Laman

Sabtu, 02 April 2011

How to use AVG Internet Security 2011 System Tools

Is your Windows Task Manager, registry editor (regedit) and Microsoft Configuration setting (msconfig) being blocked  by malware??? Don't worry AVG Internet Security 2011 got Component System Tools.
The System Tools component is an advanced tool for detailed system analysis, as to what is happening on your computer at the moment.
It lists (and allows you to terminate or delete) individual active processes and applications currently running on your computer, open network connections, installed browser plugins and LSPs, and applications that are launched automatically after Windows startup.


The following tabs are available in the component overview:

 · Processes
  The Processes tab can replace Windows Task Manager  (ctrl+shift+esc) function, when this windows tool has been blocked by malware.
The Processes tab displays a list of processes (i.e. running applications) that are currently active. The list contains some of the following columns (depending upon whether the Identity Protection component is installed):
   · Severity displays an icon indicating the severity level of infection, as determined by the Identity Protection component.
   · Process name indicates the name of the running process.
   · Process path indicates the physical path to the running process.
   · Window indicates the application Window name, if applicable.
   · PID (Process Identification Number) is a Windows internal process identifier that uniquely identifies the process.



You can select an application and terminate it by pressing the Terminate Process button.

   
   Note : Do not terminate any applications or processes, especially system services, unless you are absolutely sure that they represent a real threat! By terminating applications deliberately, you could seriously destabilize your system. 


· Network Connections  
The Network Connections tab displays a list of currently active connections. The list contains the following columns:
  · Application indicates the name of an application that is related to the connection. 
  · Protocol indicates the transmission protocol type that is used for the connection: TCP, the protocol used in conjunction with Internet Protocol (IP) to transmit information over the Internet, or UDP, an alternative to TCP protocol.
  · Local Address indicates the IP address of the local computer and the port number that is being used.
  · Remote Address indicates the IP address of the remote computer and the port number that it is being connected to. If possible, it will also look up the hostname of the remote computer.
  · State indicates the most probable current state.



To list only external connections, simply select the Hide local connections checkbox. This will hide all local loopback or some system related local connections that are usually not a real threat.

Operating buttons are as follows:
Press Terminate Connection to terminate one or more connections; select one or more rows that are currently in the connected state and press this button.
Press Terminate Process to terminate one or more applications that are related to the connection; select one or more rows and press this button.
Note: Sometimes it is only possible to terminate applications that are currently connected.

   
   Note : Do not terminate any applications or connections unless you are absolutely sure that they represent a real threat. By terminating these deliberately, you could seriously destabilize your system.

· Autostart
  Oftenly malware try to disable Registry Editor (regedit) and Microsoft Condiguration Setting (msconfig) in order to prevent the user using them. The Autostart tab can replace Registry Editor (regedit) and Ms Configuration settings (msconfig), useful to remove registry value of startup application and also delete the startup application file directly.
The Autostart tab displays a list of all applications that are executed during Windows system start-up. The list contains the following columns:
  · Name of the application
  · Location in the Registry
  · Path to the application (physical location on your disk)




Very often, several malware applications add themselves automatically to the start-up registry entry. You can delete one or more entries by selecting them and pressing the Remove selected button.

   
   Note : Do not delete any applications from the list unless you are absolutely sure that they represent a real threat. If you are unsure, use the Internet and your favorite search engine to find more information about the application name.

· Browser Extensions  
The Browser Extensions tab displays a list of plugins (applications) that are installed inside your Internet browser. The list may contain regular application plugins as well as potential malware programs. Click on the listed object to obtain more information. Plugins listed with a green icon are usually known and keeping them is quite safe. Please note however that certain malware programs can pretend to be something else, therefore it cannot be 100% guaranteed that any plugin is harmless.
After selecting an object from the list, its description appears in the bottom part of the tab. In the Technical Details section, CLSID represents a unique identification tag that is associated with an ActiveX or OLE 2.0 object created by a specific component or server. Clicking the CLSID link will open up your Internet browser and search for the string in the Google search engine. After obtaining more information on the plugin, you should be able to decide whether the object should be removed or not.



You can delete any entry in the list by selecting it and pressing the Remove selected object button.

Please note that any browser extension and relevant info might be listed, but only those of Internet Explorer can be guaranteed!

   
   Note : Do not delete any plugins from the list unless you are sure that they represent a real threat. If you are unsure, use the Internet and your favorite search engine to find more information about the plugin name.

· LSP Viewer

The LSP Viewer tab displays a list of Layered Service Providers (LSP).
A Layered Service Provider (LSP) is a system driver linked into the networking services of the Windows operating system. It has access to all data entering and leaving the computer, including the ability to modify this data. Some LSPs are necessary to allow Windows to connect you to other computers, including the Internet. But certain malware applications may also install themselves as an LSP, thus having access to all data your computer transmits. Therefore this review may help you to check all possible LSP threats.
It is also sometimes possible to repair broken LSPs (for example when the file has been removed but the registry entries remained untouched). A new button for fixing the issue is displayed once a repairable LSP is discovered.



To exclude Windows LSPs (which are most likely harmless) from the list, check the Hide Windows LSP box.

This System Tools component only available on AVG Internet Security 2011 version, provides more protection and better performance than the other version.

Tough on threats
Easy on you
Enjov AVG

Sabtu, 26 Maret 2011

How to remove Win32/Heur

Win32/Heur is a stubborn Trojan which is able to self-reproduce via the local and network drive, usually it’s installed onto your computer without your permission. This infection often appear on PCs via spam emails, share network, corrupted media files, porn websites and other related illegal websites. Win32/Heur is also capable of downloading and executing additional malware in the infected machine, which results in delivering fake security pop-ups and redirecting search results of system browsers. It can even disable security programs and firewall software.



This step-by-step guide completely remove Win32/Heur!. If you  have any problem during the uninstall process, please contact  please contact our official support at http://avg.com/support for more detailed  instructions.


Follow the instructions below to remove Win32/Heur:



Solution 1:

For successful remove Win32/Heur, firstly you may also need do as following:
1. Temporarily Disable System Restore .
2. Update AVG virus definitions database.
3. After update your AVG virus database, disconnect all network connection to prevent this trojan download a malware from it's own site. Try to find hidden network connection by using AVG 2011 System Tool : Open AVG 2011 > System Tools >  Network connection > select suspicious connection (connected) > terminate connection / terminate process



4. Reboot computer in SafeMode then do AVG 2011 Whole Computer scan;


If Win32/Heur still detected, repeat step 1-3 then do this following step :


1) Kill the Win32/Heur processes: Press Alt+Ctrl+Del>choose processes in the pop-up window or Open AVG 2011 user interface > System Tools > Processes tab , locate the process of N/A, click it and then presse End process or Terminate Process (AVG 2011 system tools). (If this method doesn’t work, download a professioanl process tool to kill it, such Hijackthis or Process Explorer).


2) Delete Win32/Heur files: Click Start>Search>Choose All files and folders, enter of N/A in the file name blank.



3) Remove Win32/Heur registry keys: Click Start>Run>enter regedit in the box, click ok; locate the key of N/A and delete it.
Stop from running by disable or remove the suspicious startup program, Open AVG 2011 user interface > System Tool > Autostart > select suspicious registry key > Remove selected


(If this method doesn’t work, download a professional registry editor tool to kill it, such Hijackthis or Process Explorer).

4) Delete or quarantine the suspicious file
   use Windows Explorer --- go to local drive (example D:/) --- D:/Documents and Settings/Administrator/localsettings/temp ---- delete all temporary files



Solution 2:
Update your AVG to AVG 2011 version and got it updated then Download a malware removal like Malwarebytes’ Anti-malware (free edition) to automatically remove Win32/Heur. Since Win32/Heur can disable antivirus and firewall software, download the anti-virus software need to be done from another computer

Solution 3:
You may try AVG Rescue CD
AVG Rescue CD: http://www.avg.com/eu-en/avg-rescue-cd-download
And the manual: http://www.avg.com/eu-en/download-documentation
info : http://www.avg.com/us-en/226386

Hopefuly it help
Enjoy AVG

Jumat, 18 Maret 2011

How to remove TR/Crypt.ZPACK.Gen2

For remove TR/Crypt.ZPACK.Gen2 virus,please clean/delete all TR/Crypt.ZPACK.Gen2 infected files and Delete/Modify any values TR/Crypt.ZPACK.Gen2 added to the registry as following:
TR/Crypt.ZPACK.Gen2 Aliases

  • Packed.Win32.Krap.ai
  • Trojan.FakeAV!gen39
  • TR/Kazy.6775
  • TR/Crypt.ZPACK.Gen2
  •  Troj/FakeAV-CFB
For successful remove TR/Crypt.ZPACK.Gen2 virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update AVG virus definitions database. Reboot computer in SafeMode then do Whole Computer scan;
3. Delete the IE temp files,some TR/Crypt.ZPACK.Gen2 temp file exisit there.
4.If you failed to remove TR/Crypt.ZPACK.Gen2,please contact AVG official support at http://avg.com/support
Remove TR/Crypt.ZPACK.Gen2 virus manually
1. Stop from running by disable or remove the suspicious startup program
    use msconfig (click on Start button --- click on Run --- type msconfig
    use Windows Task Manager (ctrl+shift+esc) --- services --- find suspicious file ---end process
    if msconfig and Windows Task Manager has been blocked by virus, use AVG 2011 System Tools (AVG 2011 feature) or download and use  another application such CCleaner or Hijackthis or Process Explorer



Processes Created
  • c:\docume~1\support\locals~1\applic~1\ximmt.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

2. Delete regystry added by malicious software (malware)
   use Registry Editor (click on Start button --- click on Run --- type regedit)
   go to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it
   go to HKEY_CURRENTUSER/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it

Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    sgmadslx
    c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    sgmadslx
    c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    hbgbswjd
    C:\DOCUME~1\support\LOCALS~1\Temp\inqkkpmru\xljdgrrtsbl.exe

  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001

 
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe

  • HKCU\Software\Microsoft\Windows Script\Settings
    JITDebug
    0x00000001

 Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe

  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no


3. Delete or quarantine the suspicious file
   use Windows Explorer --- go to local drive (example D:/) --- D:/Documents and Settings/Administrator/localsettings/temp ---- delete all temporary files

This trojan Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\ximmt.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe
 Note : this removal is only recommended for advanced user
If you failed to remove TR/Crypt.ZPACK.Gen2,please contact AVG official support at http://avg.com/support

Enjoy AVG

Minggu, 13 Maret 2011

Detect someone who defriend you on facebook

How to detect someone who defriend you from their facebook friendlist? (for Mozilla Firefox user)
  1. Open Mozilla Firefox
  2. Type this address http://addons.mozzila.org/en-US/firefox
  3. type Greasemonkey in search coulumn, then press ENTER
  4. In the Greasemonkey, click Add to firefox
  5. Software Installation window appears, click Install Now button
  6. After installation is complete, click Restart Firefox
  7. http://userscripts.org/scripts/show/58852 type the address in the url column
  8. click Install on the Finder for up Unfriend
  9. Click the Install button on the window Greasemonkey Installation
 10. go to facebook page and log in to your account
 11. Welcome page of Unfriend appears, click Close
 12. select menu Unfriend on the left side menu, and you will see your friend who remove you from their friendlist

Sabtu, 05 Maret 2011

What is Win32 Virut and how to remove it?

The Win32/Virut trojan usually infects certain .exe and .scr files in your system, giving a remote attacker access to your computer through a remote IRC server. In other words, this virus lets anonymous hackers poke around in your computer, which is never a good thing.

AVG had released already Removal Tool for Win32/Virut http://free.avg.com/us-en/win32-virut (follow the instructions on that AVG site) and in most cases it works well.
You may also try AVG Rescue CD: http://www.avg.com/eu-en/avg-rescue-cd-download
And the manual guide : http://www.avg.com/eu-en/download-documentation
info : http://www.avg.com/us-en/226386

Unless you like the idea of combing through your hard drive and finding every Win32/Virut-infected file, the best way to remove this virus is to let AVG Anti Virus take care of it

How Do You Remove Win32/Virut Files?
While you should only manually remove Win32/Virut files if you’re comfortable editing your system, you’ll find it’s fairly easy.

How to delete Win32/Virut files in Windows XP/Vista/7:
1.Click your Windows Start menu, then click “Search.”
2.A pop up will ask, “What do you want to search for?” Click “All files and folders.”
3.Type a Win32/Virut file in the search box, and select “Local Hard Drives.”
4.Click “Search.” Once the Win32/Virut file is found, delete it.

How to stop Win32/Virut processes:
1.Click the Start menu, select Run.
2.Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC (you may download and use Process Explorer or Hijackthis if Task Manager  has been blocked by virus)
3.Click Processes tab, and find Win32/Virut processes.
4.Once you’ve found the Win32/Virut processes, right-click them and select “End Process” to kill Win32/Virut


Remove Win32/Virut registry keys:
Backup your registry before you edit it. Then…
1.Click the Start menu, and click “Run.” An “Open” field will appear. Type “regedit” and click “OK ” to open up your Registry Editor. In Windows 7, just type “regedit” into the “Search programs and files” box in the Start menu (you may download and use Process Explorer or Hijackthis if Registry Editor has been blocked by virus)

2.Registry Editor opens as a two-paned window: the left side lets you select registry keys,the right side shows the values of any selected registry key.
3.To find a Win32/Virut registry key, select “Edit,” then select “Find,” and in the search bar type any of Win32/Virut ‘s registry keys.
4.When the Win32/Virut registry key appears, to delete the Win32/Virut registry key, right-click it, and select “Modify,” then select “Delete.


Delete Win32/Virut DLLs:
  1. Open the Start menu, and click “Run.” Type “cmd” in Run, and click “OK.” (In Windows 7, just type “regedit” into the “Search programs and files” box in the Start menu.)
  2. To change your current directory, type “cd” in the command box, press “Space,” and enter the full directory where the Win32/Virut DLL is located. If you’re not sure where the Win32/Virut DLL is located, enter “dir” in the command box to display a directory’s contents. To go one directory back, type “cd ..” in the command box and press “Enter.”
  3. When you’ve found a Win32/Virut DLL, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press “Enter.”

If you want to restore any Win32/Virut DLL you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press “Enter.”

If Win32/Virut change your homepage, I recommended to set it up to blank URL
1.Select Start menu > Control Panel > Internet Options > General.
2.Type blank page URL for safety (e.g., “about:blank”).
3.Click “Use Default,” “Apply,” and “OK.


Removal Tip
Is your computer acting funny after deleting Win32/Virut files? Try Reimage, software that selectively reinstalls broken Windows files.
Also, to save time finding Win32/Virut files, download AVG Anti Virus / Internet Security, run the free scan, and manually remove Win32/Virut files it finds

Sabtu, 26 Februari 2011

How to make your AVG 2011 talk to you?


We know that AVG always give notification in the lower right corner of the taskbar every time an update, scan, resident shield alerts, and online alerts shield. But unfortunately there is no accompanying sound notification. This will not be set by default, then we need to set it up. Here is a guide how to setup AVG sound :
1. Open AVG user interface
2. Click on "Tools" tab
3. Select "Advanced settings ..."
4. After the Advanced window settings appears, Click on "Sounds"
5. Tick the box "Enable sound events"
6. Choose the Event That You Want to add the sound on it by highlighting it (click on it)
7. then click on "Browse", select the sound you want from your computer
8. you can try the sound is added to the AVG event by clicking the "Play"
9. After completing the setting and then Click on "Apply"
10. Close the window by clicking the "Ok" button

Now AVG will as if speaking to you every time AVG did the event.

tough on threats
easy on you
enjoy AVG

Minggu, 20 Februari 2011

How to remove trojan/malware/virus manually

How to remove trojan/virus/spyware manually
1. Stop from running by disable or remove the suspicious startup program
    use msconfig (click on Start button --- click on Run --- type msconfig
    use Windows Task Manager (ctrl+shift+esc) --- services --- find suspicious file ---end process
    if msconfig and Windows Task Manager has been blocked by virus, download and use  another application such CCleaner or Hijackthis
2. Delete regystry added by malicious software (malware)
   use Registry Editor (click on Start button --- click on Run --- type regedit)
   go to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it
   go to HKEY_CURRENTUSER/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it
3. Delete or quarantine the suspicious file
   use Windows Explorer --- go to local drive (example D:/) --- D:/Documents and Settings/Administrator/localsettings/temp ---- delete all temporary files