Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Friday, February 5, 2016

Remove "help recover instructions+..." Virus and Restore Encrypted Files

Help_recover_instructions+[random letters].txt files belong to the TeslaCrypt ransomware. If all your files have a random extension (ie: .micro) appended on the end of the legit extension (ie: DOC, EXE etc) and you see help recover instructions+... files (can be as many as 3000) in every directory then your computer is definitely infected with ransomware. No one is immune from the threat of malware, ransomware, phishing scams and hacker attacks, no matter whether you are a home computer user or the head of a big organization. And thinking that you are is an assumption which could cost you dearly. In a similar vein, taking it for granted that the ancient antivirus program you installed when you bought your computer five years ago is still keeping you safe from harm, despite the fact that you haven't upgraded it in years, is also a huge mistake.



We are all at risk from the many different types of malicious software out there and not being proactive about your online security can cost you time, money, data and a great deal of stress. That's why we advocate learning as much as you can about common threats, whilst also taking steps to protect yourself. In this instance we are going to be looking at a type of malware called ransomware so that if you should come across this very unpleasant attacker, you will hopefully be better prepared to deal with it.

What is help_recover_instructions+... ransomware?

The name has probably given the game away already – no prizes for guessing that ransomware is something that has been created to kidnap your files and data and then encrypt them so that you are not able to access them. Once your files have been subjected to this form of lock down you will then, in good old time honored fashion, receive a ransom note from your data's kidnapper. It's usually a text file for example help_recover_instructions+gtr.txt but it can also be a PNG file or a pop-up message on your computer screen.



This will, naturally, tell you that if you ever want to see your files again, you will need to pay a sum of money. The way this works, is in theory, by the kidnapper sending you a code which you can use to decrypt your data once they have received your payment. However – and it is a big however – I don't recommend that you pay a penny.

Why you shouldn't pay the ransom

There are a number of reasons, but probably the biggest one, for you personally at least, is that there is absolutely no guarantee that you'll receive the decryption code in return for your payment. These are sophisticated cyber criminals we are dealing with here after all – honesty is probably not in their company mission statement!

In addition to this, by capitulating to their demands, you are only reinforcing the fact that their business model is a nice little money spinner. The more people pay, the more they will keep targeting innocent users like you and me.

It can be tempting to give in especially as a lot of ransomware adds to the stress you are already feeling by either pretending that the help recover instructions+... ransom note has been sent by a law enforcement agency, such as the FBI or CIA, or they'll tell you that the decryption code won't work after a certain point in time and your files will be lost for good.

What should I do if I've been infected?

It's easy to say, but try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing help_recover_instructions+... and related malware:


Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.






2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by help_recover_instructions virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Saturday, January 30, 2016

Remove "Ads by Not set" Malware (Uninstall Guide)

If you are one of the unfortunate many who has been infected by "Ads by Not set" adverts and you would like to learn how to get rid of them so you can browse in peace, you've come to the right place. If you would also like to learn a little more about this malware, then we suggest you continue to read because in this article we are going to take a closer look at how it got its name, what it means for you as a PC user, and how and why it has a rather unsettling habit of seemingly being able to read your mind.

How many more ways can cyber criminals get you to part with your money?

The internet is big business – that doesn't come as much of a surprise – but what you may not realize is that cyber crime is constantly evolving and the ways and means which cyber criminals are employing to unleash carnage on our computers and defraud us of our hard earned cash is in perpetual motion as the industry fights to stay one step ahead of the reactive security tools and anti-viruses that are doing their best to keep up with them.


It is certainly true that malware comes in many shapes and sizes, whether a programmer is corrupting your data for "fun" or installing something known as a keystroke logger on your device so it can copy the information you input into your keyboard, and whether they are trying to hack your bank account or steal your identity, or simply employing underhand tactics to drive traffic and leads to their website, we are faced with no end of dangers and annoyances. All of which can have a real negative effect on your computer's performance.

As mentioned, here we are going to take a look at malware that displays "Ads by Not set" ads on your computer. And although this is often not considered to be as lethal as other types of malware, its habit of installing a component and tracking your web use (and thereby being able to send you those 'mind reading' adverts that are tailored to your interests) means that many people take umbrage to its existence on their computer and just want to be able to remove it.

A brief guide to removing "Ads by Not set" with a removal program:
  1. Download a reputable malware removal program (download link below).
  2. Back up your files to an external hard drive. (Important!)
  3. Restart it while holding the F8 key down during boot up. (Safe Mode.)
  4. Run the malware removal program.
  5. When the scan is complete it will tell you the name of the malware.
  6. Delete the file!
  7. Reboot your PC.
  8. Run the malware removal program again to be sure you are 100% malware-free.
Hopefully now you should no longer be plagued by those pesky adverts.

Still getting annoying "Ads by Not set" ads?

Please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



"Ads by Not set" Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.






2. Remove "Ads by Not set" related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Capricornus
  • GoSave
  • Extag
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove "Ads by Not set" related extensions from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.




2. Click on the trashcan icon to remove Capricornus, Extag, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!


Remove "Ads by Not set" related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools MenuAdd-ons.




2. Select Extensions. Click Remove button to remove Capricornus, Extag, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove "Ads by Not set" related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.




2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Wednesday, December 23, 2015

Remove Top Arama Search (Uninstall Guide)

Like most of us, chances are you are getting more than fed up of having to constantly be on the lookout for, and defend yourself against, the numerous hacking and phishing attacks, malware, computer viruses, browser hijackers and other cyber criminal activity that is now so commonplace that we are virtually immune to it.

The trouble is, the more high profile attacks and security breaches there are in the news, the more we think that, as a small company or an individual computer user, we are safe from being targeted. But that is simply not true – after all, if you were a malware programmer or cyber criminal, who'd you go after: the big enterprise with a robust security posture – or an end user who is likely not to have updated their anti-software program since they bought their laptop? With that in mind it makes perfect sense to take steps to protect your PC from an attack.

Top Arama browser hijacker

Of course, not all malware or other programs or threats are created equal and the damage they can inflict can have varying degrees of severity, but regardless, you should still take steps to protect yourself – and your computer – from attack by any type of undesirable program because if they do have one thing in common is that they can all cause issues - ranging from sluggishly running operating systems to complete and utter data corruption or loss.

You may well have heard browser hijackers - described as inhabiting the tamer end of the malware scale. Indeed there is an argument as to whether they are actually malware or not. And although it is true to say that such browser hijackers as Top Arama are not nearly as harmful as something such as a Trojan Horse, that is not to say that you should ignore them.

What does Top Arama do?

Think browser hijackers are not 'that bad'? Take a look at the following Top Arama's traits and see if you change your mind:
  • Top Arama's main 'function' is to uninstall your existing search engine provider and homepage and replace it with one of their own design, in this case search.top-arama.com. That in itself is annoying enough when you are used to, and are perfectly happy with, your existing set-up, however...
  • Browser hijackers change these things, not because their programmer truly believes that their new home page is any better than the one previously installed in your browser. It is because the home page has been designed to manipulate your internet searches so that traffic is driven a website of the Top Arama programmer's choice. And this will happen every time you try and search for something. Annoying, much?
How did the Top Arama infect your computer?

Browser hijackers usually come bundled with another programs when you're downloading them, which means that you need to be proactive and read software licensing agreements properly. For the most part, the Top Arama browser hijacker will be mentioned in the fine print, so take a moment and make sure you know exactly what you are downloading.

How do I remove it?

It can be a tedious task. It modifies browser settings and also makes modifications to Windows registry. Hopefully, the removal guide below will help you to remove this browser hijacker from your computer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Top Arama Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.






2. Remove Top Arama related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Top Arama
  • LiveLyrics
  • GoSave
  • ExtTag


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Top Arama from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.



2. Click on the trashcan icon to remove Top Arama, PursuePoint, LiveLyrics, GoSave, ExtTag, BookmarkTube extensions.

3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset.

6. Right-click Google Chrome shortcut you are using to open your web browser and select Properties.

7. Select Shortcut tab and remove "http://search.top-arama.com/..." from the Target field and click OK to save changes. There should be only the path to Chrome executable file.



Remove Top Arama from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Top Arama, PursuePoint, LiveLyrics, GoSave, ExtTag, BookmarkTube browser extensions. Close Add-ons manger.

3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: top-arama

Now, you should see all the preferences that were changed by search.top-arama.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://search.top-arama.com/..." from the Target field and click OK to save changes. There should be only the path to Firefox executable file.



Remove Top Arama from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select top-arama.com and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://search.top-arama.com/..." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.
Read more

Saturday, December 19, 2015

Remove Outrageous Deal Ads Malware (Uninstall Guide)

Outrageous Deal has the ability to either download or display adverts on to your computer whenever you are online and connected to the internet. These Outrageous Deal ads can look a little different to each other, but needless to say, they all fall under the umbrella of adware. Some of the ads (often thought of as the most annoying sort) are pop-up or pop-under windows that will attack you with willful abandon, while others are the common enough banner adverts. Others still may be links or boxes placed at strategic points on your computer or other device's screen.


The one thing that these different styles of Outrageous Deal adverts all do have in common however, is an uncanny ability to match your needs or interests, as discerned by the adware. This might seem like a coincidence at first, then it can seem downright spooky. You may well get to the point whereby after you have seen the 15th advert for bargain fitted kitchens, or fashionable sneakers – and, crucially - those are the very items you have recently been searching for online, you either might start freaking out and wondering just how on earth your computer knows what you are looking at online – or maybe you are thinking that there perhaps might just be a little more to adware than it first seems.

The reason why you have Outrageous Deal on your computer

For the most part it comes bundled with another program, application or software tool that you have downloaded. Whether or not the application or software is free or you are paying for it turns out to be pretty much irrelevant. Outrageous Deal is developed, in the majority of cases, to recoup the costs of developing another applications or software that is given away for free. In addition to this it is also used by a developer so that they can earn money through the adverts themselves.

So Outrageous Deal is not a mind reader?

No. You can throw any thoughts of coincidence or supernatural goings on out of the window for the fact is that Outrageous Deal is a cleverly designed piece of software that is able to track which websites you are looking at – whether that is fitted kitchens or the latest must have footwear. When you install the original program – and the adware alongside it – you are also installing a component onto your computer that will monitor which websites you visit, and collect that data. This information is relayed back to the developer who is then able to show you advertising based on your search and browsing habits.

How to get rid of Outrageous Deal ads?

To remove this adware from your computer and stop Outrageous Deal ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Outrageous Deal Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.






2. Remove Outrageous Deal related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Outrageous Deal
  • GoSave
  • Extag
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Outrageous Deal related extensions from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.




2. Click on the trashcan icon to remove Outrageous Deal, Extag, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!


Remove Outrageous Deal related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools MenuAdd-ons.




2. Select Extensions. Click Remove button to remove Outrageous Deal, Extag, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove Outrageous Deal related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.




2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Friday, December 18, 2015

Remove Yoursites123 Homepage Malware (Uninstall Guide)

Yoursites123 is a browser hijacker that modifies your web browser and Windows registry. It's very similar to Mysearch123. Once installed, it will change your home page and default search engine provider to Yoursites123 (http://www.yoursites123.com/). It's not a real search engine, even though it may look like the real thing. It simply redirects your searches to globososo.inspsearch.com or similar websites that most likely pay for search traffic. Inspsearch.com is not a new kid on the block. I mentioned in my previous article about Delta-homes browser hijacker. Despite being blocked by most antivirus engines it still manages to operate successfully and generate revenue which is without a doubt the main reason why browser hijackers are creates in the first place. When it comes to browser hijackers, we are talking about something that can have an annoying – and sometimes dangerous – effect on your computer.


Browser hijackers are characterized by the fact that they come in the guise of something that appears to be innocent – and often useful. They magically manifest themselves as a tool bar, a home page, a browser or a search engine. In this case Yoursites123 is installed as a homepage or a startup page is you want. At this point you could be forgiven for thinking 'but what is so wrong with that?' After all, these are things that we depend on daily when we are using our computers or tablets.

The Yoursites123 problem

The issue with browser hijackers is that they install themselves on your desktop, laptop or tablet without expressly asking your permission. The silver lining to the cloud is that most browser hijackers are not especially dangerous – but nevertheless they take it up a notch on the annoyance scales and can leave you tearing your hair out in frustration as you battle with them. Just like their furry counterparts, these browser hijackers are extremely willful and will do exactly what they want.

That might not involve pooping on the rug, but they will replace your existing functions with their own versions. These will then redirect your internet searches to websites that the Yoursites123's programmer wants you to visit. They can also have a serious effect on your PC's security posture – due to this redirecting of your searches to unknown, and often dubious, websites.

How did I end up with the Yoursites123 on my PC?

In the majority of cases, Yoursites 123 will come neatly bundled with another program – and that could be anything from an upgrade to your trusted online VoIP app or a free game that a friend or acquaintance sent you in a link via an email or chat message. However, one thing to bear in mind is that it doesn't matter what you are downloading – browser hijackers aren't fussy and will hitch a ride with anything from a reputable PDF viewer to sparkly wallpaper or emoji downloads.

The good news is that YOU have a choice in whether you install a browser hijacker or not. This means that they are normally mentioned in the original download's End User License Agreement (EULA). A browser hijacker programmer will claim that their annoying, redirecting, mischievous browser hijacker is just as potentially wanted as it is unwanted – meaning they do not have anything to be surreptitious about.

How to avoid a browser hijacker

You've probably already come to the conclusion that if you don't want Yoursites123 on your computer, the best course of action you can take is to read the EULA properly!

How do I remove Yoursites123?

It can be a tedious task. It modifies browser settings and also makes modifications to Windows registry. Hopefully, the removal guide below will help you to remove this browser hijacker from your computer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Yoursites123 Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.






2. Remove Yoursites123 related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Yoursites123
  • LiveLyrics
  • GoSave
  • ExtTag


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Yoursites123 from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.



2. Click on the trashcan icon to remove Yoursites123, PursuePoint, LiveLyrics, GoSave, ExtTag, BookmarkTube extensions.

3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset.

6. Right-click Google Chrome shortcut you are using to open your web browser and select Properties.

7. Select Shortcut tab and remove "http://www.yoursites123.com/..." from the Target field and click OK to save changes. There should be only the path to Chrome executable file.



Remove Yoursites123 from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Yoursites123, PursuePoint, LiveLyrics, GoSave, ExtTag, BookmarkTube browser extensions. Close Add-ons manger.

3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: yoursites123

Now, you should see all the preferences that were changed by yoursites123.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.yoursites123.com/..." from the Target field and click OK to save changes. There should be only the path to Firefox executable file.



Remove Yoursites123 from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select yoursites123.com and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.yoursites123.com/..." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.
Read more