Tuesday, February 19, 2008

Disabling Pop ups (McAfee Legacy Products):

http://service.mcafee.com/FAQDocument.aspx?id=101015&lc=1033

Disabling Pop ups (7.2)

1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Internet & Network.
3. In the Internet & Network information section, click Configure.
4. On the Internet & Network Configuration pane, click Advanced under Web browsing protection.
5. On the Ad, Pop-up, & Web Bug Blocking pane, clear the Block pop-up windows from appearing when you browse the Internet check box.
6. Click OK.
http://service.mcafee.com/FAQDocument.aspx?id=106902&lc=1033

Using Add/Remove Programs

Windows XP..
1. Click Start, Settings, Control Panel
2. Double-click Add/Remove Programs
3. Select the (the program you want to uninstall) and click Remove.
4. Select the selected program and click Remove again.
Windows Vista:
1. Click Start- Search, type Programs and Features and click Go.
2. Double-click Programs and Features
3. Select the (the program you want to uninstall) and click Remove.
4. Select the selected program and click Remove again.

Is McAfee compatible with Windows Vista?

1. http://service.mcafee.com/FAQDocument.aspx?id=107035&lc=1033

U.S Customer
If purchased from retail, you can download the Vista compatible version directly from this website by http://download.mcafee.com/products/licensed/misp/english/version_1.2/sticker_update_1_2.exe. You must have retail CD in the PC´s CD drive before installation starts. Be sure to keep your McAfee product CD that was included in the box. You will need this CD for authentication to add the Vista-compatible upgrade. (http://us.mcafee.com/vista/)
Australian Customer (APAC)

If purchased from retail, you can download the Vista compatible version directly from this website by http://download.mcafee.com/products/licensed/misp/english_au/version_1.2/sticker_update_1_2.exe. You must have retail CD in the PC´s CD drive before installation starts. Be sure to keep your McAfee product CD that was included in the box. You will need this CD for authentication to add the Vista-compatible upgrade. (http://au.mcafee.com/vista/)
U.K Customer
If purchased from retail, you can download the Vista compatible version directly from this website by http://download.mcafee.com/products/licensed/misp/English_UK/version_1.2/sticker_update_1_2.exe. You must have retail CD in the PC’s CD drive before installation starts. Be sure to keep your McAfee product CD that was included in the box. You will need this CD for authentication to add the Vista-compatible upgrade. (http://uk.mcafee.com/vista/)

Mobile Virus Scan installation.

To check the compatibility of the mobile phones Please click on this link http://www.mobilec.notlong.com/ or http://us.mcafee.com/root/tripleplay.asp?id=mobile_download

To install McAfee Mobile virus scan .
1.The phone should support McAfee Mobile virus scan .
2.In phone you should able to access internet.
3.Type http://vsm.mcafee.com/ in the moblie phone explorer and download and install McAfee Mobile virus scan .

Monday, February 18, 2008

Checking Security settings for Windows Vista:

http://www.udel.edu/topics/vista/security_settings_vista.html

Firefox:

Delete cookies in Firefox:

To delete cookies Firefox 2.0

1. Select "Tools"

2. Select "Options".

3. Select "Privacy".

4. In Private area click "Clear Now".

5. In "Clear Private Data" window put the check mark for "Cookies" and click "Clear Private Data Now".

6. Click OK.

To delete cookies Firefox 1.x

1. Select "Tools"

2. Select "Options".

3. Select "Privacy".

4. Open "Cookies" tab and click "Clear Cookies Now".

5. Click OK.

Clear cache / Delete temporary internet files in Firefox:

To clear cache in Firefox 2.0:

• Select "Tools"

• Select "Options".

• Select "Privacy".

• In Private area click "Clear Now".

• In "Clear Private Data" window put the check mark for "Cache" and click "Clear Private Data Now".

• Click OK to clear Internet cache.

or

• Select "Tools"

• Select "Options".

• Select "Advanced".

• Open "Network tab".

• In Cache area click "Clear now" button.

• Click OK to clear Internet cache.

To clear cache in Firefox 1.5

• Select "Tools"

• Select "Options".

• Select "Privacy".

• Open "Cache" tab and click "Clear Cache Now".

• Click OK to clear Internet cache.


Delete browser history, cache and autoforms in Firefox:

http://www.2privacy.com/www/clear-history/browser-history-cleaner.html

Uanble to browse (Firefox, Opera):

http://service.mcafee.com/FAQDocument.aspx?id=307207&lc=1033

McAfee AutoUpdate Fails/

The Launch and Activation Permissions are not set correctly on the FrameworkService DCOM component.

Change the Launch and Activation Permissions for the FrameworkService DCOM component from Customize to Use Default.

1. Open the Component Services MMC snap-in (Start, Control Panel, Administrative Tools, Component Services

2. In Component Services navigate to Console Root - Computers - My Computer - DCOM Config

3. Right-click FrameworkService and select Properties

4. Select the Security tab

5. Under Launch and Activation Permissions select Use Default

After you change the Launch and Activation Permissions to Use Default for the FrameworkService DCOM component, McAfee VirusScan AutoUpdate should execute successfully.

http://support.microsoft.com/kb/555099/en-us

VirusScan mobile - Motorola:

http://service.mcafee.com/FAQDocument.aspx?id=106724&lc=1033

Registry modifying steps:

http://www.pctools.com/guides/registry/

http://home.satx.rr.com/badour/html/reg_files.html

http://windowsxp.mvps.org/

Disable right click on Desktop:

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

Explorer]

System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\

Explorer]

Value Name: NoViewContextMenu

Data Type: REG_DWORD (DWORD Value)

Value Data: (0 = disabled, 1 = enabled)

usable copies of REGEDIT, MSCONFIG and Task Manager:

http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

Clear Past items from the Notification Area:

1. Open Registry Editor (regedit.exe)

2. Navigate to the following key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]

3. Backup the registry key

4. Delete IconStreams and PastIconsStream values

5. Restart the computer

Disable Balloon Tips in the Notification area:

You can disable these balloon notifications using these steps:

1. Click Start, Run and type regedit

2. Navigate to the following subkey:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced

3. In the right pane, create a DWORD value named EnableBalloonTips

4. Double-click the new entry, and give it a value of 0.

5. Quit Registry Editor.

6. Log off Windows, and then log back on for the changes to take effect.

http://download.microsoft.com/download/whistler/Install/2/WXP/EN-US/TweakUiPowertoySetup.exe

Launch Tweak UI and click the Taskbar and Start Menu section. In the right-pane, uncheck the option Enable balloon tips.

Or

http://www.dougknox.com/xp/scripts/xp_balloontips.vbs

Low disk space message:

To disable low disk space checks, follow these steps, log off, and then log on again: Follow these steps, and then quit Registry Editor:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following key in the registry:

HKCU \ SOFTWARE \ Microsoft \Windows\ CurrentVersion \ Policies \ Explorer

3. On the Edit menu, point to New, and then click DWORD Value.

4. Type NoLowDiskSpaceChecks, and then press ENTER.

5. On the Edit menu, click Modify.

Type 1, and then click OK.

http://www.winxptutor.com/reg/lowdiskspace.reg

Unable to update (Proxy settings):

1. Download fix_wpad.bat from the link below, and save it to a folder on the local hard drive:

http://download.mcafee.com/products/licensed/cust_support_patches/fix_wpad.bat

2. Close all Internet browser windows.

3. Run the fix_wpad.bat file you previously saved.

4. Open an Internet browser and verify network connectivity.

5. Right-click the McAfee SecurityCenter icon and select Updates.

http://service.mcafee.com/FAQDocument.aspx?id=307101&lc=1033

Netscape Browsers with McAfee Online Services:

http://a1824.g.akamai.net/7/1824/839/5818865e297f91/download.mcafee.com/molbin/Shared/PlgSetup.exe

a. A dialog box appears. Select the option to 'Save this program to disk' and click the 'OK' or 'Save' button.

b. Specify a directory to save the file. The plug-in installer program is saved as 'PlgSetup.exe'.

c. From the taskbar, click Start > Run.

d. Type PlgSetup.exe

e. Double click 'PlgSetup.exe' to open the installation wizard.

f. Follow the prompts to install the plug-in.

g. Once the installation completes, restart your computer.

Unable to login to McAfee websites:

http://service.mcafee.com/FAQDocument.aspx?id=101062&lc=1033

Internet Explorer crashes when trying to close:

1. Download the patch by clicking:

http://download.mcafee.com/products/licensed/cust_support_patches/McApBHO.exe

2. Click Save when prompted, and save the file to your Desktop.

3. Close all Internet Explorer windows.

4. On your Desktop, right-click MCAPBHO.EXE and select Run as Administrator from the pop-up menu.

When the installation is complete, the message McAfee BHO patch installed is displayed.

http://service.mcafee.com/FAQDocument.aspx?id=307158&lc=1033

E-mail clients configuration:

http://www.qksoft.com/qk-smtp-server/smtp-settings-with-mail-clients.html

Enable Task Manager:

Click Start

Click Run

Enter gpedit.msc in the Open box and click OK

In the Group Policy settings window

Select User Configuration

Select Administrative Templates

Select System

Select Ctrl+Alt+Delete options

Select Remove Task Manager

Double-click the Remove Task Manager option

And as I mentioned above, since the policy is Remove Task Manager, by disabling the policy, you are enabling the Task Manager.

Hive: HKEY_CURRENT_USER

Key: Software\Microsoft\Windows\CurrentVersion\Policies\System

Name: DisableTaskMgr

Type: REG_DWORD

Value: 1=Enablethis key, that is DISABLE TaskManager

Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager

http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm

Cannot send emails:

Add the following process to Program Permission list in Firewall:

emproxy/redirsvc/mcproxy

Norton removal tool:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Norton Rescue

Be careful to only select that key and delete it.

Application configuration module stopped working:

Install MSxml3 and Msxml 4 for Windows XP

Uninstall last security update for Windows Vista

Text descriptions for Trusted and Banned IPs and System Services is incomplete:

Text descriptions for Trusted & Banned IPs and System Services is incomplete:

McAfee is investigating this issue and will update this FAQ when a solution become available.

As a workaround, you can temporarily disable High Contrast using the following instructions:

1. From the Start menu, click Settings, Control Panel, Accessibility Options.

2. Click the Display tab, and deselect Use High Contrast. .

dotnet 2.0:

http://download.microsoft.com/download/5/6/7/567758a3-759e-473e-bf8f-52154438565a/dotnetfx.exe

http://www.microsoft.com/downloads/details.aspx?familyid=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en

MSXML for 64 bit:

http://www.microsoft.com/downloads/details.aspx?familyid=993C0BCF-3BCF-4009-BE21-27E85E1857B1&displaylang=en

Enable pop ups in Firefox:

1. Click Tools, then Options.

2. Click Web Features on the left.

3. Remove the tick from the "Block Popup Windows" box.

4. Click OK.

Verify that the Microsoft Cryptographic Services service is started:

1. Click Start, and then click Run.

2. In the Open box, type cmd, and then click OK.

3. At the command prompt, type net start cryptsvc, and then press ENTER.

4. Type exit to quit Command Prompt.

Cannot uninstall McAfee:

Install the following dll file and then run the MCPR:

http://www.dlldump.com/download-dll-files_new.php/dllfiles/W/wtsapi32.dll/5.1.2600.2180/download.html

Download all .dll files:

http://www.dlldump.com/dllfiles/

Install SpamKiller from CD:

Insert CD and cancel the autorun. The click "start", "run", "browse", go to the CD drive, open folder "msk", then open folder "msk" (inside the first msk folder), then open "winxp" (this works for other windows versions as well I think - I'm using Me), then select "spamkiller.exe".

Then click "run". This will install SpamKiller without Security Center

Free online scan:

http://www.mwti.net/antivirus/mwav.asp

http://dl.winsite.com/files/369/ar2/winnt/dskutil/delfiles.zip

http://files3.majorgeeks.com/files/8a8aee6f4d29fa77828d4f011a237ea5/spyware/AboutBuster.zip

http://www.windowsbbs.com/attachment.php?attachmentid=1069&d=1116572495

http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe

http://computercops.biz/modules.php?name=Forums&file=download&id=3715

Click start then run and type services.msc, then hit enter. Locate Network Security Service, right click and choose properties. Stop the service, then set to disabled. Click Apply then OK. Close the services window.

Procedure:

Double click the delfiles.bat on your desktop.

Double click the cwsserviceemove.reg file you unzipped earlier. Click yes to merge it to the registry.

Open AboutBuster, click start then OK. Exit when finished.

Open CWShredder and click fix.

Open Ad-aware and run in full scan mode. Delete all it finds.

Outlook Express Errors:

http://www.insideoe.com/problems/errors.htm

ComboFix:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Error installing applications in Vista:

http://www.petri.co.il/error_installing_applications_on_vista.htm

Disable Parental Control in Windows Vista:

1. Go to the Control Panel from the Windows Start menu.

2. Click User Accounts and Family Safety.

3. Click Parental Controls.

4. Click Continue in the User Account Control window.

5. Select the User Account from the Parental Controls window.

6. Select Parental Controls: Off from the User Controls window.

Windows XP Tweaks: /malware folders: /Delete hidden software in Add/Remove Programs:

http://www.kellys-korner-xp.com/xp_a.htm#aor

http://www.spywarewarrior.com/rogue_anti-spyware.htm

http://www.kellys-korner-xp.com/regs_edits/AddRemoveCleaner.zip

Configure McAfee Legacy product

Configure Firewall- Legacy (Incredimail):

http://www.incredimail.com/incredimail/help_center/help_article.aspx?article_id=54

Configure VirusScan - Legacy (Incredimail)

http://www.incredimail.com/incredimail/help_center/help_article.aspx?article_id=253

Manage Network:

1. Stop the McAfee Network Agent (start/run "net stop mcnasvc") on all computers on your network.

2. Remove the file \Documents and Settings\All Users\Application Data\McAfee\MNA\NAData on all computers on your network.

3. Restart the McAfee Network Agent on the machine you want initially to have administrative access (start/run "net start mcnasvc").

4. Restart the McAfee Network Agent on the rest of the machines.

SpamKiller not filtering spams/ Filtering Options:

1. Open McAfee Security Center

2. Click on "E-mail and IM" and click on "Configure" at the right pane.

3. Select "Spam protection is enabled" and click on "Advanced" button.

4. In the left pane, click on "Filtering Options" and in the right pane, move the slider to "Medium-High"

5. Click "Apply" and then click "OK".

SpamKiller not working properly:

1. Open Outlook Express

2. Click on Tools tab and select "Options"

3. Click on "General tab" tab

4. Uncheck the box beside " Send and receive messages at startup "

5. Click "Apply" and then click "OK"

Cannot send/receive emails (Outlook Express):

1. Open Outlook Express

2. Click on Tools tab and select "Options"

3. Click on "Connection" tab

4. Uncheck the box beside " Hang up after sending and receiving "

5. Click "Apply" and then click "OK"

Disable a Program in Vista / Disable Windows defender:

Disable a Program in Vista / Disable Windows defender:

1. Click Start -> Control Panel

2. In the left pane of the Control Panel, click on " Control Panel Home "

3. Under "Programs", click on "Change Startup Programs".

4. Select "Windows Defender" and click on "Disable"

5. Accept any security warnings and close the Window.

Configure Outlook, Outlook Express:

Configure Outlook, Outlook Express:

http://www.vcn.com/knowledgebase/article.php?id=434

Stop spams (Outlook Express):

If you are are using an IMAP4 server, you will not need to setup a filter/message rule on your email program,

as SpamKiller moves any spam tagged messages automatically into a folder called SpamKiller.

If you are are using a POP3 server and want your email program to automatically filter the SpamKiller-marked messages into a separate folder, so that you can more easily review them, continue as follows:

1. Click Tools--> Message Rules, and select Mail; this will bring up a list of all of the filters (or as Outlook Express calls them, rules) that are current set up.

2. Click New to create a new one.

3. Select to filter "Where the Subject line contains specific words" and an action "Move it to the specified folder" and "Stop processing more rules".

4. Now click the blue "contains specified words" in the box at the bottom; type [SPAM] into the field at the top of the window that appears, and click "Add" to add it to the list. Click OK, then click the blue "specified folder" and click New Folder to create a new folder called SpamKiller1.

5. Under section "4. Name of the rule: " , type SpamKiller1.

Your rule description should now be:

Apply this rule after the message arrives

Where the Subject line contains '[SPAM]'

Move it to the SpamKiller1 folder

And Stop processing more rules

NOTE 1: Check Mail Rules tab

Make sure your new rule for SpamKiller is first in the list, if you have a lot of other message rules you use and als make your SpamPal rule end with And Stop processing more rules

NOTE 2: Blocked Senders tab

If you have a lot of blocked senders then it is worth Removing them from the list, as SpamKiller will do a much better job of coping with Spam and removing the blocked senders will also speed up the processing of email.

http://www.spampal.org/usermanual/clients/oe/oe.html

netsh(winshok)

Click Start .
Click Run.
Type *

* interface reset all

* routing reset all

* routing

* dump

* exit

Click Ok.

McAfee Falcon 2.1 Launching *PLUS*

McAfee Falcon 2.1 Launching *PLUS*

McAfee AntiSpyware 5200 Engine Update

What is happening?

Two product updates are getting underway.

#1 The most significant of the two is Falcon 2.1, which is slated for launch in Australia (English build) as early as tomorrow night - but possibly pushed out, pending some final issues being worked by Engineering. Other EN builds go 'live' as soon as February 4th. Full launch details found further below. It is important that all technicians read and understand the attached document, specifying the only customer-facing changes.

#2 The second release involves an update of McAfee AntiSpyware to be powered by the 5200 Scanning Engine. This product is no longer being sold as a stand-alone, was not widely-distributed, and generates very few Support contacts currently. More details below on this update.

Launch Details

Falcon 2.1

Falcon 2.1 is largely a bug-fix, incremental release, and includes only one physical change, visible to customers. This involves additional text, found on Security Center, and included in 'toaster alerts', specifying whether additional licenses are still available for use by customers (for those who have purchased multi-license packages) - or how to buy additional licenses, to protect more PC's on their network. This new functionality is referred to internally as 'McAfee @ Your Service' or (M@YS), pronounced 'mAYZ'. This terminology is not found in the product, and will not be familiar to customers.

The training document attached to this message explains how this M@YS information is to be used by customers. All technicians should read and understand this document in preparation for any customer questions on it.

Here are the update details:

New product versions in Falcon 2.1, now available for selection on On-Demand:

· Easy Network 2.1

· Security Center 8.1

· SiteAdvisor 2.5

· Anti-Spam 9.1

· VirusScan 12.1

· Data Backup 1.2

· Personal Firewall Plus 9.1

· QuickClean 8.1

· Privacy Service 10.1

It is important that technicians continue to follow established process when logging cases, ensuring the proper Point Product versions are accounted for. Do not make the mistake of assuming a version number, simply to speed up case-handling.

Launch Schedule (tentative, based on final issues now being discussed)

- EN-AU, starting evening of January 31 (PST)

- EN-US, UK, CA, starting evening of February 4 (PST)

- Additional localized builds starting February 21 (update to come)

Update Size (Reboot IS required)

- Falcon 2.1 - fresh install: MTP suite 60 MB

- Falcon 2.1 - upgrade from 2.0: MTP suite 30 MB

Size will be less for smaller suites.

McAfee AntiSpyware 5200 Engine Update

This product, which hasn't been available for sale to customers for more than two years, is being updated to ensure that those still using it will be able to receive updated dat files. This is accomplished through an upgrade to the 5200 scan engine. Getting underway today, the updates will go out to the following versions in the specified geo's.

- MAS 1.5: EN-US

- MAS 2.1: EN-US, EN-UK, EN-AU, EN-CA

Download size of the update: 1.3 MB for both builds.

No reboot is required.

McAfee Virus Removal

NOTE: You need to have McAfee VirusScan installed on the computer to be able to run the Dos Scan. Also clear the %temp% and temp folder before starting Dos Scan.

Download the SDAT File:

1. Please download the SDAT file from the following weblink:

http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise

2. Click the I Agree button (if needed) to verify you have a current support agreement with McAfee.

3. Click the link named sdatxxxx.exe (where 'xxxx' replaces the current SDAT version number) and save the file to your C:\ Drive.

4. From the Taskbar, select Start and then Run. In the Open field, type command and click OK. A DOS command window will open.

5. Type CD\ and press Enter. You should now be at a C:\ prompt.

6. Type SDATXXXX.EXE /E C:\SDAT and press Enter. (Note: The 'x's should be replaced with the appropriate numbers of the file that was downloaded above.)

Note: There is a space between SDATXXXX.EXE /E and C:\SDAT.

This will create an SDAT folder on the C:\ drive, and extract the SDAT files to this folder.

Note: Windows XP Users with Service Pack 2 installed will be presented with a security warning when attempting to extract the file. Please click Run to continue the extraction process.

7. Once the C:\ prompt is displayed again, please type exit and press Enter.

Disable System Restore:

After this, disable the Windows System Restore feature:

1. Right-click the My Computer icon on the Desktop and click Properties.

2. Click on the System Restore tab.

3. Put a check mark in the box next to Turn off System Restore.

4. Click the OK button. You may be prompted to restart the computer.

5. Click Yes to restart.

Note: To re-enable the System Restore utility, repeat the steps above and in step 3 remove the check mark from the box next to Turn off System Restore.

Restart the computer in "Safe Mode with Command Prompt":

1. Restart the computer.

2. When the computer is rebooting, press the F8 key repeatedly.

3. You will get a page with options. Use the arrow keys to select " Safe Mode with Command Prompt" and press Enter.

4. The computer will now start in Safe Mode with Command Prompt.

5. Login to your computer (if necessary) as Administrator.

6. When the computer is finished booting, the c:\> prompt will appear on the screen.

Note: If there is anything typed after c:\>, type cd\ and press Enter.

Scan the computer:

1. At the c:\> prompt, type cd sdat and press Enter.

2. Type scan /adl /clean /all /program /report report.txt and press Enter.

This will perform a virus scan, which will clean and delete any viruses you may have on your computer.

Note: After the scan has run, a summary report of the scan will be created in the sdat folder on the C:\ drive. If this summary reports that your computer had multiple infections, it is recommended that you run the scan again to make sure the computer has been completely cleaned.

Review the Scan Report

1. Restart the computer into Normal Mode.

2. Double-click the My Computer icon.

3. Double-click the C:\ drive. Double click the sdat folder. Locate the file named report.txt and double-click to open.

4. The report contains several lines. If the line named Possibly Infected has a number greater that 5, it is recommended that you run the scan in DOS again.

5. If you need to run the scan again, repeat the above instructions for Restart the computer in "Safe Mode with Command Prompt" and Scan the Computer.

Performing these steps should resolve the issue.

You can refer the following webpages for additional information:

( Windows XP )

http://service.mcafee.com/FAQDocument.aspx?id=101219&lc=1033

( Windows Vista )

http://service.mcafee.com/FAQDocument.aspx?id=307091&lc=1033

Must Do During Virus Removal

Reset TCP/IP:

1. Click Start, Run, type cmd, and press ENTER.

2. In the command prompt window, type:

netsh int ip reset reset.log

3. Press ENTER.

4. Close the command prompt window.

5. Restart the computer.

Clear DNS cache and renew IP address:

1. Click Start, Search, type cmd.exe, and press ENTER.

2. In the Search Results window, right-click cmd.exe and select Run As Administrator.

3. In the command prompt window, type:

ipconfig /flushdns

4. Press ENTER.

5. When the command prompt is returned, type:

ipconfig /renew

6. Press ENTER.

7. Close the command prompt window.

Repair WinSock component:

1. Click Start ->Run

2. Type netsh winsock reset and press Enter key.

Disable System Restore ( XP ):

Windows utilizes a restore utility that backs up and protects selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup and VirusScan would be unable to delete these files. The System Restore utility must be disabled to remove any infected files from the C:\_Restore folder.

After this, disable the Windows System Restore feature:

1. Right-click the My Computer icon on the Desktop and click Properties.

2. Click on the System Restore tab.

3. Put a check mark in the box next to Turn off System Restore.

4. Click the OK button. You may be prompted to restart the computer.

5. Click Yes to restart.

Note: To re-enable the System Restore utility, repeat the steps above and in step 3 remove the check mark from the box next to Turn off System Restore.

Disable System Restore ( Vista ):

1. Click Start, right-click Computer and select Properties.

2. Click System Protection.

3. Click Continue, if you are prompted by User Account Control.

4. Under Available Disks, remove the checkmark next to your disks.

5. Click Turn System Restore Off at any System Protection prompts you receive.

6. Click OK.

Note: To re-enable the System Restore utility, repeat the steps above and in step 4 put a check mark next to your disks..

Remove MalWare Files In Registry.

Click on Start .
Click On run.
Type regedit.
Click OK.

1. In Registry Editor, in the left panel, double-click the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>

2. In the right panel, locate the following entries:


360rpt.exe
360Safe.exe
360tray.exe
adam.exe
AgentSvr.exe
AppSvc32.exe
autoruns.exe
avconsol.exe
avgrssvc.exe
AvMonitor.exe
avp.com
avp.exe
CCenter.exe
ccSvcHst.exe
EGHOST.exe
FileDsty.exe
FTCleanerShell.exe FYFireWall.exe
HijackThis.exe
IceSword.exe
iparmo.exe
Iparmor.exe
isPwdSvc.exe
kabaload.exe
KaScrScn.SCR
KASMain.exe
KASTask.exe
KAV32.exe
KAVDX.exe
KAVPF.exe
KAVPFW.exe
KAVSetup.exe
KAVStart.exe
KISLnchr.exe
KMailMon.exe
KMFilter.exe
KPFW32.exe
KPFW32X.exe
KPfwSvc.exe
KRegEx.exe
KRepair.com
KsLoader.exe
KVCenter.kxp
KvDetect.exe
KvfwMcl.exe
KVMonXP.kxp
KVMonXP_1.kxp
kvol.exe
kvolself.exe
KvReport.kxp
KVScan.kxp
KVSrvXP.exe
KVStub.kxp
kvupload.exe
kvwsc.exe
KvXP.kxp
KvXP_1.kxp
KWatch.exe
KWatch9x.exe
KWatchX.exe
loaddll.exe
MagicSet.exe
mcconsol.exe
mmqczj.exe
mmsk.exe
Navapsvc.exe
Navapw32.exe
nod32.exe
nod32krn.exe
nod32kui.exe
NPFMntor.exe
PFW.exe
PFWLiveUpdate.exe
QHSET.exe
QQDoctor.exe
QQKav.exe
Ras.exe
Rav.exe
RavMon.exe
RavMonD.exe
RavStub.exe
RavTask.exe
RegClean.exe
rfwcfg.exe
rfwmain.exe
rfwsrv.exe
RsAgent.exe
Rsaupd.exe
runiep.exe
safelive.exe
scan32.exe
shcfg32.exe
SmartUp.exe
SREng.EXE
symlcsvc.exe
SysSafe.exe
TrojanDetector.exe
Trojanwall.exe
TrojDie.kxp
UIHost.exe
UmxAgent.exe
UmxAttachment.exe UmxCfg.exe
UmxFwHlp.exe
UmxPol.exe
UpLive.exe
vsstat.exe
webscanx.exe
WoptiClean.exe

3. For each key, locate and delete the following entry:
Debugger="C:\ WINDOWS\ System32\ .exe"

4. Close Registry Editor.

Virus Removal For Win XP

Please perform the steps in the given order:

For any virus removal chat/call, please restart the computer in Safe Mode with Networking and delete all third party software and then proceed with the removal steps. Below are the detailed information:

Start the computer in Safe Mode:

1. Restart the computer.

2. When the computer is rebooting, press the F8 key repeatedly.

3. You will get a page with options. Use the arrow keys to select " Safe Mode with Networking" and press Enter.

4. The computer will now start in Safe Mode with Networking.

Once the computer starts in Safe Mode, please search and delete all third party security software

1. Click Start, and then click Control Panel.

2. Click Add/Remove Programs.

3. Search and uninstall all third party security software like Norton, Windows Defender, Ad-aware, SpyBot, any Registry Cleaner software, etc.

4. Close all opened Windows.

NOTE: Please do not restart the computer if prompted.

Removal Steps:

STEP 1: Temp folder

Click Start->Run

Type %temp% and click OK

Delete all files and folders.

---------

Click Start->Run

Type temp and click OK

Delete all files and folders.

NOTE: Temp is the system temporary folder, %temp% is the user temporary folder. Both folders need to be emptied.

***************************************************************************************************************

STEP 2: Application shortcuts

Click Start->Run

Type prefetch and click OK

Delete all files and folders.

***************************************************************************************************************

STEP 3: Personal files/folders shortcuts

Click Start->Run

Type recent and click OK

Delete all files and folders.

***************************************************************************************************************

STEP 4: Delete cookies and temporary internet files

1. Open Internet Explorer

2. Click on Tools tab

3. Click on Internet Options.

4. Click on " Delete Cookies" , " Delete Temporary Internet Files", and " Clear History"

5. After this, click on Advanced tab and click on "Restore Defaults"

6. Click Apply and then click OK.

***************************************************************************************************************

STEP 5: Delete unnecessary files

1. Click Start- Run

2. Type cleanmgr

3. Click OK

4. Select C: drive and click OK.

5. Select all check boxes except " Setup Log Files "

6. Click OK.

7. On the next pop up box, click " Yes "

***************************************************************************************************************

STEP 6: Add/Remove Programs:

1. Click Start, and then click Control Panel.

2. Click Add/Remove Programs.

3. Search for any virus/spyware program and click on "Remove/Uninstall"

4. Close all opened Windows.

NOTE: 1. Please do not restart the computer if prompted.

2. Confirm with customers before deleting any programs, if you are unsure.

***************************************************************************************************************

STEP 7: Program Files:

Click Start->Run

Type %programfiles% and click OK.

Select the Virus folder and delete it.

e.g: MyWebSearch, ViewPoint, Video Add-On, Video Access

***************************************************************************************************************

STEP 8:Task Manager:

Click Start->Run

Type taskmgr and click OK.

The Task Manager Window will open.

We can stop any process by checking the program associated with it in System Information Tool.

***************************************************************************************************************

STEP 9: System Information Tool / MsInfo32:

Click Start->Run

Type msinfo32 and click OK.

The System Information Window will open.

Click on Software Environment.

Then check Running Tasks and Startup Programs

***************************************************************************************************************

STEP 10: Delete Programs in Users folder:

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options. (You can directly click on "Folder Options" in Control Panel if that option is available)

3. On the View tab, under Hidden files and folders, click Show hidden files and folders.

4. Click OK button.

After this, please perform the following steps:

1. Double click on My Computer.

2. Double click on C:/ Drive.

3. Double click on Documents and Settings.

4. Here you will find all the User folders. Please select one folder and double click on it.

5. Double click on Application Data.

6. Select and delete any virus/spyware folders.

7. Repeat the above steps for all User folders listed in Documents and Settings.

***************************************************************************************************************

STEP 11: MsConfig Utility:

Click Start->Run

Type msconfig and click OK.

The System Configuration Utility Window will open.

Click on the Startup tab.

Here we can disable programs or services that we do not want to run.

***************************************************************************************************************

STEP 12: System Folder:

C:\Windows\System32

Here we have to search for the virus entries and delete them. Most of the virus entries listed here will give you a access denied message when you try to delete it as the process or dll file associated with these files will be running in the background.

So we need to stop the process in Task Manager and then try to delete the infected file or we have to restart the computer in Safe Mode and delete the file.

***************************************************************************************************************

STEP 13: Remove infected registry entries:

1. Click Start --> Run

2. Type regedit and click OK.

The Registry Editor window will open.

3. Click the + sign beside HKEY_LOCAL_MACHINE

4. Click the + sign beside Software

5. Scroll down here and check for the virus folders.

6. Delete them if you detect.

7. Click the + sign beside Microsoft

8. Click the + sign beside Windows

9. Click the + sign beside Current Version

10. Click the + sign beside Run

Here check for any virus entries in right pane and delete them.

Repeat the same for RunOnce and RunServices keys.

Repeat the above steps for HKEY_CURRENT_USER

***************************************************************************************************************

STEP 14: Run Spybot:

Restart the computer in Normal Mode and download Spybot from this weblink & save it on the computer's Desktop:

http://www.spybotupdates.com/files/spybotsd15.exe

1. Install the tool on the customer's computer by double clicking on the saved icon.

2. Uncheck all options except " Check for Updates quickly "

3. Run the tool.

4. After the scan is completed, click on "Fix Selected Items" at the top the tool Window.

5. Close Spybot Window.

***************************************************************************************************************

STEP 15: Check McAfee Security Center:

1. Open McAfee Security Center and click on "Computers and Files" and then click on "Configure" at the right pane.

2. Click on "Trusted Lists" in left pane.

3. Check all the System Guards one by one and see if any virus file is located there.

4. If detected, click on it and then click on "Remove" button at the right bottom of Security Center Window.

5. After removing all virus file instances, click on "Updates" in Security Center Window.

***************************************************************************************************************

After completing all the above steps, perform Windows Update:

1. Open Internet Explorer

2. Type the following in the address bar and press the Enter key:

http://windowsupdate.microsoft.com

This should start the automatic updates of Windows.

3. Restart the computer and check if the issue is resolved.

***************************************************************************************************************

Ask the customer to follow this website to prevent his computer from future infections:

http://www.microsoft.com/protect/computer/advanced/default.mspx


General Virus Removal Information.

Virus - Vital Information Resources Under Seize

Most viruses will try to execute before the user logs in or after the user logs in to the computer.

Virus typicaly reside in Load Points of the Windows.

There are several Load Points of Windows namely Registry, Startup Folder, System 32 folder, Temp folder, etc.

The Virus entries in the Registry will try to execute before the user logs in i.e when the computer starts.

The Virus entries in Startup folder and Temp folders will execute after the User logs in.

The Registry Load Points are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKCU\Software\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects

HKCR\AppID\

e.g {01234567-89AB-CDEF-0123-456789ABCDEF}

Startup Folder:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup

%user% is the name of the user who has logged in currently to the computer.

Here we have to search for the virus entries and delete it.

Temp folder:

Click Start->Run

Type %temp% and click OK

System Folder:

C:\Windows\System32

Here we have to search for the virus entries and delete them. Most of the virus entries listed here will give you a access denied message when you try to delete it as the process or dll file associated with these files will be running in the background.

So we need to stop the process in Task Manager and then try to delete the infected file or we have to restart the computer in Safe Mode and delete the file.

Program Files:

Click Start->Run

Type %programfiles% and click OK.

MsConfig Utility:

Click Start->Run

Type msconfig and click OK.

The System Configuration Utility Window will open.

TaskManager:

Click Start->Run

Type taskmgr and click OK.

MsInfo32:

Click Start->Run

Type msinfo32 and click OK.

The System Information Window will open.

Services Window:

Click Start->Run

Type services.msc and click OK.

Important Web sites for Virus Removal:

To check if a process running in the Task Manager is associated with a virus or not, we need to refer these two web sites:

http://www.processlibrary.com/

http://www.liutilities.com/products/wintaskspro/processlibrary/

Important Notes:

NOTE 1: We have to know the name of the virus by running a full scan of the anti virus software ( McAfee VirusScan ) before we proceed with the virus removal procedure. After getting the name of the virus, we can search it in google to find out the files and processes associated with it. Then it will be easy for us to detect these files and we can remove them from the Load Points.

NOTE 2: Whenever we are not able to delete a file/folder, we need to restart the computer in Safe Mode and then try deleting the file. In Safe Mode, the computer starts with minimum drivers and software and is mainly used for troubleshooting purpose in Windows.

1. Restart the computer.

2. When the computer is rebooting, press the F8 key repeatedly.

3. You will get a page with options. Use the arrow keys to select " Safe Mode" and press Enter.

4. The computer will now start in Safe Mode.

NOTE 3: Before proceeding with the Virus Removal steps, we need to disable the System Restore feature of Windows temporarily.

1. Right click on the 'My Computer' and select 'Properties'

2. Click on System Restore tab

3. Check the box next to "Turn Off System Restore on all drives"

4. Click 'Apply' and then click OK.

NOTE 4: Always inform the customer to take the backup of his/her personal data (music, videos, documents) and registry backup before proceeding with the virus removal.

NOTE 5: After removing the virus/spyware, open McAfee Security Center and check if the virus/spyware is listed in the "Trusted List" in "Computer and Files" section. If listed, please remove them from the list.

NOTE 6: After the virus removal procedure is complete, inform the customer to regularly perform the McAfee VirusScan update and Windows update and use the SiteAdvisor while surfing internet. Also refer him the following weblinks:

http://www.mcafee.com/us/threat_center/tips.html

http://www.microsoft.com/protect/computer/advanced/default.mspx


You can check virus history from this weblink:

http://www.virus-malware.com/virus+history/antvirus

No Internet Connection.

If there is no internet connection, ask the customer to restart in Safe Mode with Networking and check if he can connect to Internet. If that fails, perform the following steps and check:

Repair WinSock component:

1. Click Start ->Run

2. Type netsh winsock reset and press Enter key

-----------

Repair TCP/IP:

1. Click Start, click Run, type cmd, and then press ENTER

2. At the command prompt, type netsh int ip reset resetlog.txt, and then press ENTER to reset the TCP/IP network protocol.

3. After this, at the command prompt, type ipconfig /renew, and then press ENTER.

-----------

Reinstall TCP/IP:

1. Right-click the network connection, and then click Properties.

2. Click Install.

3. Click Protocol, and then click Add.

4. Click Have Disk.

5. Type C:\Windows\inf, and then click OK.

6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

7. Restart the computer.

-----------

Repair Windows system files:

1. Place the Windows CD in the CD drive and close the CD tray.

2. Close all the Windows that is opened or appears on the Desktop screen.

3. Click Start -> Run

4. Type sfc /scannow

Note: There is a space between sfc and /scannow

5. Press the Enter key.

This will start the System File Checker utility and repair any missing/corrupted Windows files. This will take time depending on the number of Windows files missing/corrupted.

NOTE: The above steps are for Windows XP. If still there is no internet connection, redirect customer to ISP or system manufacturer.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Show Hidden files and folders


Windows Vista

· Right Click Start

· Select Explore

· Select Organize

· Select Folder and Search Options

· Select the View tab

· Under the Hidden files and folders heading select Show hidden files and folders.

· Uncheck the Hide extensions for known file types option.

· Uncheck the Hide protected operating system files (recommended) option.

· Click Apply

· Click OK

Windows XP

· Right Click Start.

· Select Explore

· Select the Tools menu and click Folder Options.

· Select the View Tab.

· Under the Hidden files and folders heading select Show hidden files and folders.

· Uncheck the Hide extensions for known file types option.

· Uncheck the Hide protected operating system files (recommended) option.

· Click Apply.

· Click OK.

Windows 2000

· Right Click Start.

· Select Explore

· Select the Tools menu and click Folder Options.

· Select the View Tab.

· Under the Hidden files and folders heading select Show hidden files and folders.

· Uncheck the Hide protected operating system files (recommended) option.

· Click Yes to confirm

· Click OK.

Windows ME

· Right Click Start.

· Select Explore

· Select the Tools menu and click Folder Options.

· Select the View Tab.

· Under the Hidden files and folders heading select Show hidden files and folders.

· Uncheck the Hide extensions for known file types option.

· Uncheck the Hide protected operating system files (recommended) option.

· Click Yes to confirm

· Click OK

If you do not see all the files you may need to click on an underlined link for the drive being accessed the link will say:

· View the Entire contents of this drive.

Windows 98

· Right Click Start.

· Select Explore

· Select the Tools menu and click Folder Options.

· Select the View Tab.

· In the Hidden files section select Show all files.

· Click OK.

IMPORTANT NOTE: Even after following these steps, some file extensions will still not be displayed. The extensions that will still not be displayed are all for file types that are executable. The extensions are .lnk, .pif and .shs .

Malware Folders

Please delete these folders in C:/Program Files and check in Add/Remove Programs to remove the associated programs:

Also check in C:/Documents and Settings/ All Users/Application Data

#1 Spyware Killer ****
100 Percent Anti-Spyware ****
1-2-3 Spyware Free ****
1 Click Spy Clean ****
1stAntiVirus ****
180ClientStubInstall
180 Search Assistant
180Solutions
1stAntiVirus ****
888Bar
Acoona Toolbar
Active alert
Ad Armor ****
Ad Behavior
Ad Destroyer ****
AdDriller ****
Ad-Eliminator ****
AdProtector ****
Ads Alert ****
ADS Adware Remover ****
Ad Service
Ad-Purge Adware ****
AdTools
AdTools Service
AdwareFilter
AdwarePunisher ****
Adware Remover ****
Adware Sheriff ****
Alexa toolbar
AlfaCleaner ****
AlwaysUpdatedNews
AntiSpy Advanced ****
AntiSpyZone ****
AntiVermins ****
AntiVirusAdvance ****
Antivirus-Golden or Antivirus-Golden 3.4 - or any other version number
AntivirusGold ****
AntiVirusPCSuite ****
Anti Virus Pro ****
AntiVirus Protector ****
Antivirus Solution ****
AUN
AutoUpdate
AVSystemCare ****
AzeSearch
BargainBuddy
BearShare
BearShare Accelerator
BestGuardPlatinum ****
BestOffers or BestOffers Shopping BHO or ActivShop or e-zshopper
Bullseye Networks
Brave Sentry
BreakSpyware ****
BrowserPal ****
Browser Protection Volume
CAS
CasStub
Casino Client
CashBack
CC2KUI or Comet Cursor Plus
CleanX ****
ClearSearch
ClockSync (this is part of WhenU)
CNSMin
Command
ContraVirus ****
Copperhead AntiSpyware ****
cosmi
CurePCSolution ****
Delfin or Delfin Media or DelFin Media Viewer
DIARemover ****
DMVlite
DownloadWare
E2Give or e2Give
EasySearchBar
eGroup
Elite Bar
Elite Sidebar
Elite Toolbar
Elitum
ExpertAntivirus ****
Fixer AntiSpy ****
Froggie Scan ****
Frontier Browser Assistant
Frontier Search Helper
GAIN
Gator
Grokster or Grokster Wiseupdt
Hotbar Browser
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
IExplorer Security Plug-in
IE Host
iMesh
Internet Explorer Security Plugin 2006
Internet Explorer Secure Bar
Internet Explorer Secure Plug-in
Internet Optimizer
Internet Security Add-On
InternetShield ****
ISTbar
ISTSvc
Kazaa
Kazaa Lite v2.4.0 [K++ Edition] or Kazaa Lite K++ v2.4.3 or any other version
Kazaa Lite Resurrection any version
Kazaa Media Desktop 2.1 or any other version
Logitech Desktop Messenger <-- this is not malware but very few people need it or want it and it does annoying things to the registry
MalwareAlarm ****
MalwareScanner ****
Malware Stopper ****
MalwareWiped or MalwareWipe or MalwareWiper ****
MaxiFiles
Media Access
Media Gateway or MediaGateway
Media-Codec or MediaCodec or MMediaCodec
MediaLoads Installer
MediaPipe P2P Loader
MediaTickets
MediaTickets by OIN
Messenger Plus (see the notes at the bottom)
Messenger Plus Live! (see the notes at the bottom)
Messenger Service
Middadle
Morpheus 5.3 (remove only)
Morpheus (any version)
Morpheus Toolbar
Mr.AntiSpy ****
My Global Search Bar
MySPyProtector ****
MyWay or MyWayBar or MyWaySpeed or MyWaySearchBar or My Web Search Bar
MyWebSearch or MyWebSearch Email Plugin
My Web Search (Outlook, Outlook Express, and IncrediMail)
MyWay Search Assistant
NavExcel Search Toolbar
NavHelper
NaviSearch
ncase
Need2Find
Need2Find Bar
NeoSpace ****
Network Monitor
NewDotNet
Notification Utility
Oemji Toolbar
Oin
OnWebMedia
Open Site
Outerinfo
OuterInfoAdSponsor
P2P Networking
p2pnetworks
Paltalk
PCODEC 6.0
PerfectCleaner ****
PestCapture ****
PestTrap ****
PestWiper ****
Preview AdService
Privacy Champion
Privacy Crusader ****
PrivacyScanner
PSGuard
Quick
QuickSearch
QuickSearch Toolbar
RazeSpyware ****
rdso
Red Swoosh EDN Client (remove only)
RelevantKnowledge
Safety Alert 2006
Safety Bar
SaveNow
Scan & Repair Utilities 2006 ****
screensaver_rp Screen Saver
Screensavers Installer Version 2
SearchAssist
Search Assistant - My Web SearchBar
Search Assistant - My Way
Search Maid
Search Relevancy
Search Toolbar (HuntBar/WinTools)
Security IGuard
Security Messenger
SearchExe
SelectRebates
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
SmileyDistrict Optimizer
Soap or Soap Pro
Software Update Manager
SpamBlockerUtility Browser
SpamBlockerUtility Email Toolbar
Spy Analyst ****
Spy Defence ****
SpyAdvanced ****
SpyAway ****
SpyAxe ****
SpyBan ****
SpyBuster ****
SpyCleaner ****
SpyContra ****
SpyCut ****
SpyCrush ****
SpyDawn ****
SpyDeface ****
SpyFalcon ****
SpyLocked ****
SpyMarshal ****
Spy Officer****
SpyOnThis ****
Spy Reaper ****
SpyShield ****
Spy-Shield ****
SpySoldier ****
SpyiBlock ****
SpyiKiller ****
SpySheriff ****
SpyShield ****
Spy-Shield ****
SpySpotter ****
SpyVampire ****
Spyware & Adware Removal ****
SpywareBot ****
Spyware Disinfector ****
Spyware IT ****
Spyware Knight ****
Spyware Quake ****
Spyware Remover ****
SpyWare Secure ****
Spyware Scrapper ****
Spyware Sheriff ****
Spyware Sledgehammer ****
Spyware-Stop ****
SpywareStrike ****
SpywareXP ****
SSK
StartGuard ****
StarWare
StopGuard ****
SurfAccuracy
SurfSideKick or SSK or SurfSideKick 3 (uninstall any version you find)
Super Codec 6.0
Sysnet
System Alert Popup
System Soap Pro
Upspiral Toolbar
The Spyware Shield ****
TargetSaver
Think-Adz Search Assistant removal
ToolBar
Top Search
TopSpyware
TurboDownload
TV Media
UnSpyPC ****
Utility Notification
Ultimate Defender ****
Ultimate-Spyware Adware Remover ****
VBouncer ****
VCClient
vidctrl

Video ActiveX Solution (of any version number)

VideoAccessCodec

Video Add-Ons

Viewpoint <------- See additional info about all this Viewpoint stuff here: Viewpoint and Viewpoint to Plunge Into Adware
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar or Viewpoint Toolbar (Remove Only)
Virtual Bouncer or Vbouncer
Virtual Maid
VirusBursters ****
VirusBurst ****
VirusGuard ****
VisFx
VSAdd-in
VSAdd-in for Internet Explorer
VSToolbar
VSToolbar for Internet Explorer
WareOut
WareOut Spyware Remover ****
Warez P2P Client
WeatherBug (unless you have the paid version)
Weather Check
Weather and Wowpapers Tools
Weather Services
Web Nexus Network
Web Offer
Web Rebates
Web Savings from Ebates
Web Search Toolbar (WinTools) or WebSearch Toolbar
WebHancer
WebHance Customer Companion
WeirdOnTheWeb
WhenU (any entry)
WeirdOnTheWeb
WildTangent
Win-dh
Window Active
WinAntiSpy 2005 ****
WinAntiSpyware 2005 ****
WinAntiVirus 2005 ****
WinAntiSpyware 2006 ****
WinAntiVirus 2006 ****
WinFixer ****
WinFixer 1.1.62.4 <---(or any other version too)
Winhound Spyware Remover ****
winupdates
Windows AdService
Windows AdStatus
Windows ServeAd
Windows SR 2.0
Winhound
WinTools
WinTools Easy Installer
WSEM Update
Yazzle Sudoku by OIN
X-Con Spyware Destroyer ****

NOTES:

We highly recommend uninstalling any version of Messenger Plus. It can be a major reason for having malware on your PC. It can even install a LOP infection. They all come in the 3rd party tools that can easily be installed by mistake. Software like this should not be trusted. And now the Messenger Plus Live! program is a source of Virtumonde infections due to bundling in WinAntiVirus .


Virus removal tool

PLEASE READ THIS (IMPORTANT):

Please remove the below tools after running on the customer's computer. They can be removed from Add/Remove Programs, on C: drive; %temp% and %programfiles% folders and from Desktop. This is to ensure that these programs do not cause any issues with the working of McAfee products in future. Also some of the products are from direct competitors like TrendMicro. So the best practice is to run this tool and remove them after system is clear of infections. Some times we have to run more than one tool to ensure that all infected files and registry entries are cleaned. It's always a best practice to run the SpyBot after running any tool. (e.g : Run SmitfraudFix, restart the computer and then run SpyBot ). Please take some time out and download the tools on our "Test computers" and check all the functionalities. IMP: Check how to remove these tools after running on our computer. This will help while running the tool and removing malware from customer's computer.

Always clear the %temp%, temp, prefetch, recent, tasks folders and delete cookies & browsing history in Internet Explorer in-addition to running these tools.

Example:

Click Start --> Run

Type tasks

Press Enter key.

( You can type %temp%, temp, prefetch, recent inplace of tasks to open the respective folder )

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

If McAfee VirusScan does not detect the name of the virus/trojan/spyware but customer is getting pop-ups and clear symptoms of infection, then do an online scan from these weblinks:

http://housecall.antivirus.com/

http://www.ewido.net/en/onlinescan/

http://www.kaspersky.com/virusscanner

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Removal Tools:

SmitfraudFix:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

SpyBot:

http://www.spybotupdates.com/files/spybotsd15.exe

Trojan Hunter:

http://www.misec.net/products/TrojanHunterSetup.exe

Malicious Software Removal Tool:

http://download.microsoft.com/download/4/a/a/4aa524c6-239d-47ff-860b-5b397199cbf8/Windows-KB890830-V1.34.exe

SUPER Anti Spyware:

http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

Stinger:

http://download.nai.com/products/mcafee-avert/stinger.exe

CWShredder:

http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe

AntiPuper:

http://secured2k.home.comcast.net/tools/AntiPuper.exe

Fixwareout:

http://downloads.subratam.org/Fixwareout.exe

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Hidden Files:

Rootkit Detective:

http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip

Rootkit Revealer:

http://download.sysinternals.com/Files/RootkitRevealer.zip

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Delete stubborn files:

KillBox:

http://killbox.net/downloads/KillBox.exe

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Delete stubborn processes:

Process Explorer:

http://download.sysinternals.com/Files/ProcessExplorer.zip

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Delete temporary files, folders and cookies:

CCleaner:

http://download.piriform.com/ccsetup202.exe

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Useful Weblink:

http://spyware-malware-removal.blogspot.com/2006/06/spyware-and-malware-removal-method-2.html

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Virus removal Win Vista

Please perform the steps in the given order:

For any virus removal chat/call, please restart the computer in Safe Mode with Networking and delete all third party software and then proceed with the removal steps. Below are the detailed information:

Start the computer in Safe Mode:

1. Restart the computer.

2. When the computer is rebooting, press the F8 key repeatedly.

3. You will get a page with options. Use the arrow keys to select " Safe Mode with Networking" and press Enter.

4. The computer will now start in Safe Mode with Networking.

Once the computer starts in Safe Mode, please search and delete all third party security software

1. Click Start, and then click Control Panel.

2. Click Programs and Features.

3. Search any third party security software like Norton, Windows Defender, Ad-aware, SpyBot, any Registry Cleaner software, etc.

4. Select a program from list and click "Uninstall" or "Change"

5. Close all opened Windows.

NOTE: Please do not restart the computer if prompted.

Removal Steps:

STEP 1: Temp folder

Click Start->Search

Type %temp% and click OK

Delete all files and folders.

---------

Click Start->Search

Type temp and click OK

Delete all files and folders.

NOTE: Temp is the system temporary folder, %temp% is the user temporary folder. Both folders need to be emptied.

***************************************************************************************************************

STEP 2: Application shortcuts

Click Start->Search

Type prefetch and click OK

Delete all files and folders.

***************************************************************************************************************

STEP 3: Personal files/folders shortcuts

Click Start->Search

Type recent and click OK

Delete all files and folders.

***************************************************************************************************************

STEP 4: Delete cookies and temporary internet files

1. Open Internet Explorer

2. Click on Tools.

3. Click on Internet Options.

4. Click on the General tab. Under Browsing History section, click on 'Delete'

5. On the next screen, click on 'Delete All'

6. Click Yes on the next screen.

7. Click OK to close the Internet Options properties Window.

***************************************************************************************************************

STEP 5: Delete unnecessary files

1. Click Start -> Search

2. Type cleanmgr

3. Press the Enter key.

4. Select "Files from all users on this computer"

5. Click on " Continue" button.

6. Select the C: drive

7. Put a check beside all options except " Setup Log Files "

8. Click Ok.

9. On the next pop up box, click " Delete Files "

***************************************************************************************************************

STEP 6: Add/Remove Programs:

1. Click Start, and then click Control Panel.

2. Click Programs and Features.

3. Search for any virus/spyware programs and and click "Uninstall" or "Change"

4. Close all opened Windows.

NOTE: 1. Please do not restart the computer if prompted.

2. Confirm with customers before deleting any programs, if you are unsure.

***************************************************************************************************************

STEP 7: Program Files:

Click Start->Search

Type %programfiles% and click OK.

Select the Virus folder and delete it.

e.g: MyWebSearch, ViewPoint, Video Add-On, Video Access

***************************************************************************************************************

STEP 8:Task Manager:

Click Start->Search

Type taskmgr and click OK.

The Task Manager Window will open.

We can stop any process by checking the program associated with it in System Information Tool.

***************************************************************************************************************

STEP 9: System Information Tool / MsInfo32:

Click Start->Search

Type msinfo32 and click OK.

The System Information Window will open.

Click on Software Environment.

Then check Running Tasks and Startup Programs

***************************************************************************************************************

STEP 10: Delete Programs in Users folder:

1. Click Start, and then click Control Panel.

2. In the left pane of the Control Panel Window, click on " Classic View "

3. In the right pane, double click on "Folder Options"

3. On the View tab, under Hidden files and folders, click Show hidden files and folders.

4. Click OK button.

After this, please perform the following steps:

1. Click on Start --> Computer.

2. Double click on C: drive.

3. Double click on Documents and Settings.

4. Here you will find all the User folders. Please select one folder and double click on it.

5. Double click on Application Data.

6. Select and delete any virus/spyware folders.

7. Repeat the above steps for all User folders listed in Documents and Settings.

After this, please perform the following steps:

1. Click Start -> Search

2. Type programdata

3. Press the Enter key.

4. Select and delete any virus/spyware files/folders

5. Close all opened Windows.

***************************************************************************************************************

STEP 11: MsConfig Utility:

Click Start->Search

Type msconfig and click OK.

The System Configuration Utility Window will open.

Click on the Startup tab.

Here we can disable programs or services that we do not want to run.

***************************************************************************************************************

STEP 12: System Folder:

C:\Windows\System32

Here we have to search for the virus entries and delete them. Most of the virus entries listed here will give you a access denied message when you try to delete it as the process or dll file associated with these files will be running in the background.

So we need to stop the process in Task Manager and then try to delete the infected file or we have to restart the computer in Safe Mode and delete the file.

***************************************************************************************************************

STEP 13: Remove infected registry entries:

1. Click Start --> Run

2. Type regedit and click OK.

The Registry Editor window will open.

3. Click the + sign beside HKEY_LOCAL_MACHINE

4. Click the + sign beside Software

5. Scroll down here and check for the virus folders.

6. Delete them if you detect.

7. Click the + sign beside Microsoft

8. Click the + sign beside Windows

9. Click the + sign beside Current Version

10. Click the + sign beside Run

Here check for any virus entries in right pane and delete them.

Repeat the same for RunOnce and RunServices keys.

Repeat the above steps for HKEY_CURRENT_USER

***************************************************************************************************************

STEP 14: Run Spybot:

Restart the computer in Normal Mode and download Spybot from this weblink & save it on the computer's Desktop:

http://www.spybotupdates.com/files/spybotsd15.exe

1. Install the tool on the customer's computer by double clicking on the saved icon.

2. Uncheck all options except " Check for Updates quickly "

3. Run the tool.

4. After the scan is completed, click on "Fix Selected Items" at the top the tool Window.

5. Close Spybot Window.

***************************************************************************************************************

STEP 15: Check McAfee Security Center:

1. Open McAfee Security Center and click on "Computers and Files" and then click on "Configure" at the right pane.

2. Click on "Trusted Lists" in left pane.

3. Check all the System Guards one by one and see if any virus file is located there.

4. If detected, click on it and then click on "Remove" button at the right bottom of Security Center Window.

5. After removing all virus file instances, click on "Updates" in Security Center Window.

***************************************************************************************************************

After completing all the above steps, perform Windows Update:

1. Open Internet Explorer

2. Type the following in the address bar and press the Enter key:

http://windowsupdate.microsoft.com

This should start the automatic updates of Windows.

3. Restart the computer and check if the issue is resolved.

***************************************************************************************************************

Ask the customer to follow this website to prevent his computer from future infections:

http://www.microsoft.com/protect/computer/advanced/default.mspx