Free Spyware Adware Worm and Virus Trojan Horse Download Removal Tools » malwarebytes

Windows 7 black screen ram shortage infection % of my ram wasn’t functioning properly

admin — Fri, 30 Sep 2011 04:29:22 +0000

If your windows 7 screen turns black and you get an error stating something along the lines of ram shortage infection or a given % value was not functioning properly, here is what you do:

download unhide.exe and TDssKiller
Run TDSSKiller and it will locate your infection. It will ask you to remoev the infection ans simply say yes. IF all goes well and your PC is clean, it will ask to reboot your windows 7. Please do so.

It will most likely find: TrojanDownloader.OpenStream.NBF trojan

If this does not work for you, download the latest malwarebytes and update and scan.

So how do you Remove Koobface the facebook worm virus

admin — Thu, 08 Sep 2011 18:50:02 +0000

Koobface Virus threat is one that is taking by storm, specially because it uses a host such as facebook social network to spread the virus. This Koobface virus finds methods to seek into the users PC and spread malware into the computer so its considered as a worm which replicates itself within your computer. So how does KoobFace infect your PC, well its simple really, if you use facebook, and you receive a strange email, stating something along the lines of ” click here to see your face look stupid” which attracts you to click the link, once clicked, a virus code will be downloaded to your PC which will then spread the worm to your PC and start to redirect your search results from google to malicious software and websites. Simple huh?

So how do you Remove Koobface worm virus?

With anti-malware software such as melwarebytes and spybot, you might be able to remove this worm, but sometimes this is not possible and you need to manually remove it.

Using The Add Remove Program in control panel:

Go to Add\Remove in control panel
Look up for the Koobface malware to remove and uninstall it.

if you do not see the koobface there, go to registry and search for: ( if you do not know how to use your registry, you might really screw up your PC for good, so take note, this step is for advanced users who have messed around with the registry and know their way around.)

Search for “koobface” in Mycomputer using find utility.
Note down Koobface file path some where.
Press Ctrl+Alt+Del to open ‘Task Manager’
End the “Koobface” processes.

End the following processes

%SYSTEMROOT%\bolivar28.exe
che07.exe
bolivar28.exe
%WinDir%\system32\nScan\ekrn.exe
%WinDir%\system32\nScan\ecls.exe
%WinDir%\system32\splm\ncsjapi32.exe
%WinDir%\bolivar28.exe
C:\Windows\fbtre6.exe

now change Registry Files

Type ‘regedit’ in Run and press Enter.
The Registry Editor will appear, locate the above mentioned process files and delete them.
Locate “Koobface” registry entries and delete them, they are as the follows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Now you have to unregister the dll files

Go to start and type in ‘cmd’ to open comman prompt.
First locate the following dll files using ‘dir’ command.

%WinDir%\system32\nScan\ekrnEmon.dll
%WinDir%\system32\nScan\ekrnScan.dll
%WinDir%\system32\nScan\ekrnEpfw.dll
%WinDir%\system32\nScan\ekrnAmon.dll
%WinDir%\system32\splm\lmfunit32.dll
%WinDir%\system32\splm\mcaserv32.dll
%WinDir%\system32\splm\kbdsapi.dll

Now change the current directory using ‘cd’ command leave a space after ‘cd’ and then the path of dll file, which you have located above. Press enter after this.
Now unregister dll file by typing “directory path+’regsvr32/u’+dll file name”. Press enter, the file will be unregistered.

Generic BackDoor!djf!5D41C80EA0DA malware Trojan Virus

admin — Wed, 20 Jul 2011 22:58:29 +0000

These files were added to the system:

%APPDATA%\services.exe

%TEMP%\e3c1c08557a0d0feee33b9c9d18b4e6c129b553f.exe

This Trojan will attempt to fiddle with your network conection, e.g hxxp://www.maxmind.com/app/***

Virus app’s	Detection Names
EMSI Software	Trojan.Backdoor.Ircbot!IK
avast	Win32:Ruskill-F
Kaspersky	Backdoor.Win32.IRCBot.tjd
BitDefender	Backdoor.Bot.138642
Microsoft	VirTool:Win32/CeeInject.gen!EI
Symantec	Backdoor.IRC.Bot
Eset	a variant of Win32/Injector.GLN trojan
norman	W32/Suspicious_Gen3.TYCW
Sophos	Mal/Generic-L
Trend Micro	PAK_Generic.001
vba32	Backdoor.IRCBot.tjd

How to remove Generic BackDoor!djf!5D41C80EA0DA

Removal should be easy given the fact that you are able to follow directions

First thing to do is disconnect your network or internet. Now you will need to reboot your PC and enter safe mode, if you do not know how to enter safe mode, please search above for ” how to enter safe mode”

Now you will need to do a system scan using these apps below:

1. your favorite virus app, i suggest AVG or Microsoft security essentials
2. do a system scan using Malwarebytes
3. do a system scan using spybot
4. do a system scan using hijackthis

if the virus is not letting you do these scans, you must :

1.Disable System Restore on Windows ME and windows XP only.
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.

This should remove the threat, this threat is a low security threat but never the less it should always be cleaned before using the world wide web.

Trojan.win32.Generic.pak!cobra.Engine

admin — Mon, 27 Jun 2011 19:22:56 +0000

This virus might be a google redirect trojan and it is not easy to clean, however, these are the first steps to take in trying to delete this nasty win32 virus.

go to start menu, then run, now type in MSCONFIG, go to startup tab and look for a long string of command that has random letters and sometimes numbers, disable that line and save.

Download Malwarebytes, update malwarebytes then do a full system scan. if any virus is found, it will delete it.

Now download spybot, do an update and a full scan, delete any melware or spyware it finds.

You surly must have a virus protection software, if not, download Microsoft Security Essentials, its free, update the app then a full scan.

These steps above should fix and delete the Trojan.win32.Generic.pak!cobra.Engine virus

Here are other virus trojans that are smiler to the one above and can be cleaned the same way.

Trojan.Win32.Generic!BT: Trojan
Trojan-Spy.Win32.Zbot.gen: Trojan
Exploit.PDF-JS.Gen (v): Exploit
Trojan.Win32.Generic!SB.0: Trojan
INF.Autorun (v): Trojan
Trojan.Win32.Hiloti.gen.d (v): Trojan
Trojan.Win32.Generic.pak!cobra: Trojan
Trojan.Win32.Adware: Adware (General)
MyWebSearch Toolbar: Potentially Unwanted Program
Trojan.Win32.Malware: Trojan

How to remove Win32/Olmarik Trojan malware

admin — Wed, 09 Mar 2011 05:33:16 +0000

If your PC has been infected with the Win32/Olmarik Trojan virus, please download Malwarebytes’ Anti-Malware its a free app. Double click mbam-setup.exe and follow the directions and install it on your home PC. Make sure you click update Malwarebytes before you press the scan button.

What the Win32/Olmarik trojan does is it infects your PC by installing a nasty malware by falsified displaying security alerts and making the user install even more bugs. Once you click on the alert, it will start downloading anti-spyware or anti-virus tools that are useless and will infect even more of your file system structure and files in general. Take care of this trojan as soon as you can to prevent our PC from getting any worse.

What is Stuxnet computer malware malicious software

admin — Wed, 02 Feb 2011 22:25:51 +0000

Stuxnet . A computer malware spyware that attacks computer systems aimed mostly at Iran which seems the ones involved in creating the spyware threat.

HOW DOES IT Stuxnet really WORK?

The virus is a malicious software or malware attacks widely used industrial control systems built by the German firm Siemens. Experts say the virus could be used for espionage or sabotage.

Siemens said that the malware is spread via infected USB memory devices thumb drive, exploiting a vulnerability in Microsoft operating system Windows that has been resolved.

The attacks malware software running Supervisory Control and Data Acquisition, or SCADA, systems. These systems are used to control automated installations – plant chemicals to food and energy generators.

Analysts said the attackers may have chosen to spread malicious software by the way of a memory unit because many SCADA systems are not connected to the Internet, but do not have USB ports.

Once the worm infects a system, it quickly communicates with a remote server computer can be used to steal proprietary corporate data or take control of the SCADA system, said Randy Abrams, ESET investigator, a private security company Stuxnet been studied.

Downloader-CEW.q!D1137DCFCEBA Trojan how to remove

admin — Wed, 02 Feb 2011 21:36:28 +0000

Company Names	Detection Names
Kaspersky	HEUR:Trojan.Win32.Generic
Dr.Web	Trojan.DownLoader1.60944
F-Prot	W32/FakeAlert.IV.gen!Eldorado
Microsoft	TrojanDownloader:Win32/Renos.LX
Eset	Win32/Kryptik.KDM trojan (variant)
norman	W32/Obfuscated.M
panda	Suspicious
Sophos	Mal/FakeAV-CX
V-Buster	Trojan.Codecpack.Gen.13 (mutant)
Vet (Computer Associates)	Win32/Renos.D!generic

1.Disable System Restore windows XP only, Win 7 will not work.

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan using AGG or Microsoft security or Kaspersky

Modifications made to the system Registry files for the purposes of hooking system startup will be removed if cleaning with the recommended engine and DAT combination.

How to remove Trojan.Zlob.P virus trojan

admin — Tue, 25 Jan 2011 00:06:19 +0000

Temporarily Disable System Restore then update the virus definitions on your virus program then Reboot computer in SafeMode, then delete the IE temp files some Trojan.Zlob.P temp file exisit in that folder as well, you can wither search for the temp files or manually delete them.
You may now download Malwarebytes from Here or Here

Update the definition and scan your computer, it will find any traces of Trojan.Zlob.P now delete and you should be good to go.

How to remove CoolWebSearch.olehelp Malware

admin — Wed, 08 Dec 2010 22:18:32 +0000

Is your PC infected with the CoolWebSearch.olehelp Malware? Let me help you remove this nasty browser hijacker.

CoolWebSearch or short for CWS is a pretty harsh hijacker which attacks firefox or chrome and even internet explorer browsers. One thing to take note is that if this threat is not stopped, it will keep growing like a nasty virus as its knowing coolwebsearch keeps coming up with a newer threat every week. This Malware goes adn alters your homepage on your browser and or might redirect your homepage or any other website y ou visit to another website that might contain a virus or malware. The good news is, its pretty easy to remove this virus.

To remove this nasty browser hijacker malware, simply download Malwarebytes Anti Malware by clicking here and save it to your desktop. Run and install the free application. Now run Malwarebytes and make sure you update the program first before you scan your PC. Scan your PC now and it will remove CoolWebSearch.olehelp Malware and your PC will be save once again.

Fake Microsoft Security Essentials Trojan Virus Manual Removal

admin — Tue, 16 Nov 2010 00:12:53 +0000

Although it is possible to manually remove the Fake Microsoft Security Essentials Alert Trojan Virus, it can also damage your system if you are not familiar with how to use the registry, as advanced spyware are able to automatically repair themselves if not completely deleted. so in other words, manual spyware removal is recommended for experienced users only. For other users, we recommend using Malwarebytes or other malware spyware removal software such as Combofix. Malwarebytes deletes and protects from malicious running trojan files and registry entries for free. Malwarebytes will help you to remove Fake Microsoft Security Essentials Alert Virus.

Stop the Fake Microsoft Security Essentials Alert Trojan processes below by pressing CTRL + Alt + Delete:

antispy.exe
defender.exe
tmp.exe
hotfix.exe

Remove these Fake Microsoft Security Essentials Alert Trojan Registry Entries:
Click start menu and type “regedit”

HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = “0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnPostRedirect” = “0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\antispy.exe”
Remove these Fake Microsoft Security Essentials Alert Trojan files:
%UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\defender.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Local Settings\Temp\[random characters].bat

For Vista/7:
%UserProfile%\AppData\Local\antispy.exe
%UserProfile%\AppData\Local\defender.exe
%UserProfile%\AppData\Local\tmp.exe
%UserProfile%\AppData\Local\hotfix.exe

C:\END
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Fake Microsoft Security Essentials Alert Trojan infected files and get help in Fake Microsoft Security Essentials Alert Trojan removal by using free Malwarebytes.

How to remove Trojan Horse Generic.17 16 15 14.DYJ

admin — Mon, 10 May 2010 18:17:39 +0000

If you have gotten a virus in your PC called Trojan Horse Generic with a number next to it such as .17 or 16 or 15 or 14, this simply means you have downloaded an illegal software from a torrent. The risk level of this virus is not that great but still needs to be removed asap.

Trojan horse Generic 14.DYJ is a detection for a trojan that applies a Rootkit technology to remain itself hidden from system so as to avoid being detected by antivirus application. Trojan horse Generic 14.DYJ can hook itself into Windows registry and create a backdoor to allow a remote attacker gain full access on victims computer.

Damage Level: Medium

Systems Affected: Windows XP, Vista, 7

To remove this virus, you will need to download Rkill

Downloads:
Download from BleepingComputer.com – 257kb

After you have finished with Rkill, do not reboot your PC, make sure you also have MalwareBytes installed on your PC, you will need to run this next.

Click here to download MalwareBytes

Now run Malwarebytes and this should fix your virus. You may run quick scan, and make sure you update malwarebytes before you scan and clean. Good luck