Category Archives: Scareware Removal Tips

14 Free Tools To Use To Identify And Remove Tough Malware

imageThe following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

Emsisoft HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove Trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

This article was originally posted November 2, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Advertisements

6 Comments

Filed under Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Rogue Software Removal Tips, Rootkit Revealers, Scareware Removal Tips, Software, Windows Tips and Tools

A Lesson In Malware Removal Using Kaspersky Rescue Disk

This past Sunday, I posted an article on the benefits of regular scanning with a “live CD” – Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly. Which, reminded me of an excellent article (previously posted here), by my good buddy and fellow blogger, Mark Schneider, on working with Kaspersky Rescue Disk to eradicate malware.

There are some great pointers here, and I encourage you to re-read this terrific article. It’s well worth a re-read.

 

image You find your computer getting slower and slower to boot, and when it finally does boot it’s so slow everything runs at a crawl. So you try running the antivirus you have and just get a message that says the definitions are out of date and you can’t connect to the update server.

Or you may find an annoying pop-up coming up every time you boot telling you PC Antivirus has found 70,278 infections and for $49.99 they will remove them for you. Well my friend, you are hosed! Your machine is so badly infected that you have to try desperate measures.

At this point you can try pulling your hard drive out of the machine and putting it in another mounting it as a slave, and using your other machine to try to clean it.

Another way to get this thing up and running is to try some kind of bootable rescue disk to clean it. Bootable rescue disks are bootable CD’s/DVD’s that contain small operating systems, with some preinstalled tools contained for repairing your computer.

When you turn on your computer hit F10 or F12, select your CD/DVD drive and your computer boots into an operating system contained on that CD. There are a lot of great rescue disks out there, the problem is most are very complicated, and some take forever to boot.

I found one great exception to this though. Kaspersky Labs, creator of the very capable Kaspersky Antivirus line of products has built a great free bootable rescue CD that is simple to use.

image

Unlike many other bootable rescue disks it has one purpose, to clean your system. To create a Kaspersky Rescue Disk, download the ISO image from this link , then burn the image to a CD.

Depending on what operating system you are using you may need to download a CD burning program if you don’t already have one. If you are running Windows 7 it has a built in, burning program that’s simple to use and works great. If you are running XP or Vista, I like Image Burn, or CD BurnerXP – both do a great job of burning .ISO images, and are free.

Once you have your rescue CD built, start your infected machine pushing F12/F10 to get it to the boot selection screen. Boot to the CD Rom drive as I stated earlier and relax, although faster than most rescue disks it’s hardly fast.

Follow the prompts and when it boots into the Kaspersky Rescue system you first need to update the virus definitions. Once updated do a scan, and go read the newspaper or get some coffee, it takes a while.

Once it completes the scan go ahead and let it remove or quarantine all the files it has found. I’ve never had it delete anything that caused the machine it was fixing not to boot. But of course before you do anything like this, BACK UP YOUR DATA!!!!! But you already did that so proceed.

Do the scan, remove the junk and log off Kaspersky. Just turning off your computer with the power button won’t hurt anything when you are running a rescue CD.

The reason rescue CD’s are so effective is, you’re not trying to disinfect a computer with an infected OS. When you boot to the hard drive of an infected machine, you’re playing on the bad guy’s home turf. They control the machine and in many cases they’ve hidden the infected files so your antivirus can’t see them.

There are other rescue disks out there and many are very complicated and take a very long time. The Kaspersky Rescue Disk is the fastest and easiest I’ve found to clean an infected machine enough to allow me to boot back into Windows and complete the process by adding my favorite automated antimalware tools to keep the system clean going forward.

Note: Kaspersky Rescue Disk 10 can be run from a USB device.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Antivirus Applications, downloads, Free Anti-malware Software, Freeware, Guest Writers, Kaspersky, Linux, Malware Removal, Portable Applications, Scareware Removal Tips, Software, USB, Virus Repair Tools, Windows Tips and Tools

Specialty Malware Removal Tools For Killing Tough Malware

imageLooking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. So, if you should become infected by malware, it might not be any consolation – but, rest assured; it can happen to any one of us. We are, after all, facing overwhelming odds.

Much of today’s malware can be extremely difficult to identify and remove –despite a user relying on frontline antimalware applications to do the job. If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab.

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

A-squared HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Anti-Malware Tools, Computer Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Removal, Manual Malware Removal, Microsoft, Rogue Software Removal Tips, Rootkit Revealers, rootkits, scareware, Scareware Removal Tips, Software, Windows Tips and Tools

2 Free Scareware (Rogue Software)Removal Tools – Norton Power Eraser and NoVirusThanks

I just took a second look at two free last resort malware removal tools, which I first looked at in June – Norton Power Eraser and NoVirusThanks. The developers of each tool makes reference to the fact that it is capable of detecting and removing Rogue Software, a scourge that currently infests the Internet.

The first tool – NoVirusThanks Malware Remover, (last updated August 23, 2010), according to the publisher, is “an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It includes the ability to remove rogue software, spyware and adware.”

For a complex tool, the user interface is surprisingly simple, since it’s laid out in the familiar tabs and check boxes format, which makes it easy to follow.

Despite the publisher’s assertion that this tool “is very fast”, I didn’t find it particularly so. It took fully 15 minutes to complete the scan. Norton Power Eraser (described later), took less than 2 minutes.

No Virus Thanks 2

On the plus side though, NoVirusThanks Malware Remover did not return any false positives, which is a bit unusual for an aggressive specialty tool. This can be very positive of course, for those users unused to running such a high powered tool.

No Virus Thanks 3

Fast facts:

Accurate Disinfection Method
Remove Rogue Software and Unwanted Applications
Remove Trojans, Spyware and Worms
Quick Scan and Full Scan
Scan Processes
Scans Modules
Scans Registry
Backup Files and Folders
Easy to use

System requirements: Windows 7, Windows 2003, Windows 2000, Windows Vista, Windows XP

Download at: Novirusthanks.org

The second specialty malware removal tool I took a second look at, comes from a more familiar developer – Symantec, who’s free Norton Power Eraser, makes essentially the same claims as NoVirusThanks. Specifically, that it detects and removes scareware, or rogueware.

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Again, Norton Power Eraser’s user interface is simple, and easy to follow.

Norton Power Eraser 1

As opposed to NoVirusThanks, Norton did point out (for the second time), two issues that were in fact, false positives, as the following screen capture indicates.

Norton Power Eraser 2

Power Eraser, does offer the user additional information on suspicious files, so that the user can make a more accurate assessment as to the validity of the findings, as the following screen capture shows. You’ll note that in this case NoVirusThanks, is shown as a suspicious file.

It should be shown as a suspicious file, since its behavior replicates, in part, the familiar behavior of malware.

Norton Power Eraser 3

The second suspicious activity “advanced”, refers to my habit of hiding my Desktop icons, since I dislike that cluttered look. Besides which, on all my machines, my work applications are displayed in the Taskbar.

Norton Power Eraser 4

Note: According to Symantec – “You should use Power Eraser only when nothing else will remove the threat, and you are willing to accept the risk that the scanner may quarantine a legitimate program.”

System requirements: Windows 7, Windows Vista, Windows XP

Download at: Symantec

These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under Anti-Malware Tools, cybercrime, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Norton, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Scareware is Destroyware – Not Just Malware

image

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups, and system tray notifications.

According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly, through scareware attacks.

image

image

Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.

The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.

Having watched the development and deployment of scareware over the last few years, and having noted the increasing sophistication of the current crop of scareware applications, I have come to the realization that scareware removal instructions have limited value, except perhaps, for the most technically sophisticated computer user. A reformat and a system re-install, are more than likely in the cards.

Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.

If you doubt this, take a look at Trojan War Resolution: The Battle Won, in which Larry Walsh of eWeek, describes a three day marathon system recovery attempt which was ultimately successful, but…..

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you have become infected by scareware, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools, and advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on such as WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

29 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Geek Software and Tools, internet scams, Internet Security Alerts, Malware Advisories, Manual Malware Removal, Recommended Web Sites, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, System Security, Windows Tips and Tools, WOT (Web of Trust)

Another Day in the Trenches: Killing XP Antivirus 2010

Popular guest writer Mark Schneider, walks you through a computer recovery operation, following an infection by a rogue security program, XP Antivirus.

I hate rogue antivirus programs. They seem to be getting more numerous and harder to get rid of all the time. Case in point: At work, I noticed a shared computer suddenly popped up a Window announcing it was doing a scan, and that I was infected with over 4,000 Trojans and other forms of malware.

Nice try I thought, so I used Control Alt Delete to start task manager, and I closed Internet Explorer and all running processes involved. Fortunately, it was a limited user account that was infected, and that turned out to be a important factor in removing it.

I immediately ran Malwarebytes from that user and found a number of infections including the rogue antivirus product I was afflicted with. These cretins that come up with this crap can’t even come up with something creative – we’ve seen XP Antivirus for a few years now; each year they just tack on a year to make it look current.

image

image

Sad thing is, I’m sure somewhere out there is someone who renews this crap every year. Imagine paying yearly to be infected – oh right, we already do that it’s called McAfee, but don’t get me started.

Well back to the task at hand: I rebooted the machine and logged into an administrator account, updated Malwarebytes and ran it again… and found more junk, actually the same junk. Malwarebytes found it, but could not kill it.

Next, I downloaded Superantispyware, a great application that I always run at home but it wasn’t on the work machine. The first thing I do now after I download a anti-malware application is rename the installer. I do this because I often find the malware knows how to prevent anti-malware from installing – these guys aren’t creative, but they’re getting smarter.

To rename a file, right click on the file and select rename and type anything.exe and install the program. Superantispyware did its thing and found a ton of additional files. I removed the infected files and rebooted again, and ran both my programs again. I still found junk!

I repeated the sequence two more times until nothing was found. I then ran a scan in all user accounts to confirm “the kill”. So far so good, until I went into the user account where the infection had started, now whenever I tried to launch any program from the desktop I’d get the “Choose what Program you want to use to Open this File” message. This means I had to fix file associations and a great site with XP file association fixes is here. I used the .exe file association fix and it worked great.

The last thing I did was to run Process Explorer, and Autoruns from Syinternals. These utilities give a great in-depth look at what is currently running and starting on your machine at boot-up. Finding nothing suspicious I deemed the computer clean, for now.

So a few lessons I learned on this one: Don’t use IE – this was caused by a flaw in Internet Explorer I believed it was just fixed this week. Second, running as a limited user is still far safer than running as an administrator, even though its trivial to elevate to administrator level, most malware seldom does, and this makes cleaning an infected PC much easier.

Next, running your cleanup tools multiple times and rebooting after each scan is the only way to give the anti-malware tools a chance against the bad guys.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

18 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Internet Security Alerts, Manual Malware Removal, Rogue Software Removal Tips, Scareware Removal Tips, Software, Windows Tips and Tools

XP Antivirus 2010 is Back – Removal Instruction

Back in the day (the mid 1960’s), I heard an old time College Football coach (Darryl Royal, of the University of Texas Longhorns) say, in answer to a question concerning his plans for an upcoming game, “we’ll dance with who brung us”.

What he meant was, he would continue to go with the players, and plays, that had contributed to a winning season. Or, to put it more succinctly – success breeds success.

Cyber criminals, particularly those responsible for the rogue software/scareware application, XP Antivirus, have learned this lesson well. XP Antivirus is back, and is running rampant on the Internet at the moment; having morphed from previous versions we had to deal with in 2008, and 2009.

Of all the rogue security applications released to date, and there have been thousands of them, this particular one has been the most successful for the criminal developers.

I first wrote on this scourge in 2008, and in the interim period, that specific article has been read 130,000+times. In the last week or so, I was surprised to see this older article, suddenly jump to the top of the daily read chart.

This shift in popularity, coupled with a number of readers reporting having to deal with infections caused by XP Antivirus 2010, convinced me to cover the scareware issue once again.

Just like its predecessor, XP Antivirus 2010 installer can be found on adult websites, salacious news sites, or it can be installed manually from rogue security software websites.

After the installation of XP Antivirus 2010 be prepared for false positives; fake or false malware detection warnings. As with all rogue security applications, XP Antivirus 2010 was developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

image

image

If the full program fee is not paid, XP Antivirus 2010 continues to run as a background process incessantly reporting those fake or false malware detection warnings. To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.

XP Antivirus 2010 Removal Instructions:

If you have become infected by XP Antivirus 2010, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security app

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

As a form of added protection, you should consider running in a virtual environment while connected to the Internet. To find out what this means to your overall security, and to download a free virtual software application, please read “Download Free Returnil Virtual System 2010 Home”, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Free Security Programs, Freeware, Malware Advisories, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, Windows Tips and Tools