How to stop fake virus notifications with annoying pop ups, system tray notifications
and prompt windows?
and prompt windows?
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
How to stop fake virus notifications with annoying pop ups, system tray
notifications and prompt windows?
When users boot to the desktop, they may get browser pop ups and system tray
notifications stating that the computer is infected with Virus. It may also want you to
download a rogue antivirus application in order to remove the infections. It may also
hijack the desktop wall paper with a html page which usually has a red background
with a message, "Your Privacy is in Danger"
Most common rogue applications that create these pop ups are WinAntivirus Pro,
Ultimate Defender, Spy Shredder and Drive Cleaner.
Here is the list of a number of rogue applications:
AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier,
AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold,
BraveSentry, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro,
MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry
Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon,
SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier,
Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake,
SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield
Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast,
VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec,
eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec,
Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator,
Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My
Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager,
PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket,
SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox,
VidCodecs, Video Access ActiveX Object, Video ActiveX Object,
VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro,
WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...
You may need to perform some initial removal methods to stop the pop ups and
easily work on further troubleshooting. Find both manual and automatic removal
methods, and follow them as necessary:
First of all, never click on 'yes' for any such alerts and never download the software
that the pop up is asking you to download.
First, make sure that you have already updated your antivirus software and ran a
complete scan using it. Also make sure that you have tried an online scanner like http:
//safety.live.com in safe mode with networking. Since online scanners will have up to
date virus definitions, they usually solve the problem without having to download
other troubleshooting utilities.
Follow the steps for each issue mentioned below:
1. Getting spyware alerts in the system tray:
Download and run the following utilities in safe mode with networking:
a) Smit Fraud Fix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
b) Rogue remover
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
After running the tools promptly and rebooting the desktop, system tray notifications
are usually gone
2. Getting browser pop ups from Rogue applications
a) The pops are usually triggered by running processes and registry keys.
Open Task manager and look for invalid processes. Usually the processes that
cause is problem are named as
'printer.exe','winavvxx.exe','findfast.exe','spoolvs.exe', 'wininstall.exe' etc. Sometimes,
you can also notice a fake 'svchost.exe' under the user's own user name and under
'administrator'. End these processes and then search for these files in the entire hard
drive.
Usually these files are located in 'C:\windows\system32' and in the Start up folder.
In some situations, the taskmanager might have been disabled by the spyware. In
that case look for and remove these registry keys:
HKLM\Software\Microsoft\Windows\Current Version\Policies\Explorer:
DisableTskmgr
HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer:
DisableTskmgr
b) Sometimes, the pop ups are triggered by certain registry keys.
Usually, when the desktop wall paper is hijacked with a red 'privacy protection'
picture, the pop ups are found to be triggered by this following registry key:
HKLM\Software\Microsoft\VideoPlugin
Delete the registry key completely, so that the pop ups will stop and you could do
further troubleshooting.
Delete the browser Helper Objects that trigger the pop ups
Go to the following registry locations and delete the unknown and unwanted Browser
Helper Objects.
Under the 'Browser Helper Objects' key, you will find keys with alphanumeric
characters that looks like the following, which is called CLSID:
{53707962-6F74-2D53-2644-206D7942484F}
Search for each CLSID in the following site to check whether they are safe:
http://www.spywaredata.com/spyware/spyware-adware/bho/1/results.php
Delete the CLSID's which look suspicious.
Uninstall Rogue application from the 'Add or remove programs'
Go to 'Start>Control Panel > Add or Remove programs and uninstall the rogue
applications and unwanted toolbars that may cause these pop ups.
If control panel is disabled by spyware using restrictive polices, then It will not be
visible in the Start menu
Delete these registry keys to restore the Control panel:
HKLM\Software\Microsoft\Windows\Current Version\Policies\Explorer
:NoControlPanel
HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer
:NoControlPanel
Restore the desktop wallpaper
If the desktop wallpaper has been hijacked, first you may need to remove the
restrictive policies in the registry so that it will enable to change the desktop
background
Check for all the policies in the following registry locations and delete them:
HKLM\Software\Microsoft\Windows\Current Version\Policies
HKCU\Software\Microsoft\Windows\Current Version\Policies
Then right click on the Desktop and click 'Properties'. Click on the 'Desktop' tab, and
click on the 'Customize' button. Click on the 'Web' tab and you can see the current
desktop wallpaper listed, usually with the name 'Privacy Protection' Uncheck the
check mark near the name and also uncheck 'Lock desktop items' if it is checked.
Empty the temporary folders and remove the unwanted programs from the
start up
Empty the content of 'Temp' and 'Prefetch' folders to avoid the spyware from getting
executed again. Also empty the recycle bin. Remove the invalid start up entries
pointing to the files that were removed in the troubleshooting process.
Finally, Run a complete scan using SuperAntispyware (www.superantispyware.com)
and Spybot -Search & Destroy.
notifications and prompt windows?
When users boot to the desktop, they may get browser pop ups and system tray
notifications stating that the computer is infected with Virus. It may also want you to
download a rogue antivirus application in order to remove the infections. It may also
hijack the desktop wall paper with a html page which usually has a red background
with a message, "Your Privacy is in Danger"
Most common rogue applications that create these pop ups are WinAntivirus Pro,
Ultimate Defender, Spy Shredder and Drive Cleaner.
Here is the list of a number of rogue applications:
AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier,
AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold,
BraveSentry, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro,
MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry
Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon,
SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier,
Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake,
SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield
Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast,
VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec,
eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec,
Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator,
Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My
Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager,
PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket,
SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox,
VidCodecs, Video Access ActiveX Object, Video ActiveX Object,
VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro,
WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...
You may need to perform some initial removal methods to stop the pop ups and
easily work on further troubleshooting. Find both manual and automatic removal
methods, and follow them as necessary:
First of all, never click on 'yes' for any such alerts and never download the software
that the pop up is asking you to download.
First, make sure that you have already updated your antivirus software and ran a
complete scan using it. Also make sure that you have tried an online scanner like http:
//safety.live.com in safe mode with networking. Since online scanners will have up to
date virus definitions, they usually solve the problem without having to download
other troubleshooting utilities.
Follow the steps for each issue mentioned below:
1. Getting spyware alerts in the system tray:
Download and run the following utilities in safe mode with networking:
a) Smit Fraud Fix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
b) Rogue remover
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
After running the tools promptly and rebooting the desktop, system tray notifications
are usually gone
2. Getting browser pop ups from Rogue applications
a) The pops are usually triggered by running processes and registry keys.
Open Task manager and look for invalid processes. Usually the processes that
cause is problem are named as
'printer.exe','winavvxx.exe','findfast.exe','spoolvs.exe', 'wininstall.exe' etc. Sometimes,
you can also notice a fake 'svchost.exe' under the user's own user name and under
'administrator'. End these processes and then search for these files in the entire hard
drive.
Usually these files are located in 'C:\windows\system32' and in the Start up folder.
In some situations, the taskmanager might have been disabled by the spyware. In
that case look for and remove these registry keys:
HKLM\Software\Microsoft\Windows\Current Version\Policies\Explorer:
DisableTskmgr
HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer:
DisableTskmgr
b) Sometimes, the pop ups are triggered by certain registry keys.
Usually, when the desktop wall paper is hijacked with a red 'privacy protection'
picture, the pop ups are found to be triggered by this following registry key:
HKLM\Software\Microsoft\VideoPlugin
Delete the registry key completely, so that the pop ups will stop and you could do
further troubleshooting.
Delete the browser Helper Objects that trigger the pop ups
Go to the following registry locations and delete the unknown and unwanted Browser
Helper Objects.
Under the 'Browser Helper Objects' key, you will find keys with alphanumeric
characters that looks like the following, which is called CLSID:
{53707962-6F74-2D53-2644-206D7942484F}
Search for each CLSID in the following site to check whether they are safe:
http://www.spywaredata.com/spyware/spyware-adware/bho/1/results.php
Delete the CLSID's which look suspicious.
Uninstall Rogue application from the 'Add or remove programs'
Go to 'Start>Control Panel > Add or Remove programs and uninstall the rogue
applications and unwanted toolbars that may cause these pop ups.
If control panel is disabled by spyware using restrictive polices, then It will not be
visible in the Start menu
Delete these registry keys to restore the Control panel:
HKLM\Software\Microsoft\Windows\Current Version\Policies\Explorer
:NoControlPanel
HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer
:NoControlPanel
Restore the desktop wallpaper
If the desktop wallpaper has been hijacked, first you may need to remove the
restrictive policies in the registry so that it will enable to change the desktop
background
Check for all the policies in the following registry locations and delete them:
HKLM\Software\Microsoft\Windows\Current Version\Policies
HKCU\Software\Microsoft\Windows\Current Version\Policies
Then right click on the Desktop and click 'Properties'. Click on the 'Desktop' tab, and
click on the 'Customize' button. Click on the 'Web' tab and you can see the current
desktop wallpaper listed, usually with the name 'Privacy Protection' Uncheck the
check mark near the name and also uncheck 'Lock desktop items' if it is checked.
Empty the temporary folders and remove the unwanted programs from the
start up
Empty the content of 'Temp' and 'Prefetch' folders to avoid the spyware from getting
executed again. Also empty the recycle bin. Remove the invalid start up entries
pointing to the files that were removed in the troubleshooting process.
Finally, Run a complete scan using SuperAntispyware (www.superantispyware.com)
and Spybot -Search & Destroy.
Copyright ©2007 Solveithere.com All rights reserved