VIRUSES & SPYWARE

SOFTWARE

WIRELESS

REMOTE DESKTOP
CONNECTION

PHONE COPY
 &
PASTE LESSON

SHOPPING

TO HELP PREVENT VIRUSES FROM LOADING
ALWAYS FOLLOW
THESE EMAIL RULES
BEFORE OPENING EMAIL ATTACHMENTS

Do not open the attachments of messages with a suspicious or unexpected subject.
If you want to open them,
first save them to your hard disk and scan them with an updated antivirus program.

Delete any chain e-mails or unwanted messages.
Do not forward them or reply to their senders.
This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic.

To see SAFE and DANGEROUS EMAIL FILES EXAMPLES OF WHAT TO DOWNLOAD click here


JAVA VIRUS
Java frequently picks up Viruses from rogue websites
AVIRA will automatically detect delete these Java viruses
They are located in the Java Cache Folder:
C:\Documents and Settings\<user_name>\Application Data\Sun\Java\Deployment\cache\
The entire Sun folder can simply be deleted without affecting the Java installation



EVERYONE SHOULD CHECK THIS!
SLOW COMPUTER?
VERY SLOW HARD DRIVE PERFORMANCE??

Has your hard drive performance degraded to very slow transfer speeds?

Both problems' solution is:

Somehow, Windows has reset the Hard drive's
DMA mode (very fast) to PIO Mode (very slow).

Go to DEVICE MANAGER, IDE ATAPI, find affected slow drives, look in Advanced Settings -
if you see a drive running in PIO mode - go to DRIVER, UNINSTALL the affected driver.
Reboot
Windows Plug & Play will then reinstall the drivers automatically and set the FASTEST Mode.

FIXED!

 


THE SIX STEPS TO
KEEP YOUR COMPUTER HEALTHY
PRIVATE, and FAST...

Follow my suggestions below to run
the latest and greatest security, virus detection software, spyware detection, and email tips
ALL SAFE & FREE TO YOU !!

Believe me, a licensed engineer, and computer geek since before there were desktop computers.
If you don't run these recommended programs, especially SPYBOT,
your computer will definitely be FULL of spyware, secret ads, and expensive dialers that take control and secretly command your computer
in such a way that it robs your system of internet speed, efficiency, and privacy.


1) I LOVE THIS FREE CLEANER
It will REMOVE all of your old TEMP files that WINDOWS doesn't delete.

It has deleted VIRUSES and ROGUE temp files that no other programs can find
And it will fix BUGS from VIRUSES in MEDIA PLAYER and other programs
It will find files so old you thought were gone YEARS AGO!

If you do a lot of internet surfing, run this program after an extensive session DAILY.


CCleaner

Run CCleaner and then set this option in CCleaner:
 
Click OPTIONS, ADVANCED, then UNCHECK
"Only delete files in Windows Temp folders that are older than 48 hours"
 


2) SPYWARE REMOVAL
 


SuperAntiSpyware

 

To clean your computer from SPYWARE:
Spyware will rob you of your speedy connections, slow your computer down, and compromise your privacy,
running in the background without your knowledge or consent.

I used to use SPYBOT, but I no longer like this program.  It can actually slow your computer down
when it installs thousands of rouge websites that it says are dangerous.  I found ZERO use for that. 
So if you have SPYBOT, I recommend to UNINSTALL it!  Read below (#6) for how to complete a true uninstall of SPYBOT. 
Once all traces are removed - including the 1000's of rogue websites in Internet Explorer don't ever use it again.

Now I use the FREE EDITION of SUPERANTISPYWARE
The free edition wont run automatically...so I just run it myself once a week or so. 
If you use ccleaner regularly...your computer will be mostly clean anyway as 
spyware will generally be deleted by ccleaner.

Be careful during the install of this program
(and during any other program install),
NOT TO INSTALL any TOOLBARS from GOOGLE or BING. 
There is a checkbox sometimes during the install process to clear!

*** And Check UPDATES once a month or sooner ***
 


3) VIRUS DETECTION
Most Highly recommended -  follow the program's automatic scheduling
I run this program update and check DAILY!


BACK TO AVIRA ANTIVIRUS


 


And occassionally:

Install and run Malwarebytes which will check for viruses and spyware on a one time scan basis

No uninstall of old antivirus programs required!

 

 


 

wgsdgsdgdsgsd.exe removal & Repair Safe Mode Operation

I got hit by the virus wgsdgsdgdsgsd.exe 3 times in the last 3 weeks.
It came from questionable sites, but since I am unafraid of viruses, I keep going back for more challenges. So I finally learned the easy way to get rid of this virus.
If I had no Norton backups I would never have been able to figure it out.

First off, my firewall caught the file, asked permission, and I prevented it from running. But the file was still present in Windows\system32 on my disk.
I tried to delete it...I couldnt. I tried to end a possible linked process with WINDOWS TASK MANAGER (Ctrl-alt- del), but Task Manager wouldnt run. Humm...
I also knew from past experience with this virus, that SAFE MODE would NOT run (Blue Screen of Death)- even after the virus was deleted.

RogueKiller available here on Bleeping Computer came to mind...Always have that file on your hard disk! IT FOUND THE VIRUS chain and deleted the process.

BUT, the file wgsdgsdgdsgsd.exe was still in Windows\system32. BUT this time I could easily delete it! And double check check that it's not in your RecycleBin.

Now, the trickiest part...SAFE MODE will still not work...even though the virus chain is gone.
Previously I had to reformat and load my hours old backup, and once I swear even a long reformat didnt work - I couldnt get into SAFE MODE...just that blue screen after rebooting.
I had to write zero's to the drive and reinstall my backup - which worked. Except I got that virus again twice more.

Here is how to restore SAFE MODE operation again:
Run regedit and scroll to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.
When you try booting into safe mode on the machine that has this key deleted, you will receive the BSOD.

Go to this page and see how easy it is to repair the registry with a simple registry download fix...
Make a backup of your registry key after your computer is repaired, so you will always have it available.

Voila...and that's it!!

Also  perhaps as a result of the virus remnants was found in the JAVA cache with AVIRA
To manually delete them go to:
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/ either delete ALL the cache files - or scan that location with AVIRA within Windows Explorer

SUMMARY:
1. Dont allow
wgsdgsdgdsgsd.exe with ZoneAlarm
2. Run RogueKiller
3. Run ccleaner
4. c:\Windows\system32 -- SHIFT-DELETE wgsdgsdgdsgsd.exe
5. Run AVAST through IE on
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
6. Run SAFE BOOT...XP PRO from here

For FBI RANSOM BROWSER ATTEMPTS
Run Windows TASK MANAGER (ctrl-alt-del)
And close ALL BROWSER WINDOWS
CCLEANER to repair.

 

 

 


IMPORTANT

Uninstall through Control Panel, Add/Remove programs: GOOGLE CHROME
&
Any GOOGLE or BING Internet Explorer TOOLBARS

And delete any other TOOLBARS there too. 
Usually Superantispyware and Malwarebytes
will have already removed them.

These toolbars slow your computer down by reporting bck to the originators your internet behaviors, sites visited, etc.
Install and run
Malwarebytes which will check for viruses and spyware on a one time scan basis
 

 

 

-------------------------------------------------------------

Some other antivirus programs one time scans:
I hardly ever use the programs below:
- - - - - - - - - - - - - - - - - - - - - - - - -

Go here :

Click FREE SCAN ONLINE

And it doesn't require any updating...since it is automatically updated with every online scan you make.

- - - - - - - - - - - - - - - - - - - - - - - - -

And another FREE:

- - - - - - - - - - - - - - - - - - - - - - - - -

And another FREE:
    Kaspersky here

- - - - - - - - - - - - - - - - - - - - - - - - -

Single file analysis:
submit file here
virusscan
or here Virustotal.com

- - - - - - - - - - - - - - - - - - - - - - - - -

Download COMBOFIX
from Bleeping Computer
here
Download, save and run from your desktop
Instructions
When finished with combofix uninstall it - click START, RUN combofix /u

NOTICE...this can be a destructive program (like HiJackThis a favorite program of mine)
and may require expert knowledge,
Although ComboFix has always worked flawlessly for me.

- - - - - - - - - - - - - - - - - - - - - - - - -

A sample history of virus killer programs - run in this order:
From http://forums.malwarebytes.org/index.php?showtopic=73155
ccleaner
MalwareBytes
HiJackThis
SuperAntiwareSpyware
turn off System Restore
-----------------------------------------
Below is included for super advanced problems...I used it maybe once:
http://www.eset.com/onlinescan/
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

OTM by OldTimer
Save it to your desktop
Here is example. You found a file in the est scan that could not be removed:

C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTM


4) MAKE SURE YOUR WINDOWS SYSTEM RESTORE IS TURNED ON
ALWAYS
Start, Control Panel, System, System Restore, Uncheck - Turn Off System Restore


5) IE,  TOOLS, INTERNET OPTIONS, GENERAL, TEMPORARY INTERNET FILES, SETTINGS:
Keep this setting low - to prevent hard disk searching.  I use 100 MB!!


6)  AFTER INSTALLING SPYBOT and even after DELETING SPYBOT, check this:

IE,  TOOLS, INTERNET OPTIONS, SECURITY, RESTRICTED SITES:
Keep these entries to a very small number - I use ZERO entries.
Manage this AFTER installing or better yet -->removing SPYBOT.

To manage large amount of entries, I use:
ZonedOut


JAVA UPDATES

FYI, I lost my browser’s history of WebPages visited.  I tried everything…uninstalling IE8…for hours.

Even system restore to a date that HISTORY was working…nothing worked.
Then B O I N G  my dead mind remembered…HiJackThis – what a dope I am. I deleted all the JAVA stuff, and it worked! Now I am spending hr getting everything back to normal.

I think a box opened asking if I wanted to install a JAVA update…I clicked YES.  I think one should always install a JAVA update from SUN only.  If you get a JAVA update box…just say NO – and then go to SUN JAVA to see what’s up.

 CHECK IF YOU NEED JAVA UPDATE
To test your Java Run-time
http://www.java.com/...help/testvm.xml
 


Zone Alarm FREE Personal Firewall
Zone Alarm has a great FREE personal firewall and it's a necessity for all desktop computers
connected to broadband Internet, using DSL, cable, ISDN, WiFi or satellite modems.


 


tough virus ?

If you have a particularly tough virus - that won't get cleaned away:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. To restart the computer in Safe mode - (PRESS F8 while rebooting)

4. Run a full system scan and delete all the files detected.

To disable System Restore (Windows Me/XP)
If you are running Windows XP,
we recommend that you temporarily turn off System Restore.

Windows Me/XP uses this feature, which is enabled by default,
to restore the files on your computer in case they become damaged.

If a virus, worm, or Trojan infects a computer,
System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore.
Therefore, antivirus programs or tools cannot remove threats in the System Restore folder.
As a result, System Restore has the potential of restoring an infected file on your computer,
even after you have cleaned the infected files from all the other locations.

HOW TO TURN OFF SYSTEM RESTORE

GEEKS TO GO
Expert free help
www.CASTLECOPS.com

z

HiJack This

POST your HiJack This log here for analysis

EXPERT VIRUS REMOVAL TOOLS

Spyware Info Forums


 


DELETE OLDER VERSIONS OF JAVA & UPDATE TO NEWEST VERSION

Older versions of Java Runtime Environment have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..

Please download the latest Java Runtime Environment.

After you have installed the Java software on your computer, you must restart your browser.
You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on
the
Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.
 


DEFRAGMENT YOUR HARD DRIVE
(Highly recommended - once every two weeks)

CLICK START, PROGRAMS, ACCESSORIES, SYSTEM TOOLS, DISK DEFRAGMENTER.

Just relax and follow the prompts -this will take about 30 minutes or so, depending on the size of your hard drive and the speed of your computer.

This Microsoft Windows program will kind of put all the memory bits on your hard-drive in order
so that your hard drive can read your files and fill your cache in one quick pass,
rather than search in different places throughout your hard drive.


I LOVE THIS FREE TESTER:
TEST YOUR COMPUTER SETUP HERE
PC Pitstop: Free PC Diagnostics and Tune-ups

Just click "New Members"
Not necessary to login or to register

Turn off all browser windows, and other programs during the test
Also, temporarily turn off your antivirus program (AVG) & firewall


 

Watch what you download!
Many freeware programs, and P2P (Peer-to-Peer) programs like Grokster, Imesh, Kazaa and others
are among the most notorious, come with an enormous amount of bundled spyware that will eat system resources,
slow down your system, clash with other installed software, or
just plain crash your browser or even Windows itself.

 

PERHAPS MOST IMPORTANT OF ALL
MS Internet Explorer Updates

Go to Internet Explorer > Tools > Windows Update
And install ALL Security Updates listed.
It's VERY important to always keep current with the latest security fixes from Microsoft.

 

Browser Search Page Hijacked
To earthlink.net ? Or perhaps your ISP's Search Page

Copy everything below to notepad then save it to your desktop as IEfix.reg.
Doubleclick on it and let it import.
This resets all IE search configurations to their original state.


REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://g.msn.com/0SEENUS/SAOS01"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

EARTHLINK SEARCH HIJACK
to earthlink-help.net

Not easy to repair without the following fix:
First of all you will need to set a static ip address for your pc.
Follow the instructions
here

for dns servers use 4.2.2.1 and 4.2.2.2
Earthling recommends
207.69.188.172 (east coast)
207.69.188.171 (west coast)

If for some reason this doesn't work
(It did work for me without the following modification)
you  may also want to modify your HOSTS file in c:/windows/system32/drivers/etc
open with note pad and add this at the bottom:

127.0.0.1 elydm.01.am.barefruit.com
127.0.0.2 elydm.02.am.barefruit.com
127.0.0.3 elydm.03.am.barefruit.com
127.0.0.4 elydm.04.am.barefruit.com
127.0.0.5 elydm.05.am.barefruit.com
127.0.0.6 elydm.06.am.barefruit.com
255.255.255.255 www.earthlinkhelp.com
127.0.0.7 http://earthlink-help.net

click on file.... click save

Reboot PC and problems should go away.

Look at earthlink blog
here for more detailed info
 

 

HOW TO AVOID RUNNING VIRUSES & OTHER NASTY THINGS
You must follow this order

  1. While surfing your antivirus program opens a popup
    VIRUS DETECTED...
    THIS IS THE WORST CASE
    an executable .exe file tries to get through your defenses

  2. TURN OFF THE INTERNET MODEM BUTTON NOW
    (or the following cleaning is for naught)

  3. NOTE THE FIRST FEW LETTERS
    of the .exe FILE showing in the AVG popup

  4. Send the VIRUS to AVG's VAULT or if you can DELETE IT.

  5. Run CCLEANER

  6. To double-check names & locations of all VIRUSES that got through your firewall,
    GO to your firewall logs.

  7. SEARCH for virus names on hard-drive or just look in C:\
    (They did get through your defenses!)

  8. DELETE THEM :)

  9. If you cant delete the .exe files, then they are already running.
    CTRL-ALT-DEL opens Windows Task Manager

  10. Search the IMAGE NAME column for the stubborn .exe file that wont get deleted
    and the any other files sent to the vault

  11. HIGHLIGHT them and END PROCESS

  12. Run a REGISTRY CLEANER

  13. RE-BOOT

  14. TURN ON THE INTERNET MODEM BUTTON

  15. Do an online antivirus scan for your c:\ HERE
    16. If you cleaned well - the antivirus scan will be clear.

 

COMPUTER REBOOTING OVER AND OVER
Turn off paging file, reboot to safe mode, delete paging file, reboot

Exact instructions: START, CONTROL PANEL, SYSTEM, ADVANCED, PERFORMANCE SETTINGS, ADVANCED,
VIRTUAL MEMORY, NO PAGING FILE. 
Reboot to SAFE MODE and delete PAGING FILE(s).

I also ran HiJackThis and deleted any references to JAVA QUICK STARTER (JAVA jqs.exe is OK)
 

 

Workaround to SHUT DOWN Ad-Aware 2007 aawservice.exe
This workaround has solved the problem for me in Windows XP:

1. Open the Services Management Console (Click Start, Run, type in "services.msc" without the quotes, click OK).

2. Find "Ad-Aware 2007 Service" on the list and double-click it.

3. For the Startup Type, choose "Manual". Click OK and close the Services window.

The program aawservices.exe will no longer start at Windows startup, but will auto-load as needed whenever you run Ad-Aware 2007.
 

 


 

 

VIRUSES & SPYWARE

SOFTWARE

WIRELESS

REMOTE DESKTOP
CONNECTION

PHONE COPY
 &
PASTE LESSON

SHOPPING

 

REV.24.239.187.183AART