Tag Archives: Kristopher Dukes

System Security Scareware – Infection Removal Instructions

Wondering how to remove System Security malware? Kristopher Dukes of 411-Spyware.com shows you how.

image System Security is the latest scareware hungry for your dough. System Security poses as a fake video codec – oops, you didn’t need that to see Rihanna naked – to get into your machine.

Once System Security gets cozy, it wastes no time telling you that your computer is infected with all sorts of imaginary badware it’ll gladly remove if you just buy the “full” – or “fool”? – version of System Security.

image

You probably already know that the only thing System Security removes is cash from your pocket.  But if you’re wondering…

Am I infected with System Security?

System Security is a shameless scam that’ll do anything to get your attention. It’s virtually impossible to be infected with System Security and not know it. If you see any System Security popups on your machine, you’re infected.

System Security won’t let me do anything in Windows!

Some versions of System Security block you from using Windows. Have you started up your computer, and all you see is a System Security window? There’s not even a Windows task bar at the bottom? Try these instructions.  If you’re lucky enough to still have your Windows task bar, skip to #3.

Press Ctrl+Alt+Delete.  This will either bring up Windows Task Manager or a menu,  in which case click the Windows Task Manager button.

1. In the top right corner, click File > New Task (Run…).  In the box type in Explorer.exe and click OK.

2. You should now have your Windows Task Bar back.   Press Windows Key + R and when the Run box appears, type msconfig and click OK.  Uncheck Load Startup Items and click OK.  A message will pop up prompting you to restart your computer.  Do it.  Your computer will restart, minus the System Security popups.

3. Go to your Program Files folder on your C drive and delete the System Security folder.

4. That’s it! You’ve removed the bulk of System Security from your computer.  You can visit my blog for details to remove System Security 4.52 files.  You should also run a trusted anti-badware scanner to check your machines for other infections – you probably have some. Yep, thanks for the Trojan, System Security.

I removed System Security, but I can’t use the Internet.

Some versions of System Security mess with your Internet connection – your connection is actually okay, but System Security will change some of your browser’s settings. If you’re using Internet Explorer…

1. Launch Internet Explorer.  At the top of the window, click Tools > Internet Options.

2. In the Internet Options box, make sure your home page is right.  If System Security has changed it, type in the correct address.  If you don’t know your home page address or you are unsure if it’s your proper home page not, click the home page box and type www.google.com.

3. Click the Connections tab and press the LAN Settings button, which is just above the Cancel button.

4. Make sure Automatically Detect Settings is ticked, and that Proxy Server isn’t checked.  Click OK twice, and exit Internet Explorer.

5. Relaunch Internet Explorer and your home page should appear.  You can now surf the net.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Kris’ site is one of the best I’ve found that helps users identify, and then deal with scareware related issues. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

2 Comments

Filed under Don't Get Hacked, Guest Writers, Interconnectivity, internet scams, Internet Security Alerts, Manual Malware Removal, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

I’m a Botnet and I’m on Your Mac! – Removal Instructions

Another timely warning from Kristopher Dukes of 411-Spyware.com.

image

iBotnet, the first botnet of Mac computers, has debuted.  Botnets, a network of zombie computers controlled by a hacker, are usually restricted to Windows-based PCs.

iBotnet isn’t any different from its PC-based counterparts: iBotnet, as reported by CNET, is a launch pad for denial-of-service attacks.

iBotnet spread through a Trojan hidden in pirated versions of Apple iWorks ’09 software. If you downloaded iWorks ’09 from a peer-to-peer network, you could be infected. Look for iWorksServices.pkg on your computer, and try my step-by-step instructions to remove iBotnet from your Mac.

You might also consider antivirus software for your Mac — for the next season of iSpyware, anyway. iTrojans so far have that chic, brushed stainless steel styling, so they’re not too hard on your eyes.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Kristopher Dukes, LLC. All rights reserved.

1 Comment

Filed under Don't Get Hacked, Internet Safety, Malware Advisories, Manual Malware Removal, System Security

The 411 on Conficker – The Spyware Protect 2009 Connection

Another timely warning from Kristopher Dukes of 411-Spyware.com.

Tech_ConfickerWormTN According to the Washington Post, Conficker worm’s purpose is now known: it’s not going to blow up your PC, it’s not going to cyber attack Kazakhestonstania, blame it on Russia, and further heat up an e-Cold War, and it’s (probably) not going to spam your friends a great offer on V1agRa.

Conficker is just going to annoy the hell out of you and try to steal $50.

Yep, Conficker.C, the latest version of the headline-making worm that’s infected tens of millions of PCs, is distributing scareware Spyware Protect 2009 (sometimes spelled “SpywareProtect2009”).

Like other scam software, Spyware Protect 2009 tells you you’re infected with tons of non-existent  threats, then asks for fifty bucks to remove them.

You can remove Spyware Protect 2009 for free, but you may still have Conficker on your system.  Use this eye chart to check if you have Conficker. Then, visit FSecure.com for a free Conficker removal tool. (If your security software or sites are blocked, remove Conficker for free with step-by-step instructions.)

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Kristopher Dukes, LLC. All rights reserved.

7 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, Freeware, Guest Writers, Interconnectivity, Malware Advisories, Rogue Software, Safe Surfing, Software, System Security, Windows Tips and Tools, worms

How to Remove Scareware – Common Issues

Your guide to Scareware, and its common Issues

HandyMan Can Animated On 411-Spyware.com and the computer repair shop I work at, I’ve found that a lot of people use manual removal instructions to remove fake security software (AKA rogue anti-spyware software, or scareware) from their computer.

Using a paid antivirus/antispyware program is easier and more reliable, since manually removing infections can be tricky.

But for those of you who like the long road — yep, I’m raising my own hand here — , you may run into these common issues while removing fake antispyware.

I’ve got a list of files to delete, but Windows won’t let me delete them.

That’s because you are currently running the scareware, and Windows won’t let you delete files that are in use. Boot into Safe Mode (hold F8 at start up, and when the menu appears select “Safe Mode”).

This will prevent any programs automatically loading other than those that Windows needs to run. Delete your files from there and when you’re done, just reboot normally.

How am I supposed to delete this scareware when it generates popups every 20 seconds?

Once again, if you’re manually removing the files, you can use Safe Mode to make things easier. Some technicians advise using MSCONFIG to stop scareware from running.

I find this unnecessary as you can remove files in Safe Mode, and when you restart your computer you can see if it is still running and if there is anything else you have to remove.

ComputerCrash

The scareware won’t let me boot into Windows. I can’t do anything.

This is a very nasty tactic that some scareware uses. What makes it worse at that it even launches in Safe Mode, making your computer unusable.

Fortunately, not many scareware programs do this as it defeats the purpose of the scam. How can they get your money when you buy their fake software, if you can’t even get into Windows?

When I get infections like this I use a free program called VistaPE. Basically, VistaPE puts an operating system on CD that your computer can boot off. You can then view your hard drive and delete the scareware files that way. As you’re running off a CD, there is no way the infection can mess with the disk.

Follow this tutorial to make a VistaPE disk. Don’t worry about the advanced stuff. All you want to do is view and edit the contents of your hard drive. Once your disk is made, you may need to edit the boot order in your bios to make the CD/DVD drive the first boot device. Your computer manual will show you how to do this.

I’ve deleted all the files, but that damn scareware always comes back.

Scareware does have a habit of reappearing when you have think you’ve killed it, just like a horror movie monster.

This is happening because your scareware was put there by a Trojan. Right after you remove all the scareware files, the Trojan sees that you don’t have scareware on your computer, and happily provides you with one.

Even if the scareware you were infected with doesn’t reappear, you most likely have a Trojan running in the background. 90% of computers I see with scareware infections have a Trojan installed, too.

Trojans want to remain hidden, so even if you suspect there is one on there, you won’t know which one it is. The best way to find out is to download and run a legitimate antivirus/antispyware trial, like Spyware Doctor, and see what it finds.

If you really want to, you can see if there are manual removal instructions for your Trojan once you know its name (but I hope that by that stage you purchase software to remove it and any other nasty files it finds).

Please note most security software trial versions don’t allow you to install updates, so you may be infected with a Trojan that’s not in the default database.

That’s all the tips I have at the moment, if I find any more I’ll update the article.

If you have some tips or questions, please leave a comment.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

2 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, Geek Software and Tools, Guest Writers, Interconnectivity, Manual Malware Removal, Rogue Software, Spyware - Adware Protection, trojans, Viruses, Windows Tips and Tools

Will Obama Give You Dough? Spare Change You Shouldn’t Believe In

Scammers are taking advantage of Obama’s grant money news to rip you off.

Shocking.

Trickle down 2 Watch for fake emails, links in ezine articles, and Google campaigns leading you to Obama-scam websites.

Testimonials on these Obama scam sites from people who’ve received government grant dough are as real as Ivanka Trump’s chest, and hardly as charming.

Quotes will urge you to order a CD to learn how to write a successful grant application – and that small S&H charge for the CD is how scammers get your credit card info and mailing address.

Another Obama-stimulus package scam email claims to be from the IRS, and asks you to fill out your personal information online, in order to receive a “stimulus payment.” What’s the most stimulating part of this process? Finding out strangers know a touch too much, about you.

Fortunately, if you follow the usual Internet safety rules, you’ll be okay. Look both ways before opening surprise email attachments and clicking links, and breeze over to YouTube to view some tips for avoiding grant-related scams.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

6 Comments

Filed under Don't Get Hacked, Email, Interconnectivity, internet scams, Malware Advisories, Online Safety, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools