Category Archives: Viruses

Viruses

Remove Conficker Worm

There's been a lot of national news lately regarding the Conficker Worm. I did some research and found a nice Conficker removal tool at BitDefender's site.

http://www.bdtools.net/how-to-remove-downadup.php

Pretty easy to run. Just unzip the download into a folder and run the gui program. At least you get a little peace of mind...

Missing Control Panel on XP

A recent WinSys virus caused the control panel on an XP system to go missing.

There are two way to try and restore it:

1) Right click on the Start.
2) Click Properties.
3) Select the Start Menu tab.
4) Select Customize.
5) Go through the list. If you're lucky, you'll see Control Panel that you can check.

If the above doesn't work, then try this set of procedures I found on http://www.annoyances.org/exec/forum/winxp/1191368503

1) Click Start, Run and type "regedit.exe" Press {ENTER}
2) Navigate to the following branch:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor­er

3) Backup the key by exporting it (from the File menu, choose Export) as a REG file.

4) In the right pane of the above key, delete the value named "NoControlPanel" (if found)

5) Repeat the same in this branch:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explo­rer

6) Exit the Registry Editor.

The second procedure worked for me.

Winsys.exe Virus Unable To Run Regedit

Winsys.exe virus recented infected one of my customer's computers. Two side effects:

1) Regedit is disabled.
2) No Control Panel under the start menu.

Boot to Safe Mode and run SDFix.exe. You can download it from this site:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

You may also need to run Hijackthis to remove a regedit disable key. Run Hijackthis and search for regedit. Check off the item to remove it.

This should allow you to run Regedit.

To restore the Control Panel, see the next posting.

Java Byte Verify Exploit and Shinwow

Here's one way to clean out any of these java related viruses:

Trojan.ByteVerify
VerifierBug.class
Java.JJBlack worm
Java.Shinwow trojan

These are malicious applets that are getting loaded into the java cache directory.

You can clear the java cache by going to Control Panel > Java > Delete Files under the Temporary Internet Files section.

Free Avast Instead Of Not-So-Free AVG

After many years of using and recommending the great free AVG antivirus software, Grisoft has finally decided not to make it free anymore. *sob* It's still a great antivirus program -- much better than Norton or McAfee, the one time leaders in the antivirus market.

Smaller, faster programs have emerged such as AVG, Nod32, Kaspersky. If you're willing to spend a few dollars on antivirus software, those are all excellent choices.

As far as the free antivirus market goes, Avast now seems to be the last holdout. I've started using it a few months ago and it seems pretty good, although the interface is a little less than intuitive. For example, it wasn't obvious to me how to scan a whole drive. (Right-click on the Avast icon to get all the goodies.)

Despite the slightly quirky interface, Avast antivirus is an excellent -- and perhaps only -- free choice.

Try it here: http://www.avast.com/eng/avast_4_home.html


Update: AVG appears to be free again! http://www.free.grisoft.com

While you're at it, you can also download their free anti-spyware as well. Works as a full version for 30 days before downgrading itself to a minimal -- albeit free -- version.

Phishing – Order Confirmation number: WC2905036

I recently received a phishing email loosely disguised as an order confirmation that attempted to install the Backdoor.Win32.Haxdoor.ga virus.

It was pretty obvious that it WASN'T a legitimate email since the EXE was inside a ZIP file attachment. Very unlikely that any company would send an order confirmation inside a ZIP file let alone it being an executable program!

The gory details can be found here: Phishing - Order Confirmation number: WC2905036

You can read more about these types of phishing and spam emails at http://www.spamandphish.com.