How to remove Win32/Heur

Win32/Heur is a stubborn Trojan which is able to self-reproduce via the local and network drive, usually it’s installed onto your computer without your permission. This infection often appear on PCs via spam emails, share network, corrupted media files, porn websites and other related illegal websites. Win32/Heur is also capable of downloading and executing additional malware in the infected machine, which results in delivering fake security pop-ups and redirecting search results of system browsers. It can even disable security programs and firewall software.



This step-by-step guide completely remove Win32/Heur!. If you  have any problem during the uninstall process, please contact  please contact our official support at http://avg.com/support for more detailed  instructions.


Follow the instructions below to remove Win32/Heur:



Solution 1:

For successful remove Win32/Heur, firstly you may also need do as following:
1. Temporarily Disable System Restore .
2. Update AVG virus definitions database.
3. After update your AVG virus database, disconnect all network connection to prevent this trojan download a malware from it's own site. Try to find hidden network connection by using AVG 2011 System Tool : Open AVG 2011 > System Tools >  Network connection > select suspicious connection (connected) > terminate connection / terminate process

4. Reboot computer in SafeMode then do AVG 2011 Whole Computer scan;


If Win32/Heur still detected, repeat step 1-3 then do this following step :


1) Kill the Win32/Heur processes: Press Alt+Ctrl+Del>choose processes in the pop-up window or Open AVG 2011 user interface > System Tools > Processes tab , locate the process of N/A, click it and then presse End process or Terminate Process (AVG 2011 system tools). (If this method doesn’t work, download a professioanl process tool to kill it, such Hijackthis or Process Explorer).

2) Delete Win32/Heur files: Click Start>Search>Choose All files and folders, enter of N/A in the file name blank.



3) Remove Win32/Heur registry keys: Click Start>Run>enter regedit in the box, click ok; locate the key of N/A and delete it.
Stop from running by disable or remove the suspicious startup program, Open AVG 2011 user interface > System Tool > Autostart > select suspicious registry key > Remove selected

(If this method doesn’t work, download a professional registry editor tool to kill it, such Hijackthis or Process Explorer).

4) Delete or quarantine the suspicious file
   use Windows Explorer --- go to local drive (example D:/) --- D:/Documents and Settings/Administrator/localsettings/temp ---- delete all temporary files



Solution 2:
Update your AVG to AVG 2011 version and got it updated then Download a malware removal like Malwarebytes’ Anti-malware (free edition) to automatically remove Win32/Heur. Since Win32/Heur can disable antivirus and firewall software, download the anti-virus software need to be done from another computer

Solution 3:
You may try AVG Rescue CD
AVG Rescue CD: http://www.avg.com/eu-en/avg-rescue-cd-download
And the manual: http://www.avg.com/eu-en/download-documentation
info : http://www.avg.com/us-en/226386

Hopefuly it help
Enjoy AVG

How to remove TR/Crypt.ZPACK.Gen2

For remove TR/Crypt.ZPACK.Gen2 virus,please clean/delete all TR/Crypt.ZPACK.Gen2 infected files and Delete/Modify any values TR/Crypt.ZPACK.Gen2 added to the registry as following:
TR/Crypt.ZPACK.Gen2 Aliases

• Packed.Win32.Krap.ai
• Trojan.FakeAV!gen39
• TR/Kazy.6775
• TR/Crypt.ZPACK.Gen2
•  Troj/FakeAV-CFB

For successful remove TR/Crypt.ZPACK.Gen2 virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update AVG virus definitions database. Reboot computer in SafeMode then do Whole Computer scan;
3. Delete the IE temp files,some TR/Crypt.ZPACK.Gen2 temp file exisit there.
4.If you failed to remove TR/Crypt.ZPACK.Gen2,please contact AVG official support at http://avg.com/support
Remove TR/Crypt.ZPACK.Gen2 virus manually
1. Stop from running by disable or remove the suspicious startup program
    use msconfig (click on Start button --- click on Run --- type msconfig
    use Windows Task Manager (ctrl+shift+esc) --- services --- find suspicious file ---end process
    if msconfig and Windows Task Manager has been blocked by virus, use AVG 2011 System Tools (AVG 2011 feature) or download and use  another application such CCleaner or Hijackthis or Process Explorer

Processes Created

• c:\docume~1\support\locals~1\applic~1\ximmt.exe
• c:\windows\system32\cmd.exe
• c:\windows\system32\ping.exe
• c:\windows\system32\taskkill.exe

2. Delete regystry added by malicious software (malware)
   use Registry Editor (click on Start button --- click on Run --- type regedit)
   go to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it
   go to HKEY_CURRENTUSER/Software/Microsoft/Windows/CurrentVersion/Run --- then find suspicious string value on the right pane, delete it

Registry Keys Created

• HKCU\Software\Microsoft\Internet Explorer\Download
  

  RunInvalidSignatures

  0x00000001



• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  

  sgmadslx

  c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe



• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  

  sgmadslx

  c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe



• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
  

  SaveZoneInformation

  0x00000001



• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
  

  SaveZoneInformation

  0x00000001



• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  

  hbgbswjd

  C:\DOCUME~1\support\LOCALS~1\Temp\inqkkpmru\xljdgrrtsbl.exe



• HKCU\Software\Microsoft\Internet Explorer\Download
  

  RunInvalidSignatures

  0x00000001

 

Registry Keys Modified

• HKCU\Software\Microsoft\Internet Explorer\Download
  

  CheckExeSignatures

  no



• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  

  LowRiskFileTypes

  .exe



• HKCU\Software\Microsoft\Windows Script\Settings
  

  JITDebug

  0x00000001

 Registry Keys Modified

• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  

  LowRiskFileTypes

  .exe



• HKCU\Software\Microsoft\Internet Explorer\Download
  

  CheckExeSignatures

  no

3. Delete or quarantine the suspicious file
   use Windows Explorer --- go to local drive (example D:/) --- D:/Documents and Settings/Administrator/localsettings/temp ---- delete all temporary files

This trojan Copies Itself To

• c:\Documents and Settings\test user\Local Settings\Application Data\ximmt.exe
• c:\Documents and Settings\test user\Local Settings\Application Data\xspuheocv\xobsmmptssd.exe

 Note : this removal is only recommended for advanced user
If you failed to remove TR/Crypt.ZPACK.Gen2,please contact AVG official support at http://avg.com/support

Enjoy AVG

Detect someone who defriend you on facebook

How to detect someone who defriend you from their facebook friendlist? (for Mozilla Firefox user)
  1. Open Mozilla Firefox
  2. Type this address http://addons.mozzila.org/en-US/firefox
  3. type Greasemonkey in search coulumn, then press ENTER
  4. In the Greasemonkey, click Add to firefox
  5. Software Installation window appears, click Install Now button
  6. After installation is complete, click Restart Firefox
  7. http://userscripts.org/scripts/show/58852 type the address in the url column
  8. click Install on the Finder for up Unfriend
  9. Click the Install button on the window Greasemonkey Installation
 10. go to facebook page and log in to your account
 11. Welcome page of Unfriend appears, click Close
 12. select menu Unfriend on the left side menu, and you will see your friend who remove you from their friendlist

What is Win32 Virut and how to remove it?

The Win32/Virut trojan usually infects certain .exe and .scr files in your system, giving a remote attacker access to your computer through a remote IRC server. In other words, this virus lets anonymous hackers poke around in your computer, which is never a good thing.

AVG had released already Removal Tool for Win32/Virut http://free.avg.com/us-en/win32-virut (follow the instructions on that AVG site) and in most cases it works well.
You may also try AVG Rescue CD: http://www.avg.com/eu-en/avg-rescue-cd-download
And the manual guide : http://www.avg.com/eu-en/download-documentation
info : http://www.avg.com/us-en/226386

Unless you like the idea of combing through your hard drive and finding every Win32/Virut-infected file, the best way to remove this virus is to let AVG Anti Virus take care of it

How Do You Remove Win32/Virut Files?
While you should only manually remove Win32/Virut files if you’re comfortable editing your system, you’ll find it’s fairly easy.

How to delete Win32/Virut files in Windows XP/Vista/7:
1.Click your Windows Start menu, then click “Search.”
2.A pop up will ask, “What do you want to search for?” Click “All files and folders.”
3.Type a Win32/Virut file in the search box, and select “Local Hard Drives.”
4.Click “Search.” Once the Win32/Virut file is found, delete it.

How to stop Win32/Virut processes:
1.Click the Start menu, select Run.
2.Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC (you may download and use Process Explorer or Hijackthis if Task Manager  has been blocked by virus)
3.Click Processes tab, and find Win32/Virut processes.
4.Once you’ve found the Win32/Virut processes, right-click them and select “End Process” to kill Win32/Virut

Remove Win32/Virut registry keys:

Backup your registry before you edit it. Then…

1.Click the Start menu, and click “Run.” An “Open” field will appear. Type “regedit” and click “OK ” to open up your Registry Editor. In Windows 7, just type “regedit” into the “Search programs and files” box in the Start menu (you may download and use Process Explorer or Hijackthis if Registry Editor has been blocked by virus)

2.Registry Editor opens as a two-paned window: the left side lets you select registry keys,the right side shows the values of any selected registry key.
3.To find a Win32/Virut registry key, select “Edit,” then select “Find,” and in the search bar type any of Win32/Virut ‘s registry keys.
4.When the Win32/Virut registry key appears, to delete the Win32/Virut registry key, right-click it, and select “Modify,” then select “Delete.

Delete Win32/Virut DLLs:

1. Open the Start menu, and click “Run.” Type “cmd” in Run, and click “OK.” (In Windows 7, just type “regedit” into the “Search programs and files” box in the Start menu.)
2. To change your current directory, type “cd” in the command box, press “Space,” and enter the full directory where the Win32/Virut DLL is located. If you’re not sure where the Win32/Virut DLL is located, enter “dir” in the command box to display a directory’s contents. To go one directory back, type “cd ..” in the command box and press “Enter.”
3. When you’ve found a Win32/Virut DLL, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press “Enter.”

If you want to restore any Win32/Virut DLL you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press “Enter.”

If Win32/Virut change your homepage, I recommended to set it up to blank URL
1.Select Start menu > Control Panel > Internet Options > General.
2.Type blank page URL for safety (e.g., “about:blank”).
3.Click “Use Default,” “Apply,” and “OK.

Removal Tip
Is your computer acting funny after deleting Win32/Virut files? Try Reimage, software that selectively reinstalls broken Windows files.
Also, to save time finding Win32/Virut files, download AVG Anti Virus / Internet Security, run the free scan, and manually remove Win32/Virut files it finds