Showing posts with label usb antivirus. Show all posts
Showing posts with label usb antivirus. Show all posts

Wednesday, August 18, 2010

Get Free Avira Antivir Premium

I just got being notified by my Avira Antivirus about a special offer, they are
giving away a Premium Version. They are using trialpay.

 

Get it free with TrialPay!


Try or buy one offer from your preferred brands and get
your favorite products—free. TrialPay uses money from the advertiser to pay for
your product. It's that easy.



Go here and check it out: Free
Avira Antivir Premium

Posted by at No comments:
Labels: , , , , , ,

Saturday, February 28, 2009

How to Remove RVHOST.exe Virus/Worm

RVHOST.EXE VIRUS DETAILS

Discovered: December 12, 2006
Updated: December 13, 2006 3:26:10 AM
Also Known As: IM-Worm.Win32.Sohanad.t [Kaspersky], W32/Sohana-R [Sophos]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

W32.Yautoit.N is a worm that spreads through Yahoo! Instant Messenger.

Once executed, the worm downloads a file from the following location:
[http://]www.freewebs.com/nhattru[REMOVED]

The worm then saves the downloaded file as the following file:
%System%\RVHOST.exe

The worm creates the following file on shared drives:
%System%\new folder.exe

The worm then creates the following Windows job file with settings to execute RVHOST.exe at 9:00am every day:
%Windir%\Tasks\At1.job

The worm creates the following registry entries so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe " RVHOST.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Yahoo Messengger" = "%System%\RVHOST.exe"

The worm also creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\"shared" = "[SHARED DRIVE]\New Folder.exe"

The worm then modifies the following registry entries to disable the Task Manager and the Registry Editor:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"

The worm also modifies the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NofolderOptions" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\"AtTaskMaxHours" = "0"

The worm then deletes the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"Run" = "BkavFw"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\"Run" = "IEProtection"

The worm ends the following processes and closes applications if they are running:
Registry Editor
Task Manager
Bkav2006
game_y.exe
"System Configuration"

Next, the worm sends the following messages through Yahoo! Instant Messenger:
"E may, vao day coi co con nho nay ngon lam [http://]nhattruongquang.0catch.com

"Vao day nghe bai nay di ban [http://]nhattruongquang.0catch.com"

"Vao day nghe bai nay di ban [http://]nhattruongquang.0catch.com"

"Biet tin gi chua, vao day coi di [http://]nhattruongquang.0catch.com"

"Trang Web nay coi cung hay, vao coi thu di [http://]nhattruongquang.0catch.com"

"Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? [http://]nhattruongquang.0catch.com"

"Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa... [http://]nhattruongquang.0catch.com"

"Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... [http://]nhattruongquang.0catch.com"

"Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... [http://]nhattruongquang.0catch.com"

"Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon...[http://]nhattruongquang.0catch.com"

Info: Thanks to symantec.

Rvhost.exe Removal Tool

To remove this virus/worm automatically
just download the tool here :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click it after downloading, and have it running on it's own. Wait for it to finish scanning and removing the malwares and viruses on your pc. You will know when it's done when the text file appear containing the scan results. And your finish.
Make sure to disable any antivirus you have before executing the tool.

Enjoy!
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, March 18, 2008

REMOVING SSCVIIHOST.EXE

USB Virus Name : SSCVIIHOST.exe

Virus Type : WORM_SOHANAD.BO

REMOVAL INSTRUCTIONS

1. Download RRT.exe run the program, click check all, then click remove,
to remove the restrictions made by the virus.

2. Press Ctrl-Alt-Del to open task manager.
On the processes tab find the following running processes:
SSCVIIHOST.exe/blastclnnn.exe
Right Click on each process and choose End Process Tree.
Close the Task Manager.

3. Click Start>Run and Type Regedit.
Press Ctrl-F and find the following registry keys.
a) SSCVIIHOST.exe
b) blastclnnn.exe
c) New Folder.exe
d) pc-off.bat
Right Click on the value and click delete.
After finding one entry, Press F3 to continue the search.

4. After you delete those registry entries,
Goto Start>Search>Click All files and folders,
on the more advanced options put a check
on search system folders, hidden, and subfolders.
Enter these as keywords, and delete those files if found.
a) SSCVIIHOST.exe
b) blastclnnn.exe
c) New Folder.exe
d) pc-off.bat
Common Locations are
C:/Windows
C:/Windows/System
C:/Windows/System32
C:/Windows/Prefetch

5. After deleting those files, do a search again and this time
type these keyword, *.exe.
On the results panel, sort it by clicking the size field.
Any file that has a folder icon, a detail that tells it is an application
and with a filesize of only 245kb, right click and delete all of them.

6. Restart your PC. Test if your PC is running normal again and no
SSCVIIHOST.exe is running by running the task manager. Ctrl-Alt-Del.
If the virus is still in your PC, it means you missed a registry entry.
Do the steps again to clear it. Make sure you do it one by one.

PREVENTION

When opening your USB Disk do not double click on it, instead use the
folder options to navigate it. If your antivirus does not detect this type
of virus, I recommend Avira Free Personal Edition Antivirus,
it detects most of the USB viruses today.

Hope my guide helped you.

ShadowPrince c",)
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)


Sign up for PayPal and start accepting credit card payments instantly.