Monday, December 31, 2007

Trojan Win32.Murlo - last 2007 fake trojan from Zlob family?

Trojan Win32.Murlo - we believe it's the last imaginary trojan horse generated by IEDefender and FilesSecure misleading programs. They show Trojan Win32.Murlo detection reports as their scan results to scare users and force to purchase "full" versions of this dummy anti-spywares.

Trojan.Win32.Murlo is a relentless malware infection that is the latest of the rogue anti-spyware programs on the net today. Initially, Trojan.Win32.Murlo will present a pop up box alerting the user to the following message:
“Critical System Error! Your computer was infected by Trojan.Win32.Murlo It’s dangerous for your system, some files can be lost and your browser can be slow! Click OK to download the antispyware program to clean your computer! (Recommended)”
The incessant pop-ups that Trojan.Win32.Murlo presents advertise for IEDefender which is a fake spyware application that causes even more damage to your system. Ultimately and like many other rogue anti-spyware infections, Trojan.Win32.Murlo tries to convince the user into purchasing a license for IEDefender and will not let up until you do. If you have the Trojan.Win32.Murlo infection on your PC, follow the link below for removal of this infection.
www.spywarenotice.com
Manual removal instructions for Win32.Murlo are the same as for Trojan.win32.BHO.aqz
You can remove Trojan Win32.Murlo and all other spyware using Spyware Doctor Premium anti-spyware with 100% free scan.



Friday, December 28, 2007

Trojan - Win32/Qoologic - new imaginary trojan from FilesSecure

Trojan - Win32/Qoologic - critical system error is a fake message generated by FilesSecure rogue to trick users into buying it's full version.
Trojan - Win32/Qoologic is an imaginary Trojan name used to threaten and trick users into buying the rogue anti-spyware application Files Secure . The user gets infected after downloading the video codec that infects the computer with a nasty Trojan. This Trojan then displays false warning messages stating "Your PC is infected by Trojan - Win32/Qoologic" and recommends to download the program (most probably Files Secure), which will "remove" this parasite. However, in real Files Secure will not fix your PC but might actually expose you to more security threats.
www.spywareremove.com
You can remover this dangerous parasite using Spyware Doctor spyware remover with free scan. Also you can try to use manual removal instructions (at your own risk).


Manual removal instructions - the same as for Trojan.win32.BHO.aqz.

Sunday, December 23, 2007

Trojan.win32.BHO.aqz Removal - Trojan.win32.BHO variants

Trojan.win32.BHO.aqz (and variants) is a real trojan horse that often installs malicious toolbars using browser security backdoors. But some programs (IeDefender, Files Secure) displays Trojan.win32.BHO.aqz fake detection message as their scan\detection result. Trojan.win32.BHO.aqz may be also distributed by a new bogus codec.
You can repair your computer manually, but this may mean searching your PC’s folders and registry for hours for Trojan.win32.BHO.aqz hidden files. To save time, you can automatically scan your PC with Spyware Doctor for Trojan.win32.BHO.aqz and other spyware parasites.

Trojan.win32.BHO variants:
Trojan.Win32.BHO.zn
Trojan.win32.BHO.aqz
Trojan.win32.BHO.bfs
Trojan.Win32.BHO.hn
Trojan.Win32.BHO.g
Trojan.Win32.BHO.r
Trojan.Win32.BHO.abo
Trojan.win32.bho.hj
Trojan.Win32.BHO.ab
Trojan.Win32.BHO.bd
Trojan.Win32.BHO.DBU
Trojan.Win32.BHO.yr
Trojan.Win32.BHO.kd

Trojan.win32.BHO manual removal instructions:
Remove Trojan.win32.BHO.aqz registry values:
670ADC7B-89DC-4F88-98CC-2E3B
CF85F140
7E24E909-FB8A-4837-9DF7-05E7587CB26C
c4545fc9-26d0-4ccf-b4fb-728aed895dbd
E856E05E-1B91-4339-9EFC-9A3308CB5491
B3E45A9B-7756-46A2-AB14-90175CD374F9
BBB05D9E-0297-404D-A6BF-D8F2876B84A6
F9EAAA11-DF98-4615-A2C7-7D03C86A6BE9
69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014
A8565FBC-8D53-4D4F-9BB0-CBC68A22B126
43BA0532-0D69-458A-8C71-AD0F6AE70D19
62EA9201-8CC7-4199-AC30-7744F836322E
b166be07-30a4-4d38-b781-44528a630706
D17CFF74-A19C-4C36-821A-E074E4F889CA
202EBB90-ABD4-46CC-BB5A-4F0ECC67B331
15EB9F40-D775-4463-B75B-8687B3C66BB7
6D64B03B-3B93-4AF2-BFC6-01264A4C7F2A
6A719349-BDF5-4268-9019-4ACA0C2562D2

Unregister and remove Trojan.win32.BHO.aqz dll's:
mscfg32.dll
windivx.dll
websrc32.dll
mlljh.dll
cjvy.dll
gqagksr.dll
esent9.dll
ttvbonvgl.dll
ssqppol.dll
pmspl.dll
urqnomm.dll
msvideo.dll
ecxwp.dll
stream32a.dll
vtssp.dll


Friday, December 21, 2007

Leosrv toolbar - another Zlob BHO

Leosrv toolbar - is another Zlob related Browser helper object that may damage your computer and compromise your privacy and security. It is recomended to remove this malware from your PC.

To remove Leosrv toolbar manually unregister this registry subkeys:

HKCR\CLSID\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\Interface\{6E9078DA-0C69-47B0-9637-2734104BD217}
HKCR\TypeLib\{5328D226-7057-4B06-9E4A-7829BFA7CA78}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\leosrv.ToolBar.1\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\leosrv.bkwo\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\leosrv.ToolBar.1
HKCR\leosrv.bkwo

Use Spyware Doctor antispyware to remove Leosrv toolbar automatically:


Leosrv toolbar remover with free scan


The Leosrv Toolbar is another clone of all the previous Zlob virus toolbars. Same function as the previously named The Voipwet Toolbar. Common distribution method of The Leosrv Toolbar is by the Smart Video Codec trojan. The Leosrv Toolbar displays fakes alerts, warnings and links to rogue anti-spyware products. Four icons and text are present within The Leosrv Toolbar – Remove Popups, Scan Spyware, Security Test, & Spam Protection. All icons lead to rogue security products.
www.spywarenotice.com

Tuesday, December 18, 2007

VirusProtect review. How to remove VirusProtect infection?

So, what is VirusProtect?
This is the product of Russian hackers known as one of the best developers of malicious spyware in the world. It makes you nervous by annoying reminders (there is even special term (annoyware) for such programs as you should now about) like in the picture below:

Never download this “spyware”, please. Otherwise it may lead to irreversible PC damages before you find a really working remedy.

VirusProtect combines characteristics of spyware and adware, i.e. as adware it disturbs you with different alerts pushing to purchase licensed copy of the product and not allowing to concentrate on your activity. At the same time, some components of this malware are responsible for collecting of information disclosing your browsing pattern for further using by marketing experts. However, it is not the worst thing in it. You should be informed that VirusProtect acts as a virus, if your resistance to its banners and alerts seems to be sufficient to prevent from purchase of the application. Should we describe you how does virus run? It may do almost every kind of actions making your PC slower, crippling the most important applications, deleting files and folders. It is clear that VirusProtect developers are great prodigies, they are very skillful in the field of programming and their product is one of the most dangerous contemporary viruses as it combines worst traits of malware, but able to work as a virus as well. Perhaps, Trojan and VirusProtect developers are the same persons.

VirusProtect 3.8 snapshot


So, how can VirusProtect infect your PC?
The most widespread method of entering VirusProtect into your PC is… to make you download it. One can do so even without being previously infected just because it seems that PC runs not well enough. There are number of sites where you can download free scanning versions of VirusProtect. But we won’t list them below and you know why: even if somebody just visits such kind of sites only for browsing, it is very easy to get infected if the PC is not properly secured with reliable antivirus.
Another popular way of infecting is so called secret download. Almost everyone at least once downloaded some free programs like codec, activators, other applications or films, music etc. In this case the risk of getting free VirusProtect is not high as compared to direct downloading.
Third popular method is spamming. Our advice: never open untrustworthy message if it contains attachment with size over 1 Mb, or better never open any message with attachment from unknown sender.
PC also may be easily infected from external non-Internet sources like floppy disks, compact disks, i-Pods etc. Also, if hackers get access to your system via Internet, they may easily install VirusProtect without your permission.

So, how does VirusProtect run on your PC?
First of all, VirusProtect copies itself to few different locations to prevent own deleting. Thus, once installed this program, you may forget your dreams to delete it manually if you are a not an expert in the field of computer viruses.
Later on, VirusProtect starts to disturb you. At the beginning it is just rare reminders like alert messages in the far right bottom corner of the monitor. Then approximately in ten days in case of using PC 5 hours a day, thus, after 50 hours of actual working time, pop-up windows starts to appear. Today it is virtually impossible to get infected by VirusProtect version older than VirusProtect v.3.8 as almost all previous versions have been eliminated or found by us or our partners. If you were infected with old version, you should remember all those flashes and bleeping signals screaming inside your brain like noisy bitch. New version of VirusProtect is much blander. First of all VirusProtect v.3.8 introduces pop-up advertisement of such shy brands like Viagra, different sex-toys online shops, porno-sites (especially asstraffic.com). Unless you did not buy “Super Spyware” VirusProtect, when your monitor has displayed few adverts this product has already partly realized its mission.
At the same time, right after installation VirusProtect starts to detect which sites you visit and sends daily reports to its marketing center, ignoring your personal rights for privacy. Tip: don’t try to sue them, it is really difficult to find a man in SIBERIA.


So, how can VirusProtect harm your PC?
Developers of VirusProtect are very cool guys, but who knows whether they adopted their products to your operational system? We know: believe us, they would not waste their money for such a stupid thing. Moreover, these venerable citizens would be real assholes if they first invested in compatibility of VirusProtect to make your Windows or another system works without malfunctions, but then invested in development of applications to destabilize your system. VirusProtect is dangerous as a program which is not compatible with any operational system as well as it harms as a program that contains applications predestinated for destabilization of your PC.

Our investigations allowed to distinguish 3 quit distinct phases of VirusProtect:

1) Mostly Harmless. From 10 days to 3 months (5 hours of work a day, 3 of them with activated Internet connection – this stipulation will be applied further). VirusProtect starts to watch your Internet browsing almost immediately, but only in 2-3 days firs rare (once per 2- 3 days) alert reminders start to appear. Pop-up windows start to bother you in 7-50 days after infection. Main criteria of this era ending are visible to the average man decrease of operational system speed and strange behavior of applications.

2) Salmon of a Doubt. From 11 days to 4 months. VirusProtect constantly generates pop-up windows with adverts of different products and alert reminders. Sharp breakdown of system speed, almost all applications run with bugs and much slower than usual. It seems that during this period a user should understand that the system is going to collapse.

3) Collapse. It begins usually in 3 months after intrusion. Duration less than 2 days. It is almost impossible to use the system as pop-up windows and other alerts appear with intervals less then 5 minutes, system buzzes systematically. At the end of the phase it is extremely difficult to start up operational system, especially Windows.

So, how can you throw VirusProtect out of your PC.

A lot of companies in the web offer their solutions. But only we have been constantly watching the development of VirusProtect from the very beginning, and may foresee future steps of its developers.
If you want to remove VirusProtect with full and lifetime warranty, use professional remover. Our removal tool will scan your PC for free, and you should download it only when it is recommended.

Friday, December 14, 2007

Trojan.Win32.LinkReplacer - new fake trojan

Trojan.Win32.LinkReplacer is the latest warning message to be displayed via the IE Defender rogue anti-spyware. Trojan.Win32.LinkReplacer - is threat that replaced Trojan.Win32.Obfuscated and Trojan.win.32.agent.akk.


The manual removal process is the same as Trojan.Win32.Obfuscated (previous post)
We recomend to use automatical removal tool (Spyware Doctor) - legistimate and powerful spyware cleaner. It will easily remove Trojan.Win32.LinkReplacer and other threats.

Wednesday, December 12, 2007

Trojan.Win32.Obfuscated Removal

Trojan.Win32.Obfuscated new dangerous trojan horse that may compromise your privacy and security.
"Trojan.Win32.Obfuscated is a relentless malware infection that is the latest of the rogue anti-spyware programs on the net today. Initially, Trojan.Win32.Obfuscated will present a pop up box alerting the user to the following message: “Your browser was infected by Trojan.Win32.Obfuscated.gx You need to clean your system immediately, in other case it can be crashed soon! Click OK to download the high-tech anti spyware protection software! (Recommended)” The incessant pop-ups that Trojan.Win32.Obfuscated presents advertise for IEDefender which is a fake spyware application that causes even more damage to your system. Ultimately and like many other rogue anti-spyware infections, Trojan.Win32.Obfuscated tries to convince the user into purchasing a license for IEDefender and will not let up until you do. If you have the Trojan.Win32.Obfuscated infection on your PC, follow the link below for removal of this infection."
www.spywarenotice.com

Automatical Removal Tool:

Sunday, December 9, 2007

BestSellerAntiVirus - AvSystemCare twin

"BestSellerAntivirus is a rogue anti-spyware program that can get inside your computer through a trojan without you being aware of it. BestSellerAntivirus can be also installed manually from www.bestsellerantivirus.com. Once inside your system, BestSellerAntivirus will show fake security messages that your computer system is in danger and will ask you to download and pay for the full BestSellerAntivirus version in order to eliminate the threat. BestSellerAntivirus can secretly install other spyware applications to steal your personal data ant track computer activity."
Fix slow computer

BestSellerAntiVirus and AVSystemCare have the same interface

You can easily remove BestSellerAntiVirus using XoftSpy SE anti-spyware from Paretologic.
Download the latest version of Spyware Doctor for free right now. Within just a few minutes you will be able to completely clean your computer of BestSellerAntiVirus and other threats! Your computer will be clean and will run alot faster - Your Privacy will be Protected!

BestSellerAntivirus Removal Tool with FREE scan

Saturday, December 8, 2007

How to Remove Webpagesupdates.com (Zlob) hijacker

Webpagesupdates.com is a dangerous hijacker which is comes from Trojan.Zlob spyware. These kind of hijackers displays a fake warning message such as, W32.Myzor.fk@yf warning message to purchase the paid version of rogue security applications (for example; VirusProtectPro, MalwareBurn, VirusRanger and so on.,). Once the Trojan.Zlob installed, it drops many spyware applications to hijacked your homepage. Not only this, It also displays fake flashing warning alerts on your system tray.

You can easily remove Webpagesupdates.com hijacker using Spyware Doctor anti-spyware with free scan.

Webpagesupdates.com Windows XP Variant


Webpagesupdates.com Windows Vista Variant


Webpagesupdates.com Removal Tool

Friday, December 7, 2007

Trojan.win.32.agent.akk Removal.

Trojan.win.32.agent.akk is a new fake spyware detection from Zlob trojan family.
If your computer is infected with this crap your privacy and secuirity may be in danger!
Trojan.win.32.agent.akk will try to install another misleading application - IEDefender rogue antispyware. It will generate fake spyware detection reports forcing users to buy IEDefender "full version".



You can remove it using Spyware Doctor spyware remover with 100% free scan!

Wednesday, December 5, 2007

Voipwet Toolbar - new Browser Helper Object affilated with Zlob.Trojan

The Voipwet Toolbar is another clone of all the previous Zlob virus toolbars. Same function as the previously named The Hdtip Toolbar. Common distribution method of The Voipwet Toolbar is by the Rich Video Codec trojan. The Voipwet Toolbar displays fakes alerts, warnings and links to rogue anti-spyware products. Four icons and text are present within The Voipwet Toolbar – Remove Popups, Scan Spyware, Security Test, & Spam Protection. All icons lead to rogue security products.
Another common symptom of The Voipwet Toolbar is a thin yellow bar that appends itself to the top of the search results page. The message: “Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…” The Voipwet Toolbar will also drop voip.wet.dll into the system registry"
SpywareNotice

Download Spyware Doctor anti-spyware with 100 % free scan to get rid of Voipwet Toolbar

Tuesday, December 4, 2007

AntiSpy Pro - new IEDefender!? AntiSpyPro removal tool


If your computer is already infected with this parasite - Spyware Doctor with absolutely free scan. It can easily remove AntiSpy Pro from your system!

Information from AntiSpy Pro web-site:
"AntiSpy Pro was designed from the core as a single, highly-optimized engine that works as a unified Anti-Threat system to protect against a broad spectrum of malware. Viruses, worms, spyware, and other malicious attacks, which are constantly evolving. We detect tomorrow's threats in real-time, by analyzing code execution for malicious intent - keeping you ahead of the malware-writers."

Remember that AntiSpy Pro is a dangerous rogue anti-spyware. It can damage your computer!
Never download this malware!
MalwareBytes security specialist say that AntiSpyPro has or soon will replace IEDefender.

Sunday, December 2, 2007

Awola - new rogue software!

Awola Anti-Spyware 6.0
"
is a new rogue anti-spyware that can be dangerous for your security and privacy. Awola claims to purchase itself in order to remove reported spyware and adware. But in real Awola produce false positives, it have no spyware detection and removal engine. Awola is a representative of badware family. It can bypass antiviruses and install other spyware to track users activity, save keystrokes and then generate targeted advertisments (pop up's, browser hijackers). Never download Awola, it's useless for spyware removal."
Fix computer problem - technical details
Spyware Doctor with free scan can easily remove Awola crap.