How to remove Trojan:JS/Bondat virus easily

For the average user.

Files created by the virus:
The threat copies itself as .js to %USERPROFILE%\. The name of the file and the folder is generated from your computer's name, for example %USERPROFILE%\badce\tgwrryyi.js. 
all drives will be affected. Spreads through removable drives and steals information from the compromised PC.

This are the files created by this trojan virus

The following can indicate that you have this threat on your PC:

Your files and folders in removable drives have been replaced with shortcut links or moved to a folder called .Trashes or Drive and create a folder name 598

and the javascript inside it

1. Download and run ESET JS/Bondat fixer   
   
2. just click the link to continue the download and open JS/Bondat removal tool

Click Run

3. and agree, now the JS/Bondat removal tool will scan and notify if your computer is infected

4. just click yes, after cleaning is complete, press Y to restart your computer. 

Here is option 2

1. Download Microsoft Security Essential and extract on the desired path. Click here for 32 bit and 64 bit.

      2. Install MSEIntall32/MSEinstall64, Note! after the installation do not restart the computer just
         download the updates, after updating the MSE will show updated then do a quick scan. if you
          have trouble downloading the updates, for MSE 32Bit Click Here. for 64Bit Click Here

     3.After a quick scan reboot the computer, if desired make a full scan to all drives if you have 
        drive d:, e: and so on, anyway, mse is always on guard.all done :)!

      Click here for more info about JS/Bondat

For quick adware and malware removal without installing anti-malware

Note! Anti-virus is still needed.

Removal of the following without installing anti-malware.
Adware (advertising Softwares)
PUP (Potentially Undesirable Program)
Toolbars
Hijacker (Hijack of the browser's homepage or search engine)

Tools needed
Download:
Bitdefender ART and AdwCleaner
Compatible with Windows XP, Vista, 7, 8, 8.1 in 32 & 64 bit.



Nowadays PUP or potentially unwanted programs are commonly installed on computers of unaware PC users, it is because these apps were bundled with some common freeware applications used by most consumers looking for free software, most of this apps consumes more resource than your legitimate programs.
To prevent this program install in your PC's make sure you read any agreement before you click yes or agree while installing the program.

Signs of malware and adware installed on your computer:
                                               
                                               In the toolbar and in the start page

The default search engine you use

In process 

Pop-ups

What to do:

                   Download and Run  AdwCleaner
                       
                                                BitDefender ART                                                   
                                                                 

                                            BitDefender ART scanning
                               

                                    Adware and malware found while scanning

Adwcleaner found adware

After scanning the removal tools will notify you to reboot just confirm to reboot.

Remove Adwares and Malwares Free: Adware, fake virus, Malware, Trojan Virus, keyloggers, hijackers, pup.

This program can remove adware, fake virus, and malware, all you have to do is download, install and scan.
You can download free Malwarebytes Anti-Malware Free, just copy and paste the link below into your browser.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

How to remove yuyun Cantix virus easily.

For the average user.
Files created by the virus: autorun.inf, Microsoft.Ink, Desktop.ini, all drives will be affected by this virus.

1. Download Microsoft Security Essential and extract on the desired path. Click here for 32 bit and 64 bit.
2. Install MSEIntall32/MSEinstall64, Note! after the installation do not restart the computer just download the updates, after updating the MSE will show updated then do a quick scan. 
3. Optional: While scanning, download  these utilities  Cure Utility  or  Quicklock . This utility will restore the task manager, registry editor, folder option and run. If Cure.exe won't run, download Dot net framework. this app needs dot net 2 framework. To download get here at filehippo.
4.  Extract Cure.exe or Quicklock, on windows 7 right click then Run as administrator.on Cure.exe click Heal button then ok. On Quicklock, if the task manager and registry editor is disabled it will show the checkboxes were all checked, to restore them uncheck the checkboxes then apply.  
5. Click run or windows icon + r, on the text box type MSConfig then hit enter, select startup tab uncheck all except Microsoft security client then click ok.

   

   Msconfig Utility

6. Reboot the computer, if desired make a full scan to all drives if you have drive d:, e: and so on, 
7. anyway, mse is always on guard.all done :)!

Win32.Sality Removal: Remove Win32.Sality VIrus/ Disinfect Win32.Sality Virus the easy way

To disinfect a computer from Win32.Sality Virus, use this utility SalityKiller from Kaspersky Lab.

1.) Download SalityKiller and execute.

For worst!
2.) Download and burn to CD/DVD

3.) Turn off system restore.

Optional download utility to open task manager if taskman is disabled.
      If Cure.exe wont run get dot net framework
4.) Download Registry cure  

You just open it and scan for a few minutes then reboot ^_^.


Download from main website Sality killer

facebook virus july 26-27 2011

Tools needed:
Process Explorer
Kaspersky Virus Removal Tool 2011
Antivirus, we use free AVG antivirus
 HijackThis
Malwarebytes
Closing ports 445 and 135  - fix Generic Host for Win32 Process and svchost.exe errors.
 or update your windows security patches

Step 1

Before we begin first download Process Explorer if the browser wont allow, open task manager and kill in the process the falshplayer.exe (press Delete then ok or right click the flashplayer.exe and delete.).
and second download the above tools needed.
when all the tools are ready, install the Kaspersky Virus Removal Tool 2011 and make a quick scan, after it removes the infection reboot the computer if needed, after the reboot  click Start >>> click Run then type msconfig, go to Startup tab uncheck  flashpalyer.exe and any application with 32 example services32.exe, ccdrive32.exe,  and also application with no name.

 Step 2

Open the process explorer again and look if the flashplayer.exe, and any apps name with 32 is running , if it is press Delete then ok or right click the flashplayer.exe and delete. you can see mostly the virus stay below the windows explorer. click here

Step 3
Open windows explorer go to tools  then click folder option, In the View tab under the Hidden files and folders click Show hidden files and folders and Uncheck Hide extensions for known file types and Hide protected operating system files.

In the WINDOWS folder in C: delete the folder name update 1, update 01, update -1,update 02 and etc.. or any folder name update/s there's no such thing name updates in WINDOWS sub folder, look at the picture below.

Step 4

Install  free AVG antivirus

Step 5

Run  HijackThis
and  accept then do a system scan, find flashplayer.exe or any name of an application with 32.exe and delete. note! (NvMediaCenter and NvCplDaemon is not included this is not a virus)

Step 6
Install Malwarebytes
update and do a quick scan and remove infections, reboot if needed, if you want to be sure that no virus is still running, repeat step 2.

Step 7

Closing ports 445 and 135 - fix Generic Host for Win32 Process and svchost.exe errors.

 or update your windows security patches

if the virus is still running backup your important files and do a REFORMAT.
.

Registry Cure

A simple utility program to cure the registry damage by a virus, it restores the Windows Task Manager, Run, Folder Option and Registry Editor. If the program won't run, Get Microsoft .NET Framework Version 2.0.
Download DotNet Framework 2

 Download  Reg Cure

Freeware AntiKeylogger

What are keyloggers? 

 

Keylogger is a malicious program (usually known as spyware) it intercepts and logs every  keystroke. These log file can be stored locally or sent to an attacker using FTP, e-mail, etc.
Some of the keyloggers contain additional features, like stealing data from clipboard, taking screenshots (i.e. copies of what you see on the screen), and reading information directly from opened documents, even if you have just opened document to read!
Trojans, worms and viruses usually contain keylogging module inside, which sends collected private data to the hackers.

Updated link! Download here

How to fix Generic Host for Win32 Process and svchost.exe errors.

“Generic Host for Win32 Process” and the faulting Svchost.exe are dreaded errors on Windows XP (SP2).These errors can also occur on windows server 2003 and windows 2000, and on both 32-bit (x86) and 64-bit (x64) editions.

Earlier we covered a few solutions to fix Generic Host Process Win32 Services error. Here is one more solution that requires you to close ports 445 and 135 on your PC/computer.

Fixing Generic Host for Win32 Process and svchost.exe errors.

To close Port 445:

! WARNING! Backup the Registry first before you make changes, just for safety!

• Click Start >> Run, to open the Run dialog box
• Here, type regedit to open the registry
• Navigate to the following registry key – HKEY_LOCAL_MACHINE >> System >> CurrentControlSet >> Services >> NetBT >> Parameters

• On the right-hand pane find the option TransportBindName.
• Double click on TransportBindName and delete the existing default value.
• click Ok

From the above, it is clear, that you have closed Port 445 by giving a blank value to TransportBindName for NetBT services.
 

To close Port 135:

! WARNING! Backup the Registry first before you make changes, just for safety!

• Click Start >> Run, to open the Run dialog box
• Here, type regedit to open the registry
• Navigate to the following registry key – HKEY_LOCAL_MACHINE >> software >> microsoft >> Ole

• On the right hand window pane find an option called EnableDCOM
• Double-click EnableDCOM and change the value from Y to N
• click Ok
• Close the Registry Editor and restart your computer

If  problem still exist  

• Click Start >> Run, to open the Run dialog box

  In the box type services.msc and find error reporting service and stop service then disable.

For another option, you just update security patches for windows xp.

Repair Windows 7 system files.

Every once in a while, Microsoft Windows system files will become corrupted and report errors. It can be fix by repairing the files even windows is running, you can still work uninterruptedly.

First click start then type cmd on the search box after that right click cmd select Run as administrator.

On the command console type sfc /scannow, fig 1.1.
It verifies the system files for repair.

If the system had no errors the message would be "Windows Resource Protection did not find any integrity violations."
 But if it finds any errors it sometimes force you to reboot in-order to finish repair the system files.
Goodluck!