Avoiding and Fixing the Destruction from Virus Scams

If you are afraid of viruses, Trojans and worms you very well should be, but that fear is allowing the virus makers to get into your computer even faster and you will unwittingly allow them to enter. This is how the scam works; you visit a website click on a link or even sometimes will be automatically redirected to another website where it will run a fake virus scanning program. This fake program will give you a visual that it is scanning your hard drive but it will not actually be doing that. It will then alert you that you have viruses/trojans/worms and that you need their software to rid yourself of these menaces. It will ask you if you want to download their software to relieve your machine of this menace… Be careful here for any choice you make will download their virus onto your computer and you will have headaches forever after that. It will offer you two buttons one possibly "OK" and the other "CANCEL". This is where you get into trouble. Do not choose either one of these for you will be allowing the virus to install itself!!! If you can, close the window with the "X" in the upper right corner of the screen. If you cannot close the window with the "X" then this is a sign that it is a malicious program. In this event you open task manager (Ctrl-Alt-Delete) and get rid of the window from there. These viruses exploit Internet Explorer by programming the buttons on the message so it can be made to appear that they are legitimate IE messages and you will let your guard down.

Now if you were not so aware and selected either one of the buttons you will now start to see all kinds of alerts that you have viruses/trojans/worms all the time and some of the programs tie up your computer by redirecting you back to their website so you can by their software. They hope to annoy you into purchasing this software to get some relief, for your computer will by this time be almost unusable due to their virus software opening up multiple IE sessions and such. Such programs are "Privacy Protector", "Ultimate Cleaner", "Ultimate Defender" as well as a host of others. If you see a free virus scan on the internet, do yourself a favor and run for your computers life!!! If you are already the victim of these types of programs you can easily rid yourself of them but downloading a free program called "SmitfraudFix" from http://siri.geekstogo.com/SmitfraudFix.php The web page shows a list of the virus/Trojan/worms it removes. It's the first software I run on clients computers and it has worked every time. You must run it in SAFE MODE.


Verified and Tested
By Ralph James
Randem Systems, Inc
February 15, 2008
Randem Systems
Your Installation Specialist
All Support is Done Thru Our Support Board.
http://www.randem.com/cgi-bin/discus/discus.cgi
Your Cure for Most IE Related Virus/Worm/Trojan Attacks...

1 - First disable all unknown add-ins in IE (disable all if you are unsure)

2 - Reset all settings in IE to the default settings

     (ALL SETTINGS!!!! VERY IMPORTANT!!!)

3 - Delete all temp files and cookies (This is where the worms hide their backups).

This is where your WORM lives

Next:

Run Windows Update to install all available updates. Choose the Custom Button. This is the step that users NEVER do. It will make sure you are up to date on all Windows OS software that can protect you and keep your computer running smoothly. It will also update hardware drivers if they are available. and upgrade you to IE7 if you haven't done so already. IE6 is prone to attacks by worms and you cannot disable the add-ins. Keep going back to Windows Update until ALL AVAILABLE UPDATES have been installed (All categories report 0 updates available)

Download, install and run in safe mode a program called SmitFraudFix (It's a rootkit removal tool).

If you can after that run PCTools Spyware Doctor (in regular mode, this costs $29.00).

Run AVG 7.5 Free

This should eliminate your issues...

If you should happen to have your Task Manager or Regedit disabled you can run registry scripts to re-enable them so you can get at the virus/worm/trojan. Look here for those scripts. If your Task Manager is disabled you will need to create a batch file that run a loop of inserting the registry entries in silent mode so that you can get to task manager before the worm replaces the enabled flag with the disabled flag.

If you happen to be one of the lucky ones with a worm/virus/trojan that enabled Windows File Protection and hid it's payload in the Windows dllcache folder you will not get rid of it unless you disable Windows File Protection because now Windows itself will be unwittingly protecting the worm/virus/trojan. You can find out how to disable Windows File Protection here.

PCtools Spyware Doctor is very good at getting those really tough worm/trojans out of your system!!!



Verified and Tested
By Ralph James
Randem Systems, Inc
April 11, 2008