tag:blogger.com,1999:blog-18513511377231321072024-02-07T16:44:53.405-06:00Hunter's Malware Blog"Education is the most powerful weapon which you can use to change the world" Nelson MandelaHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.comBlogger199125tag:blogger.com,1999:blog-1851351137723132107.post-80179502713023261412014-09-10T18:28:00.000-05:002014-09-10T18:28:02.279-05:00How to remove Win 8 Protection 2014 (Rogue)There's a new rogue antivirus program out there called Win 8 Protection 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Win 8 Protection 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Win 8 Protection 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-43118289862310520762014-09-10T07:53:00.000-05:002014-09-10T07:53:26.114-05:00How to remove Win 8 Antivirus 2014 (Rogue)There's a new rogue antivirus program out there called Win 8 Antivirus 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Win 8 Antivirus 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Win 8 Antivirus 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-71770975172839245202014-09-09T18:22:00.000-05:002014-09-09T18:22:02.266-05:00How to remove Win 7 Protection 2014 (Rogue)There's a new rogue antivirus program out there called Win 7 Protection 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Win 7 Protection 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Win 7 Protection 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-89827110493154125882014-09-09T08:16:00.000-05:002014-09-09T08:16:01.229-05:00How to remove Win 7 Antivirus 2014 (Rogue)There's a new rogue antivirus program out there called Win 7 Antivirus 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Win 7 Antivirus 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Win 7 Antivirus 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-69404913972865977802014-09-08T15:29:00.000-05:002014-09-08T15:29:26.976-05:00How to remove Vista Protection 2014 (Rogue)There's a new rogue antivirus program out there called Vista Protection 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Vista Protection 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Remove Selected. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Vista Protection 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-14362337367858482522014-09-08T07:39:00.000-05:002014-09-10T07:53:41.131-05:00How to remove Vista Antivirus 2014 (Rogue)There's a new rogue antivirus program out there called Vista Antivirus 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove Vista Antivirus 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of Vista Antivirus 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-39636293800050417372014-09-07T07:07:00.000-05:002014-09-07T07:07:45.585-05:00How to remove XP Protection 2014 (Rogue)There's a new rogue antivirus program out there called XP Protection 2014.<br />
<br />
For
those of you who do not know, a rogue antivirus program is a piece of
malware that pretends to be antivirus software. It "scans" your computer
and then claims your computer is infected with malware. it then demands
payment for the "removal" of these "threats."<br />
<br />
Here is how to remove XP Protection 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of XP Protection 2014.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-85910235414753033622014-09-06T07:24:00.000-05:002014-09-06T07:27:22.379-05:00How to remove XP Antivirus 2014 (Rogue)There's a new rogue antivirus program out there called XP Antivirus 2014.<br />
<br />
For those of you who do not know, a rogue antivirus program is a piece of malware that pretends to be antivirus software. It "scans" your computer and then claims your computer is infected with malware. it then demands payment for the "removal" of these "threats."<br />
<br />
Here is how to remove XP Antivirus 2014: <br />
<br />
Step #1: Reboot your computer into safe mode with networking.<br />
<br />
To do
this, turn the computer off and turn it back on.<br />
<br />
Immediately after you
press the power button to turn the computer back on, press the F8 key on
your keyboard repeatedly until you come to a menu that gives you
options such as Safe Mode. Use the arrow keys on your keyboard to select
Safe Mode With Networking. <br />
<br />
Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: <a href="http://www.bleepingcomputer.com/download/rkill/">http://www.bleepingcomputer.com/download/rkill/</a> <br />
<br />
Step
#3: Run the downloaded executable. It will open a black box, this is
normal. Once the black box has closed on its own, proceed to step 4.<br />
<br />
Step #4: Download Malwarebytes Anti-Malware from here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.<br />
<br />
Step
#6: Once the program is installed, it will automatically open a window.
Once this window is open, click the Scan Now button on the lower right corner of the window.<br />
<br />
Step #7: Malwarebytes Anti-Malware will now scan your computer. As this scan will take some time,
I suggest you do something else while remaining in close proximity to
the computer so you can check on the scan every once in a while. Once
the scan is complete, proceed to step 8.<br />
<br />
Step #8: When the scan is complete, click the show results button.<br />
<br />
Step #9: Click Apply Actions. If Malwarebytes prompts you to restart your computer, please allow it to do so.<br />
<br />
Step #10: Enjoy your computer which should now be free of XP Antivirus 2014. Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-77445044595828079702014-07-14T06:52:00.002-05:002014-07-14T06:52:22.907-05:00Cryptowall Ransomware Info Guide.After a long time of finding a sample of Cryptowall and trying to get
it to work, I have finally been able to get it to work for me.
Therefore I can now create some kind of guide for it.<br />
<br />
Cryptowall
is a piece of ransomware that encrypts files much in the style of
CryptoLocker. Files are encrypted with a 2048 bit RSA key, therefore
making it almost impossible to decrypt the files it encrypts without
both the public and private key.<br />
<br />
Cryptowall is spread via zip file
attachments that come through emails. And once it is placed on your
computer, it will start encrypting your files.<br />
<br />
Once the encryption
is done, a notepad window will open up titled "DECRYPT_INSTRUCTION.TXT"
that contains info on how to access the Cryptowall Decryption Service
where you can pay a ransom to decrypt your files.<br />
<br />
The price of
this ransom depends on how long your files have been encrypted for and
must be paid in Bitcoin, a well known online cryptocurrency.<br />
<br />
At this point, there are three methods I know of to get your encrypted files back without paying the ransom demand.<br />
<br />
Method #1: Backups.<br />
Backups
of your are the only surefire way to protect yourself against malware.
These backups should either be in the cloud or an offline backup such as
on a flash drive or external hard drive.<br />
<br />
Method #2: File Recovery Software.<br />
When
Cryptowall encrypts a file, it makes a copy of the unencrypted file
first. It then encrypts the copy and deletes the original file. Because
of this, it may be possible to recover your files using a file recovery
tool such as:<br />
R-Studio: <a data-cke-saved-href="http://www.r-studio.com/" href="http://www.r-studio.com/">http://www.r-studio.com/</a><br />
<br />
Or PhotoRec: <a data-cke-saved-href="http://www.cgsecurity.org/wiki/PhotoRec" href="http://www.cgsecurity.org/wiki/PhotoRec">http://www.cgsecurity.org/wiki/PhotoRec</a><br />
<br />
Although
the longer your files have been encrypted, the less likely it is that
you can use File Recovery Software to recover them.<br />
<br />
Method #3: Shadow Volume Copies<br />
<br />
When
Cryptowall is placed on your computer, it attempts to delete Shadow
Copies of your files in an effort to make it harder for you to restore
them. But depending on some unknown factors, it sometimes fails to do
this.<br />
<br />
If that is the case, you might be able to restore a file by
right clicking the encrypted file and clicking Properties. From here you
should click on the Previous Versions tab to see if there are any
Shadow Copies of the file available.<br />
<br />
If there are copies, click on
the copy you wish to restore from and click the Copy button. From here
you will select where to save the file too. Repeat this process with all
your encrypted files.<br />
<br />
Whatever method you use, you want to verify
that you actually CAN do it before taking any further action. And I
would recommend getting rid of the actual ransomware, but saving the
decryption info in the unfortunate event that you actually have to pay
to decrypt your files.<br />
<br />
This is a process that I will be publishing
a blog post about soon, along with any further information I have found
from my testing of this ransomware.<br />
<br />
And even if you are not
infected with Cryptowall, you might want to stay tuned as what I will
cover in the next few blog posts might also work with other file encrypting
ransomware. Cryptowall is not to be confused with CryptoDefense.
This is another piece of file encrypting ransomware that I will be
covering shortly.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-46421954246701853842014-06-25T08:43:00.001-05:002014-06-25T08:44:07.002-05:00How to remove the SimplLocker ransomware.The SimplLocker ransomware is a piece of ransomware that infects Android devices. The issue with mobile malware seems to be evolving, as this ransomware encrypts files and stops anything else on your Android device from working correctly.<br />
<br />
It informs you of what it has done via a ransom screen that demands $21 to decrypt your files and continue using your device properly.<br />
<br />
The ransomware is downloaded and installed when you download something
online that claims to be something else, but is actually the ransomware.
This ransomware is not found on the Google Play Store.<br />
<br />
Manual removal of this ransomware has proven to be a difficult task, so we are going to be using an automated app made by avast! in this removal guide.<br />
<br />
Step #1: Go to <a href="http://play.google.com/">http://play.google.com</a> from your computer.<br />
<br />
Step #2: Login to the Google Play Store with the same user information you use to login to your device.<br />
<br />
Step #3: Search for avast! Ransomware Removal in the Google Play Store.<br />
<br />
Step #4: Click on the “Install” button to install avast! Ransomware Removal to your device.<br />
<br />
Step #5: After avast! Ransomware Removal is installed on your device, press avast! Ransomware Removal in the notification bar.<br />
<br />
Step #6: avast! Ransomware Removal will start and provide you with further instructions.<br />
<br />
Step #7: Allow avast! Ransomware Removal to scan your device.<br />
<br />
Step #8: After the scan is over, avast! Ransomware Removal will remove the ransomware from your device and decrypt your files.<br />
<br />
Step #9: Uninstall avast! Ransomware Removal so that you can further use your device.<br />
<br />
Your device should now be free of the SimplLock ransomware. I would
consider looking into a free or paid anti-malware app for your Android
device if you already did not have one on your device when you got
infected with the ransomware.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-84987843739908463252014-05-08T09:31:00.000-05:002014-05-09T10:13:41.077-05:00How to remove the Koler Android Ransomware.This blog post will be dealing with a new kind of ransomware that infects devices running Android.<br />
<br />
It infects your Android device by asking you to download an app off the internet that claims to be helpful in some way. But it is actually just the ransomware. This app can only be found online and you will not find it in the Google Play Store.<br />
<br />
In order for it to actually download the ransomware, you will need to allow your Android device to download from untrusted sources. When installing the app, it will ask for permission to access system tools in some way.<br />
<br />
But the best way to tell if you are infected is if you get a notice saying your device (phone or tablet) is blocked. This notice will claim to come from places such as the FBI in order to make you think that it is real.<br />
<br />
The ransomware will demand a payment of $300 in order to unlock your device. It will demand this payment in the form of a MoneyPak card.<br />
<br />
It is strongly advised that you do not pay the ransom. Instead, follow the following removal guide. Please note that you should read all steps before starting removal, as this ransomware will pop back up every few seconds.<br />
<br />
So in other words, attempt to remove this as fast as possible.<br />
<br />
Regular Removal Guide: <br />
<br />
Step #1: Go to Settings.<br />
<br />
Step #2: Go to Apps.<br />
<br />
Step #3: Scroll down in the list of apps until you find the app responsible for the ransomware.<br />
<br />
Step #4: Touch the app and hit uninstall.<br />
<br />
Step #5: Go to the Google Play Store to download an anti-malware app such as Malwarebytes Anti-Malware Mobile.<br />
<br />
Step #6: Launch the anti-malware app and run a scan.<br />
<br />
Step #7: Remove or uninstall anything the scan finds. <br />
<br />
Persistence will pay off with this, but if you find it too hard to complete this removal guide without the ransomware coming back up, we will have to remove it from safe mode.<br />
<br />
Safe Mode Removal Guide:<br />
<br />
Step #1: Find out how to reboot your Android device into Safe Mode. Unfortunatly, most Android device makers have different ways of booting your device into Safe Mode. And there are so many ways that I just cannot list them all in this removal guide.<br />
<br />
I suggest you use your favorite search engine on a computer (like the one you are using to read this) to look for how to boot into Safe Mode for your specific device or device manufacturer.<br />
<br />
Step #2: Go to Settings.<br />
<br />
Step #3: Go to Apps.<br />
<br />
Step #4: Scroll down in the list of apps until you find the app responsible for the ransomware.<br />
<br />
Step #5: Touch the app and hit uninstall.<br />
<br />
Step #6: Boot your device into the Normal Mode.<br />
<br />
Step #7: Go to the Google Play Store and download an anti-malware app.<br />
<br />
Step #8: Launch the anti-malware app and run a scan with it.<br />
<br />
Step #9: Remove on uninstall anything the scan finds.<br />
<br />
--------------------------------------------------------------------------------------------------------------<br />
Update: May 9th, 2014, 10:13 AM CST.<br />
<br />
Evidently some anti-malware vendors are now talking about this story as well. Which is good because it provides publicity to this which helps protect more people.<br />
<br />
Although an issue with some independent bloggers who are talking about this is that they consider it akin to the file encrypting ransomware for Windows computers known as CryptoLocker.<br />
<br />
This is incorrect and this ransomware does not encrypt any files on your Android device.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-41081119669833214492014-04-14T08:46:00.000-05:002014-04-14T08:46:32.797-05:00How to remove the Nationzoom.com Adware.I don't often make removal guides about adware. Only when said adware has gotten to the point where it has gotten so widespread that I am seeing multiple cases where I remove it. With that in mind, I decided to write a removal guide for the Nationzoom.com adware.<br />
<br />
Step #1: Click the start button. Then select or search for Control Panel. Then click Add/Remove programs or Uninstall a program.<br />
<br />
Step #2: When the new window opens, uninstall the following programs if you find any of them: Wsys Control, Extended Protection, eSave Security Control, Desk 365, Nation Zoom browser protection.<br />
<br />
After manual removal, you may find it hard to get your browsers back under control. With that in mind, I have written a few mini-guides below for popular browsers.<br />
<br />
Mini-guide 1: Internet Explorer<br />
<br />
Step #1: Open Internet Explorer. Then click on the gear icon near the top right. Then click on Internet Options.<br />
<br />
Step #2: Click on the advanced tab then click reset.<br />
<br />
Step #3: Check the delete personal settings checkbox. Then click reset.<br />
<br />
Mini-guide 2: Mozilla Firefox<br />
<br />
Step #1: Open Firefox. Then click on the orange Firefox button at the top left of the window. Then click Add-ons and then go to extensions.<br />
<br />
Step #2: If you see Nation zoom or Extended Protection, disable or remove them depending on the options Firefox gives you.<br />
<br />
Step #3: Close the tab and go back to the Firefox button. Then click on options, then General. Change your homepage to what it was before.<br />
<br />
Step #4: Change your search provider to what it was before by clicking the drop down menu on the search bar.<br />
<br />
Mini-guide 3: Google Chrome<br />
<br />
Step #1: Open Google Chrome and Click on the following link: <a href="chrome://extensions/">chrome://extensions/</a><br />
<br />
Step #2: If you see Extended Protection 1.9 or Lightning Newtab, click on the trash can on the side of them.<br />
<br />
Step #3: With that tab still open, click on settings. Then change your search provider to what it was before.Hhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-32872147576916394702014-04-09T08:12:00.000-05:002014-04-09T08:12:21.931-05:00How to remove Windows Internet Guard (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Internet Guard.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a threat scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Internet Guard.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-56598711052425485382014-04-01T10:16:00.000-05:002014-04-03T10:03:23.425-05:00How to remove Windows Internet Watchdog (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Internet Watchdog.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a threat scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Internet Watchdog.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-83449704262354605002014-03-29T09:09:00.001-05:002014-03-29T09:09:36.653-05:00How to remove Windows Web Watchdog (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Web Watchdog.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Web Watchdog.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-68601849332444124542014-03-24T14:52:00.001-05:002014-03-24T14:55:46.946-05:00How to remove Windows AntiBreach Patrol (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows AntiBreach Patrol.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows AntiBreach Patrol.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-18674900860380447212014-03-22T10:05:00.000-05:002014-03-24T14:41:55.309-05:00How to remove Futurro Antivirus Software (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Futurro Antivirus Software.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Networking.<br />
<br />
Step #3: In order to remove the rogue, we will use Malwarebytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #4: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#5: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #6: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #7: Click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #8: Your computer should now be free of Futurro Antivirus Software.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-60817152528726975122014-03-21T08:13:00.000-05:002014-03-21T08:14:50.527-05:00How to remove Windows Antivirus Patrol (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Antivirus Patrol.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Antivirus Patrol.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-79888422040506196062014-03-18T12:40:00.000-05:002014-03-18T12:40:42.184-05:00How to remove Windows Pro Defence Kit (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Pro Defence Kit.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Pro Defence Kit.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-46540876831437897562014-03-15T08:08:00.000-05:002014-03-15T08:08:13.599-05:00How to remove Windows Defence Master (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Defence Master.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Defence Master.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-55573618457930283182014-03-11T13:34:00.000-05:002014-03-11T13:35:17.736-05:00How to remove Windows Security Master (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Security Master.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Security Master.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-63974337486265174392014-03-08T09:14:00.000-06:002014-03-08T09:14:41.984-06:00How to remove Windows Defence Unit (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Defence Unit.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Defence Unit.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-37083849882309446372014-03-05T07:37:00.000-06:002014-03-05T07:37:06.606-06:00How to remove Windows Protection Booster (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows Protection Booster.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows Protection Booster.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-88712213395492310262014-03-01T08:25:00.000-06:002014-03-01T08:25:03.382-06:00How to remove WIndows AntiVirus Booster (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows AntiVirus Booster.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows AntiVirus Booster.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0tag:blogger.com,1999:blog-1851351137723132107.post-11382654476541985282014-02-27T08:28:00.000-06:002014-03-01T08:20:03.118-06:00How to remove Windows AntiVirus Helper (Rogue)Alright, there's a new rogue making the rounds on the internet today. It's called Windows AntiVirus Helper.<br />
<br />
For those of you who do not know, a rogue antivirus program is a
piece of malware that pretends to be an antivirus program. It then scans
your computer and detects threats that are not actually on your
computer. It is just trying to make you purchase it.<br />
<br />
Here is how to remove it: <br />
<br />
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.<br />
<br />
Step #2: On the boot menu, choose Safe Mode with Command Prompt.<br />
<br />
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.<br />
<br />
<div id="eow-description">
Step
#4: On the left side of the new window, navigate to the following
location: HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #5: Highlight Winlogon.</div>
<div id="eow-description">
<br /></div>
<div id="eow-description">
Step #6: Double-click Shell and clear the entry data and replace it with "explorer.exe" (without quotes)</div>
<div id="eow-description">
<br />
Step #7: Run explorer.exe.</div>
<div id="eow-description">
<br />
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the "xxxx" may be just a random string of letters)</div>
<div id="eow-description">
<br />
Step #9: Reboot into regular mode.</div>
<div id="eow-description">
<br /></div>
Step
#10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: <a href="http://www.malwarebytes.org/mwb-download/">http://www.malwarebytes.org/mwb-download/</a><br />
<br />
Step #11: Run Malwarebytes Anti-Malware and install it.<br />
<br />
Step
#12: Run a full scan. This may take some time depending on the number
of files on your computer. So I suggest that you go do something else
while you are waiting for the scan to finish.<br />
<br />
This may
be a good time to watch a 30 minute show you've been meaning to see, or
finish that good book you have been reading that you just cannot seem to
put down.<br />
<br />
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.<br />
<br />
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.<br />
<br />
Step #15: Your computer should now be free of Windows AntiVirus Helper.<br />
<br />
Like what I'm doing? Want to help keep my website ad-free? You can now donate to me via Bitcoin.<br />
Wallet: <br />
14ddau3yvUwqyUZDPnmngunyZ6RpCQAUfpHhttp://www.blogger.com/profile/18238476536425035992noreply@blogger.com0