• [ Kill the Process, Use Killbox if your Access Denied ]

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Documents and Settings\Default User\Application Data\lsascs.exe
• %Documents and Settings\Default User\Application Data\windll32.exe
• %Documents and Settings\Default User\Application Data\shellex.dll
• %System\drivers\windll32.exe
• %System\windll32.exe
• %Windows\windll32.exe
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

I’ve done it, I know people who have done it, and I bet you have done it before as well.  Right-click an object in Active Directory Users and Computers and instead of clicking the properties link you accidentally hit delete.  Boom, gone and the only way to get it back is via a restore from backup.  Restart the DC, boots into Directory Services Restore Mode (DSRM), restore the system state backup and apply either a authoritative or non-authoritative restore.

Guest author, Sean Kearney, covers this new feature in Windows Server 2008 R2.

-------------------------

One of the fantastic features provided in Server 2008 R2 is the new Recycle Bin for Active Directory.

I recognize that nobody here is going to intentionally mess up their own Active Directory.  But problems can happen.   A Junior technician misheard the phrase “Disable” with “Delete”, a malicious Administrator leaving the company, dumb luck.  Any number of problems can occur and this feature will save the day.

There are a few caveats to using this

• You must have the Domain functional level in Server 2008 R2 mode.
• You must enable the feature by using LDP.EXE or Powershell.
• It is managed and used 100% by Powershell.  There is no GUI version presently.
• Once enabled, you cannot disable it.  This is a one way trip folks
• The enabled Recycle Bin has a 180 day retention policy.

That’s it.  In Server 2008 R2, select the new Active Directory Powershell under Administrative Tools and type in the following command

GET-ADOPTIONALFEATURE –filter {name –like “*”}

You will be presented with a screen showing you

FeatureScope       : {Forest}
Name               : Recycle Bin Feature 
RequiredForestMode : Windows2008R2Forest 
IsDisableable      : False 
ObjectGUID         : 0599c1a6-6f8f-42d4-b9a0-ab2791d4719e 
ObjectClass        : msDS-OptionalFeature 
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a 
EnabledScopes      : 
RequiredDomainMode : 
DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=energized,DC=energizedtech,DC=com

Looking at the information above, there are no enabled scopes which confirms that the AD Recycle Bin is presently disabled. So to make all this useful, I guess we should turn it on.  So in the same Powershell Window key in this command

ENABLE-ADOPTIONALFEATURE ‘Recycle Bin Feature’ –score forest –target ‘domainfqdn’

You will get a prompt warning you that it will make the change.   Choose “Yes” if you wish to enable this feature or CTRL-C to abort. Once you’re done, it’s active.  To confirm, run the following command again

GET-ADOPTIONALFEATURE –filter {name –like “*”}

And you’ll get a similar response but note

FeatureScope       : {Forest}
Name               : Recycle Bin Feature 
RequiredForestMode : Windows2008R2Forest 
IsDisableable      : False 
ObjectGUID         : 0599c1a6-6f8f-42d4-b9a0-ab2791d4719e 
ObjectClass        : msDS-OptionalFeature 
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a 
EnabledScopes      : {CN=Partitions,CN=Configuration,DC=energized,DC=energizedtech,DC=com} 
RequiredDomainMode : 
DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=energized,DC=energizedtech,DC=com

You’ll see the “Enabled Scopes” is now covering the domain.

For more information see:

Active Directory Recycle Bin Step-by-Step Guide

Description of WinCleaner 2009 and consequences of its residing on your PC

WinCleaner 2009 (Win Cleaner 2009) is a name designating, in fact, different programs. What these programs always share is the name WinCleaner 2009 and its skins. The programs differ in their constituting elements. In particular, there are a variety of WinCleaner 2009 that includes legitimate malware search engine and other varieties that do not have one as such, as well as varieties based on other free or illegitimate tools for computer investigation. Any version cannot detect actual threats, only those out-of-date, and versions with real search engines list important system and program files among the scan results. In any case, it is a waste of system resources and of your time when you let such parasite as   WinCleaner 2009 reside and act on your PC. And if you try to delete the indicated threats, there may be very important system and program files which deletion creates programs disablement and system crush.
Users infected with WinCleaner 2009 normally want to remove WinCleaner 2009 for its annoying habit of alerting about fake threats with increasing frequency and for its window with scanner that appears with the beginning of every another Windows session. However, there trojans which may function is to produce various alerts after the malware of  WinCleaner 2009 installation, and these trojans may have installed the malware of WinCleaner 2009 and attempt to install additional commercial rogues, which is why you need to remove WinCleaner 2009 also in order to prevent hidden downloading and installation of WinCleaner 2009.
Regarding the categorization of WinCleaner 2009, this program is a typical fake security tool that is rather adware than crushware, for that through different ads it attempts to get money of users who have installed by their own or got installed with trojan the promo-version of WinCleaner 2009; click here to remove WinCleaner 2009.

WinCleaner 2009 Technical Details

• Full name: WinCleaner 2009, WinCleaner2009, Win Cleaner 2009
• Version: 2009
• Type: Rogue anti-spyware
• Origin: Russian Federation

WinCleaner 2009 screenshot:

Signs of being infected with WinCleaner 2009:

WinCleaner 2009 detection is possible on the early stage of its development if you have been infected with version of this rogue program that is primarily installed with trojan; this is the easy version as those more complex are normally to be installed by user in a legitimate way due to their heavy weight that exceeds the weight of light version with no search tool in dozens times. It is thus should be noted that, consequentially, the problem of WinCleaner 2009 identification exists only in the case of WinCleaner 2009 light.
The behavior of WinCleaner 2009 is practically the same regardless of its variety. The rogue runs its free scan and generates alerts with increasing frequency. The scan window for heavy versions includes the indication of the path to rogues found; the light version does not perform actual observation of files in the computer and just plays a primitive animated picture representing the fake scan in progress.
WinCleaner 2009 detection as of the light version  at the early stage is possible as the light version is usually installed with trojan and / or through the fake scanners; this installation is performed without notifying user, but Windows needs to be adjusted by this program in a special way to allow WinCleaner 2009 run without actual permission of user. WinCleaner 2009 is detectable on this early stage of Windows adjustment by redirections to the webpage of WinCleaner 2009; that means there is a trojan that have hijacked your browser and have downloaded or is going to download WinCleaner 2009.
Click here in order to run free scan and get rid of WinCleaner 2009 upon detection, as well as to detect and eliminate other threats.

Automatic Removal of WinCleaner 2009 from your PC:

WinCleaner 2009 is a program sharing same skins and some peculiarities of the behavior with another lately released rogue of Win Antivirus Vista /Xp. However, WinCleaner 2009 is more complex program and even cannot be called a program as it is explained above. Its identification is complicated as the varieties of  WinCleaner 2009 may be very different. All the more, there may be different trojans to remove in conjunction with WinCleaner 2009. Automatic removal is preferable for these reasons, owing to the ability of the automatic removal tool to detect and remove WinCleaner 2009 in any of its variations.

Download WinCleaner 2009 Removal Tool

Manual Removal of WinCleaner 2009:

These instructions for WinCleaner 2009 removal are as extended as possible in order to cover all the variations of WinCleaner 2009. Therefore, you should not worry if some objects cannot be found. In order to make sure that removal of WinCleaner 2009 has been performed successfully, please apply free scanner following the link above.
Please, close all the programs and reboot before you start to remove WinCleaner 2009 manually. Make sure Internet is disconnected and print this guide as experts do not recommend having text editors and browser open during WinCleaner 2009 removal.

Remove WinCleaner 2009 files and dll’s

AntiSpyware_Uninstall.exe
clamscan.exe
default.xml
ExplorerMenu.dll
freshclam.exe
IEPlugin.dll
ignore.xml
libclamav.dll
quarantine.xml
settings.xml
Update.exe
WinCleaner.exe
conf
conf\clamd.conf
conf\freshclam.conf
data
block.reg
block_un.reg
daily.cvd
database.dat
main.cvd
Microsoft.VC80.CRT
Microsoft.VC80.CRT.manifest
msvcm80.dll
msvcp80.dll
msvcr80.dll
modules
modules\ExplorerMenu212.dll
modules\IEPlugin163.dll
quarantine
Win Cleaner.lnk

Unregister WinCleaner 2009 registry values:

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Scan with ASC-AntiSpywareHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\WinCleaner

WinCleaner 2009 Remover with free scan

PrivacyGuardPro is another representative of rogue optimization software family. Parasite is clone of another well known rogue named Privacy Protection Suite. PrivacyGuardPro is promoted with a help of fake online anti malware scanners, Trojan horses (Zlob or Vundo).
Once installed PrivacyGuardPro will perform full system scan and list you variety of privacy risks. But in fact results of that scans are falsified and that risks don’t carry any threat to your computer. These scans are performed with one purpose – to trick you into purchasing licensed version which in fact is absolutely useless.
Remove PrivacyGuardPro as soon as possible manually or using automatical removal tool.

Type: Rogue Optimization Software
Malware Author: Unknown
Threat Level: Critical
Screenshot:


How to remove PrivacyGuardPro manually:
It's possible to remove PrivacyGuardPro manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

c:\Program Files\Privacy Guard Pro 2.1
c:\Program Files\Privacy Guard Pro 2.1\Infralution.Common.dll
c:\Program Files\Privacy Guard Pro 2.1\Infralution.Controls.dll
c:\Program Files\Privacy Guard Pro 2.1\Infralution.Controls.VirtualTree.dll
c:\Program Files\Privacy Guard Pro 2.1\Interop.NetFwTypeLib.dll
c:\Program Files\Privacy Guard Pro 2.1\PrivacyGuard.Common.dll
c:\Program Files\Privacy Guard Pro 2.1\PrivacyGuard.exe
c:\Program Files\Privacy Guard Pro 2.1\Uninstall.exe
c:\Program Files\Privacy Guard Pro 2.1\Upload.exe

Remove registry entries:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run Privacy Guard Pro

Please be careful because manual removal of PrivacyGuardPro may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.

Description of OS Protection and consequences of its residing on your PC

OS Protection (OSProtection) kindly provides us with screenshots of its nag screens “to be convinced in the powerful combination of tools”, the ad of OS Protection reads us. These screenshots are available at the website of OS Protection, it is not recommended to visit this website even if you have already visited it or have been infected with trial version of OS Protection. Instead of convincing us at the mightiness of OS Protection, its screenshots convince us that OS Protection and Spyware Protect 2009 belong to one and same branch of malware, at least they share same skins.
Likewise Spyware Protect 2009 and most malware, OS Protection is promoted mainly through the trialware which is annoying and harmful program installed through various trickery, mainly through the fake online scanners and with trojans. Failure to remove OS Protection leads to the system disordering and also data deletion as there are files issuing commands to delete data files among the files constituting malware of OS Protection. These commands, in combination with fake alerts and scan with a number of false positives, should, according to the plan of rascals, make users pay for registration in order to delete fake scan results of OS Protection.
If you are infected with this rogue, you should first of all remove OS Protection to stave off the danger of system crush and to stop the endless flow of fraudulent alerts. Click here  to get rid of OS Protection.

OS Protection Technical Details

• Full name: OS Protection, OSProtection, OS-Protection
• Version: 2009
• Type: Rogue anti-spyware
• Origin: Russian Federation, http://adwareguard.net/

OS Protection screenshot:

Signs of being infected with OS Protection:

OS Protection is unlikely to run in a quiet mode, for it should bother users so they are more likely to buy it. However, there may be cases when its nag screens are banned by Windows and users see only alerts of unknown for them origin. These alerts lead to the purchase form of OS Protection; thus, OS Protection may be always recognized but alerts stating your PC has various problems or similar typical misleading info or showing alerts of similar content.
OS Protection normally adjusts Windows so that their nag screens are allowed to appear and appear once the Windows is started. The nag screen represents free scan in progress; however, that is just a show and no real investigation; all the scan results are imaginary names. There is no need to worry about threats detected by OS Protection; in contrary, you need to remove OS Protection and its subservient trojans, if any, as a first step of your computer cleanup. Click here in order to detect for free and get rid of OS Protection, as well as to establish what other infections harm your computer, if any.

Automatic Removal of OS Protection from your PC:

The best protection against OS Protection malware is to remove it manually: this will allow you to get rid of OS Protection once and for all, including all its subservient programs, and avoid its re-installation or rather re-invasion, owing to the tool for OS Protection removal provides your computer with permanent protection and regularly monitors computer revealing infections, if any has managed to break through your computer protection. Follow the link below in order to remove OS Protection, as well as any other threats.

Download OS Protection Removal Tool

Manual Removal of OS Protection:

There may be other infections in addition to OS Protection harming your computer, which is why the scan is always recommended. Follow the link above to start free scan in order to make sure the manual removal of OS Protection has been successfully completed and make sure there are no other infections or find out what. To remove them manually, we are recommending to search this and other similar websites and to apply corresponding instructions to remove other rogues manually.
Please, print this instruction out as you would better close every program, incl. text editors and browsers, before the beginning of OS Protection removal.

Remove OS Protection files and dll’s

osprotection.exe
OS Protection.lnk
Uninstall OS Protection.lnk

Unregister OS Protection registry values:

HKEY_CURRENT_USER\Software\OS Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “OS Protection”

OS Protection Remover with free scan

For a dial-up PPP connection, you can use the WvDial dialer, an intelligent dialer that not only dials up an ISP service but also performs login operations, supplying your username and password (Ubuntu main repository). WvDial will automatically detect and configure your modem. It will ask you to enter your phone number, username, and password. It will then set up a configuration for your modem, letting you automatically connect to your dial-up network.

Configuration is saved in the wvdial.conf file. Should you need to reconfigure this file, you can use the wvdialconf utility to create a default wvdial.conf file for you automatically; wvdialconf will detect your modem and set default values for basic features. You can also edit the wvdial.conf file and modify the Phone, Username, and Password entries with your ISP dial-up information.

The WvDial program first loads its configuration from the /etc/wvdial.conf file. You can modify this file directly if necessary. Here, you will find modem and account information, including the modem speed and serial device, as well as the ISP phone number, your username, and password. The wvdial.conf file is organized into sections, beginning with a section label enclosed in brackets. A section holds variables for different parameters that are assigned values, such as username = chris. The default section holds default values inherited by other sections, so you needn’t repeat them. You can also create a named dialer, which is helpful if you log in to several different ISPs.

To start WvDial, enter the command wvdial, as shown next, which reads the connection configuration information from the /etc/wvdial.conf file. WvDial then dials the ISP and initiates the PPP connection, providing your username and password when requested.

$ wvdial

You can set up connection configurations for any number of connections in the /etc/wvdial.conf file. To select one, enter its label as an argument to the wvdial command, as shown here:

$ wvdial myisp

Source of Information : McGraw Hill Ubuntu The Complete Reference