Showing posts with label Virus Support. Show all posts
Showing posts with label Virus Support. Show all posts

Wednesday, June 21, 2017

Recovering Files From Ransomware

First thing is these guys who do this are the scum of scum, what a F..... Nightmare this was.

The computer was an infected windows 7 Machine and I witnessed the damage this can do to a company.

The customer was infected with the Nemesis Ransomware and all files were encrypted with the words super_man@aol.com after each file.

DON'T EVER PAY THESE SCUMBAGS






The first thing was to remove the infected computer from the network before it infected other computers if it hadn't already.

I then logged into the modem and change the password and removed the remote desktop forward that was in place for the accountant to access, his problem was that the password he used for his login was too simple.

All his files had been infected

Yes the customer did do a back up regularly but after his back drive broke down he failed to backup his files manually or replace the backup system, even then this probably would have infected that as well.

What I did to retrieve the customers files.

Don't connect to your personal network, don't connect to the internet as yet, if you do want to enable safe mode with internet access then remove all computers from modem and only connect this but I would do this as yet.

Rebooted the PC while tapping F8 to enter Safe Mode, may be different for your PC.

From a clean PC download Malwarebytes and HitmanPro for 32bit or HitmanPro_x64 for 64bit, ShadowExplorer and Mafee getsup

I would purchase a copy of Malwarebytes its worth for premium protection, it will also protect against Ransomware.

Make sure that the USB is empty because you will want to format this when done

Once all files are downloaded and on the USB stock transfer to the infected PC now in Safe mode

Install and run malwarebytes update software/definition first by hitting the update button and if you have purchase a serial then enter now or use the premium in trial mode

Once complete click remove virus, you may need to reboot but make sure after the reboot you tap F8 to enter Safe mode again, If it does reboot back to normal boot just reboot again until you reach Safemode again as we have much more to do.

Be aware that all we are doing for now is trying to remove the infection so that we can boot into normal mode to see if we can retrieve the files.

After this is complete from Safe mode also run Hitman pr or 64 bit if you have a 64bit system
it will ask you to either install just click on one time run only, there is no need to install as it will conflict.

I also used a free copy of comodo rescue CD which boots and runs from the CD, that was me being anal.

Ok this may seem stupid but I now rebooted to normal boot in other words not in Safe Mode and entered system restore.

I did not do this earlier as I didn't want to infect system restore, so I removed the infection first.

Now by restore this to an earlier date say week or so I thought that just maybe this would work and it did repair some files but most files were still not working.

Hopefully you can still restore and that was not deleted.

After the restore finished I then returned to Safe mode and installed Malwarebytes again then did another scan then rebooted, back to safemode then scaneed with hitman pro and comodo.

I know this is monotonous but trust me its all worth it.

After all scans are done and you have rebooted to normal boot mode, you now have a PC restored to a much earlier time before the ransomware and hopefully virus free, so from here on the USB stick run ShadowExplorer-0.9-portable as Administrator

Don't forget to scan the USB stick when doing the virus scans as well and never place that infected stick back into a clean PC, your better off getting another USB stick if needs be.

Hopefully your system has has shadow copy turned on and if so you can go back in time, as you go back in time you will find a day when the ransomware was placed on the PC and executed as the earlier days will show all your files in perfect condition.

Select your C drive then sect the date from the dropdown menu.

Please do not try to use shadow explorer to you have fully cleaned the PC

Right click on the folder you need to retrieve, then click export, then sect a USB drive the drive



Note that you WILL have to format the drive, these people usually create a fictitious user which is hidden so don't attempt to keep the computer as is, this exercise was merely a process to remove ransmoware/malware and retrieve your lost files.









Saturday, April 15, 2017

Malwarebytes Cannot Start A Scan While Another One Is Already In Progress

When you right click on a file to scan with Malwarebytes you get this message.


What I did to fix this

Made my way to C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe.

Right clicked on mbam.exe, then properties, then compatibility, then ticked run this as administrator.


Rebooted, then right clicked on a file and scanned with Malwarebytes, worked fine.

You probably only need to reboot the PC and all will be good but just in case I changed this to run as administrator. 

Saturday, November 7, 2015

CCleaner Reset To Default

Open CCleaner

Click on Options, then advanced, then Restore Default Settings


Tuesday, November 4, 2014

Removing Internet Activity And More Using CleanUp

Similar to CCleaner,  CleanUp is exceptionally good at removing  traces of your Internet activity.

Empties recycle bins, newsgroup cache, newsgroup subscriptions, delete cookies, browser cache, history, bookmarks and favorites.

CleanUp : http://www.stevengould.org/

Install the run CleanUp

Go to Options the select Thorough CleanUp! click OK to all then click CleanUp!





Tuesday, October 14, 2014

Remove CCleaner In System Tray When Computer Starts

CCleaner now showing up in the notifications area (system tray) after rebooting v 4.18.4844


You have enabled active monitoring

To disable

Run CCleaner

Go to Options

Select monitoring 

Untick :  Enable Active Monitoring

Older versions you also have enable active monitoring in the advanced menu






If Enable active monitoring is not highlighted then untick Enable system monitoring first then untick  Enable active monitoring.




Sunday, April 13, 2014

Heartbleed Bug

Heartbleed Bug test site : http://filippo.io/Heartbleed/


Chromebleed: http://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic


Click on add to Chrome - this will display a warning if the site you are browsing is affected by the Heartbleed bug.


You should see Chromebleed icon in the top right of your Chrome browser


Otherwise you can go to settings then extensions to confirm it is enabled


In Layman's Terms : http://www.heavy.com/tech/2014/04/watch-video-heartbleed-security-flaw-explained-simple/

Information : 
http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security#awesm=~oBjQiicL4UClAY



Saturday, August 10, 2013

RUButted Service will Not Start

Restart Service will not restart version 2.0.0.1034 Pattern 1.10047.00



I noticed that the service was not running greyed out in system tray.
I right clicked on it and choose open console, clicked on restart service but nothing happened
Uninstalled then reinstalled but still no good.
This was all working perfectly with the older version


What I did to fix it:

In my case I navigated to : C:\Program Files (x86)\Trend Micro\RUBotted

Double click on WinPcap_4_1_3.exe  and installed





Left Click on RUBotted then Open Console, then restart service


Done





  




Thursday, June 27, 2013

Remove Babylon, Coduit, Junk Remover

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Ask Toolbar
Babylon
Browser Manager
Claro / iSearch
Conduit
Coupon Printer for Windows
Crossrider
Facemoods / Funmoods
iLivid
IncrediBar
MyWebSearch
Searchqu
Web Assistant


This is an awesome program worth a donation

Also Try : http://tigzy.geekstogo.com/roguekiller.php

Monday, December 3, 2012

Virus Scanners List

Updated Regularly


Combofix - http://www.bleepingcomputer.com/download/combofix/ - - 👍👍👍

CCleaner - http://www.filehippo.com/download_ccleaner

Dr.Web - http://www.drweb.com

eScanAv Antivirus Toolkit (MWAV) : http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV - 👍👍👍

Emsisoft Emergency Kit - http://www.emsisoft.de/en/software/eek/
Picked up C:\Users\loza\AppData\Roaming\lol.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F
 (others have misssed this trojan?)

ESET - http://www.eset.com/download/home/

Farbar Recovery Scan Tool : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/  - also known as FRST

F-Secure - https://www.f-secure.com/en/try-for-free

Fortinet - http://www.fortinet.com/

F.Prot - Frisk - http://www.f-prot.com/

G Data - https://www.gdatasoftware.com/downloads

HijackThis - http://sourceforge.net/projects/hjt/

Hitmanpro - https://www.hitmanpro.com/en-us/downloads

Jrt : http://thisisudax.org/downloads/JRT.exe

JiJiangmin - http://global.jiangmin.com/

Kaspersky Virus Removal  - http://www.kaspersky.com/antivirus-removal-tool?form=1

KidoKiller - http://support.kaspersky.com/downloads/utils/kk.zip

Malwarebytes - http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

Microsoft Essentials - http://windows.microsoft.com/en-AU/windows/products/security-essentials

Microsoft Malicious Software Removal Tool :

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Microsoft Safety Scanner: https://www.microsoft.com/security/scanner/en-us/default.aspx

McAfee - http://home.mcafee.com/Default.aspx?

Multi Virus Cleaner 2011 : https://ro.softpedia-secure-download.com/dl/a7e2db0b24e49fdf84a7cb9219c4a8f4/5e102451/100119592/software/PORTABLE/ANTIVIRUS/Portable%20Multi%20Virus%20Cleaner.zip

Norman -  http://www.norman.com/

PUP : Norton Power Eraser : https://security.symantec.com/nbrt/npe.aspx?&OpenDocument&src=npe

OTL - http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/

Panda - http://www.pandasecurity.com.au/

Prevx - http://info.prevx.com/downloadprevx.asp

PUP : Should I Remove It : http://www.shouldiremoveit.com/

Quickheal - http://www.quickheal.com/

RectorDecryptor - http://support.kaspersky.com/downloads/utils/rectordecryptor.zip

Rising - http://www.freerav.com/

Rizone Virus Cleaner  : https://softpedia-secure-download.com/dl/1a428299c42c7d5e5db53ccd474646b6/5e1025c1/100165000/software/antivirus/viruclean.zip

Spyware Hunter :  https://www.spyhunter.com/gg-sh/?gclid=CjwKCAjw95yJBhAgEiwAmRrutNnRbqqhbtKkHybq7GS8ySPNn4GsgjZfqtcxI8mCja0zGNMu7dq77xoCq98QAvD_BwE

Stinger 32Bit : https://www.mcafee.com/enterprise/en-us/downloads/free-tools/terms-of-use.html?url=http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32-epo.zip

Stinger 64bit : https://www.mcafee.com/enterprise/en-us/downloads/free-tools/terms-of-use.html?url=http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger64-epo.zip

Symantec - http://www.symantec.com

TDSSKiller - http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Trend Micro House call - http://free.antivirus.com/us/#cleanup-and-prevention

Trend Micro Browser Guard - http://free.antivirus.com/us/#cleanup-and-prevention

Trend Micro RUbotted - http://free.antivirus.com/us/#cleanup-and-prevention

Trend Micro - CWShredder - http://trend-micro-cwshredder.en.malavida.com/download

Trend Micro - RootkitBuster - http://free.antivirus.com/us/#cleanup-and-prevention

Trend Micro - Micro Rootkit Buster - http://esupport.trendmicro.com/solution/en-us/1034393.aspx

Trend Micro - Anti-Threat Toolkit - http://esupport.trendmicro.com/solution/en-us/1059565.aspx

Trend Micro - Fake Antivirus (FakeAV) Removal Tool - http://esupport.trendmicro.com/solution/en-us/1056510.aspx

Virusbuster - Mac - http://www.intego.com/virusbarrier

https://www.raymond.cc/blog/comprehensive-list-of-free-anti-virus/

Saturday, September 8, 2012

Uninstalling AVG Linkscanner

I had an issue with a program running so I had to uninstall all virus programs so I could figure out why the program would not run correctly, dissabling it would not fix my problem.

So I uninstalled AVG but when I rebooted linkscanner was still present.

I ran avg linkscanner then disabled it, then uninstalled, after a reboot the it will still be active.

My guess is during the uninstallation process I didn't tick the right boxes so it could uninstall linkscanner.

I even downloaded an uninstall program from avg to remove all traces of linkscanner, but this did not work either.

Solution:

Download a fresh copy of AVG 2013

Run

Choose custom install when prompted

Untick all option eg:Avg add on, e-mail protection, identity, additional installed languages and web browsing.

Once rebooted you will find AVG 2013 in the tray, but nothing installed.

Go to control panel, Program and features and unistall AVG, making sure you tick all features to unistall, user settings etc.

Once rebooted all traces will be gone including linkscanner.

Not bad for 2 hrs of wasted time.

I understand I originally didn't unistall all features but you should be able to unistall it at a later date.




Sunday, May 20, 2012

ATDMT Tracking Cookie Avg

Not happy SAM

Are you sick of getting those third party cookies, Avg 2012 prompts you after you open Internet explorer.

It looks like this.


Go to tools, Internet Option, Privacy and increase your security to high to eliminate those third party cookies.

Now go to Tools, Internet Options, Privacy, Sites.

Enter atdmt.com and any other site you want to block.



Go here to see which ones you are opted out of (you will need to scroll down the page a bit)







Click on select all

Saturday, May 19, 2012

Create Virus Scanner Cd

Want to create Bootable multiple Virus cd

New Version - http://www.sarducd.it/



Click on the blue download button on the right, if the download does start right click and select download.

On the left hand side check that the download is working


In some cases I found that once the download finished the ISO needed to be renamed to the default name so that the program could recognize it.

Just hover over the file to see the name it should be renamed to.


 Make sure you have set the ISO folder as all the ISO need to be in this folder

C:\SARDU_3\ISO

Click on Download then Select ISO Folder


Once all files are downloaded click on USB then Create USB

Make sure you have your USB plugged in



You will need to download : Shardana Antivirus Rescue Disk Utility : http://www.softpedia.com/get/CD-DVD-Tools/CD-DVD-Images-Utils/Shardana-Antivirus-Rescue-Disk-Utility.shtml


Be carful when installing it will prompt you a number of times to install other software including toolbars please press deny when asked.

Avg does pick it up on one Pc as virus this is a false positive, you may need to make an exception rule in Avg.

Once installed you can download the Iso's desperately through the program by clicking each virus / software button or see below for links to most of them.

Download some ISO's

avg : http://www.avg.com/au-en/avg-rescue-cd-download
Bit defender : http://download.bitdefender.com/rescue_cd/
Dr Web : ftp://ftp.drweb.com/pub/drweb/livecd/
F-secure : http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142
Kaspersky : http://www.softpedia.com/get/Antivirus/Kaspersky-Rescue-Disk.shtml
Avira : http://www.avira.com/en/download/product/avira-antivir-rescue-system
Panda : http://www.pandasecurity.com/resources/tools/SafeCD.iso (needs to go into extras folder)
escanrd : http://www.microworldsystems.com/download/tools/escanrd.iso
Microsoft defender offline : http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline (run the exe file then it will download as iso to pc)
Malwarebytes : http://www.malwarebytes.org/products/malwarebytes_free/ (needs to go into extras folder)
Gdata : http://www.softpedia.com/progDownload/G-Data-BootCD-Download-172207.html
Vbarescue : ftp://anti-virus.by/pub/vbarescue.iso
pctools : http://www.pctools.com/aoss/details/
Acronis Backup and Security : http://download.acronis.com/iso/AcronisAntimalwareScanCD.iso

You will find some files will download as an EXE, please see my blog on how to convert
an exe to iso : http://lozaelec.blogspot.com.au/2013/05/exe-to-iso.html


Install Shardu, look inside the installation folder you will find a folder named ISO.
Copy all the Programs/Virus Iso's into this folder.
Run the Sardu.exe file then on the right press the CD or the Usb stick.
It will take a while to create the necessary file.
Watch this for a tutorial : http://www.youtube.com/watch?v=ZnneGqdyTRc
Definitely worth a donation.



Sunday, February 19, 2012

Free Virus Scanners Tools

Updated Regularly

Ad-Aware - http://www.lavasoft.com/products/ad_aware_free.php

Avira - http://www.avira.com/en/support-download-avira-free-antivirus

Avast - http://www.avast.com/free-antivirus-download

Avast Anti-rootkit - http://www.bleepingcomputer.com/download/aswmbr/

Avg Free - http://free.avg.com/au-en/download

CCleaner - http://www.filehippo.com/download_ccleaner

ClenUp - http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69

ESET - http://www.eset.com/download/home/

F-Secure - http://www.f-secure.com/en/web/labs_global/removal-tools

HijackThis - http://sourceforge.net/projects/hjt/

Kaspersky Virus Removal  - http://www.kaspersky.com/antivirus-removal-tool?form=1

Microsoft Essentials - http://windows.microsoft.com/en-AU/windows/products/security-essentials

Private Eye : http://www.stevengould.org/index.php?option=com_content&task=view&id=44&Itemid=85

RectorDecryptor - http://support.kaspersky.com/downloads/utils/rectordecryptor.zip

Spybot - http://www.safer-networking.org/en/download/index.html

Hidden Virus Tool Comes With Windows 7

You probably didn't even know this virus tool was already installed on your system.

To open it go to Start then type run click on run then type "mrt"

Click yes to (UAC) User Account control windows if it appears

Click next

Choose quick or full or cust. scan , then next

Done, scanning will commence