Got A Sick PC? Give It Some Free BootMed

I’ve covered a load of  free Live CDs here in the last few years, including – Boot, Recovery, Rescue, Antivirus ……….. To work effectively with such tools though, demands a very high level of user experience with operating systems which, effectively restricts usage to geeks or, the occasional very daring newbie.

I’ve just spent a week, or so, testing BootMed, a Ubuntu Linux driven set of recovery tools which is just a little different than most such tool sets, inasmuch as it’s much more new user centric than most.

On launch, BootMed defaults to Firefox which opens on the developer’s site – “What can BootMed do”.

That’s a bit of a twist on most recovery tools/disks/applications, since the developer has recognized that not all users have the practical background, or the experience, to work with these type of tools unaided.

The tutorials (walk- throughs) on this page )What can BootMed do) – shown below – should make working with the specific applications included on the CD/DVD much easier for less experienced users than it would be otherwise. Kudos to the developer on this one.

Recovery

• Troubleshoot Windows Boot Problems
• Copy files from a computer that will not boot to a pen drive or external hard drive
• Scan for viruses with
  • Stinger
  • ClamWin
• Make a forensic image of a damaged or corrupted hard drive with dd-rescue and recover files from the image
• Recover deleted files with:
  • TestDisk
  • PhotoRec
  • Foremost
• Recover a deleted partition with TestDisk

Misc

• Create a virtual machine from a physical computer
• Wipe (securely erase) a Hard Drive or Pen Drive

More experienced users will simply venture straight to the Desktop to access the available tools.

The following screen capture illustrates the applications available.

Note: Under “Applications”, additional tools are available.

You can see from the following screen capture, that BootMed allows the user to access all attached devices (and their files), from the “Computer” icon.

The following two graphics show the AV’s available. Both AVs will automatically update their definition database – provided the PC is connected to the Internet.

McAfee’s Stinger – a stand-alone utility used to detect and remove specific viruses.

ClamWin Free Antivirus – ClamWin is a free antivirus designed for Windows.

Two file recovery applications are available including PhotoRec, a powerful recovery application.

And TestDisk, which adds additional functionality – including partition recovery.

There are many more applications included in this bag of tools including – GParted partition manager, as well as WINE, which will allow you to run Windows applications from within BootMed.

The CD/DVD burning application Brasero (available under “Applications”), is shown in the following screen shot.

System requirements: Windows XP, Windows Vista, Windows 7

Download 32 bit ISO at: Download.com

Download 64 bit ISO at: Download.com

I particularly like BootMed since it allows a fairly typical user access to complex tools while at the same time, not feeling abandoned in the scary world of operating systems. The developer has recognized this chill factor, and does a fair amount of “hand holding” – I think that’s very cool.

If you’re now a geek, or a high level user, think back to the days when you could have used some “hand holding”. If you were lucky enough to get it, I think you’ll agree that “hand holding” can make a major difference.

If you’re not familiar with booting from a CD, checkout TechPaul’s – How to boot from a CD.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Microsoft Standalone System Sweeper Beta AV – Boot From A CD Or USB Stick

Much of today’s malware can be extremely difficult to identify and remove – despite a user relying on frontline antimalware applications to do the job. So, from my perspective, I don’t see any advantage in running full scans * on a live system – instead, once a week I run a Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

* I do however, run a Quick Scan with both Microsoft Security Essentials, and Malwarebytes’ Anti-Malware, on a daily basis. Combined running time for both applications is less than five minutes – so, it’s worth the minimum effort involved.

I can now add one more CD/Flash Drive based, antimalware application to my arsenal of  boot CDs – the just released Microsoft Standalone System Sweeper Beta. System Sweeper Beta operates much like Panda SafeCD, Kaspersky Rescue Disk 10, Avira AntiVir Rescue System.

Microsoft says:

Microsoft Standalone System Sweeper Beta is a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware.

In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC. It is particularly useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

To get started with System Sweeper Beta – first, download and run the installer which will open up the following series of windows.

Click on any graphic to expand to original size.

Choose the media or the device you want to install the application to.

Then sit back and relax – more or less.

For additional help and information, checkout – Microsoft Standalone System Sweeper Beta Help & How-To.

System requirements (from Microsoft):

The following is a list of minimum requirements for both the computer infected with a virus or malware and the computer on which you are creating the bootable media.

• Operating system:Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher).
• Required processor:
  Windows XP: 500 MHz or higher1.0 GHz or higher
  Windows Vista and Windows 7: 1.0 GHz or higher
• Required memory:
  Windows XP: 768 MB RAM or higher
  Windows Vista and Windows 7: 1 GB RAM or higher
• Required video card: 800 × 600 or higher
• Available hard disk space: 500 MB

The following requirements apply only to the computer infected by a virus or malware:

• The computer infected with a virus or malware must have the same Windows operating system architecture as Microsoft Standalone System Sweeper Beta, either 32-bit or 64-bit.
• In addition, BitLocker must be disabled to use Microsoft Standalone System Sweeper Beta.

The following requirements apply only to the computer on which you are creating the bootable media:

• Internet connection: Required for installation and download of the latest virus and spyware definitions for Standalone System Sweeper.
• Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.

Download: at Microsoft

In the constantly evolving world of cybercrime, all users are well advised to scan their computers regularly with an antimalware application that does not rely on the native operating system.

Please keep in mind that Microsoft Standalone System Sweeper Beta, is not an intrusion prevention system – it is not a replacement for your installed antimalware application/s.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

A Lesson In Malware Removal Using Kaspersky Rescue Disk

This past Sunday, I posted an article on the benefits of regular scanning with a “live CD” – Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly. Which, reminded me of an excellent article (previously posted here), by my good buddy and fellow blogger, Mark Schneider, on working with Kaspersky Rescue Disk to eradicate malware.

There are some great pointers here, and I encourage you to re-read this terrific article. It’s well worth a re-read.

 

You find your computer getting slower and slower to boot, and when it finally does boot it’s so slow everything runs at a crawl. So you try running the antivirus you have and just get a message that says the definitions are out of date and you can’t connect to the update server.

Or you may find an annoying pop-up coming up every time you boot telling you PC Antivirus has found 70,278 infections and for $49.99 they will remove them for you. Well my friend, you are hosed! Your machine is so badly infected that you have to try desperate measures.

At this point you can try pulling your hard drive out of the machine and putting it in another mounting it as a slave, and using your other machine to try to clean it.

Another way to get this thing up and running is to try some kind of bootable rescue disk to clean it. Bootable rescue disks are bootable CD’s/DVD’s that contain small operating systems, with some preinstalled tools contained for repairing your computer.

When you turn on your computer hit F10 or F12, select your CD/DVD drive and your computer boots into an operating system contained on that CD. There are a lot of great rescue disks out there, the problem is most are very complicated, and some take forever to boot.

I found one great exception to this though. Kaspersky Labs, creator of the very capable Kaspersky Antivirus line of products has built a great free bootable rescue CD that is simple to use.

Unlike many other bootable rescue disks it has one purpose, to clean your system. To create a Kaspersky Rescue Disk, download the ISO image from this link , then burn the image to a CD.

Depending on what operating system you are using you may need to download a CD burning program if you don’t already have one. If you are running Windows 7 it has a built in, burning program that’s simple to use and works great. If you are running XP or Vista, I like Image Burn, or CD BurnerXP – both do a great job of burning .ISO images, and are free.

Once you have your rescue CD built, start your infected machine pushing F12/F10 to get it to the boot selection screen. Boot to the CD Rom drive as I stated earlier and relax, although faster than most rescue disks it’s hardly fast.

Follow the prompts and when it boots into the Kaspersky Rescue system you first need to update the virus definitions. Once updated do a scan, and go read the newspaper or get some coffee, it takes a while.

Once it completes the scan go ahead and let it remove or quarantine all the files it has found. I’ve never had it delete anything that caused the machine it was fixing not to boot. But of course before you do anything like this, BACK UP YOUR DATA!!!!! But you already did that so proceed.

Do the scan, remove the junk and log off Kaspersky. Just turning off your computer with the power button won’t hurt anything when you are running a rescue CD.

The reason rescue CD’s are so effective is, you’re not trying to disinfect a computer with an infected OS. When you boot to the hard drive of an infected machine, you’re playing on the bad guy’s home turf. They control the machine and in many cases they’ve hidden the infected files so your antivirus can’t see them.

There are other rescue disks out there and many are very complicated and take a very long time. The Kaspersky Rescue Disk is the fastest and easiest I’ve found to clean an infected machine enough to allow me to boot back into Windows and complete the process by adding my favorite automated antimalware tools to keep the system clean going forward.

Note: Kaspersky Rescue Disk 10 can be run from a USB device.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SmartVirusEliminator – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at the SmartVirusEliminator adware, and the MSNWorm.GU worm.

The SmartVirusEliminator adware displays the following window while being downloaded.

Then, once it is downloaded and installed, it opens a window similar to the Windows security window.

This adware tries to pass itself off as a legitimate antivirus. To do so, it scans the computer and displays fake warnings to convince users they are infected. To disinfect the computer from the threats “detected” by the fake antivirus, users must purchase it by providing their bank details, which is the malware’s ultimate objective.

The MSNWorm.GU worm uses the popular MSN Messenger application to spread. It infects systems silently without any visible symptoms. However, a characteristic icon is displayed.

MSNWorm.GU worm modifies the Windows registry so that it launches on every system start-up, and goes memory resident. It also copies itself to C:\WINDOWS\system32\wupdate.exe.

While users chat through an instant messaging application (e.g. MSN Messenger), they receive a message from one of their contacts (which doesn’t raise suspicion), with a link to download a file. If the user clicks the link, the worm installs on the system and the infection begins.

First, the worm connects to a server to check whether there are any up-to-date versions of itself which will then be downloaded to the computer. If there are not, it makes a copy of itself in the system path.

It then creates a series of traces to this copy, or to the updated version of itself. One of the traces aims at ensuring the worm is launched on every system start-up.

The worm has bot features, which allows it to open a connection to communicate with its creator waiting for commands. Finally, the file stays memory resident, awaiting a new connection to another instant messaging application in order to spread.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Run 57 Free PC Repair Apps From Your Flash Drive

Are you a computer tech wannabe? Are you the goto guy for your neighbors, club, or social circle when computers are on the fritz?

If you answered “yes”, then the Australian website Technibble has a great free offer you should consider.

Technibble describes itself as “a resource for computer technicians who are looking to start their own computer business or improve their existing one. Technibble also provides an amazing place for technicians to help other technicians via our forums”.

The site has compiled an impressive array of free geeky tools for diagnosing and repairing Windows computers in a second release of its Computer Repair Utility Kit. The kit contains 57 top-quality applications to help you analyze a problem computer and (hopefully), restore the machine to operating condition.

While it’s true that you can download each of these free tools individually, this all-in-one kit is a definite time saver.

From the Technibble site:

The first version of Technibbles Computer Repair Utility Kit was so popular, we’ve created a second version. For those of you who don’t know, the Computer Repair Utility Kit is a combination of computer repair tools in one easy to use pack.

The Computer Repair Utility Kit allows you to run all of the repair tools from your portable drive (USB Flash Drive, External Hard Drive, IPod etc.) and comes with an easy to use, right-click menu. A must in any computer technicians kit.

The Computer Repair Utility Kit runs off a menu system called PStart and contains the following applications:

File Management

• CCleaner – Cleans up Windows systems. Clears temporary internet files, cookies, history etc..
• JkDefragGUI – An advanced defragging tool far superior to the built in Windows one
• DriveimageXML – Hard drive imaging tool. Allows you to get a single file out of a whole image too
• Explore2fs – Allows you to explore hard drives with Linux file systems
• Double Killer – Finds duplicate files and deletes them
• Deep Burner – CD/DVD Burning software
• 7-Zip Portable – Archive creating and extraction tool. Can handle most compression formats
• PC-Decrapifier – Cleans out the crap that comes installed on new brand name computers (Norton trials, toolbars etc.)

Information

• Process Explorer – Allows you to view system processes
• System Information – View lots of information about a system (specs, passwords, temperatures etc.)
• ProduKey – View software cdkeys and serials
• Autoruns – Autostart program viewer
• HWMonitor – View hardware information
• GPU-Z – Show video card information (chipset, bios version, shaders, memory size etc.)
• Wireless Key View – Shows saved wireless network keys
• TreeSize Free – Show how much space each folder on a system uses
• Game Key Revealer – View CDKeys and Serials for popular games
• USBDView – Allows you to list and manage USB devices (including devices that arent currently plugged in)
• TrID – Identifies file types for extension-less files
• Codec Installer – Finds and analyzes video codecs
• Unknown Devices – Tells you what a “Unknown Device” in system properties actually is
• GSpot – Video analyizer

Repair Tools

• Norton Removal Tool – Removes Symantec products
• McAfee Removal Tool – Removes McAfee products
• LSPFix – Fixes broken Winsock entries
• Dial-a-Fix – Repair Windows files and registries

Recovery

• Recuva – Recovers deleted files
• Restoration – Recovers deleted files
• Photorec – Recover deleted/damaged files from Flash memory (like digital cameras)
• DBXTract – Recover emails from damaged DBX files (like Outlook Express)

Network Tools

• Wireshark – View network packets
• Network Scanner – Scans the network for devices
• Putty – SSH/Telnet/RLogin client
• Network Stumbler – Wireless Network Scanner

Virus and Malware Removal Tools

• Clamwin Antivirus – Virus scanner/remover
• Rootkit Revealer – Detects rootkits on a system
• Combofix – Malware finder and remover
• SmitFraudFix – Malware finder and remover
• RogueFix – Malware finder and remover
• Hijack This! – Malware remover
• SUPERAntiSpyware – Malware scanner and remover
• Malwarebytes – Malware scanner and remover

Miscelanious

• Mozilla Firefox – Web browser
• JavaRa – Find and remove old Java versions
• Monitor Tester – Test monitors from problems
• Dead Pixel Tester – Finds and fixes dead pixels on LCDs
• ChkFlsh – Check flash drives for errors or test their real size (as fake ones appear on eBay)
• Double Driver – Driver backup tool
• SumatraPDF – Lightweight PDF viewer
• Revo Uninstaller – Advanced application uninstaller

Tweaks

• TweakUI – Windows XP tweaking tool
• VistaTweaker – Vista tweaking tool

Scripts

• Quickly Make a System Restore Point – Makes restore point
• Reset Network – Releases/Renews IP and flushes DNS
• Clear Printer Spooler – Clears stuck print jobs from spooler
• Stop Automatic Updates – Stops “Windows has installed updates, restart now” dialog temporarily
• Start Automatic Updates – Switches it back on

To start the toolkit. Extract the zip file to your portable media and run .Launcher.exe.. You can also add your own utilities to the menu by going to File > and make it so it autoruns when you insert your portable media into the system.

The download size is 88.4mb as a ZIP file and it extracts to 188mb.

Download from one of the following Mirrors:

Note: Like many mirrors these mirrors are annoying.

Deposit Files:

Rapidshare:

Badongo:

zShare:

Megaupload:

Repair Drives, Files, Folders with Free Disk Heal

While it’s true that most anti-malware applications will remove an executable malware file from your system, depending on the infection, it is not uncommon that it will be unable to reverse the damage already done.

In many cases the user will be left to deal with the following problems.

Drive inaccessibility

Task Manager inaccessibility

Folder Options inaccessibility

Registry Editor inaccessibility

It’s not necessary to be a Techno Geek to deal with these types of problems; there are a number of manual methods to resolve these issues. But for the casual or new computer user, the solution may be outside their technical abilities. Fortunately, there is a free solution that is new user friendly.

Disk Heal is a free Windows NT, 2000, XP and Vista utility that may be able to restore the condition of your Hard Drive, or a USB Flash Drive, after it has been being infected by a virus.

This free application is a very useful tool that has a host of additional capabilities, including recovering hidden files and performing system tweaks; all can be accessed with just one click.

Quick facts:

Fixes disk problems

Fixes task manager inaccessibility

Fixes folder options inaccessibility

Fixes registry editor inaccessibility

Recovers hidden files and folders

Changes the default icon of any drive, external, internal, or a partition

Security and system tweaks

As you’re building your toolbox of system utilities, this is a good application to add. None of us are immune to a virus infection, and at some point you’ll be glad you had this little tool ready to go.

Download at: Download.com

Free Malware Removal – SUPERAntiSpyware Free Edition

SUPERAntiSpyware – the name seems like overkill and slightly over-the-top, right? Surprisingly though, this is one product that lives up to its name. The SUPER, in this case, means just that.

Given the increasing number of Trojans, Spyware, Virus’, Phishing Scams, Identity Theft Scams, and other threats we now face, there is no one anti-malware tool that is likely to identify and remove all of this rogue malware that infests the cyber world. So to ensure maximum safety, it’s important to have layered defenses in the ongoing fight against system infection.

The free edition of SUPERAntiSpyware is an excellent choice, as a secondary line of defense in this battle. This free version of the award winning program, with its easy to employ interface, is used by millions of people worldwide to protect their computers.

(Click pic for larger)

While SUPERAntiSpyware is well known for its high malware detection rate, it has not in the four months I have been testing it, discovered anything which the other anti-spyware programs, that I use have not found. This speaks to the high quality of many competing anti-malware applications, and not to any short comings in SUPERAntiSpyware.

A simple, intuitive, and easy to use interface makes SUPERAntiSpyware straightforward to setup, customize and run, for both less experienced and expert users alike.

One extra feature in this anti-malware product caught my attention however; a repair function which allows the user to recover settings frequently wrecked by malware, and which are often not recoverable despite removal of the malware process. These settings include Internet connections, lost desktops, the ability to edit the registry and frustratingly, access to the task manager.

(Click pic for larger)

Since SUPERAntiSpyware does not provide real time protection against infection, like many free versions of anti-malware programs, I would not recommend then, that you use this free version of SUPERAntiSpyware as a stand alone security application since it simply will not offer you adequate protection. Instead, use it only as an on-demand canner.

Despite this real-time protection shortcoming in the free version, SUPERAntiSpyware deserves its reputation as a first class security application, and it’s definitely worth considering adding to your security toolbox as a secondary line of defense.

As a full fledged security application, with all of its features unlocked; real-time protection, scheduled scanning, and scheduled updating, SUPERAntiSpyware is very well priced at $29.95 US.

(Click pic for larger)

Fast facts:

High malware detection rate

Small footprint and low resource usage

Easy to setup, customize and run

Custom scanning of hard drives, removable drives, memory, registry, and more

Detects and removes spyware, adware, malware, Trojans, dialers, worms, keyloggers, rootkits and hijackers

Free for personal use

Prevents potentially harmful software from installing or re-installing (paid version only)

Examines over 50 critical system points on start up and shuts down (paid version only)

System Requirements: Windows 98, 98SE, ME, 2000, XP, Vista or Windows 2003

Download at: SUPERAntiSpyware

Alternative free anti-malware applications reviewed, and downloadable, on this site:

Spyware Doctor Starter Edition

Spyware Doctor Starter Edition from PC Tools is an excellent choice, as a secondary line of defense. This free version of the award winning program, with its easy to use interface, is used by millions of people worldwide to protect their computers; it’s reported there are a million+ additional downloads every week. Be aware however, there is no real-time protection offered with this version and this is the reason I recommend this application as a secondary scanner only.

Spyware Terminator

Having tested virtually all of the major anti-spyware applications over the past year or more, I’ve settled, for now, on Spyware Terminator primarily due to its strong real-time protection against spyware, adware, Trojans, key-loggers, home page hijackers and other malware threats. Spyware Terminator excels in strong active protection against know and unknown threats. If anything, I find it perhaps a little overly aggressive. On the other hand, better this than the alternative.

AVG Anti-Virus Free Edition

AVG Anti-Virus Free 8.0 now incorporates protection against spyware through a new combined anti-virus and anti-spyware engine as well as a “safe-searching component” which has been incorporated into the new AVG Internet Security Toolbar. This program scans files on access, on demand, and on schedule and scans email incoming and outgoing.

Malwarebytes’ Anti-Malware

Malwarebytes’ Anti-Malware is an excellent choice, as a secondary line of defense. The free version of this speed demon (it’s faster at scanning than any anti-malware program I’ve tested in the last 2 years), with its easy to employ interface, is used by millions of people worldwide to protect their computers.

Virus Trigger (VirusTrigger) – Removal Instructions

Lets play clone the clone. That’s what the cyber-criminals behind Virus Trigger have just done.

Virus Trigger (VirusTrigger), is a new rogue security application which is essentially a clone of VirusResponse Lab 2009, which, in fact, was cloned from Antivirus Lab 2009.

Just like its predecessors, Virus Trigger is now prowling the Internet, seeking out unaware users in order to steal their money. Once again, Trojan.Zlob or the Vundo Trojan is the dropper used in spreading this scourge.

Experienced computer users’ are aware that the Internet is saturated with rogue security programs which, if installed, can often cost the unfortunate victim loads of money in an attempt to get rid of it. Rogue Security Software is now a billion dollar “business”.

Virus Trigger has the same objective as all Rogue Security Software; to convince the victim to pay for the “full” version of the application in order to remove what are, in fact, false positives that this program is designed to display on the infected computer in various ways, including fake scan results, pop-ups and system tray notifications.

(Click pic for larger)

Rogue security software often writes itself into multiple parts of the operating system, and in many cases, it can hide its files, registry entries, running process and services, making the infection difficult to find, and remove.

In the last year, or so, I have heard some horrendous stories from readers where the common thread has been the debiting of their credit cards, multiple times, by the cyber-criminals responsible for the distribution of Rogue Security Software.

If you are a victim of this or other Rogue Security Software, the following removal solutions will be invaluable. The individuals/companies, who wrote and developed these free tools, are to be congratulated for giving back so freely to the Internet community.

Without their generous efforts, those infected by this, and other rogue applications, would be faced with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

Removal Solutions:

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

Bleeping Computer is a web site where help is available for many computer related problems, including the removal of rogue software.

Rogue Fix at Internet Inspiration

Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove a number of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue security software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications where exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Stop Viruses Dead with Free Avira AntiVir Personal

So, what are you looking for in a free antivirus application? How about an application that offers on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs?

As well, you’re probably looking for a program that monitors your interactions with your operating system to ensure that if a malicious program is detected it will be stopped dead in its tracks.

Finally, you’re looking for a free program that allows you to repair, delete, block, rename and quarantine programs, or files.

Well you’re in luck. Avira AntiVir PersonalEdition Classic will meet, and even exceed, all of your requirements. This anti-virus program offers all of this comprehensive protection within an easy to use interface.

(Click pic for larger)

In the 10 months I have been running Avira on my systems, I continue to be impressed with its performance, and I have come to rely on it as my primary anti-virus application. I highly recommend this one.

As an indication of this programs popularity, Download.com reports, it is the second most popular antivirus software (out of 305 products), offered for download on this site. Avira AntiVir PersonalEdition has been downloaded almost 19 million times, from this site alone.

(Click pic for larger)

Fast facts:

Highly Configurable

Protection from viruses, worms and Trojans

Protection against expensive dialers

Protection from hidden rootkits

Extensive Malware Recognition

Version 8.2.0.334 includes new Virus Engine update

New User Interface

Faster Scanning up to 20% faster than previous versions

Protection from phishing

System requirements: Windows 2000/XP/Vista

Download at: Download.com

Note: Free for home-users only.

XP Antivirus 2008/2009 – Advanced User Removal Solution

The following solution, to remove rogue security software XP Antivirus, is offered by this Blog’s reader Wayne Downing.

Due to time constraints I have not personally tested this solution, but the consensus amongst my Geek Club associates is, the solution while complicated, will work.

Wayne writes:

The only way I was able to really effectively remove it required a second computer, a router, and about 3 hours. It’s a little involved, but this method has been used to completely eradicate even the most stubborn viruses. I call it the “Global Thermonuclear Option”.

1) On a good computer, download the Knoppix CD version of Linux and burn it onto CD.

2) Shutdown the bad computer the “right” way (start / shutdown / shutdown computer).

3) Start the bad computer with the Knoppix CD.

4) While waiting on the computer to start, go to the good computer, and make sure the virus scanner on it is up to date; if it doesn’t have one, use Avast from http://www.avast.com. Be aware that there is a malware site called www-avast.com (note the dash rather than the dot), so make sure you’re at the right one.

5) Connect both your computers into your router. It is possible to do this wirelessly, but it will be slower.

6) On the infected computer, open up all the Hard Drives by double-clicking on them from the desktop in Knoppix. Close the windows that open up, then right-click on each of the hard drives and click on “Change Read/Write mode”. When Knoppix asks if you want to make each drive writable; click on “yes”.

7) While still on the infected computer, go to the “K” icon (lower left), then “KNOPPIX”, then “Services”, then click on “Start Samba Server”.

8) If it asks to set a password for the Knoppix user, use something simple like “knoppix123″ – this is not a permanent username being created – after you reboot the bad computer, this will all be gone. When it says “export all Hard Drives…”, click on “Yes”.

9) On the good computer, go to Start, then Run, and then type \\KNOPPIX and hit ENTER.

10) The computer will ask for a name and password. Use “Knoppix” as the username, and then the password you set up in step 7.

11) For any share that looks like “hda1″, “sda1″, “hdb1″, “hda2″, etc. (starts with hd, then a letter, then a number, or “sd”, then a letter, then a number), right-click on it, then click on “Map Network Drive”. Windows will assign a drive letter for you; you just need to click “Finish”.

12) Start your virus scanner and tell it to scan the remote drives. In this case, we’ll assume you use Avast, and that the network drives you’re trying to scan are Z: and Y. You would open Avast, then click on “Folder Selection” on the right in the middle (looks like a folder icon), then check the boxes for Y: and Z: (or all the network drives).

You’ll be able to tell which ones are network drives because they identify themselves as “Knoppix”. Click “OK”, then the “play” icon from avast, which will start the scan. Check the instructions on how to use your virus scanner program for more details. Essentially, you want to scan archives, and you want the scan to be as thorough as possible.

13) After the virus scan is done, download the installer for Avast on the good computer, and copy it to the previously infected computer, in the root directory. If the computer has more than one hard drive, copy it to all the hard drives, if it will fit.

14) Close avast on the good computer, then go to the “My Computer” icon and disconnect the network drives that you just scanned.

15) Go to the previously infected computer, click on the “K” icon, then “Log out”, then “shut down”. Follow the instructions on removing the CD-ROM, and reboot the computer into safe mode.

16) As soon as the previously infected computer starts, go to Start, then Run, and type “C:\Setupeng.exe” (or whatever the filename of the avast installer was). Allow avast to install. It is not necessary to run a boot-time scan, as you’ve essentially just done that over the network. Reboot the computer into normal Windows.

17) The previously infected computer will have no trace of the viruses that Avast found and deleted during the network scan.

Good luck.