The Dreaded Conficker Worm

The business world is in a frenzy right now and it is all due to one irritating worm, the Conficker. To date, it has infected close to 9 million computers and growing. The said worm can spread in three ways:

First, it attacks a vulnerability in the Microsoft Server service. Computers without the October patch can be remotely attacked and taken over.

Second, Conficker can attempt to guess or ‘brute force’ Administrator passwords used by local networks and spread through network shares.

And third, the worm infects removable devices and network shares with an autorun file that executes as soon as a USB drive or other infected device is connected to a victim PC.

Businesses are obviously the main prey considering that offices make use of networks to do their dirty work. However, home-based computers are not completely off the hook. Issues surrounding having a firewall and having properly safeguarding software can still be breached.

Hence, it is all about patching the loopholes. Be careful of the gadgets you plug-in and be wary of the connections you have like accessing the web. These are the spots where it can come from and to make sure, just do the necessary so you don’t end up being infected as well.

Disable the Autorun so that a PC won’t suffer automatic attack from an infected USB drive or other removable media when it’s connected.

Source

Written by PC Freak on January 14th, 2009 with no comments.
Read more articles on conficker and networks and worm and Virus and otherSoftware and PC and Business and Desktops and News.

Remove Antivirus 2009 Pro - Antivirus 2009 Pro Removal Instructions

Antivirus 2009 Pro is new counterfeit antispyware program, successor of well known AntiSpywareXP 2009 and XP Antispyware 2009. You can thank misleading websites or Trojan horses for installing Antivirus 2009 Pro onto your pc. After installation Antivirus 2009 Pro will configure itself to start automatically every time you turn on your computer. Also it will flood your system with numerous fake security alerts, pop-ups informing that your pc is infected with malware. Antivirus 2009 Pro can perform system scan and list variety of threats detected on your computer, but that results are falsified and shouldn’t be trusted. All this are made with one purpose: to scare pc users, and trick them into buying licensed version of Antivirus 2009 Pro, which in fact is useless piece of software, that can easily damage your system and put your data under danger.
We recommend you to delete Antivirus 2009 Pro manually or using -

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

Antivirus 2009 Pro Automatical Removal Tool

How to remove Antivirus 2009 Pro manually:
It's possible to remove Antivirus 2009 Pro manually , but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

* shlwapi.dll
* wininet.dll
* Antivirus 2009 Pro
* av2009.exe
* Antivirus2009.exe
* Antivirus 2009.lnk
* Uninstall Antivirus.lnk

Remove registry entries:

* HKEY_CURRENT_USER\Software\Antivirus
* HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”

Please be careful because manual removal of Antivirus 2009 Pro may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. -="-?item=11719-8&.&linkid=mraav9pr">-.

Written by admin on January 1st, 2009 with no comments.
Read more articles on trojan horse and rogue antispyware and fake warnings and removal tool and zlob and AntiSpyware and spyware and malware and otherSoftware and Virus and Adware and antivirus.

Remove Astrum Antivirus Pro - Astrum Antivirus Pro Removal Instructions

Astrum Antivirus Pro is rogue antispyware program, sucessor of well known VirusTrigger and AntivirusTrigger. Astrum Antivirus Pro is usually downloaded and installed with a help of Trojan Horses, misleading websites, fake online spyware scaners, browser security holes. Once Astrum Antivirus Pro is installed it will generate fake Widows Security Center alerts and pop-ups stating that computer is infected with various spyware and malware. Also Astrum Antivirus Pro can perform system scan and list a lot of threats detected on PC. Moreover it may mark legitimate files as dangerous parasites to scare computer users and trick them into purchasing full version.
We strongly recommend you to remove Astrum Antivirus Pro as soon as possible manually or using -

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

Astrum Antivirus Pro Automatical Removal Tool

How to remove Astrum Antivirus Pro manually:
It's possible to remove Astrum Antivirus Pro manually , but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

%UserProfile%c:\Program Files\Astrumsoftware
%UserProfile%c:\Program Files\Astrumsoftware\Astrum.exe
%UserProfile%c:\Program Files\Astrumsoftware\uninst.exe
%UserProfile%%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Astrum Antivirus Pro 3.6.lnk
%UserProfile%%UserProfile%\Desktop\Astrum Antivirus Pro 3.6.lnk
%UserProfile%%UserProfile%\Start Menu\Astrum Antivirus Pro 3.6.lnk
%UserProfile%%UserProfile%\Start Menu\Programs\Astrum Antivirus Pro 3.6
%UserProfile%%UserProfile%\Start Menu\Programs\Astrum Antivirus Pro 3.6\Astrum Antivirus Pro 3.6.lnk

Remove registry entries:

%UserProfile%HKEY_CURRENT_USER\Software\Astrumsoft
%UserProfile%HKEY_CLASSES_ROOT\CLSID\{29E762AD-1B6F-3CB6-7F71-866F3E78180B}
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Astrumsoft
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astrumsoft

Please be careful because manual removal of Astrum Antivirus Pro may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. -="-?item=11719-8&.&linkid=mraastap">-.

Written by admin on December 26th, 2008 with no comments.
Read more articles on trojan horse and rogue antispyware and fake warnings and removal tool and vundo and astrum and AntiSpyware and spyware and trojan and malware and otherSoftware and Virus and Adware and antivirus.

Remove Virus Remover 2008 - Virus Remover 2008 Removal Instructions

Virus Remover 2008 is latest counterfeit security tool, a clone of well known Antivirus 2008. Virus Remover 2008 is a type of software that cannot be removed through handy uninstall feature. It can easily re-install itself .
Virus Remover 2008 uses tupical methods to get onto your computer, usualy with help of Vundo Trojan or Virus. Once Virus Remover 2008 get in touch with your system it will flood your computer with fake security alarms, pop-ups. Also it can perform system scan, and list variety of threats detected on your pc. And the only way to remove all threats from your computer is to purchase licensed version of Virus Remover 2008. But remember Virus Remover 2008 is scam software , and licensed version will not remove any thrats, instead it can put in danger your data and privacy.
We strongly recommend to remove Virus Remover 2008 manualy or using -

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical

Screenshot:

Virus Remover 2008 Automatical Removal Tool

How to remove Virus Remover 2008 manually:
It's possible to remove Virus Remover 2008 manually , but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

* %program_files%\virusremover2008\vrm2008.exe
* vrm_free.exe
* %common_programs%\virusremover2008\virusremover2008.lnk
* %desktopdirectory%\virusremover2008.lnk
* %profile%\application data\microsoft\internet explorer\quick launch\virusremover2008.lnk
* %program_files%\virusremover2008\vrm2008.exe
* vrm_free.exe
*%program_files%\virusremover2008

Remove registry entries:

* HKEY_CURRENT_USER\Software\VirusRemover2008
* HKEY_CURRENT_USER\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}
* HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008
* HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "VirusRemover2008"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008
* Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusRemover2008
* VirusRemover2008

Please be careful because manual removal of Virus Remover 2008 may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. -="-?item=11719-8&.&linkid=mravirr8">-.

Written by admin on December 23rd, 2008 with no comments.
Read more articles on trojan horse and rogue antispyware and fake warnings and removal tool and vundo and AntiSpyware and spyware and otherSoftware and malware and Virus and 2008 and Adware and antivirus.

Who Writes Malicious Programs and Why?

Virus writers: four general types

Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups.
Cyber vandalism - stage 1

In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately most of these programs did not spread widely - the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves.

Cyber vandalism - stage 2

The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors.

However, the development of the Internet provided space and new opportunities for these would-be virus writers.Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code.

Professional virus writers

And then these ’script kiddies’ grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses.

Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely.
Virus researchers: the ‘proof-of-concept’ malware authors

The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their ‘proof of concept viruses’, but do actively discuss their innovations on Internet resources devoted to virus writing.

All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many proof of concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group.

Why write viruses?

Fraud

The computer underground has realised that paid for Internet services, such as Internet access, email and web hosting, provides new opportunities for illegal activity with the additional satisfaction of getting something for nothing. Virus writers have authored a range of Trojans which steal login information and passwords to gain free access to other users’ Internet resources.

The first password stealing Trojans appeared in 1997: the aim was to gain access to AOL. By 1998 similar Trojans appeared for all other major Internet service providers. Trojans stealing log in data for dial-up ISPs, AOL and other Internet services are usually written by people with limited means to support their Internet habit, or by people who do not accept that Internet resources are a commercial service just like any other, and must therefore be paid for.

For a long time, this group of Trojans constituted a significant portion of the daily ‘catch’ for antivirus companies worldwide. Today, the numbers are decreasing in proportion to the decreasing cost of Internet access.

Computer games and software license keys are another target for cyber fraud. Once again, Trojans providing free access to these resources are written by and for people with limited financial resources. Some hacking and cracking utilities are also written by so-called ‘freedom fighters’, who proclaim that all infomration should be shared freely throughout the computing community. However, fraud remains a crime, no matter how noble the aim is made out to be.
Organised cyber crime

The most dangerous virus writers are individuals and groups who have turned professional. These people either extract money directly from end users (either by theft or by fraud) or use zombie machines to earn money in other ways, such as creating and selling a spamming platform, or organizing DoS attacks, with the aim here being blackmail.

Most of today’s serious outbreaks are caused by professional virus writers who organize the blanket installations of Trojans to victim machines. This may be done by using worms, links to infected sites or other Trojans.
Bot networks

Currently, virus writers either work for particular spammers or sell their wares to the highest bidder. Today, one standard procedure is for virus writers to create bot networks, i.e. networks of zombie computer infected with identical malicious code. In the case of networks used as spamming platforms, a Trojan proxy server will penetrate the victim machines. These networks number from a thousand to tens of thousands of infected machines. The virus writers then sell these networks to the highest bidder in the computer underground.

Such networks are generally used as spamming platforms. Hacker utilities can be used to ensure that these networks run efficiently; malicious software is installed without the knowledge or consent of the user, adware programs can be camoflaged to prevent detection and deletion, and antivirus software may be attacked.
Financial gain

Apart from servicing spam and adware, professional virus writers also create Tojan spies which they use to steal money from e-wallets, Pay Pal accounts and/or directly from Internet bank accounts. These Trojans harvest banking and payment information from local machines or even corporate servers and then forward it to the master.
Cyber extortion

The third major form of contemporary cyber crime is extortion or Internet rackets. Usually, virus writers create a network of zombie machines capable of conducting an organized DoS attack. Then they blackmail companies by threatening to conduct a DoS attack against the corporate website. Popular targets include estores, banking and gambling sites, i.e. companies whose revenues are generated directly by their on-line presence.
Other malware

Virus writers and hackers also ensure that adware, dialers, utilities that redirect browsers to pay-to-view sites and other types of unwanted software function efficiently. Such programs can generate profits for the computer underground, so it’s in the interests of virus writers and hackers to make sure that these programs are not detected and are regularly updated.

In spite of the media attention given to young virus writers who manage to cause a global epidemic, approximately 90% of malicious code is written by the professionals. Although all of four groups of virus writers challenge computer security, the group which poses a serious, and growing threat is the community of professional virus writers who sell their services.

Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups.
Cyber vandalism - stage 1

In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately most of these programs did not spread widely - the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves.

Cyber vandalism - stage 2

The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors.

However, the development of the Internet provided space and new opportunities for these would-be virus writers.Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code.
Professional virus writers

And then these ’script kiddies’ grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses.

Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely.
Virus researchers: the ‘proof-of-concept’ malware authors

The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their ‘proof of concept viruses’, but do actively discuss their innovations on Internet resources devoted to virus writing.

All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many proof of concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group.

Source: Viruslist.com

Posted in Other Tagged: virus

Written by Myhouse on October 24th, 2008 with no comments.
Read more articles on Virus and otherSoftware and Other.

Removing boot.vbs or virusremoval.vbs by deleting wscript.exe

Are you annoyed by your PC, showing Windows cannot find Virus Removable .vbs or similar Script host setting at start up.

here a easy way to remove boot.vbs or virusremoval.vbs

1. Go to your system partition ie C:\WINDOWS\system32 and find or search ‘wscript.exe‘

2. Delete it. If you can’t delete it, just use unlocker from http://ccollomb.free.fr/unlocker/

Ensure that you don’t delete or modify any Windows System file. You will get rid of this problem. By this way, you don’t need any antivirus for boot.vbs.

Written by SABI on June 28th, 2008 with 4 comments.
Read more articles on virus removal and Virus and otherSoftware.

« Older articles

Newer articles »