May 2015 OS world market share

Free anti-virus tools

Avast 2014 Remote Desktop issue
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware

Trend Micro's   McAfee's Stinger   Symantec's Removal Tools  
- Jotti's Malware scan   Configure avast! Antivirus   Non-profit discounts on Avast here
Here's an anti-virus comparative site 

Got malware, spyware, pop-ups and such? is a great site with many free tools to help rid your system of malware, also try  Ad-aware, SpyBot-Search & Destroy, Spy Sweeper , most can be found here from

By now, most people acquainted with the Internet know that scammers and cybercriminals tend to treat holidays as a special opportunity for mischief. But the scammers' methods of attack change over time. Here's what they've been up to lately.

1. Facebook spam. You get a lovely Valentine's Day message on your Wall, and when you click on the link, it takes you to a page for some Valentine's Day app. When you download the app, it asks you for permission to post on your Wall, access your basic information (including your list of friends), and access your data. If you say yes, then you've just allowed this application to spam your Wall and the Walls of all your friends. Even worse, you might then get tricked into filling out a survey that makes money for the scammer. And because they have access to your list of friends, they might fall prey to the same scheme.

2. Fake romances. If you meet somebody online who allegedly lives overseas, or who never seems to be able to meet with you in person, be suspicious. If they happen to have a small child or relative who falls suddenly ill, or if they experience some other crisis that calls for a massive infusion of cash, be very suspicious. True love seldom, if ever, comes in the form of a faceless stranger asking you for money.

3. Delivery scams. A new trick involves getting an email from a "delivery service" letting you know that the flowers you wanted sent to your special someone won't be making it there unless you provide a new credit card number for your order. Most people won't fall for this, because even on Valentine's Day, the percentage of people who have ordered flowers on the Internet pales in comparison to the number of people who haven't. But a crook only needs one sucker in order to go on a shopping spree.

4. And now...  Ransomwaredecrypt cryptolocker with help from FireEye and Fox-IT

You can help protect yourself from these and other threats by making sure your security software is up to date. Trend Micro can identify phishing attempts, prevent you from visiting dangerous sites, and block malware. Or give it to that special someone as a romantic Valentine's Day gift!


To totally uninstall F-Secure have a look @ this link []

To totally uninstall Kaspersky have a look @ this link []

To totally uninstall McAfee have a look @ this link []

To totally uninstall NAV (2003 & later) have a look @ this link []

To totally uninstall NAV (pre 2003) have a look @ this link []

To uninstall NOD32 use the Windows Add/Remove and follow up with the removal tool available here []

To uninstall Norman Virus Control / Norman Internet Control use the removal tool available here []

To totally uninstall Panda 2007 have a look @ this link []

To totally uninstall Panda 2008 have a look @ this link []

For earlier Panda versions... see their support pages to find the uninstaller for it...

To totally uninstall PC-Cillin have a look @ this link []

Windows Live OneCare cleanup util have a look @ this link []

Remove Norton Antivirus  -  Trend Micro  -  Trusteer Rapport

Virus hoaxes? 
Check here or email Urban Legends Reference Pages

Spammed again?  Here's the dope on the spam that appears as though it was sent from your email address...


Phone / Internet scam HUGE long distance phone charges (STILL HAPPENING Jan-2007!)

This carefully thought out scam brings direct profit for at least four different types of companies, with spin off effect work for many others, PAID indirectly from Internet users (or phone line owners) with a functional phone line connected to their PC or network Phone / Internet money scam costs big bucks! I understand that Bell may discount the calls to their best possible rate plan. This reduced my father-in-law's bogus over $2 per minute calls to a wireless device in Austria to 9 cents per minute. Click here to read Bell's view on this problem and here to see Bell's new product called Call Control Service (and YES they'll want more money!!!).

Step 1: Antivirus scanning

If you have a functioning, updated antivirus
 program, please leave it enabled pm the system for now. Do NOT add any of the free AV programs below.

If you're NOT running any antivirus, you should install one now. If you install a new antivirus, be sure to update it. - Neither a scan nor log are requested at this time.

Recommended Free Antivirus for temporary means:

Step 2: Malwarebytes Anti-Malware (MBAM)

[​IMG] Download Malwarebytes Anti-Malware.

Double-click mbam-setup.exe to install the application. If you already have the program installed, just follow the directions. No need to re-download or re-install!

Note: if you already have the program installed, open Malwarebytes from the Start Menu or
 Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below.

Step 3:

NOTE 1: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
NOTE 2: Click on
 this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Include the contents of both logs (
DDS.txt and Attach.txt) in your new topic.
The scan will instruct you to post Attach.txt as an attachment. No need for that though, just post it's contents as you would any other log.

Step 4: Log Handling Instructions

Include the following logs into your next reply (copy & paste them). Please do not put logs in a quote box or code box.
Attached logs won't be reviewed.

If any further steps are recommended, it will be done so in your thread.


[​IMG] Download TDSSKiller and save it to your desktop.


[​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

         Close all the running programs

         Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

         Otherwise just double-click on RogueKiller.exe

         Pre-scan will start. Let it finish.

         Click on SCAN button.

         Wait until the Status box shows Scan Finished

         Click on Delete.

         Wait until the Status box shows Deleting Finished.

         Click on Report and copy/paste the content of the Notepad into your next reply.

         RKreport.txt could also be found on your desktop.

         If more than one log is produced post all logs.

         If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or and try again

 Create new restore point before proceeding with the next step....
How to:

 Malwarebytes Anti-Rootkit (MBAR) from HERE

         Unzip downloaded file.

         Open the folder where the contents were unzipped and run mbar.exe

         Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

         Click on the Cleanup button to remove any threats and reboot if prompted to do so.

         Wait while the system shuts down and the cleanup process is performed.

         Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

         When done, please post the two logs produced they will be in the MBAR folder.....mbar-log-xxxxx.txt and system-log.txt



 Create new restore point before proceeding with the next step....
How to:

 Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

         Never rename Combofix unless instructed.

         Close any open browsers.

         Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

         Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

         Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

         Close any open browsers.

         WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

         Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

         If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

         Double click on combofix.exe & follow the prompts.

 If Combofix asks you to install Recovery Console, please allow it.
 If Combofix asks you to update the program, always do so.

         When finished, it will produce a report for you.

         Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it:
We can reinstall it when we're done with CF.
Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.


If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename
 combofix.exe to your_name.exeBEFORE saving it to your desktop.
Do NOT run it yet.
 Rkill (courtesy of to your desktop. 
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

 (renamed rKill.exe):

Restart computer in safe mode

         Double-click on the Rkill desktop icon to run the tool.

         If using Vista or Windows 7 right-click on it and choose Run As Administrator.

         A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

         If not, delete the file, then download and use the one provided in Link 2.

         Do not reboot until instructed.

         If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with
 rKill.txt log.
 rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run,
 immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs,
 rKill.txt and Combofix.txt.


 Please download AdwCleaner by Xplode onto your desktop.

Please download Junkware Removal Tool to your desktop.

[​IMG] Download OTL to your Desktop.
Alternate download:




Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files:



File size:

1.2 KB


Last scans...

[​IMG] Download Security Check from here or here and save it to your Desktop.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG .EXE access the Internet, allow it to do so.
 SecurityCheck may produce some false warning(s), so leave the results reading to me.

[​IMG] Please download Farbar Service Scanner ( FSS ) and run it on the computer with the issue.

[​IMG] Download Temp File Cleaner (TFC)
Alternate download:

[​IMG] Please run a free online scan with the ESET Online Scanner



Your computer is clean  [​IMG]

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP:
Vista and Windows 7:
Windows 8:

2. Make sure Windows Updates are current.

If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox -
other browsers: (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

8. Download and install Secunia Personal Software Inspector (
PSI ): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install 
FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!:
Simple and easy ways to keep your computer safe and secure on the Internet:

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

Please, let me know, how your computer is doing.


back to Deighton