Thursday, 29 March 2012

Emsisoft Giveaways And Deals

Emsisoft Easter Offer: 3 licenses for the price of 1

The Easter Bunny comes to town and brings some great presents for you: two additional free licenses with every purchase of an Emsisoft full version license. Even of you don't need additional licenses, you can share them with your family and friends. Help them to fully secure their computers and save some extra bucks. Who knows, maybe they will buy you a chocolate rabbit in return ;)

Emsisoft Internet Security Pack: https://shop.emsisoft.com/34/?scope=checkout&product=40106

Emsisoft Anti-Malware: https://shop.emsisoft.com/34/?scope=checkout&product=2414

Emsisoft Online Armor Firewall: https://shop.emsisoft.com/34/?scope=checkout&product=36640

This offers lasts until April 9th, 2012 and only applies to new purchases of 1-year licenses. No renewals. Besides, you need to you those free licenses within two months after date of purchasel otherwise, they will expire.

Tell your friends:

GFI VIPRE Giveaways And Deals

50% Off VIPRE Antivirus 2012 and VIPRE Internet Security 2012

Receive a 50% discount on VIPRE Antivirus 2012 or VIPRE Internet Security 2012 license (expired trial). Hurry up because this is a limited-time offer, valid until April 15th, 2012. If your trial license is about to expire and you're planning to extend it, this is a great chance to save some extra bucks. Personally, I don't use any of their products but I can assure you that GFI does a great job protecting computers from the latest malware attacks.

For more details, please visit http://www.vipreantivirus.com/promos/expired-trial-offer/

Tell your friends:

Wednesday, 28 March 2012

Remove 'PRS for Music' Scam Ransomware (Uninstall Guide)

PRS for Music Your computer has been locked is a scam (ransomware) that tries to extort money from unsuspecting computer users. Earlier this month, Performing Right Society issued a statement in which they clarified that the virus has nothing to do with PRS for Music and that they are investigating this issue. Now, why the hell they should care so much about this malware? Well, probably because cyber crooks use their logo, in association with Metropolitan police apparently, to make it the most genuine looking scam you've seen in a long time. This scam is a particularly nasty one and unfortunately very widespread at the moment. So, what does this ransomware do exactly? Once installed, it hijacks your Desktop with a rather professionally done fullscreen warning claiming to be from PRS for Music and Metropolitan Police. Please see the image below:



The warning states that illegally downloaded music files have been found on your computer and for this reason your computer has been locked.
PRS for Music

Your computer has been locked

Illegally downloaded music pieces (pirated) have been located on your computer. By downloading, those music pieces were reproduced, thereby involving a criminal offence under Section 106 of the Copyright Act. ....
I don't know much about the copyright laws in the United Kingdom but even if there is such an act you're not violating it, so don't panic. To further scare you into thinking that PRS for Music warning is a real deal, cyber crooks use Geo IP functions to determine your IP address and host name. It actually calls the command and control server before displaying the actual warning. It is worth mentioning that cyber crooks target computer users in other countries as well.
  • Gema and GVU - Germany
  • Sacem - France
  • Buma Stemra - The Netherlands
  • Suisa - Switzerland
  • AKM - Austria


All the organization in Europe protect the interest of songwriters, composers, and publishers.

When running, PRS for Music scam/ransomware claims that the illegally obtained music files were encrypted and moved to protected folder. This is not true. Although, this ransomware might be a bear to remove, it's not very sophisticated and even has some critical bugs that I will show you later can be used to bypass the restrictions in a few simple steps. Further more, PRS for Music ransomware claims that you need to pay £50 to avoid prosecution and imprisonment. DO NOT GIVE THESE SCAMMERS YOUR MONEY. First of all, you will simply lose your money and you probably won't able to get them back because payments must be made via PaySafecard, PayPoint or something along those lines. They accept anonymous payments. Secondly, they won't unlock your computer.

You should also know that this ransomware cannot steal personally identifiable or sensitive information. It cannot delete any of your files either. Don't worry, you haven't lost your files, etc. You just need to remove PRS for Music Your from your computer. That's it. If you're not good with computers, you can simply take your computer to a local repair store. It may cost you around $200 to get your computer back up and running again. Or you can try to remove this scam manually yourself. Please follow the removal instructions below.

How to prevent receiving PRS for Music scam/ransomware?

First, update your software, especially Adobe, Java and your web browsers. Use up-to-date antivirus software and additional firewall. As far as I know, cyber crooks use BlackHole, by far the most widely used exploit pack, to distribute this ransomware. Simply visiting infected websites may get you into trouble. Please watch the video below showing how cyber crooks armed with the latest version of BlackHole 1.2.3 can easily infect your computer if you're running outdated version of Java. The exploit targets a bug in Java (CVE-20120-0507).


Thanks to Kafeineify for making this video.

PRS for Music scam stays active in Safe Mode, Safe Mode with Networking and even in Safe Mode with Command Prompt. However, once you rebooted your PC in Safe Mode with Command Prompt you have a few seconds to open Windows explorer. If you are lucky enough you might be able to restore your computer to a previous date when your computer was virus free.


PRS for Music removal instructions (System Restore):

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.

2. Make sure you log in to an account with administrative privileges (login as admin).

3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 2-3 seconds, the PRS for Music ransomware will take over and will not let you type anymore.

4. If you managed to bring up Windows Explorer you can now browse into:
  • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
  • Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter
5. Follow the steps to restore your PC into an earlier day.


Alternate PRS for Music ransomware removal using Print to file option:

A blogger named Thice wrote a great removal guide that can be used to remove PRS for Music scam without a need to reboot your computer in Safe Mode. Although, the removal guide was originally created to help users to remove Buma Stemra ransomware, it should work for PRS for Music as well. Basically, it's the same ransomware targeting computer users in different countries. Link to remove guide:

http://www.thice.nl/getting-rid-of-the-buma-stemra-ransomware-malware/



To learn more about ransomware, please read Remove Trojan.Ransomware (Uninstall Guide).

Tell your friends:

Friday, 16 March 2012

"I Want This!" Adware

"I Want This!" is ad-supported software that may display targeted advertisements within the web pages you are viewing. It adds a button called "I Want This!" to Amazon and some other popular shopping websites. Note that Amazon offers its own Universal Wish List button, so it basically duplicates the official Amazon service. Clicking the button adds items you want to your wishlist and automatically posts them to your wall on your Facebook page. After some time browsing around in our favorite shopping sites, this adware started to display ads from third party companies and affiliates. For instance, if you're looking an iPad, there's a great chance you'll start receiving ads offering the discounts on the newest iPad or other popular tablet computers.



I Want This! adware collects various web usage information and some demographic information as well. First of all, it collects information about the websites you visit and the searches you perform using your favorite web search engines. In addition, I Want This! collects your IP address, zip code, and country you live in. It then share this information with partners and affiliates. Here's probably the most worrying clause from their privacy policy:
Examples of the information we may collect and analyze when you use our website include the IP address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform; the full Uniform Resource Locator (URL) clickstream to, through, and from the Site, including date and time; cookie; web pages you viewed or searched for; and the phone number you used to call us.
We don't know about you guys, but we think that the price is to high for a program that collects all this information and duplicates already exiting services.

Most of the time, I Want This! adware comes bundled with freeware and shareware. The one we tested came bundled with VLC player. We got it from a download websites that offers freeware software for Windows.



We've said this many times before, if you want to download a clean installer, download it from official website only. Otherwise, you may end up with adware, spyware or even malware. As for the I Want This! adware, we didn't find any silent installers. It means users can always decline the installation. At least we hope so :) We didn't have any problems uninstalling I Want This! from your computer either. You can simply uninstall it via Add/Remove Programs as shown below. Good luck and be safe online!

http://deletemalware.blogspot.com


I Want This! removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.





2. Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



3. Search for I Want This! in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.



4. Click Uninstall. Then restart your computer. I Want This! adware should be gone.

5. Download recommended anti-malware software and run run a full system scan to remove the remnants of this adware from your computer.

Tell your friends:

Wednesday, 7 March 2012

Norman Giveaways And Deals

20% Discount for All Norman Products in March, 2012

Visit Norman webshop and choose the product that is right for you. Use coupon code MAR12 in shopping cart to receive the discount. You can use the promotion code to either purchase a new product or extend your existing license.

Norman webshop: http://www.norman.com/personal/en

Tell your friends:

How to Remove Best Virus Protection (Uninstall Guide)

Best Virus Protection is a rogue anti-virus program that attempts to lure you into purchasing bogus security solution that will allegedly remove the malicious software from your computer. This rogue antivirus program might perform many malicious activities. It might install additional spyware modules, steal your credit card numbers, passwords and user names, add your computer to a botnet, etc. One of the interesting things about Best Virus Protection is the way it modifies Windows hosts file and downloads backdoor Trojans onto the compromised computer making it wide open to cyber criminals. Thankful that it doesn't happen very often.

Best Virus Protection GUI. Looks pretty much the same as Microsoft Security Essentials.



Aside from rather sophisticated spyware modules, this rogue anti-virus is a very common scam. Scams are appearing via fake online virus scanners, spam, infected websites and social networks. I'm sure you are familiar with very aggressive pop-up messages urging you to install certain malware removal tools to remove non-existent infections from your computer. Very often they appear to be real but unfortunately leads to malware infection. Beware of pop-ups that are offering something you've never heard before. Malware authors use botnets and crimeware kits to distribute scareware too. As a result, Best Virus Protection can get installed on your computer without any interaction by you. I know it doesn't sound good but the truth is that your computer could be compromised just by you visiting infected websites. Please note that cyber criminals might compromised trusted websites as well. You should take precautions to ensure your operating system is updated and (security) software is current.

Warning! Virus detected
SpamTool.Win32.Delf.h



Fake software update notification. No network activity.



Fake security alert claiming that your machine is infected with potentially harmful software.


System Alert
Best Virus Protection has detected pontentially harmful software in your system. It is strongly recommended that you register Best Virus Protection to remove all found threats immediately.


As you may already know, cyber criminals use catchy names and associate them with known security programs. In this particular case "Best Virus Protection" is associated with Microsoft Security Essentials. I don't know about you guys but this name is too catchy for me. I could tell it's was fake right away. Best Virus Protection sounds more like award to me than the actual name of the antivirus product. But maybe it's just me. I know there are many unaware users that unfortunately might fall victim to this scam.

When running, Best Virus Protection blocks access to valid security sites. You might not be able to download and install certain malware removal apps. The rogue program modifies system files and registry entries to ensure that malware stayed on the system and could be easily restored in case you managed to remove some of the files manually. Sluggish system performance is another sign of malware infection. However, probably the most dangerous aspect of Best Virus Protection malware infection is the false sense of security you may have. You think that your computer is protected for malware but actually it's wide open to new infections. It may lead to identity theft and financial loss due to computer repair. In other words, this malware can cause you a lot of problems.

How to remove Best Virus Protection? There's no easy on-click fix. Hopefully, you can remove it using legit anti-malware software recommended in the removal guide below. Follow the steps in the removal guide very carefully. If you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!


Best Virus Protection removal guide:

1. Click on Help and select Activate Now.



2. Enter one the following debugged registration keys and click Activate to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB



2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Source: http://deletemalware.blogspot.com


Associated AV Security Essentials files and registry values:

Files:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
  • %AppData%\AV Security Essentials\
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
  • %UserProfile%\Desktop\AV Security Essentials
  • %UserProfile%\Start Menu\AV Security Essentials
  • %UserProfile%\Start Menu\Programs\AV Security Essentials.lnk
Registry values:
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\AV Security Essentials = "%AllUsersProfile%\Application Data\78b634\AV83d_9025.exe" /s /d
  • HKEY_CURRENT_USER\software\3
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
Tell your friends:

Monday, 5 March 2012

Remove Windows Secure Kit 2012 (Uninstall Guide)

Windows Secure Kit 2012 is a fake online virus scanning website. If you received such misleading warnings (see images below) on a website telling you that your computer is infected with spyware, worms and many other viruses, you should close your web browser immediately. Do not click on "Remove all" or "Cancel" because the JavaScript code triggers malware download even if you click Cancel (deceiving action). Windows Secure Kit 2012 is a good example of a social engineering attack when cyber criminals prey upon user's fears to install malware. The source of Windows Secure Kit 2012 attack may vary but what I've learned over the past few years - there is no such a thing as a safe website. Cyber criminals can compromised popular websites as well, so malware source can be websites all over the internet even the trusted ones. Recent variants of Windows Secure Kit 2012 have spread mainly through compromised ads. Cyber criminals usually use free domain services such as uni.me to redirect traffic to rogue security programs.

Below is an example of a fake online virus scanner message.
Windows Secure Kit 2012 has found critical process activity on your PC and will perform fast scan of system files!

Windows Security Alert
To help protect your computer, Windows Web Secure Kit have detected Trojans and ready to remove them.
Trojan-Downloader.Win32.Lipler.bkue
XF.Lugunay!dam
Win32/Sality
Banker.MGB
Win32/Conficker.Ae
....




If Windows Secure Kit 2012 scanner is constantly popping up then your computer is probably infected by a Trojan horse that pushes rogue security products. If you received it once and you didn't downloaded anything, I think you're ok. Otherwise, your PC would be severely messed up. Anyway, if you suspect that your computer got infected with some sort of malware that displays fake security alerts or redirects your search results, you should run a full system scan with recommended anti-malware software (direct download). Make sure your anti-malware is up-to-date.

To avoid Windows Secure Kit 2012 and similar malware, don't click on pop-ups, don't download software from unknown sources and back-up your files. If you need help removing Windows Secure Kit 2012 and associated malware from your computer, please leave a comment. Good luck and be safe online!

Tell your friends: