Kill Malware And Fix Windows With Free UVK – Ultra Virus Killer

I’d venture to guess, that the majority of computer users take it for granted, that – if they should become infected by malware –  their antimalware application will do all the hard work in detecting and removing the infection. All will be well, once more, with the World – so to speak.  Good luck with that!

Given the complexity of much of today’s malware, its removal can hamper normal Windows operations; leading to an unstable system (or worse). To deal with that, most users will have to seek professional help. Unless, that is, they can turn to a specialty system repair tool like UVK – Ultra Virus Killer (portable version available).

Given the application’s name, it would be easy to assume that the focus here is on scanning for, and removing malware. And, to a point, that’s true – the application can be set to scan with MalwareBytes, SUPERAntiSpyware, and Hitman Pro (these applications will be automatically downloaded and installed, if not already on your system). Additionally, you may choose to run Kaspersky TDSS Killer and ComboFix.

The real strength of the application, in my view, lies in the repair tools which have been designed to repair Windows (if necessary), after the disinfection. On top of that – users may create and run scripts that perform complete system repair and maintenance.

Quick walkthrough:

The following “Welcome” screen is the business end of the application. From here you can –  analyze and clean your machine of malware, spyware and adware, and perform complete system repair and maintenance.

This is a rather full program with a range of capabilities. I have chosen to highlight just a few, for this short review.

Startup Entries and services and Drivers/Tasks:

Delete startup entries, infected services, drivers or scheduled tasks and corresponding files simultaneously.
Select and manage several entries at once.
Verify startup entries files signatures.
Search information about a file over the internet.
Submit one or more entries files MD5 to VirusTotal using the VT API.
Open the registry key where the entry is located with regedit.
Open the entry’s file location.
View the entry’s file properties.
Maximizable window on these sections for a better view.

Run UVK Scripts:

Disinfect your computer by pasting lines from UVK log to delete corresponding registry entries and files.
Use custom commands to download files, execute programs, delete or add registry entries, terminate processes and delete files and folders, run cmd scripts and register system dll’s or run UVK Fixes.
Create system restore points, empty the recycle bin and all users temporary folders.
Create and run scripts that perform complete system repair and maintenance.
Automatically run any of the UVK fixes or scans.

Repair system and UVK Fixes:

Fix your computer with more than fifty exclusive fixes: Fix file extensions, register system dlls, enable and repair Windows update, clear dns and hosts cache, reset user default registry settings, fix installation problems, empty all browsers cache, reset security settings, defragment and optimize the hard drives, install Java, Flash, DirectX, .Net Framework, Fix the WMI and the system restore, delete all restore points, fix the windows shell and the user shell folders and much more.

Automatic anti-malware scans:

Perform automated scans with the most known malware removal programs: MalwareBytes’ AntiMalware, SuperAntiSpyware, Hitman Pro, Kaspersky TDSS Killer and ComboFix.
Automatically delete the threats found in the scans.
Run a configurable automated UVK system repair script after the scans.
Run ComboFix in unattended mode.
Perform all these actions automatically with no user interaction, which can save several hours of work.

Then, on to SUPERAntiSpyware.

In the short time I’ve been running this application – I’ve been impressed. I’ll keep this one around.

I should point out – taking full advantage of all of the features of this application, requires better than average skills.

Checkout the full feature list (much, much more), here – UVK – Ultra Virus Killer

Download at the developer’s site: carifred.com

Developer’s Note:

If your .exe file extension has been corrupted by malware, download the .com version.

You can take a peek at the application in action. Watch – UVK – Ultra Virus Killer – Powerful Virus Removal & System Repair Tool by Britec, on YouTube.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

When you click on the screen capture below, to expand to the original size, you’ll notice that I’ve queried  Nitro PDF Spool Service. Rather than go directly to the site, instead, I’ve used COOL Previews to gather the relevant information. If you’re not yet familiar with COOL Previews – you can read a review of this outstanding time saver here – Surf Smarter – Take A Sneak Peek At Links With CoolPreviews Firefox Add-on.

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced Windows knowledge. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Free Tools To Use To Identify And Remove Tough Malware

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

Emsisoft HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove Trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

This article was originally posted November 2, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

A Computer Recovery Walkthrough With Free Trinity Rescue Kit

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option)

Four different virus scan products integrated in a single uniform command line with online update capability

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows, or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Has the ability to act as a network boot server itself, without any modifications to your local network.

Trinity Rescue Kit is now in Version 3.4, and is better than ever before.

Getting started with TRK.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world. Why not pay a visit to Mark’s site today.

This article was originally posted here on March 11, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Specialty Malware Removal Tools For Killing Tough Malware

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. So, if you should become infected by malware, it might not be any consolation – but, rest assured; it can happen to any one of us. We are, after all, facing overwhelming odds.

Much of today’s malware can be extremely difficult to identify and remove –despite a user relying on frontline antimalware applications to do the job. If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab.

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

A-squared HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Got ZBot (ZeusBot) Malware? Then Download BitDefender’s Free Special Removal Tool

Lately it seems, we’re seeing more and more specialty malware removal tools, each one specially designed to eliminate a specific malware threat. Or, in some cases, a specific class of malware. In fact, we’ve covered several of these tools in the last week or so.

One of the tools we previously covered here, Rkill, an excellent free specialty tool designed to deal with the removal of rogue software, has been download 11,000+ times through Tech Thoughts, since June 17, 2010. I think those numbers speak to the need for these specialty tools.

The infamous ZBot, aka Zeus, ZeusBot or WSNPoem, can be one of the most frustrating Trojans to eradicate from a system, and recognizing this, BitDefender has developed and released, a free removal tool designed specifically to deal with this threat.

Since ZBot is one of the most prolific breeds of malware, and new variants appear every day, if you suspect that you are infected by this scourge, be sure to download the latest version of the ZBot Removal Tool.

Download at: BitDefender

More info about the threat is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Free Scareware (Rogue Software)Removal Tools – Norton Power Eraser and NoVirusThanks

I just took a second look at two free last resort malware removal tools, which I first looked at in June – Norton Power Eraser and NoVirusThanks. The developers of each tool makes reference to the fact that it is capable of detecting and removing Rogue Software, a scourge that currently infests the Internet.

The first tool – NoVirusThanks Malware Remover, (last updated August 23, 2010), according to the publisher, is “an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It includes the ability to remove rogue software, spyware and adware.”

For a complex tool, the user interface is surprisingly simple, since it’s laid out in the familiar tabs and check boxes format, which makes it easy to follow.

Despite the publisher’s assertion that this tool “is very fast”, I didn’t find it particularly so. It took fully 15 minutes to complete the scan. Norton Power Eraser (described later), took less than 2 minutes.

On the plus side though, NoVirusThanks Malware Remover did not return any false positives, which is a bit unusual for an aggressive specialty tool. This can be very positive of course, for those users unused to running such a high powered tool.

Fast facts:

Accurate Disinfection Method
Remove Rogue Software and Unwanted Applications
Remove Trojans, Spyware and Worms
Quick Scan and Full Scan
Scan Processes
Scans Modules
Scans Registry
Backup Files and Folders
Easy to use

System requirements: Windows 7, Windows 2003, Windows 2000, Windows Vista, Windows XP

Download at: Novirusthanks.org

The second specialty malware removal tool I took a second look at, comes from a more familiar developer – Symantec, who’s free Norton Power Eraser, makes essentially the same claims as NoVirusThanks. Specifically, that it detects and removes scareware, or rogueware.

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Again, Norton Power Eraser’s user interface is simple, and easy to follow.

As opposed to NoVirusThanks, Norton did point out (for the second time), two issues that were in fact, false positives, as the following screen capture indicates.

Power Eraser, does offer the user additional information on suspicious files, so that the user can make a more accurate assessment as to the validity of the findings, as the following screen capture shows. You’ll note that in this case NoVirusThanks, is shown as a suspicious file.

It should be shown as a suspicious file, since its behavior replicates, in part, the familiar behavior of malware.

The second suspicious activity “advanced”, refers to my habit of hiding my Desktop icons, since I dislike that cluttered look. Besides which, on all my machines, my work applications are displayed in the Taskbar.

Note: According to Symantec – “You should use Power Eraser only when nothing else will remove the threat, and you are willing to accept the risk that the scanner may quarantine a legitimate program.”

System requirements: Windows 7, Windows Vista, Windows XP

Download at: Symantec

These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Scareware is Destroyware – Not Just Malware

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups, and system tray notifications.

According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly, through scareware attacks.

Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.

The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.

Having watched the development and deployment of scareware over the last few years, and having noted the increasing sophistication of the current crop of scareware applications, I have come to the realization that scareware removal instructions have limited value, except perhaps, for the most technically sophisticated computer user. A reformat and a system re-install, are more than likely in the cards.

Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.

If you doubt this, take a look at Trojan War Resolution: The Battle Won, in which Larry Walsh of eWeek, describes a three day marathon system recovery attempt which was ultimately successful, but…..

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you have become infected by scareware, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools, and advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on such as WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Computer Settings Hijacked? Hijack Them Back With Free HijackThis

HijackThis is a free utility from Trend Micro, which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs.

This application has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

Because of the heuristic methods used by HijackThis, the results of the scan can be confusing/intimidating, to those who are not advanced users.

On the other hand, the strength of this program lies in the large community of users who participate in online forums, where experts (voluntarily and for free), will interpret HijackThis scan results for you, and then provide you with the information you need to clean any infection.

This screen capture shows a partial scan result on my test machine.

The latest version (2.0.4), adds potent tools to the Configuration window, including a process manager and hosts file editor, to help you remove dangerous infections, and an ADS Spy tool which scans alternate data streams which  browser hijackers can, and will use, to evade antispyware applications.

The following screen capture shows a Configuration – Hosts File Manager request being implemented but, you’ll also notice one of my antimalware tools, ThreatFire, has prohibited hosts files from being opened as a safety precaution against a malware penetration.

This is one reason I so strongly recommend ThreatFire as supplementary malware protection. In this case, I allowed the process to continue.

Despite the fact that you may only need this small application infrequently, it deserves a place in your anti-malware toolbox.

System requirements: Windows 7, Vista, XP, 2000, Me, 98.

Note: The continued use of Windows 2000, Me, or 98, is not recommended.

Software requirements: Internet Explorer, Firefox.

Download at: Trend Micro

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download RKill – Free Antimalware Specialty Removal Tool

Multiple antimalware developers are now reporting, we are currently being exposed to approximately 70,000 new malware threats EVERY day!

Unfortunately for those of us who have to deal with this onslaught, much of this malware is smart – very smart. So smart in fact, that in many cases malware will recognize that the infected user is attempting to launch an antimalware application, and abort the launch.

At this point, many users give up and resort to more drastic measures, including a disk wipe, reformat, and an OS re-install. Thankfully, there is another option.

Larry Abrams over at BleepingComputer, perhaps the best web site of its type, where free help is available for many computer related problems, including the removal of rogue software, has developed an excellent free tool to deal with this problem.

Here’s how Larry describes RKill –

“RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Graphic courtesy of Bleeping Computer.

If you deal with malware removal on a regular basis, or you’re a “super user”, and I know many of you are, I highly recommend that you add RKill to your antimalware toolbox.

RKill is available at the following download sites:

RKill.com Download Link

RKill.exe Download Link

RKill.scr Download Link

eXplorer.exe Download Link

iExplore.exe Download Link

Note: Because RKill may exhibit behavior similar to the malware it is designed to shut down, your AV may recognize it as malware. This condition is not unusual when dealing with antimalware specialty tools. RKill is a safe application.

Before using RKill get more complete instructions here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.