CA Anti-Spyware 2009 : Destory Spyware

Utility that sniffs out and highlights any spyware, adware and Trojans on your PC, ready for placing in quarantine or deletion.

The software now has a much improved interface to rival similar programs such as Ad-Aware. It is just as easy to use and, in some ways, performs a better job.

CA Anti-Spyware found items that the free version of Ad-aware missed in its scan, which may explain why Ad-aware is freeware and PestPatrol isn't.

You can become as involved in the analysis as you like, reading the huge amount of advice available and making your own decisions, or simply let PestPatrol do the donkey work.

After scanning your selected drives, CA Anti-Spyware lists any suspect files with advice on the threat (privacy etc), the risk (high/low) and what to do (delete/quarantine).

New Virus "Southpark.exe" comes to German

Computer Associates warns of Lovebugs successor

There is a life after ILOVEYOU - but this hardly looks pleasing from. The virus expert from c a now warn against a new worm, called South Park. He is not related to the Lovebugs worm and spreads through Outlook on all PCs with Windows 9x, 2000 or NT to run.

Unlike LoveLetter he need not activated Windows Scripting Host. He is tricky, mostly because subject line and body of the mail in the German language are held. The Subject is "Hey old man!" In the body text is the message "Here is the game that you absolutely wanted to read !;-)". Attached is a file called "South Park.exe".

The worm is, according to CA in no way associated with the Pretty Park worm, which a few weeks ago, drove his mischief (ZDNet reported). Written is the new Visual Basic virus in 5th If the file is opened, they are initially sent by mail to all persons involved in the contacts of the infected computer is stored.

In the background, they copied itself to the file "winguard.exe" and embed itself on the hard disk, from where they launch the next time the PC becomes active. Then the worm creates a file called "Swapfile.vxd", for so long with garbage data is filled up the hard drive is overflowing.

As always advise the virus experts about the e-mail to delete unread. CA offers a free Personal Edition of antivirus software "Inoculate" under www.antivirus.ca.com/ ... for free download, which, according to the company against South Park wappnet.

New ILOVEYOU virus appeared

Kapersky Lab warns
The Virus Hunters of the Kaspersky Lab warn of a new variant of the ILOVEYOU virus. The Internet worm "Fireburn" spread just like its predecessor via Outlook as VBS file in the attachment to an e-mail. The pathogen is also in IRC channels, by making the mIRC client infected.
The subject line looks different every time, in the mail states - on receipt of German version of Windows - in most cases:
Subject: Moin, alles klar?
Text: Hi, how's you? / Guck dir mal the photo attached, to, is echt geil;) / bye until then ..
When using a of Windows is written:
Subject: Hi, how are you?
Body: Hi, look at that nice Pic attached! / Watching it is a must; / cu later ...)
As the file names are used:
Ultra-hardcore Bondage.JPG.vbs
Christina__NUDE!. JPG.vbs
CuteJany__BigTits!. GIF.vbs
MyGirlfriend__NUDE!. JPG.vbs
Aguiliera__NUDE!. JPG.vbs
! Jany__Gets-fucked!. GIF.vbs
cute__EmmaPeel!. JPG.vbs
Julie17__xxx.GIF.vbs
Of course, the company offers on its site a patch against the parasite
so to make your computer safe and secure against all these threats, we need to use proper antivirus software and update our antivirus software on the regular basis.

New virus can update itself

Symantec: W95.Babylonia attacks. Exe and. Hlp files

Various anti-virus companies are facing a new pathogen warned himself to be able to update. "This is just the tip of the iceberg," said the adviser Eric Chien of Symantec, the appearance of "W95.Babylonia". "The virus writers are becoming more network-centric ideas to create new types of programs to write."

Previously known name for e-mail attachments with dangerous cargo are:

I-WATCH-U.EXE

BABILONIA.EXE

X-MAS.EXE

SURPRISE!. EXE

JESUS.EXE

BUHH.EXE

CHOCOLATE.EXE

Symantec has since the first appearance of Babylonia on 6 December 24 Virenbefälle counted (www.symantec.com/ ...), Computer Associates since 3 December 15th ELF KByte great program attacks. "Exe" - and ". Hlp" files from Windows 95, however, directed to no harm - not yet. The experts suggest that destructive variants of the language confusion not wait long to be.

The virus first appeared in a newsgroup on - disguised as a Windows Help file named "serialz.hlp" - before and gave a list of serial numbers for commercial software. If the file is opened, it copies itself into the kernel memory and opened a new, four large KByte file with the name "c: \ babylonia.exe". Then copied babylonia.exe to themselves as "KERNEL32.EXE" in the Windows system directory and copy these lists "Software \ Microsoft \ Windows \ CurrentVersion \ Run".

In the result, the program at each program launch itself. It looks at the kind of application "RNAAPP.EXE" in Windows 9x in the online mode is active. If the program is successful, it provides a link to a site of a Japanese hacker ago. From there it loads a text file named "virus.txt" down. This lists the name of "dropper.dat", "greetz.dat", "ircworm.dat" and "poll.dat" on. They use a special format with a header, with "vmode" begins. Vmode stands for "Virus modules.

Finally, the four active loaded files and send the message, among other things "Quando o mestre chegara?" to the address babylonia_counter@hotmail.com. This serves the author about the number of infected computers to determine. About MIRC spreading the virus further.

The author of "Vecna" is, according to Symantec belongs to the Latin American group of virus writers known as 29A.

Users can be infected by the entry "W95/Babylonia by Vecna (c) 1999" in c: \ autoexec.bat noted. An update of the anti-virus software should protect against infe

Norton Antivirus 2008 with Browser Defender is ready

Antivirus software now comes with three licenses per package.

With Norton Antivirus 2008 and Norton Internet Security 2008 Symantec has updated versions of its security solutions. Both programs now included with the browser Defender on a real-time protection against malicious programs that security vulnerabilities in the browser exploit and unnoticed on the computer, as well as threats to target vulnerabilities in Internet Explorer exploit. In particular, for the attacks with unmarked ActiveX, JavaScript and VB Script malicious code.

New in Norton Internet Security 2008 is also the Norton Identity Safe, which the personal information and the identity of the user with online shopping, banking or browsing protect. Norton Identity Safe allows users to control what information with which site to be replaced.

In addition, users can access their data centrally manage. He has the option, passwords and other confidential data in Identity Safe to store and different identities for different activities on the Internet apply. The respective access data created will be automatically retrieved and if necessary entered into web forms. An encryption prevents tap some of the data by keyloggers.

In addition, the user gets on the Home Network feature an overview of his home network, including Wi-Fi router, and can manage individual network components. In addition, a support function directly into the software: If assistance is needed, the user enters directly through the Norton surface via live chat or e-mail with a Symantec employee in contact.

The software packages are expected late September on the market. Both solutions are now standard with licenses for three computers: Norton Antivirus 2008 costs 39.99 euros, Norton Internet Security 2008 is available for 59,99 Euro.

Webroot Brings AntiSpyware Corporate Edition with Antivirus

Security solution offers Vista compatibility and Active Directory integration
Webroot Software announced today the publication of its security solution AntiSpyware Corporate Edition with Antivirus announced. The software is a renamed new version of Webroot SME Security 3.1. Also his other products, the manufacturer now under a new brand names sell.

New in the current version of AntiSpyware Corporate Edition with Antivirus, in addition to the compatibility with Windows Vista Active Directory integration and technology Sophos Behavioral Genotype Protection. The latter analyzes the behavior of code before it is executed.

In addition, Webroot proactive protection to on-Write, Read-on-and on-execute shields extended to block spyware threats. The new version now also contains detailed reports on spyware detection and real-time threats and trace reports. The scalable security solution, according to the manufacturer in networks of all sizes use.

How to remove SpyWorm.Win32 .

SpyWorm.Win32 is a fake security center, It uses same type of unfair tactics that all fake antivirus software uses.This is installed by Trojan.Zlob.N

This SpyWorm.Win32 give's fake security alerts, to inform the users that they are infected by the malicious programs and need to install Windows Antivirus,Ultimate Antivirus and Advanced antivirus.

Related files: stream32a.dll, mscfg32.dll, pdswin.dll, ecxwp.dll, msvideo.dll, windivx.dll, websrc32.dll, pmspl.dll, vipextqtr.dll

We can remove this fake rouge antivirus software by following these steps .

1 Delete all these registry keys .

c4545fc9-26d0-4ccf-b4fb-728aed895dbd

BBB05D9E-0297-404D-A6BF-D8F2876B84A6

F9EAAA11-DF98-4615-A2C7-7D03C86A6BE9

202EBB90-ABD4-46CC-BB5A-4F0ECC67B331

69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014

A8565FBC-8D53-4D4F-9BB0-CBC68A22B126

62EA9201-8CC7-4199-AC30-7744F836322E

b166be07-30a4-4d38-b781-44528a630706

D17CFF74-A19C-4C36-821A-E074E4F889CA

15EB9F40-D775-4463-B75B-8687B3C66BB7

E856E05E-1B91-4339-9EFC-9A3308CB5491

B3E45A9B-7756-46A2-AB14-90175CD374F9

43BA0532-0D69-458A-8C71-AD0F6AE70D19

6D64B03B-3B93-4AF2-BFC6-01264A4C7F2A

6A719349-BDF5-4268-9019-4ACA0C2562D2

2 Unregister all these Dll files by using Regsvr32 -u commnad.

stream32a.dll, mscfg32.dll, pdswin.dll, ecxwp.dll, msvideo.dll, windivx.dll, websrc32.dll, pmspl.dll, vipextqtr.dll

3 Delete all these files from your computer .

Delete files:

stream32a.dll, mscfg32.dll, pdswin.dll, ecxwp.dll, msvideo.dll, windivx.dll, websrc32.dll, pmspl.dll, vipextqtr.dll

Botnet worm in DOS attacks could wipe data out on infected PCs

As we all know, last week US and south korean websites are attacked by DOS attack ie Deniel of service attack . Approximately 50,000 computers are affected by DoS attack in Us and South Korea.

This attack started in july 4th ie on the weekend, on the Government and business sites in both USA and South Korea .

The programs used to wipe out files on the PC, effects the Masterboot record, which caused the problem in booting.

A dropper program called W32.Dozer that contains the other components is sent by W32.Mytob!gen to e-mail addresses it gathers from the compromised computer.

The Dozer Trojan serves as a backdoor and connects to IPs through certain ports, allowing it to update itself and to receive instructions on sites to attack,It's unclear if the DOS attacks will happen again because the infected PCs can receive new instructions at any time.

Trend Micro detected new variant Conficker

WORM_DOWNAD.E loads over peer-to-peer functionality in accordance with the previous version. The new variant is associated with sites such as myspace.com. You should be on 3 May disable.

Trend Micro has released a new version of Conficker with the name WORM_DOWNAD.E discovered via the peer-to-peer functionality in accordance with the previous version is loaded. The new update appears to contain malicious routines. The security experts that it is a keylogger or some other program that tries to get to sensitive data.

As the global leader for information security at Trend Micro's David Perry said, it seems that the harmful from a routine. Sys component to exist, which hides behind a rootkit, and in this way disguises that the PC is infected at all. The software is highly encrypted, so the researchers have problems, analyze the malware.

In addition, the worm connects with myspace.com, msn.com, ebay.com, cnn.com and aol.com to check whether the attacked computers at all has an Internet connection. Then it deletes all the tracks, which he on the host computer has left. According to an entry in TrendLabs Malware Blog is it configured so that he is on 3 May even be disabled.

How to remove WinBlueSoft (fake antispyware software)

WinBlueSof is a fake anti spyware and it is from the family of WiniBlueSoft.this fake antispyware enters in to your computer by following these using Trojan or other malicious programs .

first of all trojan will attack your computer with the security alerts asking you to download and install WinBlueSoft to clean your computer .WinBlueSoft Uses Blocker.dll that makes this infection more devastating.

when blocker.dll is loaded for the first time it will change your desktop to a black background with dark red ominous text written over it. This text is

" Warning!

Your're in danger!

Your computer is infected with Spyware!

All you do with computers is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics. And in some cases

For your boss, your friends, your wife, your children.

Every site you or somebody or even something, like spyware, opened in the browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

Secure yourself right now!

Remove all Spyware from your PC! "

You can remove this fake anti spyware manually from your computer by following these steps .

1 Remove all the files associated with this fake anti spyware software.

c:\Documents and Settings\All Users\Desktop\WinBlueSoft.lnk

c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft

c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\1 WinBlueSoft.lnk

c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\2 Homepage.lnk

c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\3 Uninstall.lnk

c:\Program Files\WinBlueSoft Software

c:\Program Files\WinBlueSoft Software\WinBlueSoft

c:\Program Files\WinBlueSoft Software\WinBlueSoft\data.bin

c:\Program Files\WinBlueSoft Software\WinBlueSoft\license.txt

c:\Program Files\WinBlueSoft Software\WinBlueSoft\uninstall.exe

c:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

C:\Windows\System32\blocker.dll

2 Remove all the registry files associated with the WinBlueSoft.

HKEY_CURRENT_USER\Software\WinBlueSoft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinBlueSoft

HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinBlueSoft"

How to remove Spyware Protect 2009 (Fake antivirus software)

Spyware protect 2009 is a fake antivirus software, it has same as antivirus 2009 (fake antivirus software).

This fake antivirus software can be installed on your computer by torjan (malicious program) such as Zlon or false codes or by other web down loaders.

This program starts scanning computer, After the scanning is over the fake antivirus software shows lot of malicious programs in your computer.ie a false result (files which this antivirus software show does not exist)

Asks to buy the full version of spyware protect 2009 on your computer.

Following are the symptoms of spyware protect 2009.

1 Slow computer performance .

2 Pop-up windows .

3 Sudden appearance of websites on your computer.

4 SpywareProtect2009.exe or Spyware Protect 2009.exe in your computer.

5 Spyware Protect 2009 trys to connect itself to the internet.

we can remove this fake antipsyware from your computer by following these steps .

1 Block all the websites responsible for this malicious attack.

os-protection.com

spwprotect2009.com

spy-protect-2009.com

spywprotect.com

spywprotect2009.com

spywrprotect-2009.com

swp2009.com

sysguard2009.com

2 Delete all the files created by spyware protect 2009.

C:\Program Files\Spyware Protect 2009

C:\Program Files\Spyware Protect 2009\gfx.bin

C:\Program Files\Spyware Protect 2009\options.ini

C:\Program Files\Spyware Protect 2009\SpywareProtect2009.exe

C:\Program Files\Spyware Protect 2009\SpywareProtect2009.exe.MANIFEST

C:\Program Files\Spyware Protect 2009\SpywareProtect2009_start_setup.exe

C:\Program Files\Spyware Protect 2009\tp_starter.exe

C:\Program Files\Spyware Protect 2009\uninstall.exe

C:\Program Files\Spyware Protect 2009\uninstall.log

C:\Program Files\Spyware Protect 2009\vbase.ini

C:\Program Files\Spyware Protect 2009\lang

C:\Program Files\Spyware Protect 2009\lang\english.lng

3 Delete all the registry files associated with spyware protect 2009.

HKCU\Software\Spyware Protect 2009

HKCU\Software\Microsoft\Windows\CurrentVersion\uninstall\Spyware Protect 2009

HKCU\Software\Microsoft\Windows\CurrentVersion\Run Spyware Protect 2009

By following all these steps we can delete this fake antispyware from your computer.

Antivirus: beta Microsoft Security Essentials is available for download

Over the years computers and Internet technology has make tremendous advancement in every field , On one side these advancement helped us a lot in every field ( Business , Education ) .But on other side it leads to the several type of threats on the Internet , for example virus , worms , Trojan horses .

All these threats , on one side effects the performance of our computer , and also causing threat to personal data .

So avoid all these things, Microsoft one of the giants in the field OS and application software is planning to develop and antivirus software.

Downloading the beta version of Microsoft's free anti-virus will be limited to 75 000 users said a spokesman of the publisher.

Security Essentials, available in 32 and 64 bits, providing protection against viruses, malware and spyware for Windows XP, Vista and Windows 7. This suite will replace Live OneCare stops the marketing end of June.

Designed for netBook

Security Esssentials was also designed to require minimal resources and space in order to run properly on the netBook.

Originally called Morro, the software ended up (unintentionally?) On the net since yesterday. It was a pre-beta version that Microsoft is currently testing with its employees and a panel of users picked.

Trojan horse disguises itself as anti-virus tool

Kaspersky warns of mail with attachment "AAprices.exe"; program connects the PC with a site, from a virus on the computer is loaded

The antivirus specialist Kaspersky warns against a Trojan horse that Kasperskys itself as anti-virus program Tarn. In a mass mail to the malicious program TrojanDownloader.Win32.Apher distributed.

Lead Attachment of the user on his system, so iniziiere "Apher automatically an Internet connection to a remote site. From the loaded page will be a tool of the virus "Backdoor.Death.25" on the infected computer. Through the program, and the virus was the attacker in a position to secretly infected computer to use, confidential data and send files as well as to create, copy and delete them.

Currently have been some users with software infected. The Trojans will go with the e-mail address info@microsoft.com sent. The subject of the mail leutet: "Protect Your NetWare with Kaspersky Anti-Virus" and the attachment name is "AAprices.exe".

Kaspersky has an antidote in its database for the program, Anti-Virus 4.0 recorded.

ZDNet offers a Virus Center with current information about the threat from cyberspace, a comprehensive collection of current anti-virus software and a free live-virus check. The online scanner be trimmed its system according to various pests.

W32.Sapaq computer worm

On 12 june 2009, a computer virus worm broke out in the comouter world called as W32.Sapaq, it's a self replicating worm which spreads through network shares and infects executable files.

this worm can infect following operating system .

1 Windows 95

2 windows 98

3 windows 2000

4 windows ME

5 Windows NT

6 Windows XP

7 Windows server 2003

8 windows vista

This worm attacks the executable file that are shared and spread through networks.it's believed that this worm is 81463 bytes to 82439 Bytes.

And one thing is believed that this worm is a low Category worm(means

Once the file is executed, it copies itself into the %System%\drivers\TXP1atform.exe, and then creates the following files:

%System%\drivers\JM.SYS

%CommonProgramFiles%\Desktop_1.ini (non malicious)

%CommonProgramFiles%\Desktop_2.ini (non malicious)

What makes this worm a possible medium threat is that it deletes the host file and then creates another file. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Explorer" = "%System%\drivers\TXP1atform.exe" gets created along with a host of 20+ other HKEY files.

Along with the HKEY files, the worm recreates the JM.SYS file that was embedded with the originally created files (which is a variant of a Trojan virus that steals passwords and then transmits them to the virus proginator) is changed. It changes from JM.SYS to DMusic with an image path of DMusic that automatically starts-up when the host machine is started. As the file is a worm, it continues to infect executable files in the host machine until it’s contained or neutralized. For the network administrators that monitor the continuous outgoing numbers for your network, the key is to watch TCP Port 80, and follow the IP Address: 60.173.10.53.

MJ virus (E-mail threat)

Now a days, if your computer is connected to the internet it means that you can prone to the malicous programs , which are prevailing on the internt.

One o such threat is MJ virus, which emerged, 8 hours after the death of michael jackson .

World's obsession for the sudden death of Michael Jackson,caused a serious threat to computer users,especially for the fans of Michael Jackson .

As this affection of Michael Jackson, is causing email threat ie MJ virus or the Internet .

Mj virus spread via email, this email comes with the subject ‘Remembering Michael Jackson’ and is sent from ‘sarah… michaelja-ckson.com’. this email transmitted from a mass email clamming to contain secret songs and phots of Michael Jackson in an attachment.

By opening the attachment, computer users are exposed to infection. Once infected, a computer will begin automatically spreading the worm onto other Internet users.

This MJ virus is capable of spreading as an autorun component on USB memory stick.

These email has one more thing ,it also contain link for "revealing truth from death of Michael Jackson'

So, to make your compute safe and secure, we need to use proper antivirus software. To make our computer safe against such threats.

How to system security 2009

System security 2009 is fake or rouge antispyware, it is the sucessor of system security malware, it enterns into the computer using Trojan or other malicious programs, Once your computer get infected with you will get the Pop-ups " That your computer is infected and you need to buy system security 2009, Once this fake antivirus software is there in your compute there is alway, a threat of data corruptin and also your computer can also go to no boot situation .

The latest trick used by System Security2009 is changing wallpaper into scary message : Such as " YOur computer is infected by spyware and your need to install system security 2009.

Following are the steps to remove System security 2009, from your computer .

1 Block System Security 2009 sites:

bestcleaner.us

ultracleaner.us

ultracleaner.biz

websecurityvoice.com

greatvirusscan.com

securityscanguide.com

getpcguard.com

initialsecurityscan.com

interinetskim.com

wwwmobilereads.com

websecuritymaster.com

networkstabilityscan.com

fullandtotalsecurity.com

secureserver4.cc

securityscan4you.com

free-web-scaners.info

totalvirushield.com

justwebsecurity.com

xvirusdescan.com

hypersecurityshield.com

fullvirusprotection.com

freewebmypcscan.com

besthandycap.com

futureinternetsecurity.com

internetsecuritymetrics.com

fullpcvirusscan.com

0scan.us

thesecuritystandart.com

superiorinternetsecurity.com

free-webscaners.net

webstoresecurity.com

crownsafetytool.com

securityonlinesite.com

loved-online-tube.com

scan-virusremover2009.com

aboutdot.info

ourbestsecurityshield.com

safetyscanguide.com

scantrustsecurity.com

scan-av-express.com

2 Find and Delete these System Security Files:

systemsecurity.exe

SystemSecurity.lnk

SystemSecurity on the Web.lnk

Uninstall SystemSecurity.lnk

%desktopdirectory%\system security.lnk

%desktopdirectory%\ws\config.udb

%desktopdirectory%\ws\init.udb

%desktopdirectory%\ws\languages\english.lng

%desktopdirectory%\ws\languages\german.lng

%desktopdirectory%\ws\languages\spanish.lng

%desktopdirectory%\ws\systemsecurity.exe

%programs%\system security\system security.lnk

%desktopdirectory%\ws\systemsecurity.exe

05643921.exe

install.exe

%desktopdirectory%\system security 2009.lnk

%programs%\system security\system security 2009 support.lnk

%programs%\system security\system security 2009.lnk

3 Remove System Security Registry Values:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run systemsecurity

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayicon

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayname

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 shortcutpath

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 uninstallstring

By following these steps we can remove System security software .