Eradicate 8

Thursday, 29 April 2010

Remvoe Antivrsystem.com (Uninstall guide)

Antivrsystem.com is yet another misleading website related to Antispyware Soft malware. It may look like a legitimate website that promotes anti-spyware software, but it's actually fake. The website provides false information and promotes rogue anti-spyware program. Cyber criminals don't even bother and use the same web template for newly created scam websites. Antivrsystem.com doesn't host harmful files at the moment, but the situation can change at any moment. That's why we strongly recommend you to avoid Antivrsystem.com and add it to a list of restricted websites.

If your computer is already infected with Antispyware Soft then you can be redirected to antivrsystem.microsft.com instead of antivrsystem.com. Please note that Antispyware Soft and antivrsystem.com has nothing to do with Microsoft Corp. Now, the most important question is how to remove AntispywareSoft? Thankfully, this malware can be removed for free using legitimate anti-malware programs. More information here: Antispyware Soft removal instructions. If you have any question or additional information about this malware, please don't hesitate and leave a comment. Good luck and be safe!

Screenshot of Antivrsystem.com

Share this information with other people:

How to remove the AP Manager (Uninstall guide)

AP Manager is a fake download manager and a part of the I-Q Manager Copyright violation scam. It claims to be very fast and powerful download management software, but that's not true. If you are reading this article then your computer is probably infected with this malware. And you probably got it from a fake website that is affiliated with APManager. Usually, those misleading websites provide copyrighted games, movies, and music. Of course you may download any movie or song you like from those websites, but you have to use AP Manager for that. The copyrighted media will be added to the AP Manager download list. Just like any other download manager it will show basic information about your download such as how much time is left, the amount of KB transferred and the speed of the download. However, this information is false. It only pretends to download the file to your computer but in reality nothing is being downloaded to your computer.

Once the file has ostensibly been downloaded to your computer, a new window titled "Copyright Violation Alert" will show up. It will attempt to convince you to pay a fee for copyrighted material that you have just downloaded. The fake Copyright Violation Alert reads:

"Copyright violation alert
Copyright violation: copyrighted content detected
Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. Please read the following bulletin and try solving the problem in one of the recommended ways."

That's only a part of the whole statement, but basically it was made to look like a legitimate warning from a law firm that represents different copyright associations. It will ask you to pay a fine of around $50 dollars; otherwise it will notify the authorities and your case will supposedly be handled in a court.

AP Manager will also constantly display fake warnings from the Windows task bar as shown in the image below.

The biggest problem is that this threat then may lock the compromised computer until the user enters a correct license number for the program. Thankfully, S!Ri posted a registration code which should unlock your computer: RFHM2-TPX47-YD6RT-H4KDM.

To sum things up, AP Manager is a Trojan horse that pretends to be a download management program. Once installed, it will try to trick you into paying money for fake copyright violations. If you have already paid a fine, then you should contact your credit card company immediately and dispute the charges. Next, please follow the removal instructions below to remove AP Manager and any associated malware from your computer as soon as possible. If you have any questions or additional information about this virus, please leave a comment. Good luck and be safe!

AP Manager removal instructions:

1. Click Start -> Control Panel
2. When in the Control Panel, double-click on one of the options below depending on your version of Windows
a) Add or Remove Programs icon (for Windows XP users)
b) Uninstall Program (for Windows Vista and Windows 7 users)
3. The Add or Remove Programs (Windows XP) or the Uninstall Program (Windows Vista & 7) screen will be displayed. Scroll through the list of programs and look for entries with I-Q Manager and AP Manager, uninstall them. You are done, close the Control Panel screen.
NOTE: If the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the program.

Your computer should now be free of the I-Q Manager or Copyright Violation: Copyrighted Content Detected and AP Manager malware. However, if it's still on your computer then complete these additional steps:

1. Click Start -> Run.
2. Input: regedit. Then click OK.
3. Navigate to and delete the following registry entries and subkeys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"iqmanager.exe" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "apmanager.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\APManager\apmanager.exe"

4. Exit the Registry Editor.
5. Download one of the following anti-malware programs (all programs are free):

6. Install selected anti-malware program, update it and run a full system scan.

AP Manager files and registry values:

Files:

%UserProfile%\Application Data\APManager
%UserProfile%\Application Data\APManager\apmanager.exe
%UserProfile%\Application Data\APManager\settings.ini
%UserProfile%\Application Data\APManager\uninstall.exe
%UserProfile%\Application Data\APManager\wallpaper.jpg
%UserProfile%\Application Data\APManager\files\
%UserProfile%\Application Data\APManager\iplog\
%UserProfile%\Application Data\APManager\ispinfo\
%UserProfile%\Application Data\APManager\languages\
%UserProfile%\Application Data\APManager\metafiles\

Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "apmanager.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\APManager\apmanager.exe"

Share this information with other people:

Tuesday, 27 April 2010

Remove antivirusexpertsoft.com and avexpertsoft.com (Free removal)

Antivirusexpertsoft.com and avexpertsoft.com are two misleading websites related to Antispyware Soft malware. These two websites are identical and full of false information about rogue antivirus program. They don't host malicious or harmful files at the moment, but you should still avoid them as the situation may change at any time. Note that if your computer is already infected with Antispyware Soft you may see antivirusexpertsoft.microsoft.com and avexpertsoft.microsoft.com in your web browser's address bar. Of course, this doesn't mean that Antispyware Soft is somehow related to Microsoft. That's an old trick, but it's still very popular and makes the whole scam look more realistic.

If you find that your computer is already infected with Antispyware Soft virus or you are being constantly redirected to antivirusexpertsoft.com or avexpertsoft.com, then please follow the Antispyware Soft removal instructions. Also, of you have any questions or additional information about this threat, don't hesitate and leave a comment. Good luck and be safe!

Screenshot of antivirusexpertsoft.com and avexpertsoft.com

Share this information with other people:

Sunday, 25 April 2010

Remove security-engine.com (Free removal)

Security-engine.com is a misleading website that promotes the My Security Engine malware. In fact, it's a typical scareware that displays fake warnings and reports false system security threats to make you think that your computer is infected with malicious software when in reality it's perfectly clean except the My Security Engine badware itself. Security-engine.com doesn't host rogue programs at the moment, but it does provide an online purchase page of My Security Engine. And it's full of false information that may deceive users, so you should avoid Security-engine.com.

However, if you find that your computer is infected with My Security Engine rogue antivirus program or you are being constantly redirected to Security-engine.com then please read how to remove My Security Engine. If you have any questions or additional information about this malware, don't hesitate and leave a comment. Good luck and be safe!

Screenshot of Security-engine.com:

Share this information with other people:

Remove Vir'O'Fire rogue antivirus program (Free removal)

Vir'O'Fire (virofire) is a Polish rogue anti-virus program. It can be downloaded from pl.virofire.eu and it has to be manually installed. As you can see from its web page, Vir'O'Fire is almost a perfect copy of ThreatFire from PC Tools. If you want to run the rogue program you have to send an SMS and get back the code to unlock it. It goes without saying that you shouldn't download/install/purchase it. Vir'O'Fire is a scam. Please watch a short video about this malware made by rogueamp. If you think that your computer could have been compromised, then you should run a full system scan with legitimate anti-malware software. You may choose one from the list below. Good luck and be safe!

Screenshot of pl.virofire.eu:

Screenshot of threatfire.com:

Share this information with other people:

Friday, 23 April 2010

Pconguard.com scam (Free removal)

Pconguard.com is a misleading website that promotes rogue anti-virus programs. At the moment, it promotes Virus Protector. Pconguard.com provides false information about ostensibly legitimate security software but ironically there is a link to SW Protector (Software Protector) purchase page. So, it's not clear after all what program cyber criminals distribute on that website. However, what we know for sure is that Pconguard.com should be added to a list of potentially dangerous and malicious websites.

If you are being constantly redirected to Pconguard.com, then this means that your computer is infected with malicious software. It could be Virus Protector, Software Protector or any other malware (usually Trojan horse that promotes rogue programs). One way or another, we strongly recommend you to scan your computer with legitimate and reputable anti-malware or anti-spyware software listed below.

If you have any questions or additional information about this infection please don't hesitate and leave a comment.

Pconguard.com screenshot

Share this information with other people:

How to remove My Security Engine (Uninstall guide)

My Security Engine is a rogue anti-virus program that may cause serious system performance issues on your computer. This fake program is from the same family as CleanUp Antivirus malware. It performs fake system scan and reports false system security threats to make you think that your computer is infected with malicious software (spyware, adware, Trojans and etc.). The scan results are false. My Security Engine creates numerous harmless files upon installation and then flags those files as infected ones. How rude. Finally, it asks to pay for a full version of the program to remove the infections which don't exist. In other words, MySecurityEngine is a scam.

My Security Engine video: (thanks to rogueamp)

If you are reading this article, then your computer is probably infected with this scareware. Thankfully, we've got removal instructions to help. This fake program can be removed from your computer for free using legitimate and reputable anti-malware applications. Please follow the removal instructions below.

You may wonder how you got infected with this badware? Well, usually, such fake programs as My Security Engine come from fake online scanners, misleading online video websites or any other compromised/malicious website. It may come bundled with other malware too. Please also note that cyber criminals promote their bogus products on popular social networks. Once installed, the rogue program displays fake warnings about infected files and possible attacks from a remote computer. Some of the fake warnings read:

"Your PC may still be infected with dangerous viruses. My Security Engine protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection."

"My Security Engine has detected potentially harmful software in your system. It is strongly recommended that you register My Security Engine to remove all found threats immediately. "

Furthermore, MySecurityEngine will modify Windows Hosts file and hijack Internet Explorer. You will be redirected to various misleading websites. There is a chance that you won't be able to visit certain security related websites and your search queries will be redirected to findgala.com.

It goes without saying that you should uninstall My Security Engine from your computer as soon as possible. Most importantly, don't purchase it. If you have already purchased it, then please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please don't hesitate and leave a comment. Good luck and be safe!

My Security Engine removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.

NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.

Removing My Security Engine in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.

My Security Engine files and registry values:

Folders and files:

C:\Documents and Settings\All Users\Application Data\345d567
C:\Documents and Settings\All Users\Application Data\345d567\2322.mof
C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
C:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\MSHOLE\
%UserProfile%\Application Data\My Security Engine\
C:\Program Files\Mozilla Firefox\searchplugins\search.xml

Registry values:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"

Share this information with other people: