removal instructions for XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirusVirus news and solutions 85.12.43.75/tst20.html virus, backdoor trojans, virus removal

Which Spyware Remover Will Automatically Eliminate The Frustration Of Your Spyware Problems?

Our Goal

The goal of M.J.S Computers is to help you understand what spyware is and to help educate you on the kinds of threats posed by spyware and the tools you can use to take back control of your computer from annoying popups, PC slow down and other problems caused by spyware.

Testing results

We randomly tested PC's that were infected with spyware starting with those of our friends and family members and then expanded our research further to publicly accessible computers found in libraries and internet cafes where spyware infections are much more severe and harder to eliminate. After running our tests with numerous spyware remover applications, they are now spyware free. But only a handful of applications were actually effective at removing the spyware.

Effective Tools For Spyware Removal

The most effective Program for removing virus / spyware related problems are those provided by PC Tools.

They provide a range of quality tools and utilities which not only work, but are simplicity itself to operate.

In many cases, complex virus can be removed with one click.

On so many occasions, even though a customer`s computer has the latest version of Norton or Macaffe antivirus installed on their PC`s, PC TOOLS SPYWARE DOCTOR still identified many serious threats that the aforementioned missed. (perhaps that is why Norton - AKA Synamtec have recently bought them out!)

A free scan of your PC is available by clicking the below links.

MJS Spyware News And Solutions

take control of your computer

Month of September 2008

Spyware / Malware - ANTIVIRUS 2009 (Scam) 4th October 2008 - Risk factor - VERY HIGH.

What is Antivirus 2009?

Antivirus 2009 is a clone of Antivirus 2008 which is know to be a dangerous rogue anti-spyware program. It creates popup alerts and performs fake scans on your computer. Antivirus 2009 does this to scare you into thinking you must utilise the full Antivirus 2009 program to remove found parasites. Antivirus 2009 comes from Trojans and infected websites such as Antivirus-2009.com or trying to get things for free from WAREZ sites (keygens, product keys etc)

One VERY ANNOYING aspect is that when you go onto the internet, Internet Explorer automaticly opens up and launches the website http://85.12.43.75/tst20.html (DO NOT CLICK THIS!!!!!)

The webpage is white/black but all these virus's start to come into your PC. Norton Antivirus removes them (or it says it has!) but still this webpage http://85.12.43.75/tst20.html opens regually, every 10 minutes or so.

Antivirus 2009 or Antivirus2009 is a very bad program to get rid of once it is installed on your PC.

All does nothing but take your money if you choose to purchase it. Do not ever purchase or download

This is what it looks like...

(Many thanks to Mr and Mrs Grey for their patience!)

TO REMOVE THIS SCAM, SIMPLY DOWNLOAD PC TOOLS SPYWARE DOCTOR WITH ANTIVIRUS OR PC TOOLS INTERNET SECURITY, BOTH AVAILABLE AS FREE DOWNLOADS FROM HERE!

This software is very easy to use (removes Virus` and Spyware with ONE CLICK - No starting your PC in "safe mode" etc)

and also stops them from coming into your computer at source.

Spyware - Quake (Scam) - 27th August 2008. Risk factor VERY HIGH

During the month of August, MJS engineers have continually came across this very irritating scam spyware program.

SpywareQuake is part of a new breed of adware/scam hybrids that act as trojans and infect systems via email spam or website scripts. Once infected, SpywareQuake bombs the user of the computer with fake security notification pop-ups, telling them that their computer is infected. Once the pop up is clicked, a fake scan will show and a link to purchase the full version of SpywareQuake, which is not a real anti spyware program.

Removing SpywareQuake from your system is fairly easy if not for the fact that there are several variations of the trojan (it is mainly in the filenames of the DLL it uses). Simply boot into safe mode without network support, and search for all files using the search string “SpyWare Quake”. All the dlls, shortcuts and files that will show up containing the word SpywareQuake should be deleted. Next is to open the registry editor by typing “REGEDIT” on the windows Run command, and doing a similar search on the registry and deleting the results.

It is worth noting that manual removal of the Spyware Quake Trojan is risky, and you are liable to end up crippling your operating system, or missing left over files from the trojan, resulting in re-infection. It is therefore recommended to resort to an updated anti-spyware program if you have one. Come to think of it, regularly updating your anti spyware as well as all the protections on your pc such as anti-virus and your operating system will prevent you from getting infected by SpywareQuake.

Futher down the page I`ve included a review of the top 5 commonly used antispyware programs that are on the market for your consideration. Click here to jump straight to this.

What does SpyQuake look like?

Below is a screenshot of what this pest looks like.....

Virus, Trojan Creator - Turkojan - Risk Factor VERY HIGH

Novice hackers have already used freeware tools and programs that were created by other more experienced cyber criminals. But with the advent of the Trojan Creator named, Turkojan, a commercial malware creator, the cyber criminal world has entered a new era: Cybercrime as a business.

Turkojan allows even beginner malware programmers to create new, undetectable trojans or virus for different operating systems without them having to learn a new computer language or to deal with lengthy manuals and scripts. The malwares they can create are not simple TSR annoyances either, since Turkojan is powerful enough to create trojans that can provide real time screen viewing, keylogging, streaming of audio taken from the microphone, and streaming of webcam signals.

The Trojan creator Turkojan offers three different versions of its malware construction kit, with the gold edition - priced at $249 US dollars - going so far as to offer 24/7 customer support for six months as well as patches and updates in case virus scanners have started detecting and blocking the malwares they created using the Turkojan trojan creator.

There is currently no news yet as to what authorities can do to stop the software makers and its devastating effect on computers all over the world, since there has not been any publicised news on whether they have found the person responsible for Turkojan.

This is something I will definitely keep my eye on.

What does this look like? See below screen shot.

What is the solution? EDUCATE YOURSELF!

Don`t just rely on free antivirus or spyware scanners.

You get what you pay for. They are simply not good enough!

Spoof / Phishing Emails. (commonly sent to users with eBay, Paypal accounts.) - Risk Factor - VERY HIGH

Spoof or "phishing" emails and websites are becoming an increasing problem for unsuspecting internet users. Spoof emails claim to be sent by eBay or PayPal (or other trusted organisations), and can look identical to email usually from these organisations. More often than not links within the emails direct users to fake websites asking for personal information such as credit card number, username or account password in an attempt to commit identity theft or other crimes.

Here is an example. Notice how authentic it looks!..

How can you do to protect yourself ?

The good news is that you can avoid falling victim to spoof emails and websites, and protect yourself online by taking a few simple precautions

1) NEVER REPLY TO EMAILS WHICH ASK FOR PERSONAL INFORMATION.

2) DOWNLOAD THE FREE EBAY TOOLBAR WITH ACCOUNT GUARD (CLICK PICTURE TO GET YOURS!)

3) REPORT SUSPICIOUS EMAILS TO SPOOF@EBAY.CO.UK OR SPOOF@PAYPAL.CO.UK

Paypal / eBay will let you know whether or not the email or website is fake or genuine. If you are in any doubt at all, always check - it is worth taking the time to be sure.

4) INSTALL A DECENT FIREWALL AND UP TO DATE ANTISPYWARE / ANTIVIRUS SOFTWARE PACKAGE

Every time you save an email attachment or download a file from the internet, you are risking exposure to potentially harmful viruses and online hackers. Computers that have no firewall or anti-virus software are unprotected and vulnerable to these types of attacks. To prevent this from happening PLEASE install a firewall and regularly update your anti-virus software.

5) LEARN HOW TO SPOT THE GIVE AWAY SIGNS OF AN EMAIL BEING A SPOOF

Whilst spoof and phishing scams are getting more sophisticated, there are a few indications that an email you have received or a website you have visited is spoof. CLICK HERE for more details on how to spot emails & websites, and remember, use your common sense. If you wouldn't take the risk in the offline world, then don't do it online.

Please look at the below example of an eBay spoof email.

Again, this looks very convincing.

NOTICE THE SUSPICIOUS

WEB ADDRESS !

AGAIN, YOU WOULD BE NAMED, NOT JUST LABLED AS "DEAR EBAY MEMBER"

PAYPAL

WOULD

NEVER SEND A "BLANKET" EMAIL, YOU ARE ALWAYS NAMED!

Trojan virus steals bank info

By Maggie Shiels

Technology reporter, BBC News, Silicon Valley - OCTOBER 31st 2008

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as "one of the most advanced pieces of crimeware ever created".

The Sinowal trojan has been tracked by RSA, which helps to secure networks

in Fortune 500 companies.

RSA said the trojan virus has infected computers all over the planet.

"The effect has been really global with over 2000 domains compromised,"

said Sean Brady of RSA's security division.

He told the BBC: "This is a serious incident on a very noticeable scale and

we have seen an increase in the number of trojans and their variants, particularly

in the States and Canada."

The RSA's Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.

Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.

The lab said no Russian accounts were hit by Sinowal.

"Drive-by downloads"

RSA described the Sinowal as "one of the most serious threats to anyone with an internet connection" because it works behind the scenes using a common infection method known as "drive-by downloads"."

sinowal trojan graph from rsa lab

Sinowal has been constantly updated with new variants

Users can get infected without knowing if they visit a website that has been booby-trapped with the Sinowal malicious code.

Mr Brady said the worrying aspect about Sinowal, which is also known as Torpig and Mebroot, is that it has been operating for so long.

"One of the key points of interest about this particular trojan is that it has existed for two and a half years quietly collecting information," he said. "Any IT professional will tell you it costs a lot to maintain and to store the information it is gathering.

"The group behind it have made sure to invest in the infrastructure no doubt because the return and the potential return is so great."

RSA's researchers said the trojan's creators periodically release new variants to ensure it stays ahead of detection and maintain "its uninterrupted grip on infected computers."

While RSA's lab has been tracking the trojan since 2006, Mr Brady admitted that they know a lot about its design and infrastructure but little about who is behind Sinowal.

"There is a lot of talk about where it comes from and anecdotal evidence points to Russia and Eastern Europe. Historically there have been connections with an online gang connected to the Russian Business Network but in reality no one knows for sure."

That he said is because the group is able to use the web to cloak its identity.

Infection

In April 2007, researchers at Google discovered hundreds of thousands of web

pages that initiated drive-by downloads. It estimated that one in ten of the 4.5 million

pages it analysed were suspect.

Sophos researchers reported in 2008 it was finding more than 6,000 newly infected

web pages every day, or about one every 14 seconds.

Debit card and cash

Since May, Sinowal has compromised over 100,000 online bank accounts

RSA's fraud action team said it noticed a spike in attacks from March through to September this year.

That is backed up by another online security company called Fortinet. It said from July 2008 to September 2008 the number of reported attacks rose from 10m to 30m. This included trojans, viruses, malware, phishing and mass mailings.

"The explosion in the number of attacks is alarming," said Derek Manky of Fortinet.

"But trojans are just one of the players in the game wreaking havoc in cyberspace."

Remedies

While attacks are on the increase, there are some simple steps that users can take to protect their information besides using security software.

"We have a saying here which is 'think before you link,'" said Mr Manky.

"That just means observe where you are going on the web. Be wary of clicking

on anything in a high traffic site like social networks.

"A lot of traffic in the eyes of cyber criminals means these sites are a target

because to these people more traffic means more money," he said.

RSA also urged users to be wary if their bank started asking for different forms of

authentication such as a social security number or other details.

"People think not clicking on a pop up or an attachment means they are safe.

What people don't realise now is that just visiting a website is good enough to infect them."

RSA said it is co-operating with banks and financial institutions the world over to tell them

about Sinowal. It has passed information about the virus to law enforcement agencies.

If you think you may be at risk, we strongly recommend you download this.

PC Tools Internet Security includes Spyware Doctor, the most awarded anti-spyware protection worldwide. Spyware Doctor alone has been downloaded over 110 million times, with a million more downloads each week. Spyware Doctor is trusted by millions worldwide to protect their identity and PC against spyware, adware and other malicious threats.

Spyware Doctor has consistently been awarded Editors' Choice and Best of the Year awards by leading PC magazines and testing laboratories around the world, including the United States, United Kingdom, Sweden, Germany and Australia. Spyware Doctor continues to be awarded the highest accolades by many of the world's leading PC publications such as PC Magazine, PC World, PC Pro, PC Plus, PC Authority, PC Utilities, PC Advisor, PC Utilities, Computerbild, PC Welt, and PC Answers Magazine.

Did you know that numerous anti-malware products tested against Spyware Doctor only detected a small fraction of spyware threats and were only able to completely remove an even smaller amount? Furthermore, most of these anti-malware products were unable to effectively block spyware threats in real-time from being installed on users' PCs in the first place.

PC Tools Internet Security includes both anti-spyware and anti-virus protection. It also features an automatic self-updating feature to keep your protection up to date at all times, ensuring the best spyware and virus fighting capabilities. As threats are becoming more complex to avoid detection, PC Tools Internet Security responds with new technology to stay one step ahead.

http://www.pctools.com/spyware-doctor-antivirus/

UPDATE: 3RD NOVEMBER 2008 -: HOW TO SUCESSFULLY REMOVE: XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.

While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!

XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

System files modification alert!

Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised <sic> modification by removing threats (Recommended).

As you can see these programs are fraudware because they make changes to your computer and then state these changes are infections as a scare tactic to have you purchase the software. It goes without saying that under no circumstances should you buy it. The older program, XPAntivirus, does come with a removal option in the computer's Add or Remove Programs list, but when you attempt to uninstall it, all that happens is the entry is removed from the list and program's process is terminated. Next time you reboot, XP AntiVirus will start up again. The newer versions of the program do not contain an entry in the Add or Remove Programs list at all.

Automated Removal Instructions for XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus using Malwarebytes' Anti-Malware:

1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

3. Once downloaded, close all programs and Windows on your computer, including this one.

4. Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus related files.

8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.

9. When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus removal process.

10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

11. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

13. You can now exit the MBAM program.

Your computer should now be free of the XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

Here is a FULL LIST of rogue antispyware products to AVOID at all costs and can successfully be removed by MBAM!!

* Advanced Cleaner[5]

* AlfaCleaner

* AntiSpyCheck 2.1

* AntiSpyStorm

* AntiSpywareExpert

* AntiSpywareMaster

* AntiSpywareSuite

* Antivermins

* Antivirgear

* Antivirus 2008

* Antivirus 2009

* AntiVirus Gold [6]

* Antivirus Master

* Antivirus XP 2008 [7]

* Avatod Antispyware 8.0 [8]

* Awola

* Brave Sentry

* BestsellerAntivirus

* Cleanator

* ContraVirus

* Doctor Antivirus

* DriveCleaner [9]

* Disk Knight

* EasySpywareCleaner

* Errorsafe

* free-viruscan.com

* IE Antivirus

* IEDefender

* InfeStop

* Internet Antivirus

* KVMSecure

* MacSweeper

* MalCrush 3.7

* MalwareCore

* MalwareAlarm

* Malware Bell 3.2

* MS Antivirus

* PCSecureSystem [10]

* PC Antispy [11]

* PC Clean Pro [12]

* PC SpeedScan Pro

* PestTrap [13]

* Perfect Cleaner

* PersonalAntiSpy Free

* PAL Spyware Remover

* PCPrivacytool

* PC-Antispyware

* PSGuard

* Saliar

* SecurePCCleaner

* Security toolbar 7.1

* Smart Antivirus 2008

* Smart Antivirus 2009

* SpyAxe [14]

* Spy Away

* SpyCrush

* Spydawn [15]

* SpyGuarder

* SpyHeal

* Spylocked [16]

* SpySheriff [17]

* SpySpotter

* Spyware Cleaner

* Spyware Quake [18]

* Spyware Stormer

* SpywareStrike

* Spy-Rid

* SpyWiper

* System anti virus 2008

* System Live Protect [19]

* SystemDoctor

* Total Secure 2009

* TrustedAntivirus

* TheSpyBot

* UltimateCleaner

* VirusHeat

* Virus Isolator

* VirusProtectPro

* VirusRemover2008

* VirusRanger

* Virus Respone Lab 2009

* Vista Antivirus 2008

* WinAntiVirus Pro 2006

* WinDefender

* WinFixer [20]

* WinSpywareProtect

* WorldAntiSpy

* XP Antivirus

* XP AntiSpyware 2009

* Zinaps AntiSpyware 2008

1st December 2008 - "EMAIL: - VERY NASTY VIRUS WARNING!!"

Over the last few days, a very nasty virus warning has been brought to our attention. It reads:..

"Please be alert during the next few days. Do not open any message

with an attachment entitled 'POSTCARD FROM HALLMARK,' regardless of who sent

it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the

whole hard disc C of your computer. This virus will be received from someone

who has your e-mail address in his/her contact list. This is the reason

why you need to send this e-mail to all your contacts It is better to receive

this message 25 times than to receive the virus and open it.

If you receive a mail called' POSTCARD,' even though sent to you by a

friend, do not open it!

This is the worst virus announced by CNN. It has been classified by

Microsoft as the most destructive virus ever. This virus was discovered by

McAfee last week, and there is no repair yet for this kind of virus.

This virus simply destroys the Zero Sector of the Hard Disc and performs a complete format, destroying your valuable data."

This is a hoax. However, there are a number of VERY SIMULAR varients which are not.

Please see http://urbanlegends.about.com/library/bl_postcard_virus.htm

PLEASE MAKE SURE YOUR ANTIVIRUS SOFTWARE IS UP TO DATE AS THERE ARE SOME VERY SIMULAR VIRUS`S WHICH DO CAUSE SERIOUS DAMAGE (PARTICULARLY THOSE OF A PORNOGRAPHIC NATURE)

May I suggest that you go to our home page, and download PC TOOLS SPYWARE DOCTOR WITH ANTIVIRUS.

This is by far the best antivirus program we have used and is available to download.

Another thing to try is again, if you go to http://www.mjscomputers.net/productcatpage.html

I have uploaded a free scanner called MALWARE BYTES ANTIVIRUS.

Simply download this and do a full scan of your computer.

The file is compressed using WINRAR (similar to zip files)

Again, if you don`t have we`ve included WINRAR on our products page. I`ve included this as a free download.

Please check out our news page, as this is constantly updated with solutions to a wide range of pc related problems and I`m sure you`ll find this beneficial.

We do offer nationwide remote desktop support, meaning we can do PC Health Checks over the telephone!