Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Sunday, November 23, 2014

Remove ooov.net pop-up on startup and redirect to gamezdoka.org (Virus Removal Guide)

Ooov.net pop-ups are not only intrusive and annoying but also indicate that your computer is infected by malware. Of course, it's not the most sophisticated malware out there and won't steal your passwords, encrypt or delete files. I've got it from Far Cry download. Yours might be different but despite the source the infection is actually the same. It modifies Windows registry so that once your computer boots a CMD window shows up for a second and opens your web browser. The first think you will see is ooov.net but it works like a redirect website to gamezdoka.org for instance. Or you may be redirected to other websites.

The whole Windows registry modification looks like this:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run then it should be "CMD" running cmd.exe /c start http://ooov.net & & exit.

The good news is that it's not so difficult to remove ooov.net and gamezdoka.org pop-ups. You just need to download and use this very useful tool called Autoruns from Microsoft website. Please follow the steps in the removal guide below.

But there's one thing you should know about this infection: it comes bundled with adware and potentially unwanted programs (PUPs). In other words, if you're getting ooov.net and gamezdoka.org pop-ups on startup then your computer is probably infected by other malware as well, most likely PUPs. Let's get the first thing straight, we're not talking about man's best friend here – in fact we're talking about something that is closely related to one of man's worst enemies! The PUPs we're going to take a look at today are not our furry four legged friends, they are Potentially Unwanted Programs: a different beast entirely.

Potentially Unwanted Programs install themselves on your computer without clearly telling you that this is their intention. PUPs can be tool bars, home pages, web browsers and search engines and although that doesn't sound dangerous – in fact it sounds quite the opposite – in actual fact PUPs are incredibly annoying thanks to their nasty little habit of redirecting all of your web searches to completely different websites instead of the one you were attempting to visit. Ooov.net is a good example, isn't it? Not only that but they can also make your computer more vulnerable to online attacks from malicious software.

More often than not a PUP will be bundled or packaged with another item of software. And it doesn't matter whether this is a well known program or not, as Potentially Unwanted Programs attach themselves to software and applications of varying degrees of legitimacy. That means you could fall victim to a PUP because you downloaded a hit movie, some adult X rated content, new desktop wallpaper or even the widely used, and very reputable, program Skype. Some companies or people who offer downloads are completely aware that a PUP is packaged with their product; however others are none the wiser. As I said before I got this ooov.net pop-up after downloading Far Cry.

But it's not all doom and gloom for it is often possible to spot a Potentially Unwanted Program before it gets installed on your computer. The trick is to properly read the End User License Agreement when you're downloading something. Oftentimes PUPs that display ooov.net and gamezdoka.org pop-ups are mentioned in these (one reason that the developers of PUPs can claim they are not true malware). Malware and PUP creators know that most of us skim through License Agreements and they play on this. You need to watch out though because even when an 'added extra' is referenced the wording can be rather ambiguous or deliberately confusing. You may also come across sneaky little tricks such as awkward wording and check boxes that have already been checked in advance.

The other annoying thing is that if you do end up with a Potentially Unwanted Program on your machine, either through lack of your own diligence or due to a developer's tricky wording, the software developer will know that you've assumed your anti-virus wasn't doing its job properly. However, ask them about this and they'll just tell you that you should have read the License Agreement properly – and really, it's hard to argue with that logic!

Therefore to summarize, when you're downloading something - anything - from the Internet it really is worth your while to take just a moment or two longer and read the small print. That extra minute could save you a whole world of irritation and pain!

To stop ooov.net and gamezdoka.org from popping up on your computer, you can use Autoruns for Windows or open up Windows registry editor, search for ooov.net and delete all entries you find. You can also remove this error message by removing the start-up entry in the Windows Task Scheduler. I recommend using Autoruns. Once the problem is fixed, scan your computer with anti-malware software. Why? Because very often this adware comes bundled with PUPs and even spyware. There might be malware on your computer that you didn't notice yet. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Ooov.net/gamezdoka.org pop-up removal guide:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use an automatic software update tool to scan for vulnerable programs on your computer.

3. Download Autoruns for Windows and save it to your Desktop.

4. Launch autoruns.exe program (Vista/Windows 7/8 users right-click and select Run As Administrator).



5. In the top menu, click Options > Filter Options.



6. Uncheck Hide Microsft entries and click Rescan.



7. Open Longon tab. Find HKCU\Software\Microsoft\Windows\CurrentVersion\Run in the list. Then right-click CMD and select Delete.



8. Close Autoruns and reboot your computer when done.

9. Scan your computer with anti-malware software.

Read more

Friday, November 21, 2014

Remove "Powered by Coupons" pop-up ads (Virus Removal Guide)

"Powered by Coupons" pop-up ads are not only annoying and intrusive but they also indicate that your computer is infected with adware and/or potentially unwanted programs. Pop-up ads usually come in the bottom right corner and give you a list of random products, and obstruct what you are looking at. Whether you view it as a scourge of the Internet, a necessary evil that you must put up with in order to be able to download freeware, or it really doesn't bother you in the slightest, it is worth remembering that adware, or Advertising Supported Software, is not always dangerous. However, read between the lines of that last sentence and you'll probably guess at what we're getting at: adware is not always harmful - and that means that it's not always HARMLESS either!

The problem is that when you're downloading freeware, or even some paid for programs that you need to purchase, you may also be inadvertently and unwittingly downloading spyware or malware at the same time. Sometimes you can get adware that displays "Powered by Coupons" ads.


So whilst this adware might not sound like the most sinister thing out there, if you're thinking that spyware and malware sound far less desirable then you'd be right. Spyware is a software program that has been designed with the express purpose of gathering information about you; specifically your browsing habits and Internet usage. Thankfully, it can't log the keys you type (passwords, logins, credit card details and online bank account info - and hello huge security breach) and it cannot take screenshots when you're logged in. However, if does spy on you and that's more than enough to think twice before leaving this adware on your computer. Please note that it could be installed as ShopperPro or Obrona or something else. This infection is not the same for everyone. You might also notice that when your computer is infected, web browsers often downloads something from shoppingate.info and superfish.com. These websites are used to send information and receive information about possible ads "Powered by Coupons".

Malware on the other hand is a general term which covers a number of unpleasant Internet threats, including computer viruses, worms and Trojan Horses. These are all designed to do your computer, operating system, files, personal security or data serious harm. Either for financial gain, or for a hackers own sick amusement.

The other problem with adware, spyware and malware is that they often continuously run in the background which in turn has a domino effect on your PC's resources. They will slow down your processor, take up valuable memory space and can seriously affect your Internet connection - oh no! Spyware, and adware that displays elements of spyware, have a particular knock on effect as not only are they running around the clock but they're also working hard to collect and transmit all that juicy data about you.

So how do you spot if you have something unwanted installed on your computer? In the case of adware, your first inkling will probably be the proliferation of "Powered by Coupons" pop-up, pop-under and banner adverts that you suddenly start seeing displayed on your computer whenever you're online. That may well be followed with a drop in your computer's performance. The other issue is that when your operating system, hard drive and PC are under pressure, you'll also be more vulnerable to security issues.

It stands to good reason that you want to protect not only your PC but also your identity, your files and your bank account therefore you should always be clued up as to which programs you have installed on your computer. On top of that, when installing new software, always read the licensing agreement carefully so you know exactly what you're downloading along with your original freeware program or purchased software.

To remove "Powered by Coupons" ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



"Powered by Coupons" Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove "Powered by Coupons" related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • ShopperPro
  • Obrona
  • Coupons
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove "Powered by Coupons" related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove ShopperPro, Obrona, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove "Powered by Coupons" related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove ShopperPro, Obrona, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove "Powered by Coupons" related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Thursday, November 20, 2014

855-972-3537 Scam - Your computer may have adware/spyware virus

855-972-3537 phone number is being used by fraudulent websites, support-tech-group.com for instance, to trick you into thinking that your computer is infected with adware and spyware. It's a fake Firewall alert. DO NOT fall for this tech support scam! Your computer is not infected with the viruses mentioned in the fake warning. If you got this pop-up, please close the tab or browser and do not follow the on screen instructions. If you keep constantly getting this fake warning then your computer might be infected with adware, spyware or other malware. Please use this guide to remove 855-972-3537 tech support scam and any associated malware.

Here's how the fake security alert reads:

(1) Firewall Alert:

YOUR COMPUTER MAY HAVE ADWARE / SPYWARE VIRUS

Call 855-972-3537 immediately for assistance on how to remove potential viruses. The call is toll-free.

Possible network damages if the viruses are not removed immediately: UNKNOWN

DATA EXPOSED TO RISK:
1. Your credit card details and banking information
2. Your e-mail passwords and other account passwords
3. Your Facebook, Skype, AIM, ICQ and other chat logs
4. Your private photos, family photos and other sensitive files
5. Your web cam could be access remotely by stalkers with a VPN virus

MORE ABOUT THE VIRUS:
Seeing these pop-ups means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk.
It's strongly advised that you call the number above and get your computer inspected before you continue using your internet, especially for shopping.


As you can see, it's a typical tech support scam. Scammers want to convince you into downloading they bogus malware removal software. Bogus malware scanners usually find hundreds on viruses on your computer that of course don't exist in reality. So, don't download anything and don't pay for bogus tech support service unless you want to lose $200 or $300 just before the Black Friday. I'm pretty sure you don't want this.

Such fake pop-ups are usually displayed by bogus web browser extensions, adware and PUPs (Potentially Unwanted Programs). Potentially Unwanted Programs are a type of software program which you have accidently installed on your PC, laptop or tablet. Surely that's no mean feat – how on earth do you accidently install something you don't want on your own computer? Well that is due to the rather insidious way that PUP developers deliver their 'product'. The truth is that it doesn't matter what you're downloading; it could be something you've paid good money for such as an anti-virus program (the irony!), the latest version of a software upgrade, or some freeware such as a movie or album download, PUPs do not discriminate and whatever you're downloading, you could also be installing a hidden extra in conjunction with the program you do want.

All that you really need to be aware of though is that you need to pay closer attention when you're downloading programs, files or applications online. It really doesn't matter how well known, or expensive, the item you're downloading is, it may still be bundled with a PUP. As a result, you may later get 855-972-3537 scam pop-ups.

So how can you tell if the software or file you want is packaged with a Potentially Unwanted Program? The good news is that it is fairly easy – albeit slightly tedious! Basically you need to stop skipping through the End User License Agreement (EULA) that asks you to agree to a download and take more interest in what it is you're actually installing. Look for mentions of an 'added program' and ensure that check boxes are checked or unchecked in your favor.

If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


855-972-3537 Tech Support Scam Removal Guide:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 855-972-3537 scam pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Quiknowledge
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove scam pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove scam pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove scam pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

"Ads by TakeTheCoupon" Removal Guide

TakeTheCoupon is a software program that has been designed to display automated "ads by TakeTheCoupon" with the purpose of producing a stream of income for the programmer.

These adverts are executed in one of two ways: some ads by TakeTheCoupon are integrated with the software's user interface while others are displayed on a screen that you will be shown at the same time that the installation process takes place. However, other variants of this adware install bogus web browser extensions that turn random words on a web page into links (they are usually double underlined) and then redirect users to dodgy websites and services.

Similarly, the advertisements themselves usually fall into one of two categories: they may be related to a product or service that you are genuinely interested in - or they may not be of any interest to you whatsoever. In fact most people associate the term 'adware' with unwanted advertisements. Nothing strange about that you might think - it stands to reason that some adverts will be more attractive to you than others, but you may have noticed that many of the ads by TakeTheCoupon you see on your computer screen are actually spookily precise and reflect goods or services that you have recently been looking at online. So how does that happen?


If you're seeing adverts for hotels in Barbados - and you've recently been browsing a travel agency, hotel booking or airline website looking at Caribbean vacations, adware is at work. This adware employs a function which is designed to track the websites you look at, analyze the product or service you are seemingly interested in and then shows you adverts that are related to your search.

As mentioned above, TakeTheCoupon is normally utilized to generate revenue for the developer, who uses it as a means of recouping the cost of developing their program. So, that's good for them, but what about us? While it can be tempting to see this adware purely as an unwanted evil, in actual fact, its presence means that you and I get to use different software programs either for a lower price, or in some cases, for free. However that doesn't mean that it is all sweetness and light as it can, and often does, have some negative knock-on effects.

We touched upon the fact above that some variants of TakeTheCoupon adware is unwanted, and this is when it starts to take on the guise of malware - or malicious software. Adware that falls under the umbrella term of malware is most definitely unwanted and is something that you, as an Internet user should take pains to protect yourself against. Adware type advertisements quite often take the form of pop-up windows like ads by TakeTheCoupon, and can be extremely annoying to deal with not to mention difficult to get rid of. They also slow your operating system down as the Internet tracking part of the program is busy constantly monitoring you when you're online (this is not a pleasant thought either) and sending back data to the developer.

So how can you defend yourself against malicious adware that monitors your every move, and can also leave you vulnerable to other types of malware being installed on your machine? Basically you need to be careful when downloading from the Internet and only use sites that you trust and of course you need to install an up-to-date and reputable brand of anti-malware on your machine. If your computer is already infected by this adware and you can't remove ads by TakeTheCoupon, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!


Written by Michael Kaur, http://deletemalware.blogspot.com



Ads by TakeTheCoupon Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove TakeTheCoupon related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • TakeTheCoupon
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove TakeTheCoupon related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove TakeTheCoupon, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove TakeTheCoupon related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove TakeTheCoupon, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove TakeTheCoupon related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Wednesday, November 19, 2014

Zorton Win 7 Antivirus 2014 Malware Removal Guide

Zorton Win 7 Antivirus 2014 is a type of software that SEEMS to have benefits when looked at from a security point of view, but the reality is different. This program actually provides little, next to little, or absolutely no security when it's installed on your machine. It will also generate ambiguous or misleading alerts, and it can also try and lure you into taking part in fraudulent transactions.

How does Zorton Win 7 Antivirus 2014 malware get on my computer?

The thing with Zorton Win 7 Antivirus 2014 is that it's very sneaky. Its creators design real looking pop-up windows that advertise security update software. These windows usually appear on your screen when you're browsing the Internet.


These so-called pop-up updates and alerts are crying out for you to take some sort of action. This might be clicking on them to install their software, accepting a recommended update, or allowing them to detect and delete some unwanted virus or malware. All well and good but the real problems begin when you click the link as this is when the rogue antivirus software springs into action and downloads itself onto your PC.

OK – so I need to avoid it, but what does rogue antivirus software actually do?

Zorton Win 7 Antivirus 2014 has a number of 'features'. It might tell you about a virus that is supposedly on your computer (though your computer will actually be clean) or it may simply overlook viruses that are infecting your computer. And to make matters worse sometimes if you've accidently downloaded rogue antivirus software it might even infect your computer with a virus or other piece of malicious software – all so that the pointless software has something to do and an antivirus to detect!

Other unpleasant effects of this rogue antivirus software:
  • It may lure you into a fraudulent transaction by asking you to upgrade to a non-existent paid for version of a program
  • It can utilize social engineering to steal your personal data such as logins and bank details
  • It can install malware that will steal information whilst running undetected in the background
  • It might bombard you with annoying pop-up boxes containing false or misleading alerts
  • It will probably cause your computer to operate at slower speeds and may corrupt files
  • It may disable Windows updates or disable the updates of genuine antivirus programs
  • It can thwart your attempts to visit websites belonging to reputable antivirus publishers
Zorton Win 7 Antivirus 2014 can be a good doppelganger too and it may try and spoof your normal Microsoft security update alerts. This is obviously not an ideal situation and the trick is to install a very good REAL antivirus on your PC and to make sure you carefully read wording in all pop-ups. If in doubt – don't click!

If you need help removing Zorton Win 7 Antivirus 2014, please post your comment or question below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Zorton Win 7 Antivirus 2014 removal in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this malware from your computer.





NOTE: if you can't run anti-malware software, rename the installer to iexplore.exe and try again.

Read more

Remove Steam Messages Virus (Malicious links in Steam chat to .SCR, .EXE files)

There is a new virus going around through Steam. If you get a message that says "You will exchange this thing?" or "Is this you in the photo?" or "WTF Dude?" with a link DON'T OPEN IT! Even though it may appear as a link to a screenshot it actually redirects to a password stealing Trojan horse (VirusTotal scan results /safe to open). It loads a malicious .src or .exe file and infects your computer. Here are a few scan results: Spyware.OnlineGames, Trojan.Crypt, Win32:Malware-gen, BehavesLike.Win32.Backdoor.fm. Detection ratio is still very low, just about 20% which means that only one anti-virus program out of five will detect this virus and block it. Here are a few examples of fake Steam messages you may get in Steam chat:

You will exchange this thing? screenshot-url.com/Screen_19521.png


WTF Dude? http://screen-pictures.com/img_012/



Here's a list of malicious links that were used previously or still in use:

Click to Enlarge Image
Have you stumbled across the term password stealing 'Trojan Horse' when reading about IT, malware or computers? If so and you're wondering what on earth this ancient Greek mythological beast has to do with modern technology then you've come to the right place! Strange as it may sound, the name does make sense – or at least it should in a few moments.

Feeling slightly confused. Apologies – keep reading and everything will become clear.

What is a modern Trojan Horse?

To understand more about today's Trojans and how they got their name we need to go back in time. You may recall being told the story about Helena of Troy and the Trojan Horse back in your youth. Remember the tale of how the Greeks and Trojans were at war and to con the Trojans into letting the Greek army into their walled city, the Greeks hid inside a huge wooden horse which they offered as a peace offering to the people of Troy. The Trojans accepted this rather bizarre (but kind of cool!) gift and wheeled the horse through their city gates. Of course, as soon as night fell, the Greeks climbed out, opened the gates to the rest of their army, and overcame Troy.

History lesson over and you're still asking what on earth does that have to do with my computer?! Well, just like the wooden horse of yore which was lethal, despite looking like it was a perfectly innocent gift, so too are modern Trojan Horses. For a Trojan Horse in the IT world is actually a piece of malware which has been designed to fool you into thinking it's something you need or want. In 2014, the Greek army is a (malicious) software developer - and we are the unsuspecting, or some may say naive, people of Troy. This Steam chat virus works exactly the same. You get a message with an offer to exchange something which is't very unusual on Steam and you think that it indeed might be a good thing but what you get is a virus. Notice how Screen_19521.png in the fake Steam message becomes a knife.exe when you open a malicious link. And you don't even have to run that file. It loads malicious code automatically.

What will Steam messages virus do to my computer?

We've established that today's password stealing Trojan Horses are an enemy in disguise but how do they pose a threat to your PC? Well, once you've installed this Trojan, thinking it was an innocent plugin, a game, or even exchange item, they can wreak havoc on your computer and systems. Their usual MO is to corrupt your data and files by over-writing parts of your hard drive. In this case, however, it will use your Steam account to spam other users with malicious links hoping that more and more computers will becomes a part of a huge botnet of infected machines controlled by cyber crooks.

Clearly, the hard part is knowing what you can and can't trust when you're downloading software, thanks to the Trojan's innocent guise. The developers of Steam chat viruses are incredibly resourceful when it comes to convincing you to download, click a button, or fill in a form containing personal data or bank details – meaning we need to be on our guard.

How do I defend myself against this Steam virus?

First line of defense, give your city walls an added layer of protection by installing a reputable anti-malware program on your computer. And once it's on there, run it regularly and keep it bang up to date.

You also need to be careful when opening links, attachments in emails or downloading software. If in doubt, don’t! Simple as that. To remove Steam messages virus from your computer, please follow the steps in the removal guide below. If you have questions, leave a down comment below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Steam messages virus removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.





NOTE: If you are using Internet Explorer and can't download anti-malware software because "Your current security settings do not allow this file to be downloaded" then please reset IE security settings and try again.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.



Read more

Tuesday, November 18, 2014

Remove Vosteran.com Search Virus (Uninstall Guide)

If you've ever been unlucky enough to have been the victim of Vosteran Search (vosteran.com) – commonly referred to as malware – then you no doubt have sympathy for anyone who is experiencing the same thing. Malware comes in many different shapes and sizes and it ranges from the annoying and distracting to the downright dangerous. Some types of malware may seem fairly innocuous but can actually act as a gateway, allowing something far more serious to attack your computer. Vosteran is a PUP not malware but because it's usually installed without your permission it's not surprising at all that most people call it malware.


PUP is a Potentially Unwanted Program. It doesn't sound too scary, what with the 'potentially' part of its name softening the blow somewhat but trust us when we say this is likely to be something that you really don't want installed on your computer. Currently, it's detected as PUP.Optional.Vosteran but I'm pretty sure most anti-virus engines will update databases soon with various detection names. Once installed, Vosteran Search adds browser extensions and creates Windows services that run every time Windows starts. As a result, you will notice multiple instances of Vosteran.exe on your computer. Malicious browser extensions are Vosteran 2.3.0 and Vosteran Search 1.0.2. These extensions will change your home page to Vosteran.com and your search engine provider to Vosteran Search.

Part of the problem of this malware is the fact that we really don't know what it can do to our operating systems or our data – are we at risk of identity theft or fraud, or will our files be corrupted or destroyed? A malware attack can leave us in a state of panic.

Sadly for us and the millions of other innocent computer users out there, malware is going nowhere soon and as developers become ever more sophisticated in their means of attacking us, protecting yourself is now more important than ever before.

How is Vosteran Search installed?

It is normally bundled with free software programs which means that when you install something on your computer you really need to read the software license agreement (i.e. the Terms and Conditions) properly so that you are 100% sure what it is you are actually downloading.

What will happen if I've been hijacked by Vosteran Search?

The majority of Potentially Unwanted Programs and browser hijackers leave you vulnerable to attack by adware – advertising supported software. These adverts may be pop-up or pop-under windows or banner ads. Adware is annoying and it also monitors which websites you're visiting so that the owner of the adware can choose which adverts are displayed on your PC. For example, your home page was probably Google but now you have a different home page with ads that are very often misleading. So, despite the fact that you've installed a PUP and a browser hijacker not only your search results will be redirected to sketchy websites, but you will also get ads on your computer. What is more, it's not a very comforting thought to know that you're being spied upon. In addition to this, Vosteran Search will also install a new toolbar in your browser. And far from being an improvement on your old toolbar, you'll soon weary of this one as it will generally have less useful functions, merely serving as a device that redirects you to websites of its own choosing.

How do I defend myself against Vosteran Search?

As mentioned you need to read license agreements thoroughly. Most PUPs will be mentioned in them because the software developers argue that a PUP is not actually malware. As always, you should also make sure you have a good anti-virus program installed on your computer and that it is the most up to date version of it too. Run it regularly and also keep an eye out for suspicious new toolbars, home pages or browsers – these are a very clear sign that you have been attacked by a Potentially Unwanted Program.

To remove Vosteran.com Search from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Vosteran Search Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use an automatic software update tool to scan for vulnerable programs on your computer.

3. Remove Vosteran Search related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



4. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Vosteran Search
  • Vosteran 2.3.0


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Vostera Search from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Vosteran 2.3.0, Vosteran Search 1.0.2, BookmarkTube extensions.

3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!

Remove Vostera Search from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Vosteran 2.3.0, Vosteran Search 1.0.2, BookmarkTube browser extensions. Close Add-ons manger.



3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: vosteran

Now, you should see all the preferences that were changed by vosteran.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Vostera Search from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Vosteran Search and click Remove to remove it. Close the window.
Read more