Tofixmypc's Blog

Simple and easy ways to keep your computer safe and secure on the Internet

It is a fact; the Internet is just not a safe place to connect your computer to. There are worms constantly scanning for vulnerable computers to infect, trojans disguised as helpful programs but actually install malicious ones, spyware that reports your activities back to their makers, and hijackers that take control of your web browser and browsing experience. For those people who have been the victim of one of these mentioned infections, removing them and getting your computer back in your control can be a daunting and frustrating experience. The purpose of this article is to teach you how to setup your computer in such a way that you minimize as much as possible the risks of contracting one of these infections. Each step is very easy to do and regardless of your computer experience you will have no trouble following along. It is also important to note that there is not one step listed below that is more important than the other. They are all equally important to keeping your computer safe and secure.

1. Educate yourself and be smart about where you visit and what you click on – Understanding how you can get infected and what to avoid when using the Internet will be the most important step in keeping your computer clean and secure. The majority of people who have infections on their machines were infected due to lack of knowledge and clicking on things that they should not. I will provide a list of actions under this step that you should not do:

1. Do not open attachments from users that you do not know. This is one of the most effective ways for viruses to infect you. If you do not know the user, then simply do not open the email and delete it.

2. Never open an attachment that is a .exe, .pif, .com, or .bat unless you specifically know the file is clean. The majority of these are always bad!

3. If you visit a site and a popup appears saying that your computer is unsafe, ignore it! These are gimicks that are used to make you click on the ad which then can potentially install unwanted malware. For an example of how these types of foistware can be installed on your computer, you should read this article: Foistware, And how to avoid it.

An excellent list that contains a list of antispyware apps that should be avoided and a list of ones that are recommended can be found here: Rogue/Suspect Anti-Spyware Products & Web Sites

4. When a you go to a site and a popup occurs, many times they will make them look like a normal Windows message box in order to trick you into clicking on them. Instead just close them by clicking on the X.

5. Do not visit porn sites! I know some of you may not be happy about this, but the reality is that the majority of spyware and browser
hijackers are put on your computer through porn sites.

6. Do not visit warez sites! Not only is pirated software illegal, but it is a breeding ground for malware.

7. Do not visit crack sites! Many of the cracks include malware in them!

8. If you use P2P software, make sure you are careful about what you open. Malware is all over the P2P networks.

9. Read the license agreement for any software that you install. Many free downloads are offered with spyware and other programs that you DO NOT want on your computer. Reading the agreement may help you to spot them.

2. Use an AntiVirus Software – It is very important that your computer has an antivirus software running on your machine. By having an antivirus program running, files and emails will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the antivirus program will stop you from being able to run that program and therefore infect yourself.

See this link for a listing of some online/stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

3. Update your AntiVirus Software – There is no point running an antivirus program if you do not make sure it has all the latest updates available to it. If you do not update the software, it will not know about any new viruses, trojans, worms, etc that have been released into the wild since you installed the program. Then if a new infection appears in your computer, the antivirus program will not know that it is bad, and not alert you when you run it and become infected. Therefore it is imperative that you update your Antivirus software at least once a week (Even more if you wish) so that you are protected from all the latest threats.

4. Install an Anti-Spyware Program – Just as you installed and use an antivirus program, it is essential these days to use a Spyware protection and removal program. These programs can be used to scan your computer for spyware, dialers, browser hijackers, and other programs that are malicious in nature. The 4 program that we recommend are AVG Anti-Spyware, Spybot – Search and Destroy, and Ad-Aware, and Windows Defender.

A tutorial on using some of these programs can be found below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Using Spybot – Search & Destroy to remove Spyware , Malware, and Hijackers

5. Commercial Spyware Removal/Protection Programs – If you feel more comfortable installing a commercial Spyware removal program then we recommend WebRoot’s Spysweeper or Lavasoft’s Ad-Aware Professional. Both are excellent products and a worthy addition to the arsenal of software protecting your computer.

Spysweeper Product Information

6. Occasionally Run Online Virus Scans – Unfortunately not all antivirus programs are created equal. Each program may find infections that other antivirus programs do not and vice-versa. It is therefore recommended that you occasionally run some free online antivirus scanners to make sure that you are not infected with items that your particular antivirus program does not know how to find. Two online scanners that we recommend are:

Kaspersky Web scanner
Trend Micro Housecall

Every once in a while, maybe once every 2 weeks, run one or both of these scanners to see if they find anything that may have been missed by your locally installed antivirus software.

7. Visit Microsoft’s Windows Update Site Frequently – If you are a Windows users you must visit http://www.windowsupdate.com regularly. This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. It will then provide a list of items that it can download and install for you. When visiting the site, if it asks if you would like to install the Windows Update software, allow it to do so and it should only ask you to do this once. When the site is loaded you should then allow it to check for new updates and download any that it finds. If it has you reboot your computer, reboot and when your back at the desktop visit the site again and check for new updates. Repeat this process until there are zero critical updates available. This will ensure your computer has all of the latest security updates available installed on your computer and is secure from any known security holes.

8. Visit the Apple Security Updates Site Frequently – If you are an Apple user then you frequently check the Apple Security Site for any new updates and download them if they are available. Information on finding and downloading the latest updates can be found at the Apple security site that we linked to earlier in this step.

9. Use a Firewall – I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. You may say “Why do I need a firewall?” I have all the latest updates for my programs and operating system, so nobody should be able to hack into my computer”. Unfortunately that reasoning is not valid. Many times hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall the majority of these security holes will not be accessible as the firewall will block the attempt.

For a tutorial on Firewall’s and a listing of some available ones see the link below: Understanding and Using Firewall’s

10.

Install SpywareBlaster – Many known malicious programs are ActiveX programs that integrate into Internet Explorer. If you use Internet Explorer, then we recommend that you download and install SpywareBlaster. This program will load a huge list of known malicious programs into your computer’s configuration and make it so that you can not run these programs on your computer and therefore become infected.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

11.

Update your security programs regularly – As always if you do not update your programs, your programs will not be able to find the newest infections that may be racing around the Internet. It is therefore important that you upgrade the software and spyware/virus definitions for a particular program so that they are running the most effectively.

12. Switch to another browser, like Firefox, or make your Internet Explorer more secure – The latest version of Internet Explorer 7 is now shipped with much more secure settings. On the other hand, if you use Internet Explorer 6 there are settings that need to be changed. With that said you have two choices; either make Internet Explorer 6 more secure or switch to another browser like Mozilla Firefox. It’s an excellent browser and is secure right after installing it. You can find more info on switching from Internet Explorer to Firefox here

Switching from Internet Explorer to Firefox

If you decide you would rather continue to use Internet Explorer, then follow these steps to make it more secure:
1. From within Internet Explorer click on the tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
1. Change the Download signed ActiveX controls to Prompt
2. Change the Download unsigned ActiveX controls to Disable
3. Change the Initialize and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

By following all these steps you are sure to keep your computer at minimal risk to future infections or hack attempts. This is unfortunately not a fool proof method of securing your computer as new risks are released almost every day, but your susceptibility to these attacks will be diminished greatly.

–

Posted in Computer Tips

Green AV is a rogue anti-spyware program from the same family as Anti-virus-1. This program is classified as a rogue because it uses deceptive promotion techniques and exaggerated scan results as a method to make you think you are infected. Green AV is promoted through the use of fake online anti-malware scanners, that when finished, will state that your computer is infected and that you should download and install Green AV in order to protect it. It is important to know that the online scanner is just an advertisement and has no way of knowing what is running on your computer.

Once download, Green AV will be configured to start automatically when you login to Windows. Once running it will scan your computer and then list a variety of infections that it will not remove until you purchase the program. These infections, though, are not real and do not exist on your computer. Green AV is only showing them to try and trick you into thinking that there is some sort of infection on your computer.

 

 

Green AV screen shot
For more screen shots of this infection click on the image above.
There are a total of 11 images you can view.

 

 

When Green AV is installed you will also find your computer filled with various warnings and alerts stating that your computer is infected in some manner. This program will hijack both Internet Explorer and Firefox to randomly display warnings when browsing the web that state your computer is infected and that you should purchase Green AV to protect yourself. The warning in Firefox is “This web site you are visiting has been reported as an attack site and has been blocked based on your security preferences.” and the warning in Internet Explorer is “Your system might be at risk, click here to protect your system with Green AV.”. Green AV will also redirect search results for anything related to Green AV to show custom search results rather than the legitimate one. Last but not least, you will also see constant alerts from the Windows taskbar that state that there is some sort of malicious activity occurring on your computer. These alerts, like web browser hijacks are just another attempt to make you think you are infected and should be ignored.

As you can see, Green AV was created to trick you into purchasing the program by making you think that there is a security risk on your computer. In reality, the security risk is Green AV and the malware that was bundled with it. To remove these programs, please use the guide below.

 

Threat Classification:

• Information on Rogue Programs & Scareware

 

Advanced information:

View Green AV files.
View Green AV Registry Information.

 

Tools Needed for this fix:

• Malwarebytes’ Anti-Malware

 

Symptoms that may be in a HijackThis Log:

O1 – Hosts: 69.10.51.38 a1.review.zdnet.com
O1 – Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 – Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 – Hosts: 69.10.51.38 reviews.download.com
O1 – Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 – Hosts: 69.10.51.38 reviews.pcmag.com
O1 – Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 – Hosts: 69.10.51.38 reviews.techradar.com
O1 – Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 – Hosts: 69.10.51.38 www.reevoo.com
O1 – Hosts: 69.10.51.38 toptenreviews.com
O2 – BHO: WStechB – {A5DBD8CB-DF8A-4992-A655-B155216F6AFB} – C:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
O4 – HKLM\..\Run: [37465982736455] C:\Documents and Settings\All Users\Application Data\gwr\mradll.exe
O4 – HKLM\..\Run: [03874569874596] C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe

 

Guide Updates:

09/19/09 – Initial guide creation.

 

---

Automated Removal Instructions for Green AV using Malwarebytes’ Anti-Malware:

 

1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:Malwarebytes’ Anti-Malware Download Link
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and  Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
   
7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Green AV related files.
8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
   
9. When the scan is finished a message box will appear as shown in the image below.
   

   You should click on the OK button to close the message box and continue with the GreenAV removal process.

10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
11. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
    

    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
13. You can now exit the MBAM program.

Your computer should now be free of the GreenAV program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

 

---

 

Associated Green AV Files:

Please note some of these entries may be random:

c:\Documents and Settings\All Users\Application Data\gwr\
c:\Documents and Settings\All Users\Application Data\gwr\mwrdll.exe
c:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
c:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat
c:\Documents and Settings\All Users\Application Data\gwr\wsav.exe
c:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
c:\Documents and Settings\All Users\Application Data\gwr\wtds05.exe
c:\Documents and Settings\All Users\Desktop\ Green AV .lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV\ Green AV .lnk

 

Associated Green AV Windows Registry Information:

Please note some of these entries may be random:

HKEY_CURRENT_USER\Software\GAV
HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\GAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Shares
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} “NoExplorer”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “03874569874596″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “37465982736455″

 

---

 

Posted in Virus, Spyware Removal Guide
Tags: computer repair, desktop repair, easytech, geeksquad, laptop repair, malware, online repair, spyware, trojan, virus

SecurityFighter is a scareware program that attempts to trick you into purchasing the software by making you think you are infected. SecurityFighter is installed along with Trojans that display fake security alerts on your computer. When the program is installed it will be configured to start automatically when your computer boots up. The installer will also create numerous files with random names that are used to impersonate malware files. When SecurityFighter scans your computer it will detects these files as malware but will not allow you to remove them until you purchase the program. The files that were created, and then detected during the scan, are completely harmless and cannot do anything bad to your computer. They are just being created to try to substantiate SecurityFighter’s claims that there is active malware on your computer.

 

 

SecurityFighter screen shot
For more screen shots of this infection click on the image above.
There are a total of 6 images you can view.

 

 

While the Trojan is running you will be constantly shown security notices on your desktop. These notices will state that there is some type of security risk on your computer and then prompt you to purchase SecurityFighter. The Trojan will also display a window that impersonates the legitimate Windows Security Center. The only difference between the legitimate one and the imposter, is that the Trojan widow will suggest that you purchase SecurityFighter to protect your computer. Just like the fake malware files and results, these security notices are just another trick being used to deceive you into thinking that you have a malware problem.

As you can see, SecurityFighter was designed to scam you out of your money by making you think you are infected. If you have already purchased SecurityFighter, then we suggest that you contact your credit card company and dispute the charges. Regardless of whether or not it is purchased, if you find SecurityFighter on your computer, then please use the following guide to remove it and any related malware from your computer.

 

Threat Classification:

• Information on Rogue Programs & Scareware

 

Advanced information:

View SecurityFighter files.
View SecurityFighter Registry Information.

 

Entries for this program found in the Add or Remove Programs control panel:

SecurityFighter

 

Tools Needed for this fix:

• Malwarebytes’ Anti-Malware

 

Symptoms that may be in a HijackThis Log:

O4 – HKCU\..\Run: [bpjoham5.exe] C:\WINDOWS\system32\bpjoham5.exe
O4 – HKCU\..\Run: [SecurityFighter] C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighter.exe -min
O23 – Service: SecurityFighter Security Service (SecurityFighterSvc) – Unknown owner – C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighterSvc.exe (file missing)

Posted in Virus, Spyware Removal Guide
Tags: computer repair, desktop repair, easytech, geeksquad, laptop repair, malware, online repair, spyware, trojan, virus

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Posted in Virus, Spyware Removal Guide