Category Archives: Virus / Spyware / Malware

How to remove virus’s, spyware, and malware.

Computers Virus / Spyware / Malware

How to get rid of the Vundo (Virtumonde) trojan?

April 26, 2011 – 10:12 am

Q.

Hi, recently my computer started acting weird. Some of the icons on my desktop were different (white paper icons?) when I tried to click the programs they wouldn’t work. I did a scan with (norton antivirus) but got nothing. I still suspected something here, so the only thing I could think of was a system restore. Although my icons came back, many of my originally installed programs (hp media programs) were there but could not work when I clicked them! I had to reinstall programs like mixcraft, because it was corrupt. I searched to find what was it that was making the software impossible to run, and the only thing that I have found for now is the Vundo Trojan, and so far nothing is working for me… I tried FixVundo.exe, I’m not sure how to manually delete it from the registry (I’m not really sure how to get rid of it at all), but so far nothing works, and I’m a complete nooby, and worried my new laptop will just crash on me. I have an hp envy 14, windows 7, and I’m in dire need to get rid of this dreaded pest! Thank you!

A.

Ahh, Vundo (or, Virtumonde)… It’s been around for a long time, in a variety of “mutations”, but the song remains the same. Vundo is a pain to remove, but it is possible.

First, you’ll need to download a few things.

If you have any networked computers (other PC’s connected together), you’ll need to run through this list on all of them – this spyware/virus can infect shared folders on networks.

You already have a Vundo remover, but just to make sure it’s the correct one, download it here.

Download this one as well.

Download CCleaner.

Download SuperAntiSpyware (cheesy name, I know, but it works).

Finally, download SpyBot Search and Destroy.

Now for the fun part. As an Administrator (not a limited user), install ALL these programs, then update them. Get a cup of coffee, it’s going to take a while. When you install them, right-click on each file and select “run as administrator”. This should make the programs available to each user on the PC. And yes, you have to run the programs under each user.

Now that the installs and updating are done, go in to your Control Panel and disable System Restore. This needs to be done as Vundo / Virtumonde often hides in the System Restore directory, which can’t be effectively scanned by virus and spyware scanners.

Next, restart the computer in safemode / without networking. While the computer is rebooting, keep tapping the F8 key, you’ll get a menu. Safe mode, without networking. Once Windows starts, log in as the same user you installed all the software as.

First, run CCleaner, checking in every checkbox except Wipe Free Space. This will take some time as CCleaner removes all the temporary files from the computer (removes some of the virus, and makes further scanning faster).

Next, run both the Vundo removers.

After that, run SpyBot, then SuperAntiSpyware. Both will take some time to run.

After they are done running, log out, and log in as any other users and re-run Spybot and SuperAntiSpyware.

You’ll need to do this on any other computers that are connected to this one (laptops included). All PC’s on the same network could possibly be infected.

After all is said and done, Vundo should be completely gone. Make sure to turn System Restore back on, and you can remove the installed programs if you wish.

In the future, make sure you have a good AnitVirus / AntiSpyware program running, because whatever you have now either dosn’t work, or is in need of updating. AVG Internet Security does a good job of stopping these kinds of threats, and isn’t horribly expensive.

Last but not least, don’t click on anything, EVER, that says “click here to scan your PC” or “click here to make your PC faster” if it comes up in a web browser – your web browser will never tell you that your computer is “infected” and offer to fix it – hence, a Trojan.

Happy hunting!

Share This Solution With Others:
  • Print
  • email
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Technorati
  • Yahoo! Buzz
  • Diigo
  • LinkedIn
  • Google Bookmarks
  • Mixx
  • Reddit
Tags , , , , , , , , , , , | Comment (1)
Computers Internet Virus / Spyware / Malware

Windows 98 PC quit working, Missing Operating System

April 21, 2011 – 1:38 pm

Q.

A friend of mine has an old Windows 98 PC, and for the most part it has worked good, played movies and videos, etc.. Today I turned it on, and it says “Missing Operating System”. I’ve never seen this before, and it has worked fine for a while now, even last night they were using it, but now I’ve tried 3 times and it just says “Missing Operating System”. Is there any way I can manually boot this up? What is going on?

A.

There are a few possibilities, but the most likely problems are either a hard drive that has gone bad, a hard drive cable that has come loose, a BIOS that has lost it’s settings, or the OS got wiped out somehow (either by user error or a virus).

The first thing to check is the BIOS. You need to make sure the hard drive is set up correctly. A Windows 98 PC would likely have an “auto-detect” featurein the BIOS to set up the drive.

If that’s not the case, check the cable going to the drive – open the case (usually a few screws) and look for a long, wide grey or black cable (it will have about 40 wires bundled together, about 2” wide) and make sure it’s securely plugged into the hard drive and the motherboard.

If that doesn’t solve the problem, chances are (being a 13 year old hard drive) the hard drive has failed. Not much you can do but replace it (Newegg.com still sells IDE hard drives for cheap), and reinstall the OS.

Share This Solution With Others:
  • Print
  • email
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Technorati
  • Yahoo! Buzz
  • Diigo
  • LinkedIn
  • Google Bookmarks
  • Mixx
  • Reddit
Tags , , , , , | Comment (0)
Computers Internet Virus / Spyware / Malware

Why is my computer background blue again?

March 26, 2011 – 3:31 pm

Q.

About a month ago, I went on newgrounds.com and after a few minutes my computer said it had viruses and then my desktop wallpaper turned blue. In big red letters it said “WARNING”, and some other stuff about how everything I do is saved in my hard drive and can be looked at by forensics and my family and can ruin my life. I found out it was just a scare tactic from a spyware company, but it was still pretty scary. Anyway, my screen went back to normal within a few hours. My friend who told me about newgrounds said it shouldn’t have any viruses because every time she goes on it, nothing happens. So here I am a month later, in the same situation. Should I do something about this or should I wait like last time? Is this more serious than I think? I don’t want to buy anything, especially if I don’t need it. Has this happened to anyone else, and if so, what did you do about it?

A.

First off, if the same thing keeps happening, you need a better Antivirus / Antispyware software, whatever you have is obviously not working well. The problem is, the PC is already infected – realistically (and unfortunately), your safest option is to back up your data (pictures, music, documents, etc..), and reinstall the operating system.

Virus’s and spyware can be thought of like nails in a tire. When you get one, you don’t go back down the road trying to find where it came from, you just get it fixed. When you run over 50 nails, you don’t try to patch the tire, you replace it. Then, you stop going down that road. Virus’s and spyware in Windows is the same deal – sometimes it’s impossible to fix a badly infected OS, it just needs to be wiped out and reinstalled.

Update: Newgrounds.com seems to be an autoblog of sorts, just pulling information about games and reposting it. I doubt the site itself is the problem, more likely some of the games it links to are coming bundled with some type of spyware. Rule #1 – Nothing In Life Is Free, ESPECIALLY ON THE INTERNET – you’ll pay for it one way or another, in this instance, by having your computer infected…..

Share This Solution With Others:
  • Print
  • email
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Technorati
  • Yahoo! Buzz
  • Diigo
  • LinkedIn
  • Google Bookmarks
  • Mixx
  • Reddit
Tags , , , , , , , , , , | Comment (0)
Computers Internet Reviews Virus / Spyware / Malware

Review: MyCleanPC.com / DoubleMySpeed.com / MaxMySpeed.com Virus and Spyware Removal

December 31, 2010 – 11:24 pm

If any of you watch TV on a regular basis, you’ve no doubt seen the commercials for MyCleanPC.com, DoubleMySpeed.com, and MaxMySpeed.com, all three of which are owned by CyberDefender.

With claims such as – “Quickly clean your system and increase speed”, “Get rid of infected emails, pop-ups and spam”, “Remove dangerous spyware and viruses”, “Prevent annoying screen freezes, crashes and errors”, “Quickly clean your computer and restore peak performance”, “Speed up your operating system with our easy one-click PC repair”, “Avoid expensive upgrades and make your computer run like new” – they almost sound too good to be true. And we all know what they say about things that seem too good to be true……

First of all, any company that feels the need to masquarade themselves as something else makes me a little nervous. If CyberDefender were a stand-up product that works the way it is supposed to, they probably wouldn’t need to market themselves as something or someone else. Hmmmm…..

Second, after MANY years of repairing PC’s infected with spyware and virus’s as well as other (usually hardware related) problems, I can tell you one thing with a fair amount of certainty – no single software is perfect at fixing a PC. Ever.

With those points in mind, I’m going to delve deeper into the CyberDefender software, as well as their terms of service, and see what the real deal is. Come along for the ride with me, won’t you?

To test the software, I decided to start with a fresh installation of Windows XP. I’m using a retail version of XP Home, running in VirtualBox on my Linux PC. The reason for running it in VirtualBox is to limit the required installation to the “bare essentials” – no esoteric hardware drivers, no pre-installed software, just Windows XP Home, straight off the original CD. I wonder what CyberDefender will have to say? Let’s see:

The install went smoothly, as can be seen below:

cyberdefender_install

Opps…here comes my first concern. It’s not unusual these days for software to try to install a toolbar during install, but it’s a practice I personally detest. Companies know that most people just keep clicking in order to get to the end of the install, never reading what they’re clicking. I, for one, don’t feel the need for toolbars to be installed in my browser. Toolbars might be useful in some instances, but by and large, they’re a nuisance, they consume resources, and they’re just one more point of failure for the browser. No thanks. Note that there is nothing stated here about CyberDefender installing it’s own toolbar – remember that for later…

cyberdefender_toolbar_install

After the installation is complete, you are presented with this image. Note #4 – by itself it seems harmless, but there is a psychological component at work. Think about – the software is already setting you up to expect that you will need to activate the software if it finds problems. Hmmm…..

cyberdefender_install_done

Now for the really fun part – the initial scan. Now, keep in mind, this is a fresh install of XP. The end all is, it took hours to get even part way through the scanning process. I have no proof, but I’m willing to concede that this is due to XP being installed as a virtual machine. Odds are, the scan would have completed much faster if the Windows install was like any other. My concern is the way the scan presents itself. It’s another psychological manipulation (not a lie so much as a misdirection).

The numbers, shown in red, give the impression that there is a problem, even though it’s not implicitly stated (and if you read a little closer, it’s “Now Scanning”). To the less knowledgeable, it would indicate a problem. Now look for the green button. Most humans perceive green as being “good”, while viewing red as being “bad”. See whats going on?

View the “psychological manipulation” at work:

cyberdefender_scanning

So far, just on principle, I hate this product. I have no proof that it doesn’t work, but my gut tells me that if the makers of the software are employing these types of tactics, I shouldn’t trust them. A good product should be able to stand on it’s own merit, not trick you into thinking you need it. Moving on.

After a reboot, I decided to take a look at the memory usage, just to compare it to other “Internet Security” packages I’ve tested in the past. Nothing out of the ordinary here, the CyberDefender software consumes about 50 MB of RAM on startup, and during the testing peaked at about 80 MB. All things considered, not bad.

cyberdefender_memory_use_startup

Well, my testing is done, so it’s time to uninstall. Here’s where things start getting interesting again. The first thing I notice in the Add/Remove Programs Control Panel in Windows is that there is not only the CyberDefender software, but that it also installed a Browser Toolbar called “Link Patrol”. Not once during the install did it ask me about installing anything other than the Bing Toolbar.

This “extra” toolbar doesn’t uninstall unless you specifically uninstall it. More about that later. I started by uninstalling just the main software. The picture below is what I was presented with:

cyberdefender_uninstall

First, and again, notice the green. Free is good, right? Wrong. The software is trying to get you to involve yourself in TrialPay, a commissioning service for other software. Essentially, you would get the CyberDefender software for “free” by signing up for “trials” of other software (which, of course, require a valid credit card). This is classic “Triangle Scheme” logic at work. Now I know I hate this software.

After avoiding this little scheme like the plague, the uninstall is “complete”, save for the Link Patrol toolbar. Wondering exactly what this toolbar does, I reboot XP, and decide to open Internet Explorer. Keeping in mind this is a brand new install of XP, lets take a look at what I get:

cyberdefender_IE_frozen_after_reboot

Wow. Internet Explorer has become unresponsive. I bet if I call CyberDefender’s “tech support”, I’ll hear how it must be a virus or spyware causing havoc with the uninstall due to sun spots and the price of tea in China, and that reinstalling (and paying for) the CyberDefender software will solve the problem.

Being technically savvy as I am, I went back to the Add/Remove Programs Control Panel and removed the toolbar, rebooted XP, and viola – IE was working fine again. Go figure. After everything was uninstalled, I took a deeper look to see what CyberDefender had left behind after being completely uninstalled. Using HiJackThis by TrendMicro, this is what I discovered:

cyberdefender_hijackthis_services_and_bho_leftovers

And what do my eyes detect – a missing BHO (most likely the Link Patrol toolbar) entry left in the registry, and not one, not two, but three services still running from the CyberDefender software. Generally, uninstalling means “to uninstall or remove”. The fact that there are leftover services is of some concern. They could be anything. Thanks to HiJackThis, I was able to remove them easily.

In short, I wouldn’t recommend this software, or the MyCleanPC.com or DoubleMySpeed.com services.  While not a “scam”, they definetly employ tactics that I don’t approve of.

If you’re looking for a decent software that has been proven effective and doesn’t cost an arm and a leg, check out AVG Internet Security. It’s highly reviewed by tons of other sites, it’s standard issue at a lot of colleges, and proven effective at removing virus’s and spyware. Also, oddly enough, AVG doesn’t have to resort to craptastic TV advertising with vague claims and ambiguous terminology. Go figure… I’ve used it for repairing PC’s for years – even the free edition works better than many of the pay-for Internet Security programs that are available.

Trend Micro is another company that offers a free scanning service called Trend Micro House Call (click the link and look on the right of the landing page). It does a pretty good job of removing common spyware and virus’s and costs nothing.

Always remember though, the best defense against malware on your PC is common sense. Remember the basic rules of the internet – Nothing is truly free, If it sounds to good to be true – it is, and, If it ain’t broke – don’t fix it.

Share This Solution With Others:
  • Print
  • email
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Technorati
  • Yahoo! Buzz
  • Diigo
  • LinkedIn
  • Google Bookmarks
  • Mixx
  • Reddit
Tags , , , , , , , , , , , , , | Comment (1)
Computers Internet Networking Virus / Spyware / Malware

Which is the best Antivirus Software for a PC?

December 21, 2010 – 9:29 pm

Q.
I have a few PC’s at home and a bunch at work, and I (and my boss) can’t decide which antivirus is the best. Some of the PC’s are Windows XP, some are Vista, and a few are new Windows 7 PC’s. They also need antispyware software. Which is the best for stopping virus’s and spyware?


AVG Internet Security - Tough on threats.

A.
This is a question that we get a lot. And it’s complicated – the mix of home and business use, different operating systems, and the need for multiple installations presents a challenge. We like challenges :)

First, you have to understand, from a technicians point of view, spyware, virus’s, crapware, malware – all the same. It’s all software designed to either rip you off or use your computer to rip someone else off, all the while slowing down the PC, killing your internet speed, and causing pop-ups and other annoyances.

Finding an Internet Security Suite that works, but doesn’t slow the PC down horribly bad is a balancing act – more protection requires more processing. The best antivirus / antispyware software is that which is designed to protect the computer without using to many resources.

Asking which is the best is like asking which doctor is the best to rid you of an exotic disease. The answer is the one with the most (specific) experience. This translates to an Internet Security Suite that updates often. Unfortunately, this means more use of resources. Always a trade off.

By far, the most useful Internet Security Suite I’ve ever come across is AVG Internet Security ( Single PC / Multiple PC’s ). It has a VERY high rate of detection (though none is perfect) and protection, as well as a reasonable price, especially in a volume license setting (multiple computers), and works on Windows XP, Vista, and Windows 7. We’ve used it for a few years with great results. It’s also nice that AVG has a money-back guarantee for 30 days – if it doesn’t work, just return it, it’s that simple.

An important note –

Many times (most actually), someone will decide to purchase a new Internet Security Suite AFTER a PC is infected. The thinking is that it will somehow fix the pre-existing problems. The sad fact is, it rarely works that way. It’s like trying to put a patch in a tire after it’s been completely blown out – it just doesn’t work that way. In order for an antivirus or antispyware suite to be effective, it has to be installed on a “clean” computer. This may require bringing the PC to a qualified repair shop to either rid the PC of the virus’s (using another “clean” computer), or to backup the important information and reinstall Windows.

Another important note – most people believe in the logic of “if one is good, two must be better” when it comes to antivirus software. Not so. If anything will slow down a PC, it’s running multiple Internet Security softwares. They will constantly compete with each other, causing the PC to slow to a crawl. Only install one Internet Security Suite, period.

The best protection however, is the user. Certain rules should ALWAYS be followed when it comes to internet use. Rule #1 – nothing in life is free – especially on the internet. “Free” screen savers, security programs, downloaders, games, etc.. are almost always bundled with spyware or virus’s. Rule # 2 – if it ain’t broke, don’t fix it. Lots of times, a crappy website will pop up telling you your computer is infected, or your computer is “slow” and can be fixed by installing something. NO SECURITY SOFTWARE WILL EVER ALERT YOU OF PROBLEMS IN A BROWSER WINDOW! It’s a trick. Rule # 3 – if it seems too good to be true, it is. Clicking on an ad that tells you you’re a “winner” of some prize is almost sure to cause problems. Simple rules, but they’ll save you from hours of headaches later.

Share This Solution With Others:
  • Print
  • email
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Technorati
  • Yahoo! Buzz
  • Diigo
  • LinkedIn
  • Google Bookmarks
  • Mixx
  • Reddit
Tags , , , , , , , , , , , , , , , , , , , | Comment (0)