Saturday, December 11, 2010

Remove HDDRescue and Restricting Your System Administration Powers Rootkits

HDDRescue (HDD Rescue) authors pursue  one single goal of foisting off on users their tricky software product. There are few users now that trust the adware to the end. Sooner or later, most of the user infected attempt to get rid of HDDRescue, all the more the program displays quite annoying behaviors.  That is what the hackers use rootkits for as a rootkits is an infection restricting user’s powers. In particular, TDSS rootkit does not allow any deletion of HDD Rescue components. That is how hackers respond on multiple cases of manual adware disposal.
There is a cure for this kind of computer disease and many ways to overcome adware resistance. Click here to apply the IT expert’s choice antivirus  as  HDDRescue removal tool and to overcome rootkit resistance. The described adware is another clone of system optimization tools founded in October 2010.

HDDRescue screenshot:



Download HDDRescue Uninstaller:


HDDRescue manual removal guide:
Delete HDDRescue files:
%Temp%\
%Temp%\.exe
%Temp%\.dll
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\.exe
%UserProfile%\Desktop\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue\
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk
Delete HDDRescue registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
Posted by at No comments:
Labels: , , , , ,

Friday, December 10, 2010

HDD Repair (HDDRepair) removal information

Be aware of rootkit tools providing a security for insecure programs.  Because of those tools, HDD Repair (HDDRepair) removal is no longer possible in the way   available for first fake system optimizers.
That is, HDD Repair is slightly updated fake optimizer for computer systems that belong to the family, which founder is WinHDD.  This new fake defragmenter is harder to remove; at least, first releases of this kind of adware were not protected with rootkits.
Usually, the rootkit protecting fake system optimization tool is TDSS rootkit. Its impact is  well-studied and there is a single remedy that will delete  HDD Repair and its rootkit.  In order to get rid of HDD Repair and any other infections, click here.

HDD Repair screenshot:


HDD Repair removal tool:


HDD Repair manual removal guide:
Delete HDD Repair files:
%Temp%\[random]
%Temp%\[random].exe
%Temp%\[random].dll
%Temp%\dfrg
%Temp%\dfrgr
%Documents and Settings%\[User_Name]\Desktop\HDD Repair.lnk
%Documents and Settings%\[User_Name]\Start Menu\Programs\HDD Repair
%Documents and Settings%\[User_Name]\Start Menu\Programs\HDD Repair\HDD Repair.lnk
%Documents and Settings%\[User_Name]\Start Menu\Programs\HDD Repair\Uninstall HDD Repair.lnk
Delete HDD Repair registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
Posted by at No comments:
Labels: , , ,

Thursday, December 9, 2010

Remove Internet Antivirus 2011 and Do not Forget of True Viruses

According to gossips in IT industry the new coming adware is going to rock the cyber world.  Perhaps, the gossips are all about Internet Antivirus 2011 (InternetAntivirus 2011) that enjoys a support of hundreds of related infections. To speak precisely, the related infections are not stuck to this adware only and upload the adware as just one of many tasks they have to fulfill. Anyway, the adware has compromised amazingly great number of machines. If your computer belongs to this number, get rid of Internet Antivirus 2011 at the earliest opportunity, for another reason why the adware has been expected  so much is its behavior, which was expected to be extremely destructive. Maybe, another application was meant because, if you take the adware concerned, in spite of that the negative effect on host system produced by the rogue is obvious, removal of Internet Antivirus 2011 would completely eliminate the damage. In the other words, the damage is of restricting nature.
Click here to uninstall the rogue antispyware and delete its entries, including associated registry keys, as well as other parasites, for many of them could arrive as a part of the adware installation.


Internet Antivirus 2011 screenshot:



Internet Antivirus 2011 removal tool:


Internet Antivirus 2011 manual removal guide:
Delete Internet Antivirus 2011 files:
%CommonAppData%\[random_symbols]
%CommonAppData%\[random_symbols]\[random].mof
%CommonAppData%\[random_symbols]\Internet Antivirus 2011.exe
%CommonAppData%\[random_symbols]\[random].exe
%CommonAppData%\[random_symbols]\Quarantine Items
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
%AppData%\Internet Antivirus 2011
%AppData%\Internet Antivirus 2011\Instructions.ini
%Desktop%\Internet Antivirus 2011.lnk
%Recent%\ANTIGEN.dll
%Recent%\ANTIGEN.drv
%Recent%\cid.tmp
%Recent%\CLSV.exe
%Recent%\CLSV.sys
%Recent%\DBOLE.drv
%Recent%\delfile.sys
%Recent%\eb.sys
%Recent%\energy.exe
%Recent%\exec.exe
%Recent%\fan.drv
%Recent%\kernel32.dll
%Recent%\pal.exe
%Recent%\PE.dll
%Recent%\ppal.drv
%Recent%\tempdoc.tmp
%StartMenu%Internet Antivirus 2011.lnk
%Programs%\Internet Antivirus 2011.lnk
Delete Internet Antivirus 2011 registry entries:

HKCU\Software\3
HKCR\MSSSys.DocHostUIHandler
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Internet Antivirus 2011″
Posted by at No comments:
Labels: , , , ,

Wednesday, December 8, 2010

Snort 2.9.0.2 on FreeBSD i386 the easy way!

This is a quick posting to help you get Snort 2.9.0.x up and running on your FreeBSD!

I can't make it much easier than this, I have created new ports for Snort 2.9.0.2 and DAQ 0.4 (and subsequently packages) that you can install directly.  The ports are submitted so look for the following in your ports tree:

updated: /usr/ports/security/snort
new: /usr/ports/security/daq


Components required:
  • Fresh FreeBSD Install
    • Miminal (i386)
  • Access to the internet from said BSD boxen
  • Basic knowledge of Snort

Once you have the above handled, you can issue the following command:
$ pkg_add -r http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz

Output from the command on a Freshly installed FreeBSD Mimimal system:
$ pkg_add -r http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz
Fetching http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/libpcap-1.1.1.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/libdnet-1.11_3.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/daq-0.4.tbz... Done.

Some checksums for your reviewing pleasure:
  • MD5 (daq-0.4.tbz) = 249d2d79fc03eb2d4e2e133da505d146
  • MD5 (libdnet-1.11_3.tbz) = b861399b4710825419240a6443ec0eb9
  • MD5 (libpcap-1.1.1.tbz) = 678ec713419066c884ceda82ebcfe66f
  • MD5 (pcre-8.10.tbz) = 03cc8232b4ea9ecb968eb67211246f20

  • SHA256 (daq-0.4.tbz) = f8e60e09c0ab4acc1726f180b2e9d58c7f557b4736a3e53e137d8cb186d71984
  • SHA256 (libdnet-1.11_3.tbz) = 92f731313eea3867ab36ad789d938a66b83dda282e293a5a3d830f138c56b6f1
  • SHA256 (libpcap-1.1.1.tbz) = fe7991735055bb92bc38a2550d6428200eb7491e0152fa59d75db1569918c4a4
  • SHA256 (pcre-8.10.tbz) = e9517918174e4b569d9b4d1b3c902db529e0c3bd67a4a4ae7f1b830aac66e7b1
The above packages were build with the following configuration options: --enable-dynamicplugin --enable-flexresp3 --enable-ipv6 --enable-gre --enable-targetbsed --enable-decoder-preprocessor-rules --enable-zlib --enable-reload --enable-active-response --enable-normalizer --enable-react --enable-perfprofiling

I will likely be updating the ports / packages, so keep an eye out!

JJC
Posted by at No comments:
Labels: , ,

HDD Plus Removal Information

The program known as fake system optimizer has been considered as one single program code that alternates different names to complicate its deletion.  Recent observations on this supposedly one single program have proved that the program is not constant and there is rather a multitude of program-clones to consider. Get rid of HDD Plus (HDDPlus) that is very similar to any other fake system optimizes of its family and which graphical user’s interface is pretty the same to any of them, because the adware, in spite of the above similarity, is a new program that is quite distinct. In particular, it includes a rootkit that has not been detected before in any preceding clones and other components ensuring its ability to run in line with its author’s design.
Click here to initiate free computer scan and perform the removal of HDD Plus and any other residents of your PC faking any useful activities or introduced to any other malicious purpose.

HDD Plus screenshot

 
HDD Plus removal tool:


HDD Plus manual removal guide:
Delete HDD Plus files:
 %Temp%\
%Temp%\.exe
%Temp%\.dll
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\.exe
%UserProfile%\Desktop\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus\
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus\Uninstall HDD Plus.lnk
Delete HDD Plus registry entries:
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
Posted by at No comments:
Labels: , , , , ,

Tuesday, December 7, 2010

Remove Wepprotectionmicrosoft.com rendition agent

Wepprotectionmicrosoft.com has multiple ties with hijacker infections that draw visitors to its pages. Those infections need to be exterminated, because, in addition to redirecting to the above web-page, they block a number of pretty legitimate pages. Click here to activate protected link and get rid of Wepprotectionmicrosoft.com rogue redirection tool. Besides, the adware promoted at the website, (Antivirus 8) if installed at your PC, will be deleted at once. Removal of Wepprotectionmicrosoft.com adware and hijacker will also boost computer productivity.


Wepprotectionmicrosoft.com screenshot:



Wepprotectionmicrosoft.com removal tool:



Posted by at No comments:
Labels: , , , ,

Remove HDD Diagnostic (HDDDiagnostic) malware

Fake system optimizers as such are detectable for any reliable software that provides system security, for such programs are based on practically the same program code that has already been propagated almost sixty days (as of the date of this article release).  Removal of HDD Diagnostic (HDDDiagnostic) is not that easy though, for access to the adware components may be blocked by infection known as TDSS  rootkit. This rootkit has been previously used to prevent deletion of rogue antispyware and  created obstacles for many renowned antivirus tools that attempted to delete protected by the rootkit malware.
HDD Diagnostic  pretends to detect  dozens of errors. It may freeze computer system with its alerts avalanche and intentionally terminate any software running to gain few credibility score points in hope to make users trust it. Trust reliable antivirus – click here to get rid of HDD Diagnostic and its tricky self-protection.

HDD Diagnostic screenshot:



HDD Diagnostic removal tool:


HDD Diagnostic manual removal guide:
Delete HDD Diagnostic files:
%Temp%\.bin
%Temp%\
%Temp%\.exe
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\.dll
%Temp%\.exe
%UserProfile%\Start Menu\Programs\HDD Diagnostic\
%UserProfile%\Start Menu\Programs\HDD Diagnostic\HDD Diagnostic.lnk
%UserProfile%\Start Menu\Programs\HDD Diagnostic\Uninstall HDD Diagnostic.lnk
Delete HDD Diagnostic registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)