Remove Win32/Heur Virus

So a friend of mine had a virus called “Win32/Heur”. According to research, the Win32 Heur virus spreads via peer to peer programs such as iMesh, WinMX, Ares and torrents. This virus is nasty for a few reasons;

  • It actually records your browsing activities and displays advertisements to you based on your usage.
  • It de-activates your anti-virus and firewall programs
  • It spreads like crazy!
  • How can I fix this?

    To remove the Win32/Heur virus I ended up getting my friend to download PCTools Internet Security which completely removed the virus.

    Its free to download so give it a try!

Possible HIFRM – Trend Micro’s annoying popup

If you’ve been experiencing a pop up from Trend stating something about a “possible HIFRM”, then no fear – we can tell you how to get rid of this annoyance!

1) Click the Start menu and select Control Panel
2) Double click Internet Options
3) Under the General tab click the Delete files button, under the Temporary Internet Files section.
4) A new dialog will appear, click the “Delete all offline content checkbox” and click OK.
5) Click on and close Internet Explorer.

Also you will need to delete your windows temporary files.

1) Click on START >> RUN.
2) Type in TEMP then click on OK.
3) On the upper-left on that window, click on EDIT and then SELECT ALL.
3) Now press the SHIFT and the DELETE button simultaneously or together to delete all the contents of that folder

Reboot your computer! The HIFRM message should not appear now.

Howto: Remove Virtumonde

If you’ve managed to attract the known trojan VirtuMonde – then you’re in trouble. This nasty trojan is known to act as a rogue antispyware program, showing advertisments and popups on your machine. Not only will it make your machine run slow, but also is known to perform denial of service attacks on websites of the attackers choosing.

Technical Details

If you’re receiving popups that advise you to install software to fix “system deterioration”, then you most likely have the Virtumonde trojan. Other symptoms include disabling the windows registry editor and hiding the taskbar.


The first step in removing the trojan is to stop it from starting up apon startup.
Delete the following registry keys. (If not possible, launch regedit from safe mode)


Because this trojan generates randomly named dll files in your windows/system32/ folder – we cannot suggest an exact guide to removing the virtumonde trojan. Instead you’ll need to download an up to date Anti-Virus engine in order to scan your entire system, and remove this virtumonde trojan.

Don’t have a virus scanner? Try Kaspersky’s 30 day free trial.

How To Remove Spyware using AdWareAlert and NoAdware

Weird popups? Porn? Messages advising you to purchase products? Internet Explorer homepage keep changing? Did you wallpaper disappear? System running slow?

All of the above are symptoms of spyware, which may have been introduced to your machine via various methods – which include activeX downloads and software you installed on your PC (such as Kazaa and other p2p programs).

You did not authorize these applications to install onto your PC – so why are they there?

For a bit of fun and games, I decided to be the test dummy. After firing up VirtualBox running a clean install of Windows XP, I proceeded to install various ‘known’ applications that included spyware. These included Kazaa, Performance Optimizer, Bonzi Buddy and XP Antivirus 2008.

After I had installed these applications, I was infected with spyware – there was no doubt about it. Here’s a few screenshots of my system;

XP Antivirus 2008 informing me that I have a ton of viruses :) .. *cough* fake!

Who likes my new wallpaper?

Internet Explorer Hijacked!

Some funky looking Windows processes

Removing them all

If you performed a Google search for “Anti-Spyware”, you will be bombarded with hundreds of applications which promote “Greatest protection”, “Instant spyware removal” and “Free scan now”. I decided to give two programs a whirl and there were;

NoAdware and AdwareAlert


NoAdware is a lightweight antispyware application designed to dig deep within your system to find traces or spyware, dialers and adware. It also has a number of PC Shields, designed to lock down certain parts of your system so that spyware cannot perform any modifications. This includes locking down your IE homepage, IE favorites and your windows hosts file.

While NoAdware managed to remove the majority of spyware found on my dummy PC, it wasn’t able to fully remove AntiVirus 2008 – which as I mentioned before is a NASTY spyware application designed to try and sell you products, whilst providing FAKE virus results.

Download NoAdware


The thing that impressed me the most about AdwareAlert is that it actually detected XP Anti-Virus in its scan results, where as NoAdware didn’t. The software promotes its “3 way protection” system, whereby AdwareAlert Scans, deletes and protects your system – pretty straightforward really. AdwareAlert also has an inbuilt quarantine system and the ability to add programs to an ignore or white list.

Overall AdwareAlert was able to clean the system and restore my dummy system to its former state.

Download AdwareAlert

Howto: Remove W32/Spar virus

The W32/Spar virus is a nasty little thing that often is found imbedded in files you may have downloaded through P2P programs such as Kazaa and Limewire.

You may find an annoying popup which states;

Patch applied succesfully! If your software is still trial maybe you need to install it before patch it.

To remove this virus, follow these steps;

Remove the following registry entries


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Printing Driver

Then reboot your machine. The above step will stop the virus from launching upon startup, but you will still need to clear it from your system. I suggest you download and install an Anti-Virus program such as Kaspersky or AVG.