Malware Removal Instructions

Skype virus: "this is a very nice photo of you" removal guide

2013-05-22T11:51:00.000-07:00

If you received a message from a friend saying: "this is a very nice photo of you" accompanied by a link (see image below) then your friend's computer is infected with malware. And if someone says that you're sending such messages to your friends then I'm afraid your computer is infected as well.

If clicked the link leads to a website which offers web storage space. It's a popular and safe site that is misused by cyber criminals to hide their illegal activity. So, even if the file comes from what you think is a safe site, please scan the file with your antivirus software before opening it. Or even better, upload it to virustotal.com. Besides, you can't really tell the exact file extension from the link. It looks like an image file but it actually isn't. It's a zip file containing a malicious executable program.

The malicious file is detected as BackDoor.IRC.NgrBot.42 (DrWeb), a variant of Win32/Kryptik.BBHQ (ESET-NOD32) and Trojan.FakeMS (Malwarebytes). Most anti-malware programs detect this virus as ransomware. The detection rate on VirusTotal is low. Once installed, it may download different modules, for example password stealing module or a BitCoinMiner. One way or another, it will either steal your passwords or CPU power. Of course, it will keep sending malicious links to you friends, that's the whole point - to infect as many PCs as possible. The virus is launched each time the PC starts from the AppData folder. You can find the file and remove it manually, however, to completely remove this is a very nice photo of you" Skype virus, you will have to install an anti-malware software. It's a harmful infection that is spreading malware and spyware modules, needles to say they have to be removed from the system as well. Social engineering works really well in this case. Very often, such Skype spam virus links receive thousands of clicks per hour. Remember to always keep your antivirus software updates, otherwise it's useless, as new infections appear each day. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Removal instructions:

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

3. Download recommended anti-malware software and run a full system scan to remove the remnants of this virus from your computer.

BrowserProtect.exe: What you need to know, how to remove it

2013-05-22T09:52:00.000-07:00

BrowserProtect.exe - Application Manager by PerformerSoft LLC

What is browserprotect.exe?

Browserprotect.exe is a part of the Application Manager by PerformerSoft LLC. It was originally developed by Bit89 Inc. First thing to note is that browserprotect.exe is not a technically a virus or malware, it's a potentially unwanted program (PUP). Avast, for example, detects this application as PUP.bProtector. Other antivirus programs detect it as a Trojan. It's a thin line actually but I would say it's a Trojan because it doesn't work as a backdoor and it doesn't steal passwords, etc. Once installed, this application changes default search engine and home pages in all major web browsers. BrowserProtect.exe*32 (Windows 8) protects those settings from changes. In other words, it may be difficult to change your home page or search engine provider, even it's Google or Bing. Some users notice that after they picked up this application their computers became sluggish. It may be associated with adware as well. Sometimes when uninstalling this application users get the following notification: 'browserprotect.exe has stopped working'. You may cause other problems too. All in all, it will do more harm than good, so I suggest you to remove browserprotect.exe from your computer.

Security Rating: Potentially Dangerous

File name: browserprotect.exe
Publisher: PerformerSoft LLC
File Location Windows XP: C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\[]\BrowserProtect.exe
File Location Windows 7: C:\ProgramData\BrowserProtect\2.6.1095.52\[]\BrowserProtect.exe
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'BrowserProtect'

Remove dnsbasic.com (Uninstall Guide)

2013-05-21T12:26:00.000-07:00

If your computer defaults to dnsbasic.com when you search through the address bar then you probably installed an application recently which may have also installed adware and this browser hijacker. As if we honest PC users didn’t have enough to watch out for such as spyware, malware, Trojan horses and rogue anti-virus software we also need to be on our toes and keep an eye out for dnsbasic browser hijacker. Whether you’ve heard of this or not, read on as we tell you a little more about what it is and how to remove it from your computer.

Firstly, let’s take a look at what browser hijacking means: your browser is either the home page that you see when you log on to your computer or the search engine that you use (Google, Bing or Yahoo for example). Fairly self-explanatory; hijacking means the same as it does in the regular definition of the word: it is taking something over by force – so in this case, it is your computer’s browser that has been taken hostage. It overrides existing search settings and changes the default search providers in all web browsers. DnsBasic.com even creates a process which runs in the background of your computer and obviously may impact the performance of the system.

It’s a typical day, you log onto your computer and hit the internet icon; the first page you see is your home page, be it your PC’s default page or one that you’ve set yourself, such as your email login for a favourite news or sports website. You then decide to look something up on the internet – perhaps that new restaurant that you want to try out tonight – so you go to one of the search engines but they’re new and their site is not online yet and you get an error page. What’s my point, you ask? Well, the point is that because, as seen above, these three pages are browsers, they are also vulnerable to browser hijacking.

But what does this hijacker actually do? Someone who is hijacking your browser is ultimately taking control of how it works and is configured – this often takes the shape of a new toolbar. They might also change what you see on your home page. This is sometimes known as a ‘drive-by download’ because the tool bar is installed without you being any the wiser – computers with poor security or no antivirus software are particularly in danger of this. Dnsbasic.com for instance, won't hijack your home page but it will change the way you search directly through the address bar or omnibox in Google Chrome. Search results are mixed with good and poor quality links. I wouldn't recommend using this search engine, especially when you can use Google or Bing instead.

At first glance your new search engine provider might not look so sinister – surely it’s just providing you with some extra functionality, right? Wrong: your new super-helpful search engine is actually there to redirect you to websites that you otherwise would probably have not clicked on.

In the majority of cases the dnsbasic.com will have been installed by downloaded software or shareware even from an infected email.

Dnsbasic.com can be tricky to remove, even for the techy guy at your local computer repair store, as the technology behind them is increasingly sophisticated, so it stands to reason that prevention is better than cure. Please use the following removal instructions to remove dnsbasic.com from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

DnsBasic removal instructions:

1. Uninstall DnsBasic from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

2. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove DnsBasic application and also other applications you have recently installed. Go into 'Installed programs' and sort them by date.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove dnsbasic.com from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the DnsBasic extension.

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove dnsbasic.com by clicking the "X" mark.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select dnsbasic.com from the list and remove it by clicking the "X" mark.

Remove dnsbasic.com from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove DnsBasic extension. Close the window.

3. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: dnsbasic

Now, you should see all the preferences that were changed by Dns Basic. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove dnsbasic.com from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove DnsBasic Internet Explorer add-on.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select DnsBasic and click Remove to remove it. Close the window.

What is cltmng.exe and how to remove it?

2013-05-21T10:50:00.000-07:00

cltmng.exe - Search Protect by Conduit

What is cltmng.exe?

cltmng.exe is a part of the Conduit browser hijacker which specifically targets Chrome and Firefox. It installs an extension that forces users to use Conduit Search (search.conduit.com). Needles to say, it's not essential for Windows and may cause problems. This application will prevent other competing web browser plugins from changing the home page and search settings that are created by Conduit software. It may block any attempt to restore your default search engine and home page. It may slow down your computer, especially when online. Besides, Conduit software displays ads on infected computers and redirects users to search.conduit.com when searching directly through the address bar. I recommend you to remove cltmng.exe from your computer.

Click to Run a Free Scan for cltmng.exe related errors

Security Rating: Potentially Dangerous

File name: cltmng.exe
Publisher: Conduit
File Location Windows XP: C:\Documents and Settings\[UserName]\Application Data\SearchProtect\cltmng.exe
File Location Windows 7: C:\users\[UserName]\AppData\Roaming\SearchProtect\bin\cltmng.exe
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'SearchProtect'

Remove Trojan.Zeroaccess!inf4 (Uninstall Guide)

2013-05-20T12:28:00.000-07:00

Trojan.Zeroaccess!inf4 can be used to monitor innocent persons, attack their computer, steal their files and personal data and make changes to their computer system. The term Trojan is more commonly associated with this kind of activity and is something that we all need to be aware of and to do our best to safeguard our information and personal details so that we don’t fall victim to identity theft and other crimes. You may have arrived at this page because your computer is infected with Trojan.Zeroaccess!inf4 which requires manual removal. To remove this Trojan from your computer, please follow the removal guide below.

This Trojan horse can be used for a wide range of reasons and for a number of activities on the unsuspecting owner’s PC or laptop system. Once installed, a hacker can use it to execute and access files, change system configurations, set up ports, log key strokes, monitor packets on the network, collect different user names and passwords so that they can create other personas and attack other computers using the victim’s whilst remaining incognito and monitor – or spy to put it more accurately – computer usage, software downloaded and websites browsed.

So how do you tell if you’re the victim of this trojan? If you are using Norton Antivirus or any other Symantec product, you will get a warning stating that one of your files, for instance services.exe, (Trojan.Zeroaccess!inf4) detected by Virus scanner and Auto-Protect. In other words, this means that services.exe contains threat Trojan.Zeroaccess!inf4. The risk is high. Unfortunately it’s just not that easy because the very point of rootkits is that they are undetectable by the user.

What do you do if you think you have been infected? Even if a computer expert has attempted to remove Trojan.Zeroaccess!inf4 manually, it is very difficult for them to tell if it’s gone completely, therefore most of them recommend that the only way to deal with the situation is to scan the system with anti-malware software.

There is no antivirus or security software than can keep all rootkits at bay but there are a number of steps you can take to protect yourself. Enabling a firewall on your computer is an excellent idea as is ensuring that you always have the latest updates for all your installed software. If you don’t have antivirus software installed, make sure you do it now and always keep that up to date too, with the latest versions and patches. Knowing who has access to your PC or laptop is important too so you might want to consider limiting user privileges, especially if you leave it logged in in a public place, work environment or if you have shared living arrangements.

As always, exercise caution when opening email attachments and accepting file transfers over applications and be careful when clicking on links to webpages, both on the internet and in emails. Downloading pirated software is a no-no too and whether it’s for bank accounts or something as seemingly harmless as your Facebook account, always use strong passwords.

Unfortunately Trojan.Zeroaccess!inf4 and ZeroAccess rootkit being used for malicious purposes are a feature of the internet landscape however with a little care and attention we can all do our best to try and limit the eventuality of becomes victims ourselves. The following instructions will show you how to remove Trojan.Zeroaccess!inf4 from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Trojan.Zeroaccess!inf4 removal instructions:

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

3. Download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this Trojan from your computer.

ibsvc.exe - Process Information

2013-05-20T09:00:00.000-07:00

ibsvc.exe - IBUpdaterService

What is ibsvc.exe?

ibsvc.exe is not essential for Windows and may cause problems. It's a part of InstallBrain Installer software (detected by antivirus companies as Adware.InstallBrain) that is used to install third party applications, for example Yontoo, PC Performer or Babylon. Usually, it's neither essential nor dangerous but it may cause high CPU usage and Windows errors. Since ibsvc.exe is an update service, it's configured to run automatically when Windows starts. The software this application installs or updates is very often classified either as adware or potentially unwanted software. ibsvc.exe is not a Windows file and it may slow down your computer, that's why I recommend removing it.

Click to Run a Free Scan for ibsvc.exe related errors

Security Rating: Potentially Dangerous

File name: ibsvc.exe
Publisher: InstallBrain Installer
File Location: C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
Program Path: C:\ProgramData\IBUpdaterService\ibsvc.exe

RCMP Ukash virus, help on how to remove

2013-05-20T08:25:00.000-07:00

RCMP Ukash virus is a ransomware infection. These days criminal computer hackers are becoming ever-more sophisticated in their attempt to scam normal members of the public out of their money, and the latest dirty trick in their books is known as ransomware. In particular police-themed ransomware targeting internet users from Canada. If this sounds like mumbo jumbo or gobbledygook then read as on as we explain what exactly this is, how it affects your computer – and of course how it can affect you and your bank account.

First of all with RCMP Ukash ransomware, the clue is really in the title. It’s software that holds you to ransom and demands a payment. Doesn’t sound very nice does it but how can a simple piece of computer software kidnap a human, and where do the police come into all of this?!

Normally when a computer virus attacks your PC or laptop it’s because you opened an infected email attachment or file. RCMP Ukash virus is slightly different; known as a ‘drive-by virus’ it can install itself on your machine simply by you visiting a website that has been compromised. What then happens is that you’ll be innocently looking at a friend’s photos on Facebook or shopping online and your computer will suddenly freeze. And this isn’t any normal case of having too many web browsers open or something crashing. You will then see a pop-up screen or message which for all intents and purposes seems to have come either from The FBI, if you’re in the United States, The Metropolitan Police, if you’re in the UK, or from the Royal Canadian Mounted Police if you’re in Canada.

So what does this window say? It will accuse you of having violated federal law for one thing and claim that you’ve either been caught looking at under age porn or have been known to have downloaded illegal music, software, movies or TV shows. It will also give you a handy list of what the fines and penalties for your ‘crime’ is and then give you comprehensive instructions of how to pay your fines, using a pre-paid card, so that you will ‘not have criminal charges filed against you’.

Some of these RCMP Ukash ransomware viruses even have the ability to turn your computer’s webcam on so that it takes a picture of you and displays it on your screen, making you think that you are somehow being watched or recorded. It is pretty scary stuff and the designs of these pages are often extremely sophisticated and believable. Especially if you may just have happened to download season six of your favourite television show! And don’t think that clicking the little ‘x’ in the corner of the window will get rid of the scary message: it won’t. Your computer will be frozen and seemingly the only way out of this mess is to pay the fine – which can often be an extortionate amount running into hundreds or even thousands of dollars.

What is important to know here is that no reputable national or international law enforcement agency would ask you to pay a fine or a penalty online – both The FBI and The Royal Canadian Mounted Police in Canada have stated this in reference to ransomware crimes, of which they are increasingly inundated with reports of. Unfortunately malicious software is a lucrative business and while there are people out there who will pay the financial fines, the hackers will keep on developing more and more devious techniques to fool us and get us to hand over our hard earned cash online.

So how can you protect yourself from this extremely unpleasant crime? First of all ensure that you have a reputable and top quality antivirus or security software installed on your PC and make sure that’s it’s always updated to the latest version. Secondly do not click on links that you don’t trust, or know – you could be just steps away from having malware installed on your computer.

Some ransomware viruses also hold your documents to ransom; freezing your computer or encrypting files so to minimize any damage or loss of data make sure you back up your files on a very regular basis.

And if you are unfortunate enough to fall victim to a ransomware or police-themed ransomware virus, whatever you do, don’t pay any money or enter any personal details! These sorts of viruses are notoriously difficult for even fairly technical home users to remove, but you can still attempt to remove the RCMP Ukash virus by following the removal guide below. The virus is not the same for everyone, so I can't guarantee that this fix will work for you, just give it a try.

One last thing to remember is that even if the virus has been removed and your computer fixed, the malware may still be running in the background so contact your bank and credit card companies, change your passwords and delete any non-essential personal details or documents that you may have stored on your PC. Finally, scan your computer with recommended anti-malware software to remove related malware from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Method 1: RCMP Ukash virus removal instructions using System Restore in Safe Mode with Command Prompt:

1. Reboot your computer is Safe Mode with Command Prompt. As the computer is booting tap the F8 key continuously which should bring up the Windows Advanced Options Menu as shown below. Use your arrow keys to move to Safe Mode with Command Prompt and press Enter key.

2. Make sure you log in to an account with administrative privileges (login as admin).

3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 2-3 seconds, the RCMP Ukash virus will take over and will not let you type anymore.

4. If you managed to bring up Windows Explorer you can now browse into:

Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter

5. Follow the steps to restore your computer into an earlier day.

6. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus.

Method 2: RCMP Ukash virus removal instructions using System Restore in Safe Mode:

1. Power off and restart your computer. As the computer is booting tap the F8 key continuously which should bring up the Windows Advanced Options Menu as shown below. Use your arrow keys to move to Safe Mode and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Once in there, go to Start menu and search for system restore. Or you can browse into the Windows Restore folder and run System Restore utility from there:

Win XP: C:\windows\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\windows\system32\rstrui.exe double-click or press Enter

3. Select Restore to an earlier time or Restore system files... and continue until you get into the System Restore utility.

4. Select a restore point from well before the RCMP virus appeared, two weeks should be enough.

5. Restore it. Please note, it can take a long time, so be patient.

6. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).

7. At this point, download recommended anti-malware software (direct download) and run a full system scan to remove the virus.

Method 3: RCMP Ukash virus removal instructions using MSConfig in Safe Mode:

1. Power off and restart your computer. As the computer is booting tap the F8 key continuously which should bring up the Windows Advanced Options Menu as shown below. Use your arrow keys to move to Safe Mode and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Once in there, go to Start menu and search for "msconfig". Launch the application. If you're using Windows XP, go to Start then select Run.... Type in "msconfig" and click OK.

3. Select Startup tab. Expand Command column and look for a startup entry that launches randomly named file from %AppData% or %Temp% folders using rundll32.exe. See example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

4. Disable the malicious entry and click OK to save changes.

5. Restart your computer. This time Start Windows normally. Hopefully, you won't be prompted with a fake RCMP screen.

6. Finally, download recommended anti-malware software (direct download) and run a full system scan to remove the virus.

Method 4: Manual RCMP Ukash virus removal instructions Safe Mode (requires registry editing) :

1. Unplug your network cable and manually turn your computer off. Reboot your computer in Safe Mode. As the computer is booting tap the F8 key continuously which should bring up the Windows Advanced Options Menu as shown below. Use your arrow keys to move to Safe Mode and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. When Windows loads, open up Windows Registry Editor.

To do so, please go to Start, type "registry" in the search box, right click the Registry Editor and choose Run as Administrator. If you are using Windows XP/2000, go to Start → Run... Type "regedit" and hit enter.

3. In the Registry Editor, click the [+] button to expand the selection. Expand:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Look on the list to the right for an randomly named item. Write down the file location. Then right click the randomly named item and select Delete. Please note that in your case the file name might be different. Close Registry Editor.

In our case the malicious file (pg_0rt_0p.exe) was located in Application Data folder. So, we went there and simply deleted the file. We're running Windows XP.

File location: C:\Documents and Settings\Michael\Application Data\

If you are using Windows Vista or Windows Seven, the file will be located in %AppData% folder.

File location: C:\Users\Michael\AppData\Romaming\

Finally, go into Windows Temp folder %Temp% and click Date Modified so the newest files are on top. You should see an exe file, possibly with the name pg_0rt_0p.exe (in our case it was exactly the same), but it may be different in your case. Delete the malicious file.

One more thing, check your Programs Startup list for the following entry:

[UserPATH]\Programs\Startup\ctfmon.lnk - C:\Windows\system32\rundll32.exe pointing to [UserPATH] \Temp\wpbt0.dll,FQ10 (or FQ11)

In our case it was ctfmon.lnk pointing to malicious file which then loads the fake ransom warning. Please note that in your case the file name might be different, not necessarily ctfmon.lnk. Simply disable or remove (if possible) such entry and restart your computer.

4. Restart your computer into "Normal Mode" and scan the system with legitimate anti-malware software.

5. Download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of virus.

Remove "You shall not pass" virus (Uninstall Guide)

2013-05-19T11:35:00.000-07:00

This page contains removal instructions for the "You shall not pass" virus. Once you're infected with this virus you won't be able to access Google, Facebook, Tumblr and some other popular websites. When you go to any of these websites, the virus will show you a picture of Gandalf saying You shall not pass. OK, so at first I thought someone is just trolling since the virus doesn't ask you to complete a survey or pay a ransom to restore access to these websites. The virus simply modifies Windows Hosts file. Web browser then loads "You shall not pass" notification from remote web server controlled by cyber crooks instead of your requested website.

I got this virus after downloading free Minecraft account generator. I was looking for this virus, so I had to download and install it but you shouldn't download such shady software. As you can see, such software drops malware on your computer, so don't take the risk. What is more, "You shall not pass" virus notification maybe be a sign of a very dangerous infection. You shall not pass virus fix isn't very difficult but it's not the only problem you have. If you downloaded some free Minecraft software etc., there's a good chance you also got this really nasty infection called Backdoor:Win32/Fynloski.AA. Just a few minutes after I removed the virus, I saw unusual web traffic. This backdoor Trojan was downloaded addition RAT components that were probably necessary to gain access to the compromised system and hide its presence from a security solution. Cyber crooks simply wanted to turn my test machine into a zombie computer, part of a botnet or maybe they wanted so steal sensitive information. One way or another, that's a huge security threat. While Gandalf "You shall not pass" notification might be funny, the other malware that maybe be installed along with it, isn't fanny at all. To remove You shall not pass virus from your computer, please follow the removal guide below. And don't forget to scan your computer with recommend anti-malware software. As I said, the situation may be a lot worse than you think. If you have any questions or suggestions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

"You shall not pass" virus removal instructions:

1. Download recommended anti-malware software and run a full system scan to remove this virus and related malware from your computer.

2. Reset Windows HOSTS file.

a. Close your web browser.
b. Go to: C:\WINDOWS\system32\drivers\etc
c. Double-click "hosts" file to open it. Choose to open with Notepad or any other text editor.

The Windows hosts file should look the same as in the image below (Windows XP). There should be only one line:

127.0.0.1 localhost (Windows XP)

127.0.0.1 localhost ::1 (Windows Vista/7/8).

If there are more lines, then remove them and save changes. Read more about Windows Hosts file here: http://support.microsoft.com/kb/972034

If you can't reset Windows Hosts file manually then download and run Microsoft Fix it tool and follow the steps in the Fix it wizard. If you can't download it, then simply delete Hosts file.

3. Download CCleaner and tidy up your computer, remove temp files, etc.

4. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

SnapDo.exe - Process Information

2013-05-19T08:43:00.000-07:00

SnapDo.exe - Smartbar by ReSoft LTD

What is SnapDo.exe?

SnapDo.exe is not essential for Windows and may cause problems. It's a part of Span.do browser hijacker. Very often, this application comes bundled with freeware and software downloaders. It works on all major web browsers. SnapDo.exe runs automatically at startup. Once installed, it modifies web browsers' preferences, changes default home pages and search providers and installs a browser helper object. Sometimes this process may cause high CPU usage and web browser crashes. It may also collect certain information about your computer and browsing habits. It's a potentially unwanted application, we highly recommend you to remove SnapDo.exe from your computer.

Click to Run a Free Scan for SnapDo.exe related errors

Security Rating: Potentially Dangerous

File name: snapdo.exe
Publisher: Smartbar by ReSoft LTD
File Location: C:\Documents and Settings\[User Name]\Local Settings\Application Data\Smartbar\Application\SnapDo.exe

Remove ad.xtendmedia pop-up "virus", removal instructions

2013-05-16T08:29:00.000-07:00

Instructions to remove ad.xtendmedia virus. A friend asked me to help to remove this "virus" from his computer. He said that his computer is infected with ad.extendmedia.com and also the search engine is changed to Delta Search. OK, so first things first, is xtendmedia really a virus? No, definitely not. It's an ad server, it's no different than Google or Yahoo servers. However, if you are getting obscene popup ads from ad.xtendmedia.com then there's a good chance that your computer is infected with adware or potentially unwanted application, for instance web browser add-on. Very often cyber crooks use adware and PUPs to show advertisements on infected computers willing to earn some quick money from advertising companies. They may even succeed because tracking click fraud and similar schemes isn't easy, even for leading companies.

These days there’s no escaping the constant stream of adverts that we are bombarded with in our day to day existences but it’s not just magazines and television that are constantly selling to us – even our computers are in on the act too!

Many websites run advertising, whether it’s banners for their own products or for another company, or Google ads. However you may have also noticed the increasing existence of pop-up adverts which thanks to advertising-supported software (normally known as adware) is a software package that downloads, displays or plays an advert for a product or service on your computer, including pop-up ads from ad.xtendmedia.

If we’re being honest the majority of us find pop-up ads pretty irritating. Most of us don’t give them any more than a cursory glance – normally followed with an irritable “Go away!” The strange thing is though that they must be at least a little effective because companies certainly seem to keep on using them as a means of advertising.

But that’s not all there is to adware and you shouldn’t be fooled into thinking that pop-ups are merely trying to sell you something as besides generating income for their creator, adware can also be used to install unwanted software – or worse, Spyware - onto your PC.

Spyware, as the name suggests is software which monitors, or more accurately, spies, upon you and it can have two functions: some spyware gathers data about your computer usage and which websites you use so that it can tailor further adverts to your interests (thus making you more likely to click on them) but other spyware has a little more than marketing in mind. Of course, this isn't the case because ad.xtendmedia doesn't collect any sensitive or personally identifiable information. But still, you should not the risks of adware and spyware infections.

Unscrupulous makers of adware that is bundled with spyware will either use this data to further their own gain or sell the information on to a third party. Malicious spyware can also corrupt the files and documents that you have stored on your computer.

It must be pointed out that not all adware is malware and when it isn’t being used to steal data it has most likely been created so that the developer of a website can recoup some of their costs. Sometimes it may be given to the user for free or at least at a reduced price with income being derived from the adverts meaning that the software developer is more likely to develop and maintain the software product and create regular upgrades.

Some adware might be what is known as shareware – also sometimes called trialware or demoware. Shareware is software which you will only be given a sample of for a limited time period. It is usually also only a ‘sneak preview’ of the full software package and used to whet our appetites and make us want to purchase the full package. Shareware software will hint at the amazing things that the real deal has to offer whilst giving us a little taster of the benefits we could experience if the full package was downloaded. Take email for example; an email program might have something called an adware mode integrated in their coding. You’ll download this new email inbox, enjoy using your account with all of its functions and benefits however once your trial period is up you’ll then be given three choices. Use your account as it now is in its diminished (and probably annoying!) version, get the full upgrade for free BUT with adverts and pop-up windows, or finally you can get the full version with all features and no adverts – but for a price.

So as we’ve seen some adware is simply irritating, some sucks us in to paying for something we perhaps never knew we wanted and could very likely get for free (should you really be paying for your email account…) and other adware is bundled with unwanted software such as spyware which can do great damage. So how do you protect yourself from the nuisance and potential danger caused by ad.xtendmedia? The answer is simple; install the best antivirus software you can find on your computer and make sure it’s always bang up to date! What is more, I will show how to opt-our from ad.xtendmedia service and how to disable digital identifiers and tracking cookies.

To remove ad.xtendmedia from your computer, please follow the removal instructions below. If you have any questions or suggestions, please leave a comment below. I will try to help you or answers your questions. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

ad.xtendmedia removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall recently installed web browser toolbars and other web browser add-ons. You should also remove recently installed software, especially freeware and shareware because there's a good chance that the popups and ad.xtendmedia redirects you are experiencing are caused by either these programs or web browser add-ons that came with them.

3. Opt-out from ad.xtendmedia here: http://xtendmedia.com/opt-out

Remove VisualBee, removal instructions

2013-05-15T09:36:00.001-07:00

This page contains removal instructions for the VisualBee Toolbar and VisualBee Search engine. Please use this guide to remove VisualBee from Firefox, Chrome and Internet Explorer.

Browser hijacking is both an irritation and a danger when using the internet these days and whether you’re being plagued by annoying pop-up adverts and windows or malicious software or coding which have taken over (i.e. hijacked) your browser, it’s probably safe to say that all of us have fallen victim to hijacking at some point in the not too distant past. While Visualbee advertises itself as a graphic designer for PowerPoint presentations some users think it's actually malware. Of course, it's not the same thing as spyware, trojans or rootkits. I would say browser hijackers can be fairly classified as potentially unwanted software.

But what is browser hijacking exactly and what will happen to you if you’ve been attacked? The term browser hijacking actually covers a number of different malwares - malicious software. Generally it is agreed by computer experts that browser hijacking software is an external code that changes your web browser settings, without either your knowledge or, in many cases, your permission. Most of the time, VisualBee gets installed along with other software. It can be really difficult to get rid of all references to VisualBee, so always "opt out" of any extras being installed.

When your settings have been changed you’ll no doubt then find that your home page has been changed too and that new favourite websites have been added to your desktop or favourites folder. In the majority of cases, these new ‘favourites’ will direct you to websites containing crappy content – which can be potentially embarrassing and difficult to explain to your significant other or your boss! Not only this but generally the hijacker will also have made system changes meaning that even if you change your computer settings back to your old home page, it will automatically revert back to the unwanted one. Typically, "VisualBee" appears on a new tab and redirects users to http://visaulbee.delta-search.com or search.conduit.com.

So how do browser hijackers install themselves on your computer in the first place, and what are the things you should be looking out for to limit the chances of it happening to you? In most cases a browser hijacker will exploit Microsoft Internet Explorer's ability to run ActiveX scripts directly from a web page. When used maliciously, you will often see a pop-up box which asks you if it can install itself on your PC. What you may not realise is that this is the hijacking program and should you give it the go ahead to install itself, Internet Explorer will then unwittingly execute the program – which then changes your settings.

In fact, the majority of browser hijacking programs will request your permission before installing anything – although this can be done in such a way that you don’t realise you’re giving them the right to install. For example if the ‘check box’ to give permission is already ticked, then you may be tricked into accepting is as you actually need to UN-tick the box to say yes, or vice versa. So, the lesson to be learned here is always read the small print in pop-up boxes and if a program requests permission to install itself on your computer while you are surfing the web, unless you are 100% sure what it is, always reject it. There are, however, many installers that will install VisualBee in Chrome and Firefox even when you opt-out it or cancel the installation.

Having said that, the really sneaky browser hijackers will further take advantage of security loop holes within web browsers and will install themselves completely without your knowledge.

Scary stuff but thankfully there are ways to avoid being hijacked providing that you take a few precautions. Read on and we’ll tell you how you can take steps to make sure the browser hijackers don’t get to you.

First things first and if you haven’t got anti-malware software installed on your computer you should do so right now (or as soon as you finish reading this article anyway!) Using a reputable anti-malware package will greatly diminish your chances of being hijacked by VisualBee, as will making sure that it is always up to date. You can also try using anti-malware 'auto protection' for further security. Consider keeping an anti-hijacking 'toolkit' handy for emergencies too – you can download one of these from the internet, the same way that you would with anti-malware software.

Changing your web browser security settings can help too – if your settings are set to their weakest you could be laying yourself open for attack.

Another thing to consider is changing your actual browser. Although you might really like Internet Explorer, or at least use it because it’s the one you’re ‘used to’ it might be worth considering stopping using it altogether. Because the majority of malware, spyware and browser hijacker programs are coded specifically for IE (thanks to the security lapses) switching browsers should stop them from affecting you, therefore it might be worth choosing an alternative such as Mozilla Firefox or Google Chrome. Even though, nowadays most browser hijackers works perfectly fine on all major web browsers but Firefox for example uses very strict rules to determine whether toolbars and search engines are malicious or not.

Finally, it may go without saying but use your common sense – don’t click on links in emails sent from someone who you don’t recognize and don’t click on pop-up ads or banners offering the latest ‘awesome’ free game, no matter how tempting it looks. If it’s too good to be true then it probably is.

To remove VisualBee toolbar and VisualBee Search, please follow the removal guide below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

VisualBee toolbar removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall VisualBee toolbar from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove VisualBee toolbar application and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove VisualBee from Google Chrome:

1. Click on Chrome menu button. Select Settings.

2. Click Set pages under the On startup.

Remove Visualbee Search by clicking the "X" mark as shown in the image below.

3. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

4. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select VisualBee Search from the list and remove it by clicking the "X" mark as shown in the image below.

Remove VisualBee from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove VisualBee toolbar extension. Close the window.

3. Click on the VisualBee Search search icon as shown in the image below and select Manage Search Engines....

4. Select VisualBee Search from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: visualbee

Now, you should see all the preferences that were changed by VisualBee. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove VisualBee from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove visualbee toolbar and visualbee Helper Object Internet Explorer add-ons.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select VisualBee Search and click Remove to remove it. Close the window.

Remove Mysearchdial, removal instructions

2013-05-13T12:15:00.000-07:00

If start.mysearchdial.com has taken over your browser, please follow this removal guide. This page contains removal instructions for the Mysearchdial search redirect and Mysearchdial toolbar. As if viruses, spyware, malware, Trojan horses and rogue anti-virus software weren’t enough to put up with, computer users need to also be aware of something called browser hijacking. Whilst this does sound rather ominous, having your browser hijacked can have a knock on effect that can run the gamut of simply being annoying to being downright dangerous.

Let’s take a look at what browser hijacking is first of all. When you log onto your PC and launch the internet, the first page you see is your home page, whether this is your computer’s default page, or you’ve changed the settings so that it’s a search engine or your favorite gossip or news website. When you’re searching for something on the internet, naturally you use a search engine such as Google or Bing. What do these three things have in common? They can all be hijacked by start.mysearchdial.com when you’re browsing the web or reading content online.

What this means is that a hijacker takes control of how your browser works and is configured – often in the format of a new toolbar. It may also change what is displayed on your home page. Some people refer to this as a ‘drive-by download’ due to the fact that if your computer’s operating system isn’t very secure, the toolbar will be installed without your knowledge. And whilst it may look as if it is there to help, what it will do instead is just redirect you to websites that you probably have no interest in visiting.

Most of the times, the Mysearchdial toolbar is installed by malicious computer code that is embedded in a web site or in online content that you’ve looked at, but it can also be caused by corrupt documents or files, by software or shareware that you’ve downloaded or even from an infected email.

The good news is that it’s not rocket science to tell if you’ve been the victim of browser hijacking as this isn’t a particularly subtle attack on your computer, unlike spyware which will remain hidden in the background and be virtually undetectable, even for experts. If your browser has been hijacked your home page may have been changed so that you’re seeing – at best - adverts and at worst pornographic images. When you search directly from the omnibox or the address bar you suddenly get results from start.mysearchdial.com instead of Google or any other web search engine of your choice. You will very likely also be bombarded with annoying pop-up adverts - some of which may have the ability to install spyware or other malicious software on your PC if you click on them. You’ll also find that your tried and trusted tool bar has changed and that a number of browser helper objects (BHO) may have appeared. A browser helper object is an application which extends web browser to enable increased functionality. Mysearchdial toolbar and extension definitely changes the way your web browser works. Here's a list of things it can do with your data:

Access your data on all websites
Read and modify your bookmarks
Read and modify your browsing history
Access your tabs and browsing activity
Manage your apps, extensions, and themes

You may also find internet shortcuts that you have no knowledge of saving having suddenly appeared in your favorites menu. Again, these short cuts will either direct you to sites that you don’t want to visit or alternatively they will be pulling the old spyware or adware trick and monitoring your browsing habits so they can compile a user profile on you and send you even more irritating adverts.

Having said that, not all browser helper objects are malicious. Take Google’s toolbar as an example; this includes a BHO when you install it. It is true that some features of the Google toolbar do collect data which is sent back to Google, however Google make this clear before you install it and give you the option of disabling it without uninstallation having a detrimental effect on the search capabilities.

However, Google is clearly a reputable search engine and if you have been hijacked, it is unlikely that the person or company behind the act has very honorable intentions. Take Surfbar (also known as Junkbar) for example; this is a browser helper object which is installed upon your machine without your knowledge or permission. It works by exploiting a vulnerable spot in Microsoft Internet Explorer and once in place it will change your chosen home page to its own. It then, very kindly, downloads multiple shortcuts (and we’re talking in the hundreds!) to adult websites to your desktop and into your favorites folder. Not only that but it will then install the decidedly un-functional toolbar which will direct you to many more. Of course, Mysearchdial doesn't exploit software vulnerabilities. Most of the time, it comes bundled with freeware and software downloaders.

Obviously the first thing you’ll want to do if you’ve had your browser hijacked is to remove the rogue software as quickly as possible, but do be careful as it can be tricky and is often not just a case of clicking ‘delete’ or ‘uninstall’. If a browser hijacker is not removed correctly there can be nasty knock-on effects ranging from programs no longer working to you finding that you can no longer connect to the internet. Therefore, if you have been hijacked by Mysearchdial and you’re not sure what you’re doing, please follow the removal instructions below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Mysearchdial removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Mysearchdial from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove Mysearchdial application and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Mysearchdial from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Mysearchdial extension:

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove start.mysearchdial.com by clicking the "X" mark as shown in the image below.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Mysearchdial from the list and remove it by clicking the "X" mark as shown in the image below.

Remove Mysearchdial from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove Mysearchdial and mysearchdial.com extensions. Close the window.

3. Click on the Mysearchdial search icon as shown in the image below and select Manage Search Engines....

4. Select Mysearchdial from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: mysearchdial

Now, you should see all the preferences that were changed by Mysearchdial. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Mysearchdial from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove Mysearchdial toolbar and Mysearchdial Helper Object Internet Explorer add-ons.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select Mysearchdial and click Remove to remove it. Close the window.

YontooDesktop.exe - Application Error - What is it?

2013-05-11T09:23:00.000-07:00

YontooDesktop.exe - Application Error is a Windows error message you will get if you try to install Yontoo adware that requires the .NET Framework to run, but your computer doesn't have it. Windows will give you the following explanation and error code: 'The application failed to initialize properly (0xc0000135)'.

You may get this error message every time you start Windows. To fix it, simply download and install .NET Framework from Microsoft. The question, however, is whether or not you should install Yontoo? It may display advertisements on your computer and change your default search engine. YontooDesktop.exe belongs to Yontoo LLC or Yontoo Layers Runtime. Most of its products are blocked by ESET, Kaspersky and other well known antivirus companies because they can monitor your activity and collect browsing habits. If you didn't install Yontoo but still get YontooDesktop.exe or similar error messages you should scan your computer with recommend anti-malware software. Very often this application comes bundled with other software, so it may be already installed on your computer without your consent and knowledge.

Click to Run a Free Scan for YontooDesktop.exe related errors

YontooDesktop.exe is not essential for Windows and will often cause problems.

Security Rating: Potentially Dangerous

File Location: %APPDATA%\Yontoo\yontoodesktop.exe

How to remove Chatzum, removal instructions

2013-05-10T09:39:00.000-07:00

This page contains removal instructions for the Chatzum Search (search.chatzum.com) and Chatzum toolbar. Please use this guide to remove Chatzum from Chrome, Firefox, Internet Explorer and Safari (Mac).

We all make decisions and choices in our everyday lives whether it is a life changing plan or simply what to eat for lunch. Most of also decide which internet browser, search engine or home page we use too. But what happens if someone else decides to choose that for you? For one thing it can be pretty annoying – after all you wouldn’t like it if someone told you what to eat at every meal – so why should someone else have the ability to choose which search engine or home page you use?

What is ChatZum? Authors say it's a Facebook social thumbnail photo zoom application. In other words, it makes thumbnails larger when you hover over them. Whether or not it's a useful feature I don't know. I'm not saying it useless too. If you like it, use it. All I want to say is that you should know what changes this software can make to your system and why it's classified as a browser hijacker.

At this point you may be wondering what on earth I’m talking about, so let me explain: browser hijacking. This is yet another annoying and potentially harmful phenomenon that we have to deal with when using our computers; so what exactly is browser hijacking, why would someone want to do it and what can it mean for you?

When you log onto your computer and click the internet icon the first thing you see is your home page. This could be your PC’s standard page, a search engine or your favourite news channel. When you look for something on the internet, you use a search engine – perhaps Google or Bing. And if you try to visit a website that’s no longer there you may well get an error page. All of these three things can be hijacked at any time whilst you’re surfing the web or accessing online content. Chatzum changes the way you use your web browser. Chatzum installs itself on Google Chrome, Mozilla Firefox, Internet Explorer and Apple Safari and appears as default search engine when you open your web browser or open a new tab. It also install Chatzum toolbar which not only occupies usable window space abut very often makes your web browser slower as well. Further more, when searching for something by typing a keyword in the address bar, it returns search results page from search.chatzum.com instead of Google search results page.

Basically the Chatzum Search will remotely take control of what is displayed on your home page and how your browser works and is configured - this is browser hijacking. In the majority of cases the changes are automatically actioned by malicious computer code from a web site or from content you have looked at online, but they can also be caused by corrupt files, by a program that you downloaded and ran or from an infected email.

So what is the purpose of hijacking someone else’s browser? More often than not the purpose is to direct you, the user, to a different website than the one you wanted to visit. The owners of this website will have paid the creator of the malicious code to hijack you in order to drive more traffic to their site. Simply put this is a very aggressive and intrusive form of marketing.

This is irritating sure, but not normally harmful to your computer although there are more extreme versions that may add bookmarks for adult content web sites to your saved bookmarks or will generate pop-up adverts for them. Obviously this can be embarrassing and could cause problems within relationships and at work.

There are yet other types of browser hijackers that come with software that you may not want, such as toolbars or freeware. Freeware can be annoying as it is often bundled with adware which creates those pesky little pop-up ads that suddenly appear while you’re trying to read something online or do some work. Adware can also actually do some real damage to your computer’s system. For example some adware tries to dupe you by creating a pop-up window that looks like a real Microsoft warning; you know the ones - you click ‘OK’ or ‘Cancel’ and they go away. But supposing that it’s not actually your PC creating that ‘Microsoft’ message but the adware? Most of us click ‘OK’ without giving it a second thought but by doing so you are giving the adware the green light to install itself on your computer instead of merely running in the background of the freeware.

So what will this adware do? First of all it will slow your operating system right down and make it unstable to use. It can also corrupt your files and even more worryingly it could become ‘spyware’ which as the name suggests monitors which websites you visit and your user habits. It does this so that it can create a ‘user profile’ about you and tailor the pop-up adverts accordingly – creating a viscous circle.

Spyware is even able to log collect information about your browsing habits and things you like. So, whilst freeware may sound perfectly innocent – and in a lot of circumstances it really is – chances are if it’s infiltrated your computer via a browser hijacker, it’s up to no good and the knock on effects can be immense.

So how do you prevent your browser from being hijacked by Chatzum? The thing is nothing can guarantee that you’ll be immune to falling victim to a hijacker, whether it’s simply directing you to a website you have no interest in (annoying) or installing potentially harmful freeware (dangerous). Thankfully there are steps you can take to protect yourself as much as possible. For example, make sure you have a reputable antivirus software package installed on your computer – if you don’t already, do it as soon as you’ve finished reading this article! - plus make sure it’s always the latest version and includes up-to-date patches. Antivirus software is the most important single thing you can use to protect your computer and your data.

If you want to remove Chatzum Search from your computer, please follow the removal instructions below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Chatzum removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Chatzum Search and Toolbar from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove Chatzum Toolbar application and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Chatzum from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Chatzum Chrome extension:

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove ChatZum Search by clicking the "X" mark as shown in the image below.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select ChatZum Web Search from the list and remove it by clicking the "X" mark as shown in the image below.

Remove Chatzum from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove Chatzum Toolbar Firefox extension. Close the window.

3. Click on the ChatZum search icon as shown in the image below and select Manage Search Engines....

4. Select ChatZum from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: chatzum

Now, you should see all the preferences that were changed by Chatzum. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Chatzum from Apple Safari

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove Chatzum toolbar Internet Explorer add-ons.

3. Select Search Providers. First of all, choose Live Search search engine or Google and make it your default web search provider (Set as default).

4. Select ChatZum Search and click Remove to remove it. Close the window.

Remove Chatzum from Apple Safari:

1. Go to Applications, double click on the ChatZumUninstaller.pkg and follow the uninstaller instructions.

2. Open Safari. Go to Preferences. Change the Default homepage to the page of your choice eg. Google.com

Remove Tuvaro, removal instructions

2013-05-03T12:32:00.001-07:00

This page contains removal instructions for the Tuvaro browser hijacker. Please use this guide to remove Tuvaro toolbar and searchbar from your computer.

Sometimes it seems that as innocent computer users we are subjected to attacks from malicious parties left, right and centre. You have probably heard of computer viruses and know not to click on the links in a suspicious looking email sent from someone you’ve never heard of, but what other things do we need to keep an eye out for to ensure that our computers, our personal information, our banks accounts and our identities are kept safe?

Here we’re going to take a look at browser hijacking; we’ll see what it is, where it comes from and most importantly, what you can do to help prevent it from happening to you.

So what exactly is browser hijacking? A browser can refer to the home page that you see when you log on to your PC, the search engine that you use (Google or Yahoo for example) or a blank page. Whilst hijacking is exactly what it sounds like – taking something over by force – i.e. in this case without the owner of the computer’s permission. Therefore in computer jargon, browser hijacking is the term used when the settings of a web browser have been modified by malware, spyware or by potentially unwanted software. In this case, potentially unwanted software installs web browser toolbar and set your home page and default search engine to tuvaro.com.

Malware is short for malicious software and it is used by hackers in a number of ways. Sometimes it will freeze your system and block access to your files – then often posing as rogue anti-virus software and charging you a fee to ‘get rid of the virus’ and unlock your files, on other occasions it will actually steal your files and documents, it can also be used to gather information about which sites you visit so that it can advertise more accurately in accordance with your interests, it may even log your key strokes and take screen shots so that personal data such as credit card information and passwords are collected. And as seen above, it may also be used to hijack your browser, more of which later. Basically malware is a broad term used to cover a number of intrusive and unwanted software. The good news is that Tuvaro doesn't come bundled with malware, so anyone who says that it's a virus or malware simply doesn't know what he's talking about.

Spyware – which is a form of malware - is as the name suggests software which monitors (or rather more accurately ‘spies’ upon) the websites you visit and your computer user habits. By doing so the spyware is then able to compile your ‘user profile’ and tailor adverts accordingly. It sounds fairly innocent and often is – however in worst case scenarios it can be used to create pop-up adverts which contain further malware. Of course because the adverts have been tailored to you in the first place there is a higher likelihood of you clicking on them. While Tuvaro isn't exactly spyware, it may collect certain information about your browsing habits.

So why would someone want to hijack your browser in the first place? Surely hackers don’t care whether you search for ‘things to do in Las Vegas’ or ‘cheap leather jackets for ladies’ in Google or not. Actually they do. If unscrupulous computer programmers can hijack your browser they will then either replace your home page, search engine page or the error page you sometimes get when a website isn’t available with their very own. Once you click on something or search for something you will generally then be directed to a particular website of their choosing. Or to put it another way, you will be forced to visit a website of their choosing. Instead of competing with Google directly, they simply change default search engine to tuvaro.com.

So far, so annoying but it isn’t quite so simple because although some browser hijackers are easy to reverse by simply changing your computer’s settings, some hijacking malware can be extremely difficult to remove. Not to mention the fact that these days as hijacking becomes more and more sophisticated, many of the latest browser hijackers won’t let you revert back to your original home page or internet browser through your PC’s Internet Properties. Furthermore many of today’s hijackers will write their programmes in such a way so that their settings will return even if you have rebooted your computer.

So what can you do to prevent your browser being hijacked and your search queries being sent not to a list of ‘what’s on in your area’ but to a site containing explicit adult content? If you haven’t already, you should install one of the well-known anti-virus software programmes on your PC for a start. And if you do already have anti-virus, always make sure that it is completely up to date.

Using a quality anti-virus provider is essential for preventing against all sorts of attacks, not just browser hijacking, and although most packages will remove the hijacker, you may even want to install a malware scanner which will have a browser or home page restore function so that you are able to go back to your preferred settings in the event that you are hijacked. These packages will quite likely have an alert too, so just in case you didn’t yet spot it, you’ll be told immediately if your browser has been hijacked. To remove Tuvaro from Chrome, Firefox and Internet Explorer, please use the guide below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Tuvaro removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Tuvaro application from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove Tuvaro Toolbar application and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Tuvaro from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Tuvaro Toolbar Chrome extension:

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove Tuvaro by clicking the "X" mark as shown in the image below.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Tuvaro from the list and remove it by clicking the "X" mark as shown in the image below.

Remove Tuvaro from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove Tuvaro extension. Close the window.

3. Click on the Tuvaro Search search icon as shown in the image below and select Manage Search Engines....

4. Select Tuvaro from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: tuvaro

Now, you should see all the preferences that were changed by Tuvaro. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Tuvaro from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove Tuvaro toolbar and tuvaro Helper Object Internet Explorer add-ons.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select Tuvaro and click Remove to remove it. Close the window.

Remove Win32:Malware-gen, removal instructions

2013-05-01T09:21:00.000-07:00

This page contains removal instructions for the Win32:Malware-gen infection. Please use this guide to remove this infection and any associated malware from your computer. If you have heard of the term 'Win32:Malware-gen' in relation to computers but are not quite certain what it is, what it means and how it can affect you, read on as we will explain what it is, how it attacks your PC or laptop, how you can protect yourself against being affected – and of course, what to do in the unfortunate event that you do contract the Win32:Malware-gen.

This particular infection very often means that your computer is infected with a Trojan horse. It might be any other type of malware because it's a generic detection but from my experience most of the time it indicates Trojan infection. Trojan horses are one of the nastiest forms of malware and can seriously threaten your computer’s security. The name comes from the Greek legend in which Greece won the Trojan War by hiding their warriors inside a huge, hollow wooden horse which they wheeled to the gates of the city of Troy, in order to ambush the unsuspecting city’s inhabitants. In computer terms, a Trojan horse is used to define a “malicious, security-breaking program that is disguised as something benign”. In simpler terms, if you download what you think is a music or movie file, and it is actually a Trojan in disguise you will have installed a program on your computer than can erase everything in your system, allow the author of the Trojan to access your computer and control it to attack other users. And perhaps most worryingly of all, it may collect all of your passwords, bank account details and credit card numbers, for instance if you contracted the Zbot malware.

So how does Win32:Malware-gen actually work and how does it infect your computer? Win32 Malware-gen is an executable program which means that when you open a file – the attachment in an email for example - it will perform one or more actions. Just as the Greeks fooled the city of Troy with their wooden Trojan horse, a computer based malware needs to somehow fool you to ensure that you execute it.

This malware will most likely be disguised as something that people want: perhaps a movie, TV series, music or a game. It can be downloaded from an archive on the internet, be obtained from a peer-to-peer file sharing website or simply from an email attachment. The nasty thing about Trojans and similar malware is that you don’t normally even know you’ve been infected and will probably only find out when your contacts complain to you that are trying to infect or attack them!

So how do you avoid falling victim to Win32 Malware gen? Firstly, make sure you have good quality and up to date antivirus software installed on your computer as this will scan all documents that you receive – even ones from senders that you know and trust. This is important as you never know if they have been unwittingly infected! Secondly never even open an email from an unknown source, let alone an attachment.

Even if the sender is a friend, you should still check what the file is before you open it. A lot of these infections spread via email contact lists or address books, so it’s always best to double check, firstly with your friend to see if they intended to send you a file and then to scan the file with your antivirus software. Many Trojans appear to come from a user as they impersonate the infected person once they have control of their computer, so double check. Better safe than sorry!

Lastly, no matter how tempting an executable email attachment might look – whether it’s purporting to be a trailer for the latest big Hollywood blockbuster, a hit song, or a must play game don’t be tempted to ‘just have a quick look’ as once you’ve clicked on it, if it’s infected, that Win32:Malware-gen will be already installed upon your computer and wreaking its damage.

The biggest question is probably whether you should repair your PC or laptop or reformat it. This can be a bit of a tricky decision because as tempting as it is to repair your computer without having to start from scratch and reinstall your system, even experts find it very hard to know whether the malware is completely removed and not still running, hidden, in the background.

On the plus side though the majority of the infections stem from the same few hundred currently-circulating Trojans so experts will be aware of them and able to remove them with the appropriate removal program. Be aware though that to reinstall your system or to clean your computer completely (or as completely as possible) can take anywhere from a couple of hours to several days.

Having said that it is probably best to try and repair your computer first as in most cases it is possible to completely remove Win32:Malware-gen. If the infection does keep returning, however, it is possible that it was not totally removed so you may want to think about deleting and reinstalling your system. If you think that your computer has been infected with Win32:Malware-gen, you should download recommend antimalware software and run full system scan. Very often users say that their antivirus found the infection but can't remove it, in such case please follow the removal instructions below. If you need help, leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Win32:Malware-gen removal instructions:

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

3. Download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this virus from your computer.

Remove ad.adserverplus.com, removal instructions

2013-04-30T10:56:00.001-07:00

This page contains removal instructions for ad.adserverplus.com. Please use this guide to remove hotstartsearch.com pop-ups and any associated adware from your computer.

If you're getting unwanted, intrusive pop ups that come from "ad.adserverplus.com" then your computer is almost certainly infected with adware or at least potentially unwanted software. As you probably already know adware displays advertisements and may be considered privacy-invasive. Usually, adware tracks your computer's web usage and then displays undesired ad pop ups or redirect you to unwanted websites. Ad.adserverplus is basically a web tracker or in other words a tracking cookie which is used to server advertisements on your computer. Some people say it's a trojan or even a virus but neither assumption is true. It's a tracking cookie. This article aims to explain just that. So firstly, what are cookies? Cookies are small pieces of data that log information when you visit a website. They are stored on your computer’s hard drive by the web server that hosts the website in question. The information that they collection can be only read by the website that owns them and not by anyone else.

But what kind of data are cookies collecting and what do they do with it? The info collected will be data that you have entered, settings you have customized and so on. The main idea behind collecting this information is to make your visit to that particular website a more personalized and user friendly one - thus making you more likely to visit again in the future. However, there are also tracking cookies that collect information about your browsing habits. Such cookies are later used by advertising networks to choose the most relevant (unfortunately not always) ads for you and display them through web trackers, for instance ad.adserverplus.com. Are tracking cookies a threat? Not nessecarily, but they are still considered privacy-invasive.

So what can a cookie do for me? Cookies are pretty useful: perhaps your home page allows you to customize the settings so that when you log on you instantly see the things you are interested in. Maybe you want football results but are not bothered about the weather, or perhaps you want to read the latest breaking showbiz gossip but not the main news headlines: set your preferences accordingly and they will be recorded in a cookie. This means that next time you log on, the website will read the cookie and show you football results or news about your favourite movie stars.

Cookies will also remember other default settings such as those used in your favourite search engines - the language settings and the way you like your home page, colour scheme and search results to be displayed.

Are you an online shopper? If you like to while away boring office hours browsing for the latest fashions or bestselling books, once you’ve decided to make a purchase, you’ll add it to your shopping cart. You may then return to the store and decide to continue shopping. Thanks to the cookie, when you finally decide you’ve spent enough and continue to the check out, your purchases will still be in your cart waiting for you.

Many online shopping websites, as well as blogs, forums and countless other sites will ask you to create a user ID and a password before you can make a purchase, leave comments on posts or access other areas of the site. These days, all of us are up to our eyeballs in passwords and ID’s, and it can be virtually impossible to remember all our different logins. That’s where cookies come in: if you let them, they’ll remember your info and automatically log you in when you hit enter. It can save you a few seconds of annoying repetitive typing too. So, as you can see, cookies are pretty useful but you shouldn't confuse them with tracking cookies.

So, if a tracking cookie has access to my personal data, is it safe? As cookies are designed only to be read by the website that created them they are considered safe with their only function being to provide a more convenient browsing experience. But we all know that most website owners allow third-party tracking cookies on their websites and this doesn’t stop some people being worried about their online privacy. Most of us are aware of the existence of cookies but they are rather ‘out of sight, out of mind’ so what else do you need to know about them?

Depending on which browser (i.e. Chrome, Firefox, Internet Explorer etc.) you use and depending on your computer’s operating system your cookies will be stored in a number of places. A quick search engine enquiry will tell you where to find yours if you’re not sure.

As well as saving your personal preferences, tracking cookies can also store personal information – your name, email address, physical address, telephone number and so forth - if you have entered them into an online form on a site which is using cookies. Although it is important to be aware that the technology used to create cookies means that the people who own the website cannot access or view any documents on your hard disk. They also can’t view cookies from other websites that are stored on your computer. But they can be used to display ads on your computer, and sometimes adware from http://ad.adserverplus.com can be misleading or even disturbing.

But what can you do if you are concerned about ad.adserverplus.com? If you are truly worried about data being collected from the sites you visit and potentially falling into the wrong hands, you should first remove adware and potentially unwanted applications from your computer. To completely remove ad.adserverplus.com from your computer please use the guide below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

ad.adserverplus.com removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall recently installed web browser toolbars and other web browser add-ons. You should also remove recently installed software, especially freeware and shareware because there's a good chance that the popups and redirects you are experiencing are caused by either these programs or web browser add-ons that came with them.

3. This company does not offer an opt out. You will have to block adserverplus cookies manually. To see how to do this, an online search will be able to guide you through.

Remove hotstartsearch.com, removal instructions

2013-04-29T11:50:00.000-07:00

This page contains removal instructions for the hotstartsearch.com browser hijacker. Please use this guide to remove hotstartsearch.com and any associated malware from your computer.

Hotstartsearch.com is a browser hijacker that changes web browser settings and returns low quality search results. Most of the time, it's buried in toolbars, ad-ons and freeware. If it has made itself your default home page and search engine provider then there's a good chance that it came with recently installed software, even if you downloaded the installer from Cnet or other more/less reliable software download site. Nowadays, they are heavily packed with toolbars, couponware and browser hijackers. I've lost count how many times I've said this before, but seriously guys, pay more attention when accepting 'offers' and similar stuff during the software installation process. If you don't care then you will certainly end up with some sort of unwanted software or even malware on your computer.

hotstartsearch.com is not necessarily malicious. It's just annoying. It changes web browser settings so that whenever you try to Google something and press enter it opens a new tab and puts your query in its own search box. This new tab is called "All Search". It actually ads a new search engine provider with the same name and replaces Google without your permission which is annoying and illegal at the same time. When it comes to search results, they are really worrying me. For example, a quick search for antivirus software gave me about ten or twelve results. I mean in total, not just the first page. Most of those results were clearly commercial. Honestly, I think the entire page was filled with paid ads. It seems that either they do not care about the quality, both search results and ads, or the website was simply designed to serve ads.

Such practice is indeed questionable and potentially dangerous because cyber crooks use weakly protected ad networks to serve malicious advertisements which redirect users to infected websites. Furthermore, it may collect information about your web browsing habits, including but not limited to search queries, location, ip address, etc. This information is used purely as a means of generating revenue for the creators of the browser hijacker. What is more, this data may be sold to third parties who will use it to display highly targeted ads while you're surfing the net. As you can see, it's not a reliable search engine and it may even cause some serious problems, so my advice is simple: remove it.

If you’ve been unlucky enough to be infected by hotstartsearch.com, and it can happen to the best of us, there are steps you can take to solve your problem. To completely remove hotstartsearch.com from your computer please use the guide below. If you have any questions or comments regarding this browser hijacker, leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

hotstartsearch.com removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Hotstartsearch and related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove recently installed application. As I said earlier, this application is rarely listed as Hotstartsearch in the currently installed programs list.

Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove hotstartsearch.com from Google Chrome:

1. Click on Customize and control Google Chrome icon. Select Settings.

2. Click Set pages under the On startup.

Remove hotstartsearch.com by clicking the "X" mark as shown in the image below.

3. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

4. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select All Search (hotstartsearch.com) from the list and remove it by clicking the "X" mark as shown in the image below.

5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://hotstartsearch.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file. Nothing more.

Remove hotstartsearch.com from Mozilla Firefox:

1. Click on the All Search search icon as shown in the image below and select Manage Search Engines....

2. Select All Search from the list and click Remove to remove it. Click OK to save changes.

3. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: hotstartsearch

Now, you should see all the preferences that were changed by hotstartsearch. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://hotstartsearch.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.

Remove hotstartsearch.com in Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select All Search and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://hotstartsearch.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.

6. Finally, go to Tools → Internet Options and restore your home page to default.

How to remove ib.adnxs.com, removal instructions

2013-04-25T11:16:00.000-07:00

This page contains removal instructions for ib.adnxs.com pop-up ads. Please use this guide to remove ib.adnxs.com and any associated adware/tracking cookies from your computer. Cookies: we’ve all heard of them but what are they, where are they, what do they do and most importantly of all; are they good or bad or do they just sound kind of tasty!?

Read on as we’ll attempt to explain everything you need to know about these mysterious sounding tracking cookies and also about web trackers in general.

First of all; what is a cookie? A cookie is a little file which has been stored on your hard drive by a web server. If that sounds a little technical, put simply, web servers host websites and if you have just visited a site that has cookies, then the server will have stored one on your computer. But why? And what does a cookie do? Cookies collect and store information about your visit to that site – this might be data about when you last visited the site, it might be your name and address if you entered them into an online form – perhaps, say, when you were booking a hotel room – it may also store data about which pages you visited and which products you showed interest in by clicking on.

lax1.ib.adnxs.com popup displayed on the infected computer. I installed a potentially unwanted web browser extension and after a few minutes similar pop-ups began to show up on my computer.

Other information collected by the cookie may include what time you visited the website, which internet browser you use (i.e. Firefox, Internet Explorer, Google Chrome etc.) or your IP address – the unique number that identifies your computer when it is connected to the internet.

If this all sounds a little ominous, there is no cause for alarm as cookies are harmless. The technology used to create them means that they are a simple text file which cannot be read by anyone other than the owners of the website in question and they cannot be used as a means of accessing files on your hard drive or otherwise damaging your operating system.

From remembering items you’ve placed in your shopping cart when buying online, to allowing you to customize your home page so that you see the latest weather report in your chosen city, to remembering user ID’s and passwords when you log in to websites you use often, cookies are there to make your user experience a more convenient one. And of course, the more convenient and personalized a website is, the more likely you’ll be to go back and visit it.

Some people are quite rightly concerned about online privacy and these days it’s just as well to be cautious when entering personal information over the internet, although cookies are agreed by experts to be safe. There is, however, a slightly different type of cookie which is also something to be aware of and this is called a tracking cookie – also known as a third party cookie. This is a cookie that has been stored on your computer’s hard drive by a web server hosting a website that is merely affiliated with one that you have visited by choice. In the majority of cases, this will be a company that provides adverts for a large number of websites. In this particular case it's ib.adnxs.com which is run by AppNexus.

Companies who use tracking cookies do so in order to create a picture of how you surf the web: which types of sites you visit and so forth. The good news is that they are not able to track each and every site that you visit – only the ones that have their adverts on a site. You may find that some users say they got infected with ib.adnxs.com virus. The problem is that some of its clients try to increase revenue by displaying popup ads on users's machines, and of course what they will see is an ad loaded from ib.adnxs.com ad server. Sometimes, AppNexus web tracking servers experience technical difficulties or can't properly serve ads, this is when waiting for ib.adnxs.com information may appear at the bottom of your web browser. Some users think that maybe there's something suspicious going on and someone is trying to loads malware on their computers. Don't worry, it's not a virus. It simply tries to load ads from one of its web servers, for instance nym1.ib.adnxs.com, ads.ib.adnxs.com and many others.

It could be argued that this is an invasion of your privacy however, just like regular cookies, they are still text files and are not created with technology that allows them to view or capture files from your hard drive - and they definitely are not able to install malicious software that steals personal data or infect your PC with a virus.

It is inevitable that you end up with tracking cookies on your computer if you spend any amount of time browsing the web but there is no real cause for concern as they can easily be deleted from your system. If you are not sure where to find cookies on your computer, please follow the removal instructions below.

You can also prevent both cookies and tracking cookies from being stored on your PC in the first place. Your browser will have options which allow you to change the cookie settings but because cookies are convenient and do enhance your user experience it’s not really recommended to turn them off completely so you might prefer to still allow normal cookies but turn off third party tracking cookies. Turning off the third-party cookies should not affect your ability to customize your home page or stop websites you use frequently from loading conveniently stored data such as your name, address and telephone number if you are shopping online or making a booking.

So to summarize, cookies are not dangerous, they do not steal files, they do not install malware and they can only be read by the website owners that they belong to. Tracking cookies are also harmless and both types can be deleted from your computer or turned off according to how you feel about them.

If you are having ib.adnxs.com popups on your computer, please follow the removal instructions below. Very often, it's a sing that your computer is infected with adware or potentially unwanted application. If you have any other questions or maybe you would like to share the removal method that worked for you, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

ib.adnxs.com removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall recently installed web browser toolbars and other web browser add-ons. You should also remove recently installed software, especially freeware and shareware because there's a good chance that the popups and redirects you are experiencing are caused by either these programs or web browser add-ons that came with them.

3. Opt out of interest-based advertising, see this: http://appnexus.com/platform-policy#choices

Remove Hola Search, removal instructions

2013-04-24T11:02:00.000-07:00

This page contains removal instructions for the Hola Search browser hijacker. Whether or not you’ve heard of the term browser hijacker you will have no doubt as an internet user come across it in one of its shapes or forms, and you may have even been unlucky enough to become a victim of it, even if you were not aware at the time. So what exactly is a browser hijacker, how does it find its way onto your computer and how do you become a victim?

Hola Search is a pseudo search engine that is installed onto your computer via advertisements and downloaded games or software. We’ve all seen the free games “play online now!” they scream and of course we’ve all seen adverts dotted all over our favourite websites. Online adverts can come in many different formats, from banners that are fairly non-intrusive and relevant to the website they are on to extremely annoying pop-up windows that suddenly appear on your screen, no matter what you are browsing or doing online at the time. Some adverts include words in their text that are underlined and hovering with your mouse over one of these words – even unintentionally – can cause a pop-up window to appear.

OK, so far, so annoying but many online adverts have a more sinister reason for existing and that’s not just to get you to play the free game that they’re so kindly offering you, and that reason is to install the browser hijacker on your computer which then redirect users to either paid search results via http://www.holasearch.com or simply display ads on its front page. But how do you get Hola Search on your computer and what does it do?

Its intentions are often less than honourable. It is normally downloaded without you being any the wiser. Hola Search is often bundled with other software that you actually want to download. For example, let’s say you want to download a file-sharing program that lets you share TV shows, movies or music with other users, because a lot of this type of free sharing (freeshare) software has adware packaged with it, when you download the freeware, you’ll also be unwittingly downloading the browser hijacker and probably some other adware as well.

And it’s not just ‘dodgy’ or disreputable software that can contain HolaSearch, you might be surprised to know that some of the most well-known applications have browser hijackers and adware packaged with them. For example some search engines, online games, news headline updates, instant weather reports, novelty mouse pointers, funny emoticons, desktop and background themes and programs that promise to help your computer run more quickly may all come with adware, browser hijackers and toolbars.

The majority of the time, when you download software, you’ll have noticed that you get seemingly endless small windows which you need to click ‘next’ or ‘continue’ on to get to the point where you can start downloading the software. This is called the End User License Agreement, or the EULA. Often the EULA will actually mention that third-party search engine or adware is bundled with the software in the small print, however, how many of us actually read the text on these windows and just click through them barely glancing at them because we’re so eager to download the software that we need? Clicking ‘I Agree…’ to download this software in effect means that you are also agreeing to download adware and whatever else it offers.

So, why should you be bothered about adware and browser hijackers? It’s annoying sure, can really get on your nerves, but some browser hijackers can actually be extremely malicious. I mean you can really know how they ensure that only quality ads are being displayed, and from what I've seen so far, they actually pushing some really dodgy applications, not necessarily malicious but potentially unwanted for sure.

So what does it want with my computer and what will it do? Apart from often making your system run more slowly, this browser hijackers can modify Windows registry, make your operating system unstable, and in the worst case scenario it will take on the form of ‘spyware’. Spyware, as the name suggests is software which monitors which websites you visit and your computer user habits. This is exactly what Hola Toolbar web browser add-on does. It asks for permission to collect data and send it to third-party advertising networks. It does this so that it can create a ‘user profile’ on you and then tailor the adverts accordingly. Let’s say you spend a lot of time looking at fashion blogs or clothing stores on the internet. The adware/spyware will know this and you will start seeing pop-up windows that, let’s say, are advertising a sale on leather jackets. This has the knock-on effect of making you more likely to click on it out of interest henceforth increasingly the chances of installing more adware. Please note, I'm not saying that this toolbar can steal your password or any other personally identifiable information.

As seen, some browsers hijackers are malicious and some are merely annoying. The latter is used purely as a means of generating revenue for the creators of the software. This data will then be sold to third parties who will use it to display highly targeted ads while you're surfing the net.

It’s scary stuff so if you want to minimize the risk of this happening to you, make sure you always read the small print on those EULAs and if adware is mentioned, stop and think if you really want to put yourself at risk. To completely uninstall Hola Search from your computer please use the guide below. If you have any questions or comments regarding this browser hijacker, leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Hola Search removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Hola Search application from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the Hola Search Toolbar and BrowserProtect applications and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Hola Search from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Hola Toolbar and BrowserProtect Chrome extensions:

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove Hola Search by clicking the "X" mark as shown in the image below.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Hola Search from the list and remove it by clicking the "X" mark as shown in the image below.

Remove Hola Search from Mozilla Firefox:

1. Click on the Hola Search search icon as shown in the image below and select Manage Search Engines....

2. Select Hola Search from the list and click Remove to remove it. Click OK to save changes.

3. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: hola search

Now, you should see all the preferences that were changed by Hola Search. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Hola Search from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Hola Search and click Remove to remove it. Close the window.

Remove Portaldosites, removal instructions

2013-04-17T10:15:00.000-07:00

This page contains removal instructions for the Portaldosites browser hijacker. Please use this guide to remove Portaldosites and any associated adware from your computer. Most of us have seen browser hijackers and adware, even if we’re not familiar with the terms. The truth is, both terms are closely related because scammers hijack web browsers to push their ads or misleading products. Of course, technically each threat is different. In short, browser hijacking is the method and adware is the goal. So what is adware, how do I know if I’ve seen it, and why should I even care, you ask? Well adware is a compound of two words: advert and software. So, adware is basically adverts in software format. But why would an advert be software? Surely it’s just something that appears on your laptop screen or computer monitor. Well, it’s not quite as simple as that. Let me explain.

Have you ever been browsing the internet just as normal - you’ve looked at the usual websites, and at nothing ‘untoward’ but then the next time you log on, your browser’s homepage has been changed from, say Google or Yahoo, to one that you’ve never seen before, in this case it's portaldosites.com? You may also notice that you have a program that you don't recall installing on your desktop.

Welcome to the wonderful world of adware. Unfortunately adware is all over the internet, and its intent is to take control of your PC for someone else’s gain. The majority of adware is concealed inside ‘free’ downloads – for example games - and in pop-up adverts. You’ve probably seen adverts on the web that have underlined words in their text. When your cursor hovers over these words pop-up windows appear, trying to tempt you to click on them.

Once you’ve downloaded the game or clicked on the pop-up, the adware will install software on your computer’s system which allows the author of the software to steal and corrupt your files and data (such as passwords and credit card details) and even also attack other computers whilst hiding behind yours to do the same to their users.

Some adware simply switches your browser’s home or search engine so that it redirects you to sites that it wants you to visit, which although perhaps not a threat to your PC’s security, can be very annoying and time consuming. Of course not all free downloads are malicious and not all adverts or pop-ups are created to try and hijack your computer by installing software, but malware (i.e. malicious software) does exist in these formats and therefore you should pay close attention to exactly what you are downloading, the licensing agreement of free downloads plus your web browser’s security settings.

So how do you take control of your computer and stop it firstly, redirecting you to portaldosites.com or sites you don’t want to visit, and secondly and most importantly, ensure that no-one is stealing your data or maliciously corrupting your operating system? Unfortunately this is easier said than done because adware is normally integrated with your system to be hidden and installed in such a way that the average computer user will not be able to remove it. Modern malware can even be extremely tricky for those who do have technological know-how to remove as it will be hidden in an area of the system that is difficult to access.

So how do you protect yourself from falling victim to adware? One thing to do is to ensure that you always read the EULA – the End User Licensing Agreement - before you install any software, especially free software as this is most likely to be bundled with adware, but the rule applies to reputable programs too.

You should also be extremely wary when opening emails from unknown senders – and in particular never open a document or download a file from someone you don’t know as it may be adware in disguise. If someone has sent you an offer, free game or free software that seems too good to be true, it probably is.

However, as described above, not all pop-up windows and free software are malicious – there really are some great free games and software available on the internet, but there can be a lot of bad guys out there too and some adware is even designed to track your internet usage so that the ad banners (that create the nasty pop-up windows) can be targeted towards you, making it more likely that you will click on them.

So when you look at it that way, is it really worth clicking on that pop-up advert purely out of boredom, or downloading that awesome looking freebie bubble popping or poker game? Probably not. Identity theft and financial theft are two incredibly serious crimes which can take months, even years to recover from. The rule of thumb: if in doubt, do not click.

If you've been having trouble getting rid of this pesky virus called "portaldosites" which apparently is just a parody web search engine, please follow the removal instructions below. If you have any questions or comments regarding this infections, leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Portaldosites removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Portaldosites and related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove eSave Security Control, Portaldosites toolbar, New Tabs Uninstall, Desk 365, BrowserProtect and any other recently installed application. As I said earlier, this application is rarely listed as Portaldosites in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.

Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Portaldosites from Google Chrome:

1. Click on Customize and control Google Chrome icon. Go to Tools → Settings.

2. Click Set pages under the On startup.

Remove portaldosites.com by clicking the "X" mark as shown in the image below.

3. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

4. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Portaldosites from the list and remove it by clicking the "X" mark as shown in the image below.

5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://www.portaldosites.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file. Nothing more.

Remove Portaldosites from Mozilla Firefox:

1. Click on the Portaldosites search icon as shown in the image below and select Manage Search Engines....

2. Select Portaldosites from the list and click Remove to remove it. Click OK to save changes.

3. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: portaldosites

Now, you should see all the preferences that were changed by Portaldosites. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.portaldosites.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.

Remove Portaldosites in Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Portaldosites and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.portaldosites.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.

6. Finally, go to Tools → Internet Options and restore your home page to default. That's it!

Remove Ads by Browse to Save, removal instructions

2013-04-17T08:39:00.000-07:00

This page contains removal instructions for the 'Ads by Browse to Save' adware . Please use this guide to remove Ads by Browse to Save and any associated malware from your computer. You may have heard the term ‘adware’ and not be entirely sure what it is, and if so here we’ll attempt to explain exactly what adware is, how it can harm your computer and compromise your personal identity and – most importantly – how to prevent yourself from becoming a victim of it and what to do in the event that you do have a problem.

You know those somewhat annoying advertising banners, pop-up windows or situations when you’re suddenly redirected to a website that you have no interest in viewing? This is adware. Browse to Save adware is basically unasked for software that attempts to display adverts when you’re using your PC. OK, they’re annoying but surely they’re just trying to sell you something - albeit something you’re not interested in buying? But adware can be a little more sinister than merely an unwanted ad for the latest ‘must-play’ online poker game.

Browse to Save browser add-on is often – not always – but a lot of the time integrated with spyware. And spyware is a malware, or malicious software, which can actually do a lot of damage both to your computer and to you personally. Spyware, as the name suggests spies upon your computer usage, noting which websites you are visiting. Important: it doesn't steal your passwords and any other data. It only logs your browsing activity. This information is then recorded and sent to third party users and used to display ads on the website you visit, whether it’s something as basic as your Facebook or Twitter profile or the largest media/news site. For example, it may injects ads on such popular sites as about.com, see the image below.

Click to Continue > by Browse to Save

Some people say, oh well, site owners are trying to earn some extra money but if you are seeing Ads by Browse to Save then your computer in infected and it has nothing to do with the site you're visiting.

Furthermore, Browse to Save virus does not display ads on each page, so sometimes you may not even notice that it's installed on your computer. A few ads there and here probably won't make any difference but when all of sudden youtube.com is filled with five or more ads on a single page, you must realize that your computer is infected with adware.

However, some of the more obvious signs that you have been infected to look out for include pop-up advertisement windows suddenly appearing on your computer, being redirected to websites that you haven’t clicked on or have no interest in visiting whilst you’re surfing the internet, trying to open computer programs and them failing to launch, your computer running considerably slower than usual, and if you’re using a PC, you might find that you are unable to install Windows updates.

Any and all of these indicate that you may have been infected by Browse to Save so it is well worth checking your computer system. As mentioned though, it can be very hard to detect malicious software, so if you’re not a technical whizz, take your PC or Mac to an expert and have them check it out. Some of these symptoms may seem harmless – annoying but harmless – but they can be a vital indication that there is something seriously wrong with your computer and the last thing you want is to have your personal files stolen or your bank account accessed, so do check.

Finally, supposing your computer is infected; then what to do? Even if you’re not completely sure and you are tempted to think ‘it’s only a pop-up advert’, stop using your computer right away and remove Ads by Browse to Save virus from your computer. Please follow the removal instructions below.

So, to sum up: don’t become of victim of malicious adware: install reputable antivirus software on your computer, make sure it’s always up to date, be careful what you’re clicking on – and back up your documents before it’s too late.

If you still have problems removing Ads by Browse to Save, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Ads by Browse to Save removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Browse to Save application from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the Browse to Save application and other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Ads by Browse to Save from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Browse to Save Chrome extension:

Remove Ads by Browse to Save from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Click Remove button to uninstall Browse to Save Firefox extension. If you can't find the Remove button, then simply click on the Disable button.

Remove Ads by Browse to Save from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons. If you have the latest version, simply click on the Settings button.

2. Select Toolbars and Extensions. Click Remove/Disable button to remove Browse to Save from Internet Explorer.

Remove Win32.downloader.gen, removal instructions

2013-04-14T09:20:00.000-07:00

This page contains removal instructions for the Win32.downloader.gen virus. Please use this guide to remove Win32.downloader.gen and any associated malware from your computer. Ok, so, most of us have heard of the term ‘Trojan Horse’ in relation to computer viruses but if you are not sure what exactly a Trojan horse is and how it infects your PC you might be want to know a little more about it. In this article we will take a look at what exactly a Trojan downloader is and, more importantly, how you can protect yourself and your data from being infected and corrupted.

Firstly, how does a Trojan horse infect your computer? Well it may be hard to believe but you actually play a part in the infection yourself because for a Trojan horse to do its damage, you actually need to install the client part of the application yourself. Sounds crazy, doesn’t it? Why would you physically take steps to infect your own computer, you ask, and quite rightly so. Well this is where the malicious intent behind the Trojan comes in to play as the creator of it needs to somehow convince you to download the application.

Typically this is done by social engineering – what this means is that the author of the Win32.downloader.gen will manipulate and convince you to perform an action or to divulge personal information somewhat unwittingly or against your will. Another way of getting you to install the Trojan horse on your computer system is to send you it in an email, with the hope that you will open the attachment. And this is precisely why it is called a Trojan horse; because you have to run the .exe file in order to install the program on your computer. Whether you do this knowingly or unknowingly is irrelevant, but the end result will be a nasty infected PC or laptop.

Although people often call it such, it is precisely because of this that a Trojan horse cannot be classed as a virus; because viruses reproduce on their own. As soon as you have executed the program, the application belonging to the Trojan will be installed and will immediately start running automatically every time you log on to your computer.

Win32.downloader.gen can quite literally spread like online wildfire as the majority of their developers like to spread them via email. They will send out possibly hundreds, or maybe even thousands of emails to a random selection of people via spam email and anyone who opens the email and is then unlucky or incautious enough to download the attachment will end up with an infected computer system.

Did you know that your computer can become a zombie? And no, we’re not talking about one of the walking dead from a TV show or movie. It doesn’t even have to be a person sitting at their computer and maliciously emailing their Trojan horses to unsuspecting users. It could actually be your very own computer that is at fault! If your computer system has already been infected, the person responsible for the Trojan horse in the first place may have sent you, amongst other victims, a Trojan that has turned your PC into a so-called ‘zombie computer’, meaning that they are actually in control of your system! As its name suggests, this particular Trojan will download and install additional malware onto your computer, that's why it's called downloader. Of course, it can easily install spyware or DDos modules or even Bitcoin mining trojan. This type of Trojan horse is particularly nasty because you will very likely be completely unaware that you are being remotely controlled by a hacker who will in turn be using your computer to send out more Trojans or viruses. This will eventually create an entire network of zombie computers, all at the mercy of the malicious hacker. These networks are called botnets.

If all of this sounds like something from a science fiction horror movie, don’t panic because there are steps you can take to protect yourself from becoming the victim of Win32.downloader.gen – or becoming the owner of a zombie computer. First of all, you should never even open an email from a sender that is unknown to you, and you should most definitely not download any attachments included in an email from an unknown sender either. Most spam messages will probably find their way directly to your junk email folder anyway, but don’t be fooled if one does slip through the net and make it to your inbox. If it doesn’t come from someone you know, if in the slightest bit of doubt, delete it.

Another thing to do is to make sure you have reputable – and up-to-date antivirus software installed on your computer as this will scan all of the files that you download, even ones from someone in your contact list. Furthermore, make sure your software and OS is up-to-date as well. This can be easily done using Personal Software Inspector from Secunia. If you do suspect that you’ve been infected with Win32.downloader.gen, you should download recommend antimalware software and run full system scan. Very often users say that their antivirus found the infection but can't remove Win32.downloader.gen, in such case please follow the removal instructions below. If you need help, leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Win32.downloader.gen removal instructions:

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

3. Download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this virus from your computer.

Qvo6 Removal, How To Uninstall

2013-04-12T11:12:00.000-07:00

This page contains step by step removal instructions for the Qvo6 browser hijacker/adware. At first glance it may look like a typical browser hijacker and technically it is but I think we shouldn't forget the main goal of browser hijacking - advertising. It's not a secret that scammers hijack web browsers in order to promote their search engines or other services as well as display ads. In this day and age we are all used to advertising being part and parcel of our everyday lives but it’s not only billboards and TV advertising that aim to influence the things we buy as now even our computers are used to target us and try and tempt us to click and spend. So, browser hijacking is not only unethical practice but also potentially malicious.

Qvo6 is promoted mainly through software download websites and freeware. Once installed, this browser hijacker will make http://www.Qvo6.com your homepage. It will also come up when you open new tab. Searching directly from omnibox in Google Chrome or from address bar will load results from entirely different search engine search.globososo.com. If you will use Qvo6 custom search it will surprisingly redirect you to Google search engine.

You most probably know these adverts as pop-up boxes, and let’s be honest, most of us find them pretty annoying. Do you actually pay any attention to pop-ups or do you just close them instantly? However they must be effective in some way as they are increasingly used and show no signs of abating. So what is the point of browser hijacking and adware? Basically its function is to generate revenue for its creator or author and whilst adware alone does not do any damage to your computer.

The spyware, which is software that is intended to gather information about the way you use your computer; which websites you visit and so forth, is designed so that you don’t know it is there and it will be integrated with the adware. Qvo6 may track your web surfing habits, so I guess we can safely assume that it it's spyware at some point. At least it doesn't collect personally identifiable information.

So, as we can see, some of those innocent, if somewhat annoying, little pop-up adverts can have a dangerous side to them too. If software which has been designed to monitor and detect which websites we are visiting has been integrated in with the advert it will most likely to be used to then present us with advertising which is relevant to the sites that we are looking at. For example, if you often spend time looking at websites which sell lady’s shoes and clothing, you may well get advertising pop-ups that display female fashion. This means that that particular advert has software monitoring integrated and has therefore been noting which websites you have been recently viewing.

As well as some adware being spyware or privacy invasion software, it may also be what is called shareware (or trialware or demoware). This is software which is provided to the end user, i.e. you or me, for a trial period only. Shareware will normally only give us a ‘taster’ of the full package and will have limited functionality, and it will be provided with a view to getting us to then purchase the full package.

The difference between adware and other types of shareware is that it is mainly supported by the advertising function. We may even be offered the option of a ‘registered’ or ‘licensed’ version of the software that doesn’t feature any advertising – but of course this will come at a price! Some software does it in reverse however. For example some email clients have what is called an adware mode embedded in their programming. You will be able to use the email account with full functionality and able to access all the features for a trial period and when that has expired you’ll be offered a choice of whether to continue using it for free, but with less functions than before, or you can continue using it for free with all functions but with adverts or finally – and you can probably see this one coming! – you can either pay a fee to continue using your account with all of its functions and no adverts.

All in all, Qvo6 browser hijacker may come bundled with freeware and shareware. Read installation details very carefully and especially pay attention to such annoying "offers" as Qvo6.com. Some people find it really difficult to remove this infection from their computers mainly because of two reasons: it's not listed in Control Panel (not the exact name) and it also uses this really nasty trick to add additional line to web browsers' shortcuts forcing them to load the Qvo6 search page.

Without a doubt, this application has a malware behaviour. It downloads and installs additional applications in background without user knowledge. Some components are actually detected as either adware or even Trojan. Guys who created this software did all they could to protect the software from debugging and quick analysis. What is more, Qvo6 creates a new Windows service named eSafeSvc and starts it. Please note that they configure Windows registry so that this service and the pseudo search engines are loaded automatically when Windows starts.

To completely uninstall Qvo6 from your computer please use the guide below. If you have any questions, feel free to ask. Comments and useful suggestions are welcome too. Simply leave a comment below. Good luck and be safe online!

Qvo6 removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Qvo6 and related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove eSave Security Control, Qvo6 toolbar, New Tabs Uninstall, Desk 365, BrowserProtect and any other recently installed application. As I said earlier, this application is rarely listed as Qvo6 in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.

Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Qvo6 from Google Chrome:

1. Click on Customize and control Google Chrome icon. Select Settings.

2. Click Set pages under the On startup.

Remove Qvo6.com by clicking the "X" mark as shown in the image below.

3. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

4. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Qvo6 from the list and remove it by clicking the "X" mark as shown in the image below.

5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://www.qvo6.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file. Nothing more.

Remove Qvo6 from Mozilla Firefox:

1. Click on the Qvo6 search icon as shown in the image below and select Manage Search Engines....

2. Select Qvo6 from the list and click Remove to remove it. Click OK to save changes.

3. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: Qvo6

Now, you should see all the preferences that were changed by Qvo6. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.qvo6.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.

Remove Qvo6 in Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Qvo6 and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.qvo6.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.

6. Finally, go to Tools → Internet Options and restore your home page to default. That's it!

XP Security Cleaner Pro Removal, How To Get Rid Of It Completely

2013-04-11T10:39:00.000-07:00

This page contains step by step removal instructions for the XP Security Cleaner Pro computer virus. These days scareware can still pose a very real and serious threat with victims suffering a great deal of upset and stress as a result. This particular scareware example belongs to infamous Rogue.FakeRean-Braviax malware family. It's not dead yet, cyber crooks register new domains, improve the rogue software and even offer affiliate system for those who would like to distribute this malware.

So what is XP Security Cleaner Pro, how can you tell if you’ve been affected by it and how can you protect yourself from falling prey to it?

XP Security Cleaner Pro is a cleverly designed scareware which has been designed to look just like real antivirus software. When the rogue AV is running on your computer, pop up boxes will start appearing on your screen, asking you if you like to have your computer scanned for viruses or telling you that it’s running slowly and needs cleaning.

It is distributed mostly through hacked websites and fake online virus scanners claiming that your computer is infected with spyware. Social engineering have an important role too.

Once your computer is infected with this malware, a fake Windows Security Center notification will pop up on your computer screen claiming that your antivirus software is turned off.

Then a GUI (a graphical user interface) will be launched and will show you a fake scanning procedure allegedly running through your system and finding so-called viruses. Once the false scan is ‘complete’ the software will normally tell you that your PC or laptop is riddled with viruses and has malicious software downloaded. It will then usually display a window asking you whether you want to continue using your computer without protection or if you would like the software to get rid of ‘the viruses’ for you. DO NOT pay for rogue antivirus products! Never.

Unfortunately, the majority of us will probably decide to get rid of all those nasty viruses that we now think are affecting our PC and we’ll click the corresponding button. Next we’ll be told that to do this we’ll need to pay for the service and be asked to enter our credit card details. Again, it's one thing when you have to pay for genuine security software that will remove found threats and protect your PC from other malware but XP Security Cleaner Pro virus is not one of them. So, once again, DO NOT pay for it.

Placing our faith in our new antivirus software friend, we’ll enter our credit card details and just like that we’ll not only be charged for having had our computer fake-scanned and absolutely no viruses or malware removed but we’ll also be leaving ourselves wide open to identity theft. And that’s not all: XP Security Cleaner Pro may also log how many keys we’re hitting on our keyboards, actually install further malicious software packages and viruses, corrupt documents and even steal our personal files - which naturally further exacerbates the identity theft issue. I've testes at least ten or maybe even more different variants of this rogue security program and what I've noticed is that it rarely comes separately from other malware, mostly rootkits and generic Trojans.
Just like any other fake AV out there, it displays fake security alerts to further scare you into believing that your computer is infected. Less computer savvy users can hardly see the diference because cyber crooks use well designed fake notifications that look like a real thing. Here are a few examples:

XP Security Cleaner Pro Firewall Alert
Chrome is infected with Trojan-BNK.Win32.Keylogger.gen.

Virus infection!
System Security was found to be compromised. Your computer is now infected. Attention, irreversible changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

So how can we protect ourselves against rogue antiviruses and what do we need to look out for? One of the most important things you can do in the fight against fake AV is to already have reputable antivirus software running on your machine. If you don’t already have it installed, check online for honest providers of AV and download a suitable one. There are many free versions so you don’t even have to pay if you want a basic package. From my experience however, free antivirus program rarely protect from such infections. You should really consider purchasing a decent and reliable antimalware product.

Now you’ve got antivirus protection make sure you familiarize yourself with your provider’s name, their logo and also the way they design their pop-up boxes. If you do get a pop up box from a different company claiming that your system is slow or needs cleaning, it is very likely to be a rogue imposter. Another thing to set alarm bells ringing is credit card payment screens. If you’re using a genuine antivirus software company and your download is up to date or you’re on a basic free package, they will not be asking you to make payment for the basic function of scanning and cleaning your PC or laptop. The rule of thumb is to not enter your credit card or other personal information anywhere that you are not 100% sure is completely safe.

If you have entered your credit card number and have any kind of doubts about the company you’ve just paid, get in touch with your bank or credit card company as soon as possible and ask them to run through the transactions made on that day. However be aware that just because nothing else has been charged to your card yet, you are not completely safe and you should ask for a new card to be issued and then destroy your current one as the criminals behind the fraudulent software may have collected your details with a view to selling them on to a third party.

To get rid of XP Security Cleaner Pro and related malware please use the guide below. If you have any questions, feel free to ask. Simply leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Method 1: XP Security Cleaner Pro removal using activation key:

1. Use any of the keys listed below to register this infection and stop the fake security alerts.

9443-077673-5028
3425-814615-3990
2233-298080-3424
1147-175591-6550

Just click the Registration button (top right corner of the fake scanner).

Select Manual Activation.

Enter XP Security Cleaner Pro activation key and then select Activate Now. Don't worry, this is completely legal. If the activation keys do not work anymore, please follow the alternate removal instructions below.

Once this is done, you are free to install recommended anti-malware software and run a full system scan to remove the rogue program from your computer completely.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

Method 2: XP Security Cleaner Pro removal instructions in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer. In the Address bar type: http://goo.gl/AXIrU (this is a download link for FixNCR.reg) and click hit Enter or click Go to download the file.

3. Save FixNCR.reg to your Desktop. Double-click on FixNCR.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

4. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer.