Windows 7 black screen ram shortage infection % of my ram wasn’t functioning properly

Posted on September 30th, 2011 by admin

If your windows 7 screen turns black and you get an error stating something along the lines of ram shortage infection or a given % value was not functioning properly, here is what you do:

download unhide.exe and TDssKiller
Run  TDSSKiller and it will locate your infection. It will ask you to remoev the infection ans simply say yes.  IF all goes well and your PC is clean, it will ask to reboot your windows 7. Please do so.

It will most likely find: TrojanDownloader.OpenStream.NBF trojan

If this does not work for you, download the latest malwarebytes and update and scan.

 
Posted in Windows 7 black screen ram shortage infection % of my ram wasn't functioning properly | Tags: , , , , | Comments Off

So how do you Remove Koobface the facebook worm virus

Posted on September 8th, 2011 by admin

Koobface Virus threat is one that is taking by storm, specially because it uses a host such as facebook social network to spread the virus.  This Koobface virus finds methods to seek into the users PC and spread malware into the computer so its considered as a worm which replicates itself within your computer.  So how does KoobFace infect your PC, well its simple really, if you use facebook, and you receive a strange email, stating something along the lines of ” click here to see your face look stupid” which attracts you to click the link,  once clicked, a virus code will be downloaded to your PC which will then spread the worm to your PC and start to redirect your search results from google to malicious software and websites. Simple huh?

So how do you Remove Koobface worm virus?

With  anti-malware software such as melwarebytes and spybot, you might be able to remove this worm, but sometimes this is not possible and you need to manually remove it.

Using The Add Remove Program in control panel:

  • Go to Add\Remove in control panel
  • Look up for the Koobface malware to remove and uninstall it.

if you do not see the koobface there, go to registry and search for: ( if you do not know how to use your registry, you might really screw up your PC for good, so take note, this step is for advanced users who have messed around with the registry and know their way around.)

  • Search for “koobface” in Mycomputer using find utility.
  • Note down Koobface file path some where.
  • Press Ctrl+Alt+Del to open ‘Task Manager’
  • End the “Koobface” processes.

End the following processes

  1. %SYSTEMROOT%\bolivar28.exe
  2. che07.exe
  3. bolivar28.exe
  4. %WinDir%\system32\nScan\ekrn.exe
  5. %WinDir%\system32\nScan\ecls.exe
  6. %WinDir%\system32\splm\ncsjapi32.exe
  7. %WinDir%\bolivar28.exe
  8. C:\Windows\fbtre6.exe

now change Registry Files

  • Type ‘regedit’ in Run and press Enter.
  • The Registry Editor will appear, locate the above mentioned process files and delete them.
  • Locate “Koobface” registry entries and delete them, they are as the follows:
  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
  2. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  3. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
  4. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2″
  5. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  6. HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008″
  7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
  8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
  9. HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Now you have to unregister the dll files

  • Go to start and type in ‘cmd’ to open comman prompt.
  • First locate the following dll files using ‘dir’ command.
  1. %WinDir%\system32\nScan\ekrnEmon.dll
  2. %WinDir%\system32\nScan\ekrnScan.dll
  3. %WinDir%\system32\nScan\ekrnEpfw.dll
  4. %WinDir%\system32\nScan\ekrnAmon.dll
  5. %WinDir%\system32\splm\lmfunit32.dll
  6. %WinDir%\system32\splm\mcaserv32.dll
  7. %WinDir%\system32\splm\kbdsapi.dll
  • Now change the current directory using ‘cd’ command leave a space after ‘cd’ and then the path of dll file, which you have located above. Press enter after this.
  • Now unregister dll file by typing “directory path+’regsvr32/u’+dll file name”. Press enter, the file will be unregistered.

 

 
Posted in So how do you Remove Koobface the facebook worm virus | Tags: , , , , , , | Comments Off
« Older Entries
Newer Entries »
 
 

Blogroll

Tags

anti malware antivirus AVG backdoor fake security software generic infected Internet Explorer IRC virus malwarebytes melwarebytes messaging Microsoft Security Essentials Popup Blocker quicktime removal scareware spyware threat Trojan trojan horse Virus virus removal Vulnerability w32 W32/Autorun windows worm

Resources