Win32 Virus Removal

Posts Tagged ‘Threat’

Where do computer virus myths come from? It?s hard to say. One minute you think you know how they work, and the next you?re being told you can get viruses from cookies, Javascript on Web pages, viewing GIF files, and so on. All nonsense of course, but it?s understandable to feel concerned. And it?s a [...]

The Vundo Virus has been around for a while now on the internet and it shows no signs of stopping its control of the new age airwaves on the web. It is definitely a threat to your computer and important files due to the fact that it will make sure that your browser pops up a large amount of ads and other things that will damage your computer if clicked on.

So What is the Vundo Trojan Virus?

It is a very small piece of code that can be downloaded to your computer that usually is unknown to you when you click on a bad link or when you download an email attachment or media file. After this type of Trojan virus is installed, it will start creating connections behind the scenes on your computer to allow your important information to flow out of your computer through the internet. You must install this type of file in order for it to work as it is an .exe, but usually you won’t know when this happens.

The title makes it obvious that Antivirus Sentry is not what it says it is. Antivirus Sentry is really a rogue antispyware program. The computer industry calls these programs ?rogues? because they are fake. These programs are traps to separate you from your money and to take control of your computer in the process.

Some basic information about Antivirus Sentry in particular is that we have seen this program before. Antivirus Sentry is a clone of Vista Antivirus and MS Antivirus2008. These programs are part of the Innovagest 2000 family. Let me tell you a little about the Innovagest 2000 family. Innovagest 2000 is a company that creates and distributes nothing but rogue antispyware programs. That?s correct ? a company dedicated to scamming you out of your money and using your computer for its own purposes.

Programs like Antivirus Sentry are spread through either the Vundo or Zlob Trojans. These Trojans get on your computer any number of ways. You could have gone to a porn site and a corrupt advertisement or video infected your computer. You could have gotten a corrupt or infected file while using a file sharing program. You could have opened a spam email and clicked on the file attached. Or the Trojan could have disguised itself as a video or ActiveX codec in an infected free download.

Once on your computer, the Vundo or Zlob Trojan will flood your computer with pop-ups telling you that your computer is infected or false security alerts telling you that your computer is under attack. Your web browser will be hijacked and you will be taken to antivirussentry.com. At the website a fake scan will run and then tell you that you are infected with a variety of malware.

At this point you are pressured to purchase the ?full version? of Antivirus Sentry. The price will be $34.95, $49.95 or $119.95. If you give your credit card information you get nothing useful back. This is because Antivirus Sentry has already installed itself on your computer without your permission by this point. If you pay the money you will only get more malware, spyware and adware in exchange.

Antivirus Sentry is a resource hog. Your computer will slow down. The programming is shoddy and causes conflicts, which cause errors and freezes. This accelerates the wear and tear of your computer. If you look at your running processes you will see that Antivirus Sentry uses more of your CPU than your most demanding programs.

If you try to remove Antivirus Sentry through Add/Remove Programs you will find on system log in that Add/Remove Programs does not work. At system log on Antivirus Sentry will be running as if you never tried to uninstall it. Some people who are well versed in the registry will try to manually remove the infection. I do not suggest this route because removal can take hours and if you miss a single file Antivirus Sentry will reinstall itself. Not only that, but if you remove the wrong file you could cause Windows not to run.

What I suggest instead is for you to get a real, dependable antispyware program. There are many out there for $40 or less. Once you have an antispyware program on your computer, keep it updated and it can prevent any further infections by rogue antispyware or the Trojans that spread them.

I have AVG 8.0 on my computer; and everytime that I sit still for a few minutes; the “threat detector” pops up and says that I have a threat on – open – and it is called Downloader.Zlob. However; the threat encyclopedia is not giving me any info on it. Can anyone help in this matter? Much appreciated……

As Conficker Worm Waits for Instructions, World Wonders What’s Next.

Other than temporarily grounding the French Navy’s fighter planes and infecting 24 of Britain’s Royal Air Force Bases, the disruptive computer worm known as Conficker seems rather benign, right?

Wrong.

Exploiting Windows Vulnerabilities to Spread

The problem with the Conficker Worm, also known as Downadup and Kido, isn’t what it has already done, but what it could do, say the experts.

?Because of Conficker’s ability to spread as a botnet, no one really knows what it will do next,?says Himanshu Sonkar, chief technologist and researcher at X-Wire Technology, the company which developed Tizer Conficker Razor?, a removal tool to exterminate the worm. ?Conficker lies dormant on your system, awaiting further instructions from its creators who could use it for a large-scale criminal activity.?

The crimes could be anything from tracking an infected user’s keystrokes to stealing passwords or launching a massive spam attack.

Take, for example, what happened in Manchester, England, when Conficker knocked out parts of the city government’s IT systems, including a town hall fine processing system. As a result, the city council could not issue 1,600 traffic citations within the statutory 28 day time limit.

Between the unpaid traffic citations and Conficker cleanup, it cost the city more than a million pounds. But it could have been worse.

What if these Conficker-infected machines contained personal information about each licensed driver, including where they live and what types of car they drive? The worm’s authors could have very easily taken this information and sold it to crime syndicates to use it for burglary or theft.

The potential for malicious intent goes far beyond such basic criminal activity.

When 800 computes at Sheffield Teaching hospitals in the United Kingdom were infected in January, only non-urgent appointments in the medical imaging department had to be cancelled.

The infection reportedly had no impact on patient care. But what if the worm’s authors used Conficker to alter patient files, change treatment plans or adjust drug dosages? The harm would have likely been immeasurable.

Detecting Conficker Quickly is the Best Cure

To prevent any such instance from happening with you, early detection and removal is the best medicine when dealing with Conficker.

You may be infected if your computer begins:

?Locking you out of user accounts
?Creating and scheduling tasks on your system.
?Denying you access to files.
?Disabling your browser from visiting security sites.
?Showing signs of slow local area network or internet connections.

After detection, removing Conficker Worm with a free tool such as X-Wire Technology’s Tizer Conficker Razor? is the next step.

Tizer Conficker Razor? successfully removes all variants of the Conficker worm and Conficker-type malware because it uses heuristic and behavioral analysis for detection and a newly developed proprietary driver-based tool for removal.

?This method of detection and removal is much more reliable than the outdated technology of using malware signatures in the database to detect the threat,? says Sonkar. ?Because the worm spreads different variants of itself, a signature-based tool may not be reliable for detection of every variant.?