PDA

View Full Version : Virus, Spyware, & Malware Removal Guides



Stefanus
16th July 2009, 20:16
AntiVirusPro

Class: Rogue security program

What this programs does:

AntiVirusPro is a rogue security program from the same family as AntiMalwarePro. This program advertises itself as an anti-virus program, but in reality is more like a privacy or Windows Registry cleaning program. When installed it will configure itself to launch automatically when you login to Windows. Once running it will then scan your computer and state that you have numerous security and performance issues including tracking cookies, spyware, and Registry problems. In reality, though, these results are grossly exaggerated and you do not have anything to worry about at all.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=147
AntiVirusPro screen shot


Last but not least, when AntiVirusPro is installed you may find that your computer begins to run slower. This is because the program is constantly running in the background and using the memory and processor that your legitimate programs could better user. Therefore, if you find that this rogue is installed on your computer, please use the guide below to remove it.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=148
AntiVirusPro - Scanning


Associated AntiVirusPro Files:
c:\Program Files\AntiVirus_Pro
c:\Program Files\AntiVirus_Pro\AntiVirus_Pro.exe
c:\Program Files\AntiVirus_Pro\Cl.exe
c:\Program Files\AntiVirus_Pro\EngineAP.dll
c:\Program Files\AntiVirus_Pro\ScheduleAP.txt
c:\Program Files\AntiVirus_Pro\unins000.dat
c:\Program Files\AntiVirus_Pro\unins000.exe
c:\Program Files\AntiVirus_Pro\definitions
c:\Program Files\AntiVirus_Pro\definitions\200812.dat
c:\WINDOWS\system32\MSVolumeAVP.dll
c:\Documents and Settings\All Users\Desktop\AntiVirus_Pro.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro
c:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro\AntiVirus_Pro.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro\Uninstall AntiVirus_Pro.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_Pro.lnk
c:\Documents and Settings\All Users\AVP 2009


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=149
AntiVirusPro - Scan results


Associated AntiVirusPro Windows Registry Information:
HKEY_CURRENT_USER\Software\AntiVirus_ProNE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntiVirus Pro_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "AntiVirus_ProNET"


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=150
AntiVirusPro - Scan summary


Threat Classification:

Summary:

A Rogue Program is a program that in itself is typically not harmful, but typically use deceptive advertising and false positives as a scare tactic to have you purchase a registered licence of the software.

Detailed description:

Most Rogue programs state that they are legitimate applications, but are typically clones of other lackluster products repackaged under new names and graphics. Most Rogue programs also use highly aggressive sales tactics which include adware, Trojans that display fake security alerts, or claims that they have won awards from major publications and companies. What it all boils down to, though, is that these types of programs are either deliberately deceptive or displaying numerous false positives in order to convince you to purchase their software. This is because the single most important thing to the creators of Rogue software, is to sell as many copies as they can. That means that the people, or affiliates, who are selling this software can do so by any means. This ultimately leads to deceptive advertising and the use of malware to sell the software.

A common approach by Rogue programs is to display either fake results or exaggerated results when the program scans your computer. When the scan is finished you will be shown a list of legitimate files and Windows Registry keys that are flagged as security threats. In some cases, the Rogue programs actually create the files and Windows Registry keys on your computer so that they can be detected as malware. Then in order to remove these threats, you must first purchase a license of the software. These fraudulent tactics are used to scare you purchasing this software. Now it should be noted that there is nothing wrong with a program requiring you to purchase it before it will remove any infections. It is wrong, though, to display false information to scare you into doing it.

Another common tactic used by Rogues is to advertise, or even directly install itself, through the use of malware. Rogues programs are typically introduced into your computer when a person visits pornographic or sites that offer copyrighted content. In some cases you will be infected by just visiting these site, depending on what security updates are installed, and in other cases you must first run an executable. Either way, your computer will have malware installed that displays fake security alerts stating that you have some security risk and must install a piece of software, the Rogue, to remove it.

Stefanus
10th September 2009, 22:37
ContaViro

Class: Rogue security program

ContaViro is a complete scam, a phony security software designed to rip people off. ContaViro should be removed from infected computers immediately, as it is a serious security risk.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=194
Screenshot of ContaViro


ContaViro usually infects a computer with the help of misleading advertisments that claim to be virus scanners on malicious websites. If you ever see a website that warns you that your PC is infected or offers you a free virus scan, you should understand these are malicious ads, they are never real, only used to infect PC's with rogue security software or other malware. It is not possible for a website to know if your hard drive is infected, do not trust websites that display this type of advertising.

Once ContaViro infects a computer, like most rogue security software, it will run a system scan every time windows is started. The system scan will report numerous infections that are false in an attempt to frighten users into thinking their PC is infected and need to buy the full version of ContaViro to clean the infections from their computer. Along with this nasty trick, ContaViro will also display annoying pop-ups, warnings and alerts stating that the computer is under attack, unprotected and infected. Again these warnings and alerts are used to scare people into buying the corrupt software.

ContaViro can also hijack the web browser, shut down or make it impossible to open other programs. ContaViro can make using the computer almost impossible.

If your computer is infected with ContaViro, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove ContaViro from your PC now.

Stefanus
10th September 2009, 22:43
Quick Heal Cleaner

Class: Rogue security program

Quick Heal Cleaner is fake security software, also known as a rogue security software.
Quick Heal Cleaner is designed to rip people off, if your PC is infected with Quick Heal Cleaner, you should remove it immediately.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=195
Screenshot of Quick Heal Cleaner


QuickHealCleaner is corrupt, it is designed to frighten people with false system scans and pop up warnings and alerts stating that the PC is under attack, not protected, or infected in an attempt to get people to buy the full version of the software.

The system scans Quick Heal Cleaner preforms should not be taken seriously, the infections it reports are false. The warnings and alerts QuickHealCleaner shows are also fake. If QuickHealCleaner is purchased, the user will quickly realize the software is useless, the software will continue to state the PC is infected. It will not remove infections or prevent future infections. QuickHealCleaner is the infection itself and should be removed immediately.

If your computer is infected with QuickHealCleaner, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove QuickHealCleaner from your PC now.

Stefanus
10th September 2009, 22:49
Antivirus Pro 2010

Class: Rogue security program

Antivirus Pro 2010 is phony security software, or a rogue security software. Antivirus Pro 2010 is designed to rip people off.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=196
Screenshot of Antivirus Pro 2010


Antivirus Pro 2010 usually infects a PC through Trojans or misleading ads on shady websites that claim to be online virus scanners.

Once Antivirus Pro 2010 infects a PC, users will notice the program preforming a system scan every time Windows is started. After Antivirus Pro 2010 finishes a system scan it will report a number of infections on the PC and will not remove them unless the user buys the full version of the software. This is a complete scam, the system scan is fake, the reported infections are fake and if users purchase Antivirus Pro 2010 they will quickly realize the software is useless, it does not remove infections or protect against future infections.

Antivirus Pro 2010 will also show numerous warnings and alerts stating the PC is infected, under attack, or not protected. These warnings and alerts are all fake, designed to frighten users into buying the software. Antivirus Pro 2010 may also hijack the browser and make browsing the web very difficult or impossible.

Antivirus Pro 2010 is a very dangerous PC infection that should be removed from infected computers. If your computer is infected with Antivirus Pro 2010, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove Antivirus Pro 2010 from your PC now.

Stefanus
10th September 2009, 22:59
Proof Defender 2009

Class: Rogue security program

Proof Defender 2009 is fake security software, or a rogue security software. Proof Defender 2009 is a potentially very dangerous PC infection that should be removed immediately.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=197
Screenshot of Proof Defender 2009 Installer


Proof Defender 2009 usually infects a PC via Trojans or misleading online malware scanners, which are usually always malicious.

Once a PC becomes infected with Proof Defender 2009 it will begin a system scan and report numerous infections that can only be removed from the computer if the user purchases the full license of the software. This is a complete scam, Proof Defender 2009 shows these scan reports in an attempt to frighten people into buying the software, the system scan reports are fake and designed to rip people off.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=198
Screenshot of Proof Defender 2009


Proof Defender will also show alarming messages in the form of pop-ups and system alerts or warnings which are all false, again just a part of the Proof Defender 2009 scam. Proof Defender 2009 is an especially frustrating infection, it will prevent programs from opening and shut them down in the middle of operations, making the PC pretty much unusable. Proof Defender will also make browsing the internet impossible by either shutting down the browser or hijacking and redirecting the browser to malicious websites.

If Proof Defender 2009 has infected your computer, you should remove it immediately, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove Proof Defender 2009 from your PC now.

Stefanus
10th September 2009, 23:03
System Cop

Class: Rogue security program

System Cop is a rogue antispyware, or phony security software that does not "Help protect your PC" as it states it does. SystemCop was created by cyber thieves and designed to rip people off. If your PC is infected with SystemCop, you should remove it immediately.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=199
Screenshot of System Cop


SystemCop makes its way from PC to PC with the help of Trojans and misleading advertisments on shady websites that claim to be online virus checkers. Once SystemCop infects a PC it will automatically start every time Windows is started. System Cop will instantly run a security scan and report a number of infections on the PC that can not be removed until the user purchases the software. The system scan reports that System Cop creates are false, all an elaborate scam to frighten people into buying this corrupt software to clean their machines.

System Cop will also display false warnings, pop-ups and alerts stating the PC is infected, under attack or that the PC is not protected with antispyware software and recommends purchasing System Cop. Do not fall for the System Cop scam, do not buy this software.

System Cop will also prevent programs from opening or installing. System Cop will hijack the web browser and redirect the user to malicious websites or show warnings that the PC is infected and prevent the user from visiting certain websites.

System Cop is a potentially dangerous rogue security software and a very annoying pest. If your PC is infected with SystemCop, you should remove it immediately, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove System Cop from your PC now.

Stefanus
10th September 2009, 23:07
Green AV

Class: Rogue security program

System Cop is a rogue antispyware, or phony security software that does not "Help protect your PC" as it states it does. SystemCop was created by cyber thieves and designed to rip people off. If your PC is infected with SystemCop, you should remove it immediately.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=201
Screenshot of Green AV


SystemCop makes its way from PC to PC with the help of Trojans and misleading advertisments on shady websites that claim to be online virus checkers. Once SystemCop infects a PC it will automatically start every time Windows is started. System Cop will instantly run a security scan and report a number of infections on the PC that can not be removed until the user purchases the software. The system scan reports that System Cop creates are false, all an elaborate scam to frighten people into buying this corrupt software to clean their machines.

System Cop will also display false warnings, pop-ups and alerts stating the PC is infected, under attack or that the PC is not protected with antispyware software and recommends purchasing System Cop. Do not fall for the System Cop scam, do not buy this software.

System Cop will also prevent programs from opening or installing. System Cop will hijack the web browser and redirect the user to malicious websites or show warnings that the PC is infected and prevent the user from visiting certain websites.

System Cop is a potentially dangerous rogue security software and a very annoying pest. If your PC is infected with SystemCop, you should remove it immediately, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove Green AV from your PC now.

Stefanus
10th September 2009, 23:46
BlockDefense

Class: Rogue security program

BlockDefense is a phony security software that should be avoided. If your PC is infected with BlockDefense, you should remove it immediately.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=202
Screenshot of BlockDefense


BlockDefense is a clone of SaveDefense, SaveSoldier, TrustNinja and SaveKeep, all phony PC security applications that are potentiality very dangerous when installed on a computer.


SaveDefense

http://www.wendag.com/forum/picture.php?albumid=46&pictureid=203
Screenshot of SaveDefense


SaveDefense usually uses Trojan's to infect PC's. Once SaveDefense infects a computer it will display system scan results that state the PC is infected with numerous infections. These scan results are false, and used to frighten people into buying the full version of the software to remove the supposed infections. This is a complete scam, do not fall for the SaveDefense scam, do not buy this corrupt software.

SaveDefense will also show constant pop-ups, system warnings and alerts stating the computer is infected, under attack or that the computer is not protected with antispyware. These warnings are all fake and should be ignored.


SaveSoldier

http://www.wendag.com/forum/picture.php?albumid=46&pictureid=204
Screenshot of SaveSoldier


SaveSoldier is a clone of SaveKeep and TrustNinja, other rogue antispyware software that scams people out of their money and brings the PC's they infect to a crawl. If your PC is infected with SaveSoldier you should remove it immediately.

A PC infected with SaveSoldier will be overrun with pop ups and security warnings claiming the PC is infected with viruses and spyware, that the PC is being attacked or that the PC does not have antispyware protection. All these warnings are fake, designed to make you freak out and think your PC is infected so you will buy the full version of this corrupt software to clean your PC.

SaveSoldier will also run a system scan and report multiple infections and urge you to buy the software to remove clean your PC. These supposed infections are all fake, you should not buy this corrupt software, SaveSoldier will not prevent your PC from becoming infected in the future and will not remove any infections from your PC. SaveSoldier will also drop over 700 fake files into the System32 and Windows folders on PC's it infects.


TrustNinja

http://www.wendag.com/forum/picture.php?albumid=46&pictureid=201
Screenshot of TrustNinja GUI


TrustNinja can infect a PC with the help of Trojans, shady websites advertising misleading spyware scanners or directly from the TrustNinja website:


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=206
Screenshot of trustninja.com st


If your PC is infected with TrustNinja, it will run a system scan every time windows is booted and report numerous infections. These reports are falsified, the infections are greatly exaggerated or completely fake. TrustNinja shows these false scan results and insists the user purchase the full version of the software to remove the infections.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=207
Screenshot of TrustNinja NagScreen


Continual pop ups and system warnings will also be displayed showing phony alerts and warnings of infections urging users to buy the software. Do not fall for the TrustNinja scam, buying this software will not stop the warnings and pop ups, it will not remove infections from your PC or protect it from future infections.


SaveKeep

http://www.wendag.com/forum/picture.php?albumid=46&pictureid=208
Screenshot of SaveKeep GUI


When your PC is infected with SaveKeep you will most likely experience the following:

Slow sluggish PC
SaveKeep PC scans every time you start your PC
Scan reports stating your PC has numerous infections
Constant pop-ups stating your PC is infected
System warnings that state your PC is not protected or under attack
Your web browser constantly redirects making web browsing nearly impossible
your PC has limited or no internet connectivity
You are unable to download legitimate antivirus software

SaveKeep will bombard you with false security scan results, pop ups and system warnings in an attempt to frighten you into paying for the full version of the software to clean your PC. Unfortunately if you fall for the scam and buy the software it will not remove any infections your PC may have, it will not protect your PC from future infections and won't stop the annoying system alerts and falsified scan results.


http://www.wendag.com/forum/picture.php?albumid=46&pictureid=209
SaveKeep Fake Alerts


SaveKeep will try to prevent users from browsing the web and installing legitimate security software to remove infections. Because the software is continually running scans and showing pop ups and system warnings, users will experience slow PC's that are almost impossible to use.

If your PC is infected with BlockDefense, SaveDefense, SaveSoldier, TrustNinja or SaveKeep you should remove it immediately, you can remove it with VIPRE. Click here to download a FREE trial of VIPRE Antivirus (http://go.sunbeltsoftware.com/?linkid=1227) to remove it from your PC now.