Removal of Antimalware-live-scanv3.com associated adware (hijacker and variable rogue antispyware)

Like many similar websites, Antimalware-live-scanv3.com is popularized by the hijacker. The hijacker comes as a trojan or installed via malicious scripts of cracked websites. Antimalware-live-scanv3.com is a part of rogue antispyware ads aimed to make users buy certain fake antispyware (Personal Antivirus). Remove Antimalware-live-scanv3.com hijacker and corresponding rogue antipyware. We do not name the application advertised at Antimalware-live-scanv3.com, because its name varies to prevent the exposure. However, the website name is constant and you are invited clicking here to start free scan and get rid of Antimalware-live-scanv3.com associated rogues using Spyware Doctor with antivirus.

Antimalware-live-scanv3.com screenshot:

Antimalware-live-scanv3.com removal tool:

Download Antimalware-live-scanv3.com Remover

pulledpork tarball

It's up... get it while it's hot -> http://code.google.com/p/pulledpork/downloads/list

Cheers,
JJC

Removal of WinBlueSoft brings your software back to life

WinBlueSoft main peculiarity is blocker.dll file which performs quite complex operations to get control over the software installed on the computer system infected. That is, WinBlueSoft allows you to use only the software it allows to run like Internet explorer.

“Warning!
Your're in danger!
Your computer is infected with Spyware!
All you do with computers is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics. “

The above is alert users can see while most programs they run are blocked. A number of similar alerts are accompanied with fake scan with listing of fake virus names and indicating imaginary path. Unblock your legit software and remove WinBlueSoft, i.e to get you software back you must get rid of WinBlueSoft. Click here to start free scan in order to expose infections devastating your computer system and perform WinBlueSoft removal (using Spyware Doctor with antivirus).

WinBlueSoft screenshot:



WinBlueSoft removal tool:

Download WinBlueSoft Remover

WinBlueSoft manual removal guide:
Delete WinBlueSoft files:

WinBlueSoft.lnk
2 Homepage.lnk
3 Uninstall.lnk
data.bin
license.txt
uninstall.exe
WinBlueSoft.exe
blocker.dll

Delete WinBlueSoft registry entries:

HKEY_CURRENT_USER\Software\WinBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\WinBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run “WinBlueSoft”

v0.2 Beta 1 is the outed! -> pulledpork that is <-

As the title indicates, the first beta for v0.2 of pulledpork has just been checked in to the pulledpork svn..

A shortlist of the current featuresets below



Release 0.1:

• First Beta Release
• Downloads latest rules file
• Verifies MD5 of local rules file
• If MD5 has not changed from snort.org.. doesn't fetch files again
• handle both rules and so_rules
• Capability to generate stub files

Release 0.2:

• Rule modification, i.e. disabling of specific rules within rule sets (also for GID 3 rules)
  
• Outputs changes in rules files if any rules have been added / modified
• Compares new rules files with current rule sets
  

So, as you can see above I have added quite a bit of code and functionality to pulled pork. The disablesid function should be pretty robust (perhaps I'll add some additional error handling), but for the most part it should rock and roll!

I'll likely be adding a modifysid section to mirror what oinkmaster does with their modifysid function.. but that's probably still a few weeks out.

Having said all of this, please download, test and post any bugs/issues that you find on the google code page for pulledpork or catch me in #snort on freenode.

And now, the gratuatis screenshot ;-)


Cheers,
JJC

XP Deluxe Protector can damage your PC

XP Deluxe Protector is more than just another fake antispyware. The very first observations on XP Deluxe Protector exposed its sub-programs responsible for unauthorized System Registry management. Further research showed that XP Deluxe Protector removed System Registry entries encoding popular reliable software, first of all, and legit security tools. However, if the security software installed had a timely-updated and robust virus shield, it would inform users about dangerous components of XP Deluxe Protector or abort its hidden downloading and installation. Thus, XP Deluxe Protector may also be classified as a program-intruder that aims at taking control over host system. Presence of XP Deluxe Protector is easily detectable as it performs a process entitled XP Deluxe Protector scan each time user logs into Windows. However, the process is not an actual scan but in advance prepared show with predefined heaps of imaginary viruses listed regardless of real infection status of your computer. Remove XP Deluxe Protector and ignore the information hackers want to frighten you with into paying the registration fee. In order to get rid of XP Deluxe Protector including all the malware that could be bundled with it, click here and start automated XP Deluxe Protector removal (using Spyware Doctor with antivirus).

XP Deluxe Protector screenshot:

XP Deluxe Protector removal tool:

Delete XP Deluxe Protector Malware

Presto TuneUp is to be removed as another fake system optimization tool

Presto TuneUp represents a category of fake system optimization tools. Very few software as compared to fake virus and spyware removers enter this category. However, many users ask how to remove Presto TuneUp so that Presto TuneUp is quite (un)popular to be briefly described. Presto TuneUp is often installed as trojan being disguised as codec or another utility. Once installed, the rogue shows user interactive window with rich menu. Naturally, any part of this menu does not represent working useful function. Removal of Presto TuneUp is problematic, because:
- the program is either missed in the register of programs installed,
- if present, its removal through that list does not actually remove Presto TuneUp.
Click here to start free scan and get rid of Presto TuneUp using reliable proved solution for fake programs removal. Presto TuneUp removal will root malware out once and for all.

Presto TuneUp screenshot:

Presto TuneUp removal tool:

Download Presto TuneUp Remover

Presto TuneUp manual removal guide: Delete Presto TuneUp files:

Autorun.ico
cookies.sqlite
places.sqlite
Process.ico
Service.ico
AutorunManager.lnk
Presto TuneUp.lnk
ProcessManager.lnk
ServiceManager.lnk
Presto TuneUp.lnk
Presto TuneUp.lnk
SystemBackup
345d567
mozcrt19.dll
PrestoTuneUp.exe
sqlite3.dll
working.log
backup.dat

Delete Presto TuneUp registry entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\PrestoTuneUp.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "URPRTUP[]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run "Presto TuneUp"

PulledPork Checkin

Quick update today with big enhancements coming this week in the bbq pulledpork arena! (hopefully).

This past Friday I checked in some code for PulledPork that allows for the handling of any format contents of md5 file from the snort.org servers.. we won't be foiled again ;-)

Get your great tasting pulledpork here => http://code.google.com/p/pulledpork

Cheers,
JJC