 | This image has been resized. Click this bar to view the full image. The original image is sized 789x594. |
Quote:
| You may not believe this but there still are lots of computer users that have no anti-virus program installed because they erroneously think that they will be spared from infection. Some don’t even know what a computervirus is! Well they are clearly wrong and the result is that I needed to clean, repair or dismantle lots of computers to get rid of all the malware that had infected their systems. When someone asks for my assistance, the first thing I always do is an offline anti-virus scan and clean. But when I boot the computer, I am often faced with the same problem; the virus has made some changes to the system restrictions in order to hide itself from easy detection. These restrictions are most often: 1 - Disable Folder Options >> so the user can't set the option to show hidden files! 2 - Disable Registry Tools >> so the user can't see what is going on during system startup! 3 - Disable Ctrl+Alt+Del >> so the user can't see the virus and the other applications running! 4 - Disable Show hidden files & folders >> so the user can't see the malware bodies which always come with hidden attribute set to true! 5 - Disable Run Command >> so the user can't use it to run some tools to track the virus activites of remove it. 6 - Disable Windows Firewall (SharedAccess) >> so the virus can send & receive any data through the network without the attention of the user! 7 - Disable Windows Firewall (Wscsvc) >> so the virus can send & receive any data through the network without the attention of the user! 8 - Disable Windows Firewall (Wuauserv) >> so the virus can send & receive any data through the network without the attention of the user! 9 – Restrict Internet Explorer Home Page Changing >> so the user can't change the malicious web page set by the malware! 10 – Restrict Internet Explorer Closing >> so the user can't close the pops up windows that appear when visiting the malicious web page or any other website! 11 – Hide Internet Options >> so the user can't change any setting set by the malware! 12 – Hide Internet Explorer Address Bar >> so the user can't see what web page being visited and what scripts being executed! 13 - Restrict Internet Explorer Right Click >> so the user can't view the source of the page being visited and other useful things. 14 – Hide Internet Explorer Navigation Buttons >> so the user will be forced to user the keyboard shortcuts to navigate through the web sites! 15 - Hide Internet Explorer Context Menu >> so the user can't access this menu which make him able to select some useful settings. 16 - Hide Internet Explorer Toolbar >> so the user can't use it to remove some unwanted toolbars made by the malware. 17 - Disable Command Prompt (cmd.exe) >> so the user cannot run any console programs like command prompt removal tools... 18 - Disable Control Panel >> so the user cannot use the control panel applets. 19 - Hide system files/folders >> so the user can't see the malware bodies which usually come with system attribute set to true! 20 - Change Show Hidden files option button >> So even if you select "Show hidden files and folders from folder options these files & folder will not be shown! 21 - Disable Show System files check box >> So even if you unchecked "Hide protected operating system files" these files & folder will not be shown! 22 - Disable Show all files/folders check >> So changing this from folder options will be ignored! 23 - Hide Desktop items to prevent the user from accessing My Computer and other desktop shortcuts! 24 – Hide files extensions: This is commonly used by malware to trick the user. By hiding file extension, a user doesn't know whether a file with folder icon is an exe file or just an ordinary folder. 25 – Disable File Extentions Check >> So changing this from folder options will be ignored! 26 – Restrict Windows Update >> So the user cannot download security patches from Microsoft. 27 – Disable Shut Down Command >> So the user cannot shut down the system normally. 28 – Restrict Settings Folders >> Just imagine when you all items under Start menu>Settings wont run! 29 – Disable Taskbar context menu >> You right click your taskbar.. Oops; nothing happens! 30 – Disable Logoff Command >> So the user cannot logoff and use another profile. 31 – Hide Start Menu Logoff >> So the user cannot use this shortcut to logoff! 32 – Restrict Add/Remove Programs >> So the user cannot see what applications and windows components are installed or uninstall/reinstall any application. Unfortunately, AV Software doesn’t really care about these restrictions and do nothing to re-enable them! Until AV software comes up with such a tool in their future versions, we have created a very small tool for you that does just that! It re-enables all what the virus had previously disabled, and gives you back the control over your own computer. We called it Remove Restrictions Tool (RRT). Important note: Since this tool is a security software that deals with the file system, the system registry and the running processes, it MUST be given all the rights it demands in order for it to do it's job. Some other security softwares will try to block the tool and prevent it from doing its job, please make sure that it's not blocked by your filewall and there's no other program blocking it. Before running this tool, we recommend you to disable any other security solution you are runing such as Antivirus, Firewall, monitoring tools ..etc. |
Quote:
| Sick and tired of constantly seeing the temp2.exe error message? When you doubleclick on one of your hard drive partitions, does it show you some unexpected results? When you rightclick on one of your hard drive partitions, do you see a new item called "Autoplay" on top of other items with bold face? When you right click on one of your hard drive partitions, do you see some new items with garbage text? If your answer was ‘Yes’ to any of the above questions then the chances are that you may be infected with the Perlovga virus (otherwise known as temp2.exe) or one of its variants. The problem is that this virus is particulary cumbersome to remove, even by reputable anti-virus programs. But we have the solution and it is called PRT (or Perlovga Removal Tool)! What does this tool do? It detects and reoves all traces of the Perlovga virus from your system, including floppy disks and USB flash disks (the latter ones must be write enabled during the scan process). It also removes the leftovers of this virus by removing the 'autorun.inf' files and cleaning up you system registry, so you won’t see the 'autoplay' item anymore. How to use it? Start your computer in Safe mode and run this tool. If you have infected floppy/flash disks you can insert them and click start. You can repeat this process for every disk you have. Important note: Since this tool is a security software that deals with the file system, the system registry and the running processes, it MUST be given all the rights it demands in order for it to do it's job. Some other security softwares will try to block the tool and prevent it from doing its job, please make sure that it's not blocked by your filewall and there's no other program blocking it. Before running this tool, we recommend you to disable any other security solution you are runing such as Antivirus, Firewall, monitoring tools ..etc. |
Quote:
| Sick and tired of constantly seeing the New Folder.exe file in the root path of every storage media you have? Sick and tired of constantly seeing a new folder inside every folder you have? When you doubleclick on one of your hard drive partitions, does it show you some unexpected results? When you rightclick on one of your hard drive partitions, do you see a new item called "Autoplay" on top of other items with bold face? When you right click on one of your hard drive partitions, do you see some new items with garbage text? When your Antivirus detects and deletes the malware that causes all of that and restart your system, do you see an error message similar to: "Windows cannot find SSCVIIHOST.exe..."? If your answer was ‘Yes’ to any of the above questions then the chances are that you may be infected with the Sohanad virus (otherwise known as New Folder.exe) or one of its variants: IM-Worm.Win32.Sohanad.as IM-Worm.Win32.Sohanad.ao IM-Worm.Win32.Sohanad.am IM-Worm.Win32.Sohanad.ap The problem is that this virus is particulary cumbersome to remove, even by reputable anti-virus programs. But we have the solution and it is called SRT (or Sohanad Removal Tool)! What does this tool do? It detects and reoves all traces of the Sohanad virus from your system, including floppy disks and USB flash disks (the latter ones must be write enabled during the scan process). It also removes the leftovers of this virus by removing the 'autorun.inf' files and cleaning up you system registry, so you won’t see the 'autoplay' item anymore. How to use it? Start your computer in Safe mode and run this tool. If you have infected floppy/flash disks you can insert them and click start. You can repeat this process for every disk you have. Important note: Since this tool is a security software that deals with the file system, the system registry and the running processes, it MUST be given all the rights it demands in order for it to do it's job. Some other security softwares will try to block the tool and prevent it from doing its job, please make sure that it's not blocked by your filewall and there's no other program blocking it. Before running this tool, we recommend you to disable any other security solution you are runing such as Antivirus, Firewall, monitoring tools ..etc. |
No comments:
Post a Comment