Archive | Worms

Remove Worm-Win32/Taterf.B, How to Uninstall Win32/Taterf.B


What is Worm-Win32/Taterf.B

Win32/Taterf.B is a typical Worm. Just like viruses, Worms have the capabilities of replicating themselves and infect more systems. They spread without any user intervention. But in contrast to viruses, Worms spread without attachiing themselves to any file or program.

Win32/Taterf.B can spread across networks by exploiting vulnerabilities and weaknesses in the security systems. The user will find an infected machine very sluggish and slow to work upon.

By properties, Win32/Taterf.B is a password stealer. It tries to spy upon the online username and passwords used by an infected machine and send them to its servers. Because of its very nature, People using online games are at the highest risk.

It is highly recommended that you take immediate steps for the removal of The user will find an infected machine very sluggish and slow to work upon. from your system.

Technical Details of Win32/Taterf.B

  • Aliases: Win32/Taterf.B, Trojan.Lineage.Gen!Pac.3, PWS-Gamania.gen.a, Mal/EncPk-CE

Do I need to remove Win32/Taterf.B

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for Win32/Taterf.B

.

How to Uninstall Win32/Taterf.B scam

The best way for the removal of Win32/Taterf.B is to install a good quality Anti-spyware Program and scan your system for any Win32/Taterf.B infections.

Automatic removal of Win32/Taterf.B is always good and complete as compared to any attempts to manually remove Win32/Taterf.B, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Win32/Taterf.B.

Instructions to get rid of Win32/Taterf.B

If you really want to remove the Win32/Taterf.B infection on your system manually then proceed as follows.

Step 1: Kill the Win32/Taterf.B ProcessesLearn how to do that

Step 2: Remove Win32/Taterf.B files, folders and all associated Win32/Taterf.B DLL files:Learn how to do that

pytdfse0.dll
autorun.inf

%System%\pytdfse0.dll
%System%\kavo1.dll
%System%\kavo0.dll
%System%\amvo1.dll
%System%\amvo0.dll
%System%\avpo1.dll
%System%\avpo0.dll

Step 3: Uninstall Win32/Taterf.B registry entries: Learn how to do that

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Free Scan for Win32/Taterf.B

Posted in WormsComments (0)

Remove W32.Relnek.A, How to Uninstall Foober free


What is W32.Relnek.A

W32.Relnek.A is a deadly Computer Worm infecting hundreds of computers each day. It is a dangerous worm, with a potential of crashing your system and make it worth useless. W32.Relnek.A usually spreads in the local and network drives.

Once executed, the W32.Relnek.A worm scans the memory of the compromised computer. It checks for executing infected files so that only one instance of the virus is running.

It then searches mapped and removable drives for executable files to infect.

While attempting to infect files, the virus may crash the compromised computer. The compromised computer then displays the following Microsoft Send Error Report message:
Title: Foobar
Body: Foobar has encountered a problem and needs to close.
We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.

Please tell Microsoft about the problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

To see what data this error report contains, click here.

Following is the error message you might see when encountered with W32.Relnek.A.

remove-foober-uninstallDo I need to remove W32.Relnek.A

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for W32.Relnek.A

.

How to Uninstall W32.Relnek.A scam

The best way for the removal of W32.Relnek.A is to install a good quality Anti-spyware Program and scan your system for any W32.Relnek.A infections.

Automatic removal of W32.Relnek.A is always good and complete as compared to any attempts to manually remove W32.Relnek.A, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of W32.Relnek.A.

Free Scan for W32.Relnek.A

Posted in WormsComments (0)

Remove Conficker, How to Uninstall Win32.Conficker free


What is Win32.Conficker

Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak administrator passwords. It disables several important system services and security products and downloads arbitrary files.

Aliases of Win32.Conficker

  • Worm:Win32/Conficker.A (Microsoft)
  • Crypt.AVL (AVG)
  • Mal/Conficker-A (Sophos)
  • Trojan.Win32.Pakes.lxf (F-Secure)
  • Trojan.Win32.Pakes.lxf (Kaspersky)
  • W32.Downadup (Symantec)
  • Worm:Win32/Conficker.B (Microsoft)
  • WORM_DOWNAD.A (Trend Micro)

How Win32.Conficker Propagates to your system

Win32/Conficker.B has multiple propagation methods. These include the following:

  • Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)
  • The use of network shares
  • The use of AutoPlay functionality

Therefore, you must be careful when you clean a network so that the threat is not reintroduced to systems that have previously been cleaned.

What are the symptoms of Win32.Conficker

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed.

Do I need to remove Conficker

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

Free Scanner for Win32.Conficker

.

If you want to manually remove Win32.Conficker from your system, then you can go ahead to the Microsoft site, where you will find manual instructions for the same.

Manual Instructions at Microsoft site.

Posted in WormsComments (0)

Remove DownAd, How to Uninstall Downad Worm free


What is DownAd

DownAd is a Worm. A deadly worm, which is causing nightmares to the security experts and spreading very fast these days.

And the magnitude of the infection is big. An estimate suggests that more than 8 million users are already infected with DownAd. Initially thought to be working in conjunction with a NETWORM variant, WORM_DOWNAD.A is now believed to be an updated version of an attack from the same criminal botnet gang.

How does DownAd Operate

Downadup worms attempt to call home. They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines.

They could build a large botnet for example. The framework is in place. Normally malware uses only one or maybe a handful of websites. Such sites are generally easy to locate and shut down.

Then there is Downadup. It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.

Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.

This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place. However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever.

So why is DownAd so successful? Simple – poor security policies.

The first propagation technique is really exploiting poor patch management. A patch for this vulnerability has been available since late last year, but still some administrators (or the safety representatives) have not properly rolled this out to all machines on their network.

Remember even one unpatched machine is enough to have this worm spread through the entire network. Patch management is a critical component of any IT department’s job today, and it is vitally important that it is applied in a timely fashion across ALL of the company’s machines, including laptops and other mobile devices. Companies also need to have very clear policies on patch levels of external parties who access their network (e.g. partner companies, contractors, etc). Like so many aspects of security, it only takes one hole to bring down an entire network.

Technical Details of DownAd

  • Full name: DownAd
  • Date Appeared: Dec. 2008
  • Characteristic: Worm
  • URL:

Do I need to remove xxxxx

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

Free Scan for xxxxx

Posted in WormsComments (0)

Remove KoobFace, How to Uninstall Win32.KoobFace free


What is KoobFace

Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.

The Koobface.b virus, which targets Facebook users, creates spam messages and sends them to the infected users’ friends via the messaging system on Facebook.

The spam messages and comments include text links such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many, many others.

Technical Details of KoobFace

  • Full name: KoobFace, win32.KoobFace, BoFace
  • Date Appeared: July 2008
  • Characteristic: Virus
  • URL:

Do I need to remove KoobFace

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for KoobFace

.

How to Uninstall KoobFace scam

The best way for the removal of KoobFace is to install a good quality Anti-spyware Program and scan your system for any KoobFace infections.

Automatic removal of KoobFace is always good and complete as compared to any attempts to manually remove KoobFace, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of KoobFace.

Instructions to get rid of KoobFace

If you really want to remove the KoobFace infection on your system manually then proceed as follows.

Step 1: Kill the KoobFace ProcessesLearn how to do that

  1. %SYSTEMROOT%\bolivar28.exe
  2. che07.exe
  3. bolivar28.exe
  4. %WinDir%\system32\nScan\ekrn.exe
  5. %WinDir%\system32\nScan\ecls.exe
  6. %WinDir%\system32\splm\ncsjapi32.exe
  7. %WinDir%\bolivar28.exe
  8. C:\Windows\fbtre6.exe

Step 2: Remove KoobFace files, folders and all associated KoobFace DLL files:Learn how to do that

%WinDir%\system32\nScan\ekrnEmon.dll
%WinDir%\system32\nScan\ekrnScan.dll
%WinDir%\system32\nScan\ekrnEpfw.dll
%WinDir%\system32\nScan\ekrnAmon.dll
%WinDir%\system32\splm\lmfunit32.dll
%WinDir%\system32\splm\mcaserv32.dll
%WinDir%\system32\splm\kbdsapi.dll

Step 3: Uninstall KoobFace registry entries: Learn how to do that

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
  2. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  3. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
  4. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2”
  5. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  6. HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008”
  7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
  8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
  9. HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Free Scan for KoobFace

Posted in WormsComments (0)

Remove Win32.Zafi.B, How to Uninstall Win32.Zafi.B free


What is Win32.Zafi.B

Win32/Zafi.B is a worm spreading via e-mail and P2P networks.

Zafi.B worm is a moderately destructive worm that may cause antivirus and security products to stop working. It also may overwrite executables of installed security products. Zafi also disables RegEdit, MSconfig and the Task Manager and may also launch a DoS attack against several Hungarian web sites.

Technical Details of Win32.Zafi.B

  • Full name: Win32.Zafi.B
  • Date Appeared: 2004
  • Characteristic: Worm
  • URL:

Do I need to remove Win32.Zafi.B

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for Win32.Zafi.B

.

How to Uninstall Win32.Zafi.B scam

The best way for the removal of Win32.Zafi.B is to install a good quality Anti-spyware Program and scan your system for any Win32.Zafi.B infections.

Automatic removal of Win32.Zafi.B is always good and complete as compared to any attempts to manually remove Win32.Zafi.B, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Win32.Zafi.B.

Instructions to get rid of Win32.Zafi.B

If you really want to remove the Win32.Zafi.B infection on your system manually then proceed as follows.

  1. Turn off System Restore if you’re using Windows ME or XP. When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.
  2. Restart the computer in Safe Mode. Since the Zafi.B worm creates running processes, and Windows doesn’t allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean. In addition, Zafi.B blocks the use of Regedit which is required below.
  3. Run a full system scan with an updated antivirus scanner (or one of the online scanners mentioned above). If your scanner does not remove everything, follow the next few steps.
  4. IMPORTANT: Your antivirus software should, during detection, produce a list of files associated with the W32/Zafi.B or W32/Erkez virus (depends on scanner). The files will be copies of the worm stored in the Windows system folder and shared folders mentioned above. You should set your antivirus to delete them. If not, delete them manually.
  5. Make a backup of the registry before you edit. Delete the Run entries associated with Zafi.B from the registry. These will be:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    and delete the key:
    “_Hazafibb”=”%system%\<random file name>.exe”
    Also delete the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\_Hazafibb
  6. Exit the registry editor.
  7. Re-enable System Restore, reboot machine.
  8. Re-scan to be sure all files are clean.

Free Scan for Win32.Zafi.B

Posted in WormsComments (0)

Remove Win32.Netsky.Q. How to Uninstall Win32.Netsky.Q free


What is Win32.Netsky.Q

Win32.Netsky.Q is a worm, a vehicle which facilitates installation of malware and rogue software onto your system

Win32.Netsky.Q is one of the worms, which is falsely identified by many of the rogue antispyware programs, which calim that they will remove it from your system and clean it.

It has been seen that Win32.Netsky.Q is a rare malware, and it is highly unlikely that your system is actually infected with it. But still many of the trojan use its name to generate fake security alerts that your system is infected with Win32.Netsky.Q and thus they try to sell rogue security software to clean your system.

If you re really infected with it, here are the steps you can take to remove it from your system.

Technical Details of Win32.Netsky.Q

  • Full name: Win32.Netsky.Q, Win32.Netsky.Q
  • Date Appeared: 2004
  • Characteristic: Worm
  • URL:

Do I need to remove Win32.Netsky.Q

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for Win32.Netsky.Q

.

remove-win32-netsky-q-uninstall

How to Uninstall Win32.Netsky.Q scam

The best way for the removal of Win32.Netsky.Q is to install a good quality Anti-spyware Program and scan your system for any Win32.Netsky.Q infections.

Automatic removal of Win32.Netsky.Q is always good and complete as compared to any attempts to manually remove Win32.Netsky.Q, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Win32.Netsky.Q.

Instructions to get rid of Win32.Netsky.Q

If you really want to remove the Win32.Netsky.Q infection on your system manually then proceed as follows.

Step 1: Kill the Win32.Netsky.Q ProcessesLearn how to do that

fhexj6825097.exe

Step 2: Remove Win32.Netsky.Q files, folders and all associated Win32.Netsky.Q DLL files:Learn how to do that

fhexj6825097.exe
mjkdpl.dll

Step 3: Uninstall Win32.Netsky.Q registry entries: Learn how to do that

HKEY_CURRENT_USER\Software\fhexj6825097.exe

Free Scan for Win32.Netsky.Q

Posted in WormsComments (2)

Advertise Here

Hot Deals - Ending Soon

Archives