Jigsaw Boys » virus removal

How To: Remove Virus Trigger 2009

Jamsi — Thu, 13 Nov 2008 04:19:36 +0000

Yet another rogue spyware program on the loose, this time named “Virus Trigger 2009″.

One thing I noticed about this program, is that the website looks quite professional and appears in the number 1 spot in google when you search for keyword “Virus Trigger 2009″. Nasty huh.

Time to check this baby out.

After firing up my dummy box, I proceeded to download Virus Trigger 2009.

Screenshots

Like most Rogue Spyware applications, its hard to actually minimize or close the Virus Trigger window, especially when it prompts you to purchase the application.

Manual Removal of Virus Trigger 2009

Virus Trigger 2009 installs itself into the following folder.
c:\program files\VirusTriggerBin <- Delete this folder

Virus Trigger 2009 runs as the following processes
VirusTriggerBin.exe and uninst.exe <- Use the taskmanager to kill these processes

Removing from Startup
To remove this program from starting up when your computer starts, following these instructions

1) Click the start menu, then run
2) Type “msconfig” and hit enter
3) Click the startup Tab
4) Untick “VirusTriggerBin”
5) Reboot

The Solution

Whilst you can manually remove “Virus Trigger 2009″ by simply deleting registry keys and files as per the manual removal stage featured above, its much easier to remove “Virus Trigger 2009″ simply by using PCTools Spyware Doctor..

%productBox%

No related posts.

How To: Remove Ultra Antivirus 2009

Jamsi — Tue, 11 Nov 2008 11:59:13 +0000

Yet another nasty rogue anti-spyware program is amongst us, this time named “Ultra Antivirus 2009″. I managed to get this baby loaded on my test machine and boy did I let her rip!

Ultra Antivirus 2009 pretends to be a “Anti-Spyware” program, often tricking users into thinking its a legitimate program. The main goal of Ultra Antivirus 2009 is to trick users into purchasing the software, often by providing fake scan results and informing the user that the software detected threats on the computer.

But alas that is not true, and when reality kicks in; your computer is in fact fine. Ultra Antivirus 2009′s main goal is to get you to Purchase Their Product!

For gods sake DON’T DO IT!

Screenshots

Analysis Stage

Ultra Antivirus 2009 installs itself into the following folder.
c:\program files\UltraAv <- Delete this folder!

Through some analysis, I uncovered that Ultra Antivirus 2009 connects to the following server in order to retrieve new information regarding payment details.
Internet Protocol, Src: 91.208.0.223 (91.208.0.223)
Not Good ..

Removing from Startup
To remove this program from starting up when your computer starts, following these instructions

1) Click the start menu, then run
2) Type "msconfig" and hit enter
3) Click the startup Tab
4) Untick "UltraAV"
5) Reboot

The Solution

Whilst you can manually remove Spyware protector by simply deleting registry keys and files as per the Analysis stage featured above, its much easier to remove Ultra Antivirus 2009 simply by using PCTools Spyware Doctor.

%productBox%

No related posts.

Remove Win32/Heur Virus

Jamsi — Tue, 11 Nov 2008 02:00:54 +0000

So a friend of mine had a virus called “Win32/Heur”. According to research, the Win32 Heur virus spreads via peer to peer programs such as iMesh, WinMX, Ares and torrents. This virus is nasty for a few reasons;

It actually records your browsing activities and displays advertisements to you based on your usage.
It de-activates your anti-virus and firewall programs
It spreads like crazy!

How can I fix this?

To remove the Win32/Heur virus I ended up getting my friend to download PCTools Internet Security which completely removed the virus.

Its free to download so give it a try!

No related posts.

How To: Remove MS Antivirus 2008

Jamsi — Sun, 31 Aug 2008 10:09:51 +0000

The latest edition in rogue antispyware programs, MS AntiVirus – looks and feels like a regular antispyware application, but in fact – deadly as hell.

For those that don’t know, a “Rogue Anti-Spyware” program is a fairly new form of threat that entices users to download a program to protect their PC, but in fact the software they download is a form of malware, designed to entice users to pay for the software, in order to remove it. The main goal of Rogue Anti-Spyware programs is to make money, infecting and performing unwanted actions on your PC is just a measure in order to get you to “pay up”.

I wanted to see this MS AntiVirus 2008 program in action, so I fired up my Windows XP test box and gave it a whirl.

First I infected my PC with the MS AntiVirus program

See how MS AntiVirus 2008 looks and behaves like an AntiSpyware program, designed to trick the user that it is a legitimate program.

Fake infection

The below screenshot shows MS AntiVirus 2008 telling me that my system is infected. Rogue AntiSpyware often uses “fake spyware results” to inject fear into the user, so they feel the need to buy the software to remove the “fake results”.

MS AntiVirus 2008 communicating to a third party

The below screenshot shows packet sniffing software “WireShark”, detecting MS AntiVirus 2008 talking to a third party web service, namely a MACOS web server called “WebObjects” – nasty stuff.

Okay its time to get rid of this nasty program, time to whip out AdAlert.

Removing MS AntiVirus XP with AdAlert

I cracked open AdAlert and performed a full scan; below are the results.

The result: A clean system
AdAlert managed to disinfect my heavily infected system, deleting key registry files, application files and desktop shortcuts – no traces of MS AntiVirus 2008 are left behind.

If you’re infected with MS AntiVirus 2008 and are looking for an easy, fast way to remove it – I suggest you give AdAlert a whirl. You can download AdAlert here.

Download AdAlert for Free now!

No related posts.

Howto: Remove Virtumonde

Jamsi — Sat, 16 Aug 2008 09:58:05 +0000

If you’ve managed to attract the known trojan VirtuMonde – then you’re in trouble. This nasty trojan is known to act as a rogue antispyware program, showing advertisments and popups on your machine. Not only will it make your machine run slow, but also is known to perform denial of service attacks on websites of the attackers choosing.

Technical Details

If you’re receiving popups that advise you to install software to fix “system deterioration”, then you most likely have the Virtumonde trojan. Other symptoms include disabling the windows registry editor and hiding the taskbar.

Removal

The first step in removing the trojan is to stop it from starting up apon startup.
Delete the following registry keys. (If not possible, launch regedit from safe mode)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”WindowsUpd”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”SysUpd”

Because this trojan generates randomly named dll files in your windows/system32/ folder – we cannot suggest an exact guide to removing the virtumonde trojan. Instead you’ll need to download an up to date Anti-Virus engine in order to scan your entire system, and remove this virtumonde trojan.

Don’t have a virus scanner? Try Kaspersky’s 30 day free trial.

No related posts.