or denial-of-service. Technical details about the vulnerability are publicly available.

Affected versions:

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft Office XP SP2 and prior

Virus Evolution History Part 2 – Melissa and other executable worms

The powerful file interpreter scripts included in Microsoft Office gave to the virus creators an opportunity to be armed with the characteristics of worms. An example of this was Melissa worm, a Word macro virus with the characteristics of a worm, which infected documents created with the 97 and 2000 versions of Word. This worm automatically sends itself as an attachment in an email, in the first 50 contacts to be found in the address book in Outlook, on the infected computer. This technique, which unfortunately has become very popular today, was first used in this virus which in 1999 caused one of the biggest epidemics in computer history, within a few days. In fact, large companies like Microsoft, Intel and Lucent Technologies had to block their connections to the Internet due to the action of Melissa.

The technique applied for the first time in the Melissa virus was developed subsequently by viruses like VBS / Freelink who, on the contrary to its predecessor, sent itself to all contacts recorded in the address book of an infected PC. This was the beginning of a new generation of worms, that were able to send themselves to all the contacts found in the address book in Outlook of the infected computer. From all those worms, the one that really stands out is the VBS / LoveLetter, widely known as I love You Virus, which first appeared in May 2000 and caused an epidemic with losses estimated at 10,000 million euros. To attract the attention of users and to contribute to its spread, this worm sent itself via an e-mail message with ILOVEYOU title and an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. When the user opens the attachment, the computer was infected.

Besides Melissa, in 1999 another type of virus appeared, which was also a milestone in the history of viruses. In November of that year the VBS / BubbleBoy virus (written in VB Script) was created: a new type of worm which spread over the Internet, without the user clicking on an attachment. To automatically run itself when the user opened or displayed a message, the virus took advantage of a security problem in Internet Explorer 5. Successor of this worm in 2000 was the JS / Kak.Worm, which spread by exploiting the automatic signature of Microsoft Outlook Express, which enabled it to infect computers without requiring the execution of a file from the user. These were the first samples of a series of worms that were subsequently enriched with new members – worms that could attack computers while users were browsing the Internet.

Virus Evolution History – Part 1

In this article we will examine how the growth of Windows and Visual Basic affected the evolution of computer viruses, since along with the development of those two technologies we had the appearance of global virus epidemics, like the virus Melissa in 1999.

While Windows were evolving as an application designed to facilitate the management of the DOS in a 32-bit operating system, the virus developers returned to using assembly as the main programming language to create viruses. Versions 5 and 6 of Visual Basic (VB) were, together with the Borland Delphi (Pascal language environments for Windows), the preferred development tool for creators of worms and Trojan horses. Then Visual C came into play, which offered a powerful application programming language for Windows. Quickly C was adopted by the creators of viruses, Trojan horses and worms. Viruses based on the Visual C language acquired unprecedented power, supplanting all other types of viruses. Although the characteristics of worms have changed with time, all have the same goal: to spread to as many computers in the shortest possible time.

Over time, Visual Basic became extremely popular and Microsoft implemented it as part of the functionality of a separate tool: an “interpreter” capable of executing script files that contained code with similar syntax.
Simultaneously, with the establishment of the 32-bit Windows platform, the first script file viruses were born: These were hostile software hidden inside a plain text file. Script file viruses showed that the executable files (files with extensions. EXE and. COM) were not the only ones that could carry viruses. As we have already seen with BAT files for viruses, there are other means of spreading a virus, fully justifying the assumption that everything that can be executed either directly or through an interpreter, may contain a hostile software. Specifically, the first viruses that could infect the macros contained in the applications of Microsoft Office came into the scene. As a result, Word, Excel, Access and PowerPoint have become vehicles for the spread of lethal weapons, which destroy data even when users simply open a document.

Which are the biggest companies in the Antivirus arena

Everyone in the United States has heard of the leading antivirus vendors such as Mcafee, Trend Micro, Symantec, Computer Associates etc. These companies have market-leading presence in the United States.

Microsoft, as well, has plans to become a key player in this market. Microsoft acquired intellectual property and technology from GeCad software in 2003, a company based in Bucharest, Romania. They also acquired Pelican Software, which had a behavior based security as well as Giant Company Software for spyware and Sybari Software, which manages virus, spam, and phishing filtering.

A lot of discussion has centered on whether Microsoft will come to own a dominant position in the antivirus market by simply bundling its technologies with its operating systems at no charge. This is a similar technique applied in other markets such as word processing and Internet browsers. This started to happen in Windows Vista edition with the built-in windows defender to some extend.

Of course there are a number of other antivirus vendors who also play in this market. There are many companies with great market presence in other countries that are beginning to become more widely known. These vendors include:

  • GriSoft out of the Czech Republic
  • Sophos in the united Kingdom
  • Panda Software out of Spain
  • Kaspersky in Russia
  • SoftWin in Romania
  • F-Secure in Finland
  • Norman in Norway
  • Arcabit in Poland
  • VirusBuster out of Hungary, and
  • AhnLab in South Korea.

It is not clear where the industry is heading and everyone in this market faces a rapidly changing landscape. The amount of effort to find and provide fixes for viruses is staggering. Malicious programs are getting more complex and the number of them is increasing. Many companies may find themselves without the resources to match the efforts of those truly bent on creating havoc. Some virus companies are getting of hundreds of new samples a day! Moreover, the new viruses are getting “smarter” in that they propagate themselves quickly and they often hide themselves and are smart enough to move around in a system by renaming themselves in an effort to make it hard to remove them.

Computer Password Best Practices

Passwords provide the first line of defence in computer systems and must be considered one of the top elements to protect and secure. They offer the main access control mechanism in computers and with some good security practices can provide a big obstacle to intruders.

Following are some best security practices for using on your computer passwords:

  • Use at least 8 characters.
  • Use both alphabetic and numeric characters together with special letters (such as !@%$ etc).
  • Don’t use consecutive letters (e.g abcd123 is not a strong password).
  • Use PassPub.com for generating a random strong password.
  • Try to use a phrase as a password instead of just a word.
  • Don’t use passwords that can be found in dictionaries, or passwords that are dates or names of people.
  • Change your password at least once a month.
  • Don’t use the same password in two different accounts.
  • Don’t use the “Remember Password” feature found in various accounts.
  • Don’t send your password anywhere in clear text format (e.g in an email).

If you follow the above best practices you can be sure that you are in the right path to provide a strong access control for your computer system.