How to remove Secure Antivirus Pro?

Secure Antivirus Pro (or SecureAntivirusPro) is a fake software that developed to distract our online activities. Secure Antivirus Pro usually installed itself into a computer without your notice, and it installs itself through a Trojan, Virus or another piece of fake software. You can also get infected by visiting some bad websites. Secure Antivirus Pro will then display fake alerts to trick user to buy the paid version of SecureAntivirusPro. Not only does Secure Antivirus Pro cause your machine to slow down dramatically, it would also put your privacy and data in risk.

Manual Removal Instructions:

Stop Secure Antivirus Pro Processes:
av.exe
SecureAntivirusPro.exe

Find and Delete Secure Antivirus Pro Files:
C:\Windows\av.exe
SecureAntivirusPro.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Secure Antivirus Pro.lnk
%UserProfile%\Application Data\Secure Antivirus Pro\settings.ini
%UserProfile%\Application Data\Secure Antivirus Pro\uill.ini
%UserProfile%\Desktop\Secure Antivirus Pro.lnk
%UserProfile%\Desktop\SecureAntivirusPro.exe
%UserProfile%\Start Menu\Programs\Secure Antivirus Pro.lnk
%UserProfile%\Start Menu\Secure Antivirus Pro.lnk

Remove Secure Antivirus Pro Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Antivirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Secure Antivirus Pro”


Hope you will fix this malware successfully.

Remove the Downadup and Conficker worm

The Downadup, or Conficker, infection is a worm that predominantly spreads via exploiting the MS08-067 Windows vulnerability, but also includes the ability to infect other computers via network shares and removable media. Not since the Sasser and MSBlaster worms have we seen such a widespread infection as we are seeing with the Downadup worm. In fact, according to anti-virus vendor, F-Secure, the Downadup worm has infected over 8.9 million infected computers. Microsoft has addressed the problem by releasing a patch to fix the Windows vulnerability, but there are still many computers that do not have this patch installed, and thus the worm has been able to propagate throughout the world.

When installed, Conficker / Downadup will copy itself to your C:\Windows\System32 folder as a random named DLL file. If it has problems copying itself to the System32 folder, it may instead copy itself to the %ProgramFiles%\Internet Explorer or %ProgramFiles%\Movie Maker folders. It will then create a Windows service that automatically loads this DLL via svchost.exe, which is a legitimate file, every time you turn on your computer. The infection will then change a variety of Windows settings that will allow it to efficiently infect other computers over your network or the Internet.

Once the infection is running, you will find that you are no longer able to access a variety of sites such as Microsoft.com and many anti-virus vendors. It does this so that you cannot download removal tools or update your anti-virus programs. It will then perform the following actions in no specific order:

* Stop and start System Restore in order to remove all your current System Restore points so that you cannot roll back to a previous date where your computer was working properly.
* Check for Internet connectivity by attempting to connect to one of the following sites:
o aol.com
o cnn.com
o ebay.com
o msn.com
o myspace.com

* Attempts to determine the infection computer's IP address by visiting one of the following sites:
o http://www.getmyip.org
o http://getmyip.co.uk
o http://checkip.dyndns.org
o http://www.whatismyip.com/

* Download other files to be used as necessary.
* Scan the infected computer's network for vulnerable computers and try to infect them.

Some symptoms that may hint that you are infected with this malware are as follows:

* Anti-malware software stating you are infected with infections using the following names:
o Net-Worm.Win32.Kido
o W32/Conficker.worm.gen
o Worm.Conficker
o W32.Downadup
o W32/Downadup.AL
o W32/Confick-A
o Win32/Conficker.A
o Mal/Conficker
o Worm:Win32/Conficker.B
o Win32.Worm.Downadup.Gen

* Automatic updates no longer working.
* Anti-virus software is no longer able to update itself.
* Unable to access a variety of security sites, such as anti-virus software companies.
* Random svchost.exe errors.


Automated Removal for Downadup and Conficker using BitDefender's Anti-Downadup tool:


1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Due to the fact that Downadup and Conficker do not allow you to connect to Microsoft and a variety of security sites you must first download the Windows patch and the removal tool from another computer and transfer the file to your infected PC. On a clean computer, download BitDefender's Anti-Downadup tool from the following location and save the file to your desktop. The current name of the file is bd_rem_tool.zip.

BitDefender's Conficker Removal Tool

3. Next visit the following link and download the KB958644/MS08-067 security patch for your particular Windows operating system:

MS08-067 Patch Download Link

Look through the list and click on the link that corresponds to the version of Windows that is running on the infected machine. Then download the file from the page that opens and save it your desktop.

4. Now copy bd_rem_tool.zip and the Windows patch file to a floppy, CD, or USB drive so we can copy it to the infected PC.

5. Once the files are stored on a removable device, copy it back onto your infected PC's Windows desktop.

6. Once the Windows patch and bd_rem_tool.zip file are on your infected computer's desktop, you will need to first install the Windows patch. Simply double-click on the file that you downloaded from Microsoft's web site and follow the prompts to install the patch. This will make it so your computer does not become reinfected again after we clean the current infection. If the patch is already installed, the Microsoft patch will detect that and not reinstall it.

7. Now we need to extract the files from the bd_rem_tool.zip. You can do this by right-clicking on the bd_rem_tool.zip and then selecting the Extract All... menu option.

Now that the file has finished being extracted, click on the Finish button.

8. A folder will open containing two files. These files are named bd_rem_tool_console.exe and bd_rem_tool_gui.exe. Please double-click on the bd_rem_tool_gui.exe file to start the program. When you run this program, Windows may display a warning.

If you receive this warning, please click on the Run button to continue starting Anti-Downadup on your computer. If you did not receive this warning, then Anti-Downadup should have started and you can proceed to step 8.

9. You will now see a screen prompting you to start the scan or close the program.

Please click on the Start button to have the program scan your computer and remove any Downadup and Conficker infections on your computer.

10. Anti-Downadup will now start to scan your computer and determine if you are infected.

This process can take 10 minutes, so please be patient. When it is done, if your computer is clean it will tell you so and you can close the program. Otherwise, continue with the rest of the steps.

11. When Anti-Downadup has finished scanning your computer it will prompt you to reboot your computer in order to finish the cleaning process.


Press Yes button to allow the infected computer to be rebooted. If you do not reboot your computer, you will be left with a blue screen as Explorer was terminated during the cleaning process.

12. When the computer has finished rebooting you should no longer have the Conficker or Downadup infections on your computer. To see a log of what was deleted you can open the C:\Win32.Worm.Downladup.Gen.log file in Notepad.

Remove PCPrivacy Defender

PCPrivacy Defender, otherwise known as PCPrivacyDefender, is a rogue privacy program that deliberately displays exaggerated scan results to make you think you have privacy risks on your computer. This program is typically promoted through the use of fake online anti-malware scanners, that when finished, state your computer is infected and that you should download and install PCPrivacy Defender in order to protect yourself. When PCPrivacyDefender is installed it will be configured to start automatically and then scan your computer when you login to Windows. When the scan is finished it will list hundreds of exaggerated privacy issues on your computer and then state that you should purchase the program in order to repair these problems.

PCPrivacy Defender is a scam and should be avoided at all costs. Any issues it finds with your computer are either false or greatly exaggerated and are only being shown to scare you into purchasing the program. If you are infected with this program, please use the free removal guide below to remove PCPrivacy Defender from your computer.

Symptoms that may be in a HijackThis Log:

O4 - HKLM\..\Run: [PCPrivacyDefender Freeware] "C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.exe" /min

Manually Removal Instruction:

Delete Associated PCPrivacy Defender Files:

c:\Program Files\PCPrivacyDefender Freeware
c:\Program Files\PCPrivacyDefender Freeware\activate.dat
c:\Program Files\PCPrivacyDefender Freeware\ATL80.dll
c:\Program Files\PCPrivacyDefender Freeware\AV.dat
c:\Program Files\PCPrivacyDefender Freeware\bnlink.dat
c:\Program Files\PCPrivacyDefender Freeware\lapv.dat
c:\Program Files\PCPrivacyDefender Freeware\license.rtf
c:\Program Files\PCPrivacyDefender Freeware\mfc80.dll
c:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.ATL.manifest
c:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.CRT.manifest
c:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.MFC.manifest
c:\Program Files\PCPrivacyDefender Freeware\msvcp80.dll
c:\Program Files\PCPrivacyDefender Freeware\msvcr80.dll
c:\Program Files\PCPrivacyDefender Freeware\PP.exe
c:\Program Files\PCPrivacyDefender Freeware\pv.dat
c:\Program Files\PCPrivacyDefender Freeware\readme.rtf
c:\Program Files\PCPrivacyDefender Freeware\remnag.dat
c:\Program Files\PCPrivacyDefender Freeware\ScanReport.dat
c:\Program Files\PCPrivacyDefender Freeware\Schedule.dat
c:\Program Files\PCPrivacyDefender Freeware\softwaredetect.dat
c:\Program Files\PCPrivacyDefender Freeware\unins000.dat
c:\Program Files\PCPrivacyDefender Freeware\unins000.exe
c:\Program Files\PCPrivacyDefender Freeware\uninstall.ico
c:\Program Files\PCPrivacyDefender Freeware\up.dat
c:\Program Files\PCPrivacyDefender Freeware\updater.dat
c:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.exe
c:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.url
c:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.xml
c:\Program Files\PCPrivacyDefender Freeware\UserAgent.dll
c:\Program Files\PCPrivacyDefender Freeware\vbpv.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase
c:\Program Files\PCPrivacyDefender Freeware\Appbase\AE_CD_Cr.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr4.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr5.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\ASDSEEpv.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\ASPack.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\Babylon.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\BDelphi5.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CatchUp.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CBuildr5.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CCGA.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CManager.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteFTP4.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteHTML.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\DAcceler.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\DiscJug.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\ECDCreat4.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\Far.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FFTsks.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FlashFXP.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FrntPage.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FrontPEx.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpEXP.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpVoya.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\GetRight.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\GoZilla.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\GravMRU.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\H_TxtPad.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\HomeSite.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\HotDogPr.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\IconExtr.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\iMesh.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\ImgReady3.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\InsShExp.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\JASC_P_P.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\KaZaA.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\LView.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDir.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDrWea.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MicAng.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MicDes.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MM_CON.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MMUnDisk.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\Morpheus.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MPaint.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MPicPub.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MPImaGal.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MSExplorer.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MSoffice.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MSRegEdit.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWMP.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWordPad.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\Nero.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\NetShow.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\NTBackup.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\pfilelst.xda
c:\Program Files\PCPrivacyDefender Freeware\Appbase\PhotShel.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\PHPCoder.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\PowerZIP.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\RapidBr.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\RealAuPl.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\RealDown.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\SecurCRT.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\SL_BlWin.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\SmartClr.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\Sonique.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\StuffIt.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\TelepPro.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UGifAnim.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UltraEd.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UMedStud.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhImpV.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhotoEx.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\UVidStud.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\VNC.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WebFeret.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WebReap.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WinACE.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WinGate.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WinRAR.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WinZIP.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\WiseInst.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\wordslst.xda
c:\Program Files\PCPrivacyDefender Freeware\Appbase\YahooPl.dat
c:\Program Files\PCPrivacyDefender Freeware\Appbase\ZipMagic.dat
c:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware
c:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data
c:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data\ActivationCode
c:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware
c:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\PCPrivacyDefender Freeware.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\PCPrivacyDefender HomePage.url
c:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\Uninstall PCPrivacyDefender.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyDefender Freeware.lnk
%UserProfile%\Desktop\PCPrivacyDefender Freeware.lnk



Delete all Associated PCPrivacy Defender Windows Registry Information:

HKEY_CURRENT_USER\Software\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Cleaner2009 Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UPSPDAP_install_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "UPSPDAP 1.0.18.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PCPrivacyDefender Freeware"


Automated Removal tool:

Download PC Privacy Defender Free Scanner with Remover

Remove CoreGuard Antivirus 2009

It seems your PC is affected with CoreGuard Antivirus 2009. You want to remove this malware from you PC.You just need to know some information and quick way to remove this malware from you PC.

CoreGuard Antivirus 2009 is a rogue anti-spyware program discovered by security researcher S!RI, that uses an interesting trick in order to protect itself. This trick is to uninstall legitimate anti-malware programs when CoreGuard detects they are installed. When CoreGuard Antivirus 2009 starts it will examine the Windows Registry key that contains the list of programs that Windows knows how to uninstall from your computer. If it detects certain programs installed it will display the following message and then start the program's uninstall process:

There is unauthorized antivirus software detected on your computer. It is recommended you to remove it, otherwise it could conflict with CoreGusard Antivirus 2009.

CoreGuard will also be configured to start whenever you log into Windows. When it runs it will automatically perform a scan of your computer, which will find a variety of infections that it will not let you remove until you purchase the program. These infections, though, are either fake or nonexistent and can be ignored. While running, it will also display numerous alerts and nag screens in order to convince you to purchase the program. Some examples of the alerts you may see are:

User's activity loggers detected!
It's strongly recommended to remove detected threats right now!

Most of the viruses and worms on your PC because of visiting pornosites or warez/torrent sites.

ANTIVIRUS IS RUN IN DEMO MODE. ACTIVATE YOUR ANTIVIRUS OTHERWISE ALL THE DATA WILL BE LOST OR DAMAGED!

DANGEROUS! ANTIVIRUS DETECTED SOME HARMFUL PROGRAMS ON YOUR PC! THEY MAY CORRUPT YOUR INFORMATION OR SEND IT TO HACKERS.

PLEASE, OPTIMIZE YOUR PC. IT RUN ONLY 10%.

These alerts are also disruptive to your normal applications because they will be displayed over your running applications and can't be minimized. The only way to get rid of these alerts is to acknowledge them.

If you find that you are infected with CoreGuard Antivirus 2009, then please use the remove guide shown below in order to remove it and any associated malware for free.


Threat Classification:
* Information on Rogue Programs

Advanced information:
View CoreGuard Antivirus 2009 files.
View CoreGuard Antivirus 2009 Registry Information.

Entries for this program found in the Add or Remove Programs control panel:
Coreguard Antivirus 2009

Tools Needed for this fix:
* SmitFraudFix

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [Coreguard Antivirus 2009] C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
O10 - Unknown file in Winsock LSP: c:\program files\coreguard antivirus 2009\firewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\coreguard antivirus 2009\firewall.dll


Automated Removal Instructions for CoreGuard Antivirus 2009 using SmitFraudFix:

# Print out these instructions as we will need to close every window that is open later in the fix.

# Download SmitfraudFix.exe from here and save it to your desktop:

SmitFraudFix.exe

Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:

# Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

# When your computer has started in safe mode, and you see the desktop, close all open Windows.

# Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:

# When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

# You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

# The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.

This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.

# When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.

# When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

# Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.


Manually removal of CoreGuard Antivirus 2009.

Stop CoreGuard Antivirus 2009 Processes:

Coreguard 2009.exe
Uninstall.exe

Find and Delete these CoreGuard Antivirus 2009:

c:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
c:\Program Files\Coreguard Antivirus 2009\firewall.dll
c:\Program Files\Coreguard Antivirus 2009\Uninstall.exe
c:\Program Files\Coreguard Antivirus 2009\Help
c:\Program Files\Coreguard Antivirus 2009\Help\reg.html
c:\Program Files\Coreguard Antivirus 2009\Help\support.png
c:\Program Files\Coreguard Antivirus 2009\blacklist.cga
c:\Program Files\Coreguard Antivirus 2009\core.cga
c:\Program Files\Coreguard Antivirus 2009\CoreExt.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Coreguard 2009.lnk
%UserProfile%\Desktop\Coreguard 2009.lnk
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Coreguard 2009.lnk
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Uninstall Coreguard Antivirus 2009.lnk

Remove CoreGuard Antivirus 2009 Registry Values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CoreGuard Antivirus 2009


Your computer should now be free of the CoreGuard Antivirus 2009 infection.

Remove Antivir/Antivirus System Pro (Removal Info)

The devils are launching more attacks on the Internet. This time, it’s called Antivirus System Pro, or Antivir System Pro. They are the same even thought they might appear under two different names. Just like it’s predecessor, Antivirus System PRO is a fake malware that created to mess with us.

Usually, Antivirus System PRO gets itself loaded onto a computer without your notice, and it installs itself through a Trojan, Virus or another piece of fake software. You can also get infected by visiting some bad websites. Antivirus System PRO will display fake alerts to trick user to buy the paid version of AntivirSystemPRO. Not only does Antivirus System PRO cause your machine to slow down dramatically, it would also put your privacy and data in risk.

Malware Type: Rogue Anti-Spyware

Malware Author: Magic software Inc

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Manual Antivir System PRO Removal Instructions:

Stop Antivir System PRO Processes:

AntivirSystemPRO.exe
AntivirusSystemPRO.exe

Find and Delete Antivir System PRO Files:

AntivirSystemPRO.exe
AntivirusSystemPRO.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivir System PRO.lnk
%UserProfile%\Application Data\Antivir System PRO\settings.ini
%UserProfile%\Application Data\Antivir System PRO\uill.ini
%UserProfile%\Desktop\Antivir System PRO.lnk
%UserProfile%\Desktop\AntivirSystemPRO.exe
%UserProfile%\Start Menu\Programs\Antivir System PRO.lnk
%UserProfile%\Start Menu\Antivir System PRO.lnk

Remove Antivir System PRO Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivir System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivir System PRO”


Alternate way for manually Removal Instructions:

Manual removal of Antivirus System PRO is feasible if you have sufficient expertise in working with program files, system processes, .dll files and registry entries.

The files to be deleted are listed below:

* %ProgramFiles%\Antivirus System PRO\conf.cfg
* %ProgramFiles%\Antivirus System PRO\mbase.vdb
* %ProgramFiles%\Antivirus System PRO\quarantine.vdb
* %ProgramFiles%\Antivirus System PRO\queue.vdb
* %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe
* %ProgramFiles%\Antivirus System PRO\uninstall.exe

The associated registry entries to be removed are as follows:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
* HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”

Please, be informed that manual removal of Antivirus System PRO is a cumbersome procedure and does not always ensure complete deletion of the malware, since some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Antivirus System PRO, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

If you are not so much experience in manual removal. Try automated removal software.


Download: Antivirus System PRO Automatic Remover

How to fix missing folder option in windows explorer?

When you scroll to the tools menu of Windows Explorer, you see the folder option. You cry when you are don't able see folder option in tool menu. You think you computer is affected with virus and waste a lot time in internet to fix this problem.

It is very common problem to see in computer. This is because of script activities which change your registry value. It can be fix easily if you know the basic about windows registry key. Here you can fix this problem using following steps.

Solution 1: Edit registry

1. Go to Run, type regedit then press enter.
2. Navigate to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer].
3. At right panel, look for a value called NoFolderOptions. Right click on it then choose Delete.
4. Navigate to [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer].
5. Repeat step 3 to delete NoFolderOptions entry.

Solution 2: Change setting in Group Policy

1. Go to Run, type gpedit.msc then press enter.
2. Navigate to User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer.
3. At the right panel, look for “Removes the Folder Options menu item from the Tools menu”, right click on it then choose Properties.
4. Change the setting from Enabled to Not Configured or Disabled.

Hope this simple and basic solution will help you to restore your missing folder option in Windows Explorer.

3 Steps to Speed Up Your Computer

One of the main questions "How to speed up computer?". Before going to speed up your computer, you must know "Why your computer get slow?" You see a computer can slow down for many reasons, including hardware issues, software issues, not enough memory, too many programs installed etc.

However the majority of computers slow down in performance due to some common issues and most can be repaired by carrying out some simple procedures within the comfort of your own home. So if you wish to learn how to speed up your computer then continue reading as I will show you three very easy ways to significantly increase the performance of your PC.

Step Number One - Not Enough Memory, Get More RAM

The most obvious way to speed up your PC would be to buy some more RAM. It is the most obvious solution yet it is still the most neglected one, back in the day you didn't have to worry about having extra RAM. But these days with the introduction of windows vista and many other powerful programs, a lot of systems that come straight out of the factory are unable to handle and support these programs, simply because they do not have enough RAM.

To run Windows Vista properly and efficiently you need at least 1GB of RAM and I would recommend buying a legitimate Graphics Card as well. You may have had an excuse for not buying extra RAM a few years ago as it used to be fairly expensive but these days you can pick up a decent 1GB stick of RAM for around $20-30. So I don't see any reason for you not to upgrade if you are looking to improve the performance of your computer.

Step Number Two - Get Rid Of Any Malicious Programs and Spyware

If you use the internet or download music, videos etc. from P2P networks on a regular basis then it is almost guaranteed that you would've come across some form of spyware or ad-ware in the past. You don't choose to install these malicious programs on your computer they just somehow manage to claw their way in, and most of the times you won't even know that you've been infected unless you have some good anti-spyware software in action.

Spyware and viruses can significantly slow down the performance of your computer as they are constantly running in the background of you computer performing malicious task and trying to collect your valuable private information. They can not only considerably slow your computer down but basically destroy your whole machine if you are not cautious.

The best solution to this problem is to always have your anti-spyware protection running and make sure all your databases are up to date so you can detect the latest Trojans and spywares. If you find yourself infected then immediately run a full scan and repair of your system using your software in order to get rid of the spyware and to make sure you don't cause any serious damage to your PC.

If you don't already have some type of anti-spyware protection, then I'm afraid your computer is at serious risk and you are probably in deep trouble. Go out and find a good spyware removal tool and install it as soon as possible so you can have your computer running at optimum performance again.

Step Number Three - Fix Corrupted Registry

One of the most overlooked reasons as to why your computer is running so slow is due to the fact that you probably have a corrupted registry. You see the registry is like the back bone of your computer and it contains records of almost every action performed on the machine.
Any changes you make to your computer, meaning any programs you install or delete affects the registry and over time it becomes severely corrupted due installations and un-installations. Even when you do something good for the computer, like remove a virus or spyware, it will still affect and corrupt the registry, this is because traces of the file still remain in the registry, so Worthless and excess files are stored in the registry.

After a few months of running your computer the registry will become brutally corrupted, of course it will be unintentional, but nonetheless it will be a total mess. At the start your computer will just begin to slow down, however as time passes and the registry still has not been cleaned, your PC will begin to face much larger problems. It will begin to freeze and crash and you probably won't be able to access some applications (the infamous dll errors are caused due to this).

Remember your registry is basically what runs your operating system so it only makes sense to give it through cleaning every now and then to make sure everything is running smoothly. Even if you have upgraded your RAM and cleared your PC of any Spyware and viruses, a corrupted registry can still drastically reduce the speed of your PC. Therefore I would recommend conducting a full scan and repair of the registry with a good registry cleaner every week or so in order to seriously speed up your Computer.

So next time you find yourself asking the dreaded question of "Why is my computer running so slow?" go ahead and apply the three simple tweaks above and I guarantee your computer will be running at least 2-3 times faster. You will simply be amazed at how easy it was to speed up your Computer; you will have to invest a little bit of cash, but once you begin to use your PC and realize how much it has improved you will understand that it was well worth it. Plus these days' computers have deeply engrained themselves into our lifestyles and are such an important factor in our daily lives that it only makes sense to make sure they are running efficiently.

Using this tweak you can definitely increase some speed performance of your computer

Change logon password on a Computer Without Knowing the Original

If you are in front of computer which is password protected and want to change its original password without knowing then here is quick guide to help you to do so.This is really great and easy tips.

You can able to change original password of any computer by following simple following steps. Here we go:

1. Go to start menu, click to 'run' and type 'cmd'.
2. Once command prompt comes up then type in: 'net user'. It will list the user names of the computer.
3. You need to type 'net user username'. So if the username is Jack, you need to type 'net user jack'.
4. After this you see saying on command prompt "you may change your password". To change password type all as in step 3 and add password at the end. If you want to add password abcd then type 'net user jack abcd'. You will successfully change the password.

Try this only for your own. Don't do it against any other. We know its very painful to see password not working.

Win32/VB.IQ and Win32/VB.IQ.dr

Trojan:Win32/VB.IQ is a trojan downloader dropped by another malware detected as Trojan:Win32/VB.IQ.dr. It connects to certain web servers to download other malware.

Trojan:Win32/VB.IQ is dropped in the system by Trojan:Win32/VB.IQ.dr. It also drops a copy of itself as %windir%\bravo.exe.

Trojan:Win32/VB.IQ may drop and execute the following file:
%windir%\ppsap.exe

Upon execution, Trojan:Win32/VB.IQ.dr drops a copy of itself in the Windows folder as ppsap.exe. It then drops the file kimo.exe also in the Windows folder.

It then modifies the system registry so that kimo.exe and another file, bravo.exe, are automatically run when Windows starts:

Adds value: "civic"
With data: "%windir%\kimo.exe"
Adds value: "ppsap"
With data: "%windir%\bravo.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It then executes kimo.exe and bravo.exe, which are both detected as Trojan:Win32/VB.IQ.

Take note that Trojan:Win32/VB.IQ.dr does not drop bravo.exe but attempts to execute it, as it is assumed that bravo.exe is already in the system and possibly dropped by kimo.exe.

This ensures that Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ install each other.

Worm Win32.Zafi.B and its removal

The new internet worm Zafi.B spreads very fast mainly via email attachments, but also via filesharing networks.

The message subject and body text differs depending on the domain extension of the receiver's email address. Target email addresses are collected on the local computer and extracted from several files like temporary internet files and email address books.

Once the file has been executed, it will do following:

1. Creates mutex_Hazafibb
2. Prevents execution of the processes containing: regedit, msconfig, task, (eg: regedit, taskman, taskmon, mstask, msconfig)
3. Deletes the following files from Windows folder: fvprotect.exe winlogon.exe services.exe jammer2nd.exe
4. Checks if the computer is connected to the internet by attempting to contact google.com or microsoft.com
5. Searches for e-mail addresses in files matching: htm,wab,txt,dbx,tbb,asp,php,sht,adb,mbx,eml,pmr
6. Avoids e-mail addresses containing: win, use, info, help, admi, webm, micro, msn, hotm, suppor, syma, vir, trend, panda, yaho, cafee, sopho, google, kasper, msn, office, nero, icq, game, winra, winzi, divx, movie, total, wina
7. Stores found e-mail addresses in random named dll files in %SYSTEM% folder
8. Creates registry key and entries:
[HKEY_LOCAL_MACHINE\Software\Microsoft\_Hazafibb]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"_Hazafibb"="%SYSTEM%\%random%.exe"]
9. Uses it's own SMTP engine to send itself to harvested e-mails. Attempts to obtain a smtp server address by adding smtp. or mx. etc to the domain from the harvested address or uses a default smtp address.
10. Creates copies of the virus in folders containing "share" or "upload" as winamp 7.0 full_install.exe and/or Total Commander 7.0 full_install.exe
11. Creates a thread that attempts to flood: www.parlament.hu, www.virusbuster.hu, www.virushirado.hu, www.2f.hu
12. May create files C:\SYS.TXT and _upload.exe
13. The virus contains the following string:
A hajlektalanok elhelyezeset, a bunteto torvenyek szigoritasat, es a HALALBUNTETES MEGSZAVAZASAT koveteljuk a kormanytol, a novekvo bunozes ellen!2004, jun, Pecs,(SNAF Team).

Removal:

All antivirus vendors had protection for the Zafi.B worm with their latest updates. Symantec has a removal tool, and you could also use these free online scanners. Trend Micro's free online scanner, Housecall, McAfee's Stinger tool, or Panda Software's ActiveScan. F-secure has a removal tool available in several formats.

Because Zafi.B may disable or overwrite existing antivirus products on infected machines, users may need to use one of the removal utilities or scanners mentioned above. If your antivirus has been overwritten, you will need to reinstall it when your system is free of Zafi.

The main infection is removed by deleting files in the Windows system folder and removing registry entries. If you're not familiar with the Registry editor, you should probably use one of the removal tools mentioned above. While we highly recommend that you back up your registry before editing, you should be aware that the backup you make contains entries associated with Zafi.B. Since the files are deleted, you may get errors if you restore from the backup at a future date. Once your system has been cleaned, and is operating properly, you may want to delete the backup that has Zafi.B entries in it.

1. Turn off System Restore if you're using Windows ME or XP. When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.
2. Restart the computer in Safe Mode. Since the Zafi.B worm creates running processes, and Windows doesn't allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean. In addition, Zafi.B blocks the use of Regedit which is required below.
3. Run a full system scan with an updated antivirus scanner (or one of the online scanners mentioned above). If your scanner does not remove everything, follow the next few steps.
4. IMPORTANT: Your antivirus software should, during detection, produce a list of files associated with the W32/Zafi.B or W32/Erkez virus (depends on scanner). The files will be copies of the worm stored in the Windows system folder and shared folders mentioned above. You should set your antivirus to delete them. If not, delete them manually.
5. Make a backup of the registry before you edit. Delete the Run entries associated with Zafi.B from the registry. These will be:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the key:
"_Hazafibb"="%system%\.exe"
Also delete the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\_Hazafibb
6. Exit the registry editor.
7. Re-enable System Restore, reboot machine.
8. Re-scan to be sure all files are clean.

Sources: Pcmag | BitDefender

Error: Clear NetBT solved

Windows could not finish repairing the problem because the following action cannot be completed: Clearing NetBT has been solve for me.

Today I was having a problem with my internet connection. I am using manually configured ip adress. Whenever connect to internet, I need to refresh once to see the website. Its a big headache for me. I try to search in google for this, but no result. I think its a problem of my netcard. I was wrong, finally I got solution and start to surf on net as usual.

During solving I found the bug is only error in clearing NetBT. When I want to repair my local network connection, i got message like "Windows could not finish repairing the problem because the following action cannot be completed: Clearing NetBT" There is nothing hard to solve this problem. All you need to do following things.

1. Go to "start" & "run"
2. Type "cmd" and press enter. A "DOS box" should come up
3. type "netsh int ip reset c:\logfile.txt" and press enter.

This will change the settings and create a logfile on the root directory of your C drive.

At last I enter my ip address manually. Restart once and it is solved and found my internet connection fast than previous.

Hope this will be helpful to you for facing the Error: Clearing NetBT