malaysianaffiliateprogram's posterous http://malaysianaffiliateprogram.posterous.com Most recent posts at malaysianaffiliateprogram's posterous posterous.com Thu, 27 Aug 2009 09:25:00 -0700 W32.Sality VS Formatting http://malaysianaffiliateprogram.posterous.com/w32sality-vs-formatting http://malaysianaffiliateprogram.posterous.com/w32sality-vs-formatting Title : W32.Sality VS Formatting

Subtitle : You want step by step to kill W32.Sality from your windows system OR you prefer to backup all the data and configuration and format for new windows system.

If you really understand to kill this W32.Sality virus from your windows, then congratulations at least you really know how to solve about it.

My other PC with Windows XP SP3 have been infected by this kind virus, and i download the
W32.Sality removal from AVG, or follow with any expert procedure from post message all
is failure and cannot be working with that step by step.

My Windows XP fail to start in Safe Mode Normal, Safe Mode With Command Prompt, Safe Mode With Networking, is only able to loading to Normal Windows.

I have install Avast Home version, and I want try to uninstall but it be automatically restart my windows system.

I used the unique removal from AVG to remove it, when it start scan, it will appear the memory error message, and then start to processed scanning, at the end when you try to restart for next scanning at start-up windows, it will appear the other error message say "it fail start scanning for next at windows start-up.

I try to find out the good idea and manually removing and form other professional tips. But all
is fail to process, all come out with a lot error message. Then my final decision is BACKUP all my data and configuration of some application, and I used 1 hour to format for new Windows, Install and Configuration Driver, and 2 hour for all my related usage software application.

Which mean within 4 hour, all my windows become to normal and all previous application configuration on ready to work.

- easy backup your outlook express data and export your email address
- easy backup for Mozilla Firefox extension and add on

I alway keep two partition into one hard disk, my other partition will be store all my working data, and will frequently other backup to my external hard disk.

But if you understand the other good way to remove W32.Sality without format your Windows is good choice. Nobody want to restart for new system :( if can solve about it.


NOTE : you can type W32.Sality Removal, W32.Sality, Step Remove W32.Sality at google or yahoo search, come out with a lot professional guideline how to remove this W32.Sality. But for me, I still can't find out and kill the Main Virus follow all instruction. Some my Anti Virus program is fail to load, even can Scanning, all come out with a lot infected for my other application.

Best Regard
Ric Ristianny Chow
[Free Sharing & Distribution]

Sign up with Ask Sponsored Listings

Media_httpwwwtqlkgcom_oznqg

The Other Related Topics
W32.Sality Simple Format Not Work
W32.Sality VS Formatting

Permalink | Leave a comment  »

]]>
http://files.posterous.com/user_profile_pics/262449/ricbass.jpg http://posterous.com/users/36jxT8e4Q5fb Ric Ristianny Chow malaysianaffiliateprogram Ric Ristianny Chow
Thu, 13 Aug 2009 20:30:00 -0700 How remove IEDfix.C.exe and o4Patch.exe from your windows http://malaysianaffiliateprogram.posterous.com/how-remove-iedfixcexe-and-o4patchexe-from-you-0 http://malaysianaffiliateprogram.posterous.com/how-remove-iedfixcexe-and-o4patchexe-from-you-0 Title : How remove IEDfix.C.exe and o4Patch.exe from your windows
Malware / Virus Name : IEDfix.C.exe, o4Patch.exe.....
Tool To Remove :
1.) CA Antivirus 2007, 2008, 2009

2.) a-squared Free 4.5

3.) Malwarebytes Anti-Malware 1.40

Manual To Remove :
go to your Windows system directory at your windows installation drive. for example,
C:\Windows\Systems32\....(all you can find the related file at there, just DELETE it if can process, if NOT, then you can try use UNLOCKER). For howUnlocker working for your best, you can read other article at here.

IEDFix.C.exe also have other related file name, and other file together in your windows system32. For example all of the below may be found

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe

IEDFIX.EXE has been seen to perform the following behavior:

* The Process is packed and/or encrypted using a software packing process
* Creation and Registration of a Browser Helper Object in Internet Explorer
* Executes a Process

IEDFIX.EXE has been the subject of the following behavior:

* Created as a process on disk
* Executed as a Process
* Deleted as a process from disk
* Copied to multiple locations on the system

IEDFIX.EXE can also use the following file names:

* IEDFIX.C.EXE
* DE4.EXE
* 63732567.DAT
* IEDFIX.C.E
* SMITFRAUDFIX/IEDFIX.C.EXE
* SMITFRAUDFIX/IEDFIX.EXE
* 404FIX.EXE
* 13483285.EXE
* 40587559.DAT
* 41750096.EXE
* 34558681.SVD
* 96958197.DAT
* 00005356.EXE
* 00003498.EXE

The above step should able help you to remove all the file found at your windows system32, I have used unlocker and malwarebytes.


Copyright @ 20009, By Ric Ristianyn Chow
[Free sharing and distribution]

"Discover the Exact Step-by-Step Program
You Can Use To Start And Grow
Your Own Profitable Internet Business...

... You Don't Need Business Experience,
Products To Sell, Or Even A Website!"

Permalink | Leave a comment  »

]]>
http://files.posterous.com/user_profile_pics/262449/ricbass.jpg http://posterous.com/users/36jxT8e4Q5fb Ric Ristianny Chow malaysianaffiliateprogram Ric Ristianny Chow
Mon, 13 Jul 2009 10:50:00 -0700 Win32/Conficker.B (W32.Downadup) - security software or website is block to access and update. http://malaysianaffiliateprogram.posterous.com/win32confickerb-w32downadup-security-software http://malaysianaffiliateprogram.posterous.com/win32confickerb-w32downadup-security-software Case : I get this virus worm in my notebook at recently, and i success remove it.
Title Related : security software or website is block to access and update.
Virus name : Win32/Conficker.B (W32.Downadup)
Virus Work : Conficker worm collect personal informations including user details, bank passwords and send them to botnets and attack websites associated with the code
Affected Environment : Various security-related Web sites cannot be accessed.
- Domain Controllers are being hammered
- The Network is congestion
- Sluggish client behavior
- Account lockout policies are being tripped.
- If account lockout policy is not in use, we may see the LSASS.EXE process high CPU on the domain controller (DC)
- On the infected clients, following services are disabled:
Windows Update Service
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
Any virus, spyware, malware, trojan software unable to update
- Users may not be able to access Microsoft website or some other antivirus software vendor’s websites from the infected clients.
- Previous saved system restore points may have been removed
- Windows schedule task will auto create / generate

How Confikcker virus spread
- Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)
- The use of network shares
- The use of AutoPlay functionality such as external drive plug n play
Pay Attention if before it spread wide :
- Keep the antivirus software up to date and then scan the systems
- Change user passwords on infected machines, also apply strong password policy in the domain
- Pay attention to USB drives and mapped network drives, perform full antivirus scan on those drive.
- On the firewall or proxy server, block any URL requests contain a string “search?q=%d”
- Set the Automatic Updates service and Background Intelligent Transfer Service service to Automatic in domain group policy
- Users may not be able to connect to websites or online

Services that contain the following strings:
virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
...and more is blocking as long as it related to any website regarding the security and protected.

More details from microsoft about w32/conficker.B worm ;
http://support.microsoft.com/kb/962007

How remove the W32.Conficker.B

1.) Conficker Removal Tool 1.0.0.16
http://download.cnet.com/Conficker-Removal-Tool/3000-2239_4-10911447.html

*** i personally have used this tools when i cannot download Windows malicious removal tool since microsoft.com is block access by this worm, after all step finish, my anti virus software is able to update, and access all security and windows website. You can keep continue scan with other removal tools for this worm if you want.

2.) Microsoft windows Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.aspx

3.) Norton W32.Downadup (Conficker) Removal Tool
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

4.) CA Win32/Conficker.B
http://www.ca.com/securityadvisor/virusinfo/virus.aspx?id=76852

5.) Sophos Conficker Removal
http://www.sophos.com/products/free-tools/conficker-removal-tool.html

6.) F-Secure Conficker Removal
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

5.) you should ask the friends you trust to send you this regarding removal tools for this worm if your computer is unable access that website to download. you can click here for download from ziddu (if this website also block to download, then please email me

removetroubleshooting@gmail.com to get new link download

Other useful tool you must download it to scan after above tool scan and clean.

1.) Killbox (KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.
http://killbox.net

The virus, spyware, malware like to hide in this folder DRIVE:\RECYCLER. This tools got alot function to used, try it one by one. Please delete the files or folder only which you are understand you dont want about it. Some files and folder you must go WINDOWS SAFE MODE delete.

2.) SDfix (is free tool, install then you must go to windows safe mode open and scan it, follow the screen to process it. It very easy and simple), is a tool created by AndyManchesta that removes thousands of different types of worms andTrojans
http://www.bleepingcomputer.com/files/sdfix.php

3.) SmitRem (is free tool, it clean related malware, trojan etc, and at the same time will clean unused files in your windows specified folder such as Temp, Temporary Internet Files etc. Scan it at WINDOWS SAFE MODE. Is a tool that noahdfear created to remove the Trojan-Spy.HTML.Smitfraud.c malware infection and it's variants, AntivirusGold, PSGuard, Spyware Remover, SpySheriff, Spy Trooper, SpyAxe, Security Toolbar, WinHound and SpywareStrike
http://www.bleepingcomputer.com/files/sdfix.php

4.) Ccleaner (is free tool, help you to clean unused files, repair and remove registry which is unused or inactive, add/remove programs act like windows add/remove program, delete/enable/disable startup programs
http://www.filehippo.com/download_ccleaner

5.) Spybot - Search & Destroy
Detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Download and update lastest definition file and scan it at WINDOWS
SAFE MODE.
http://www.safer-networking.org/en/download/index.html

Tips : you can manually download it latest definition files and install it.

6.) Malwarebytes'
Is enough to remove a lot malware, spyware, trojan etc. update definition files before go to WINDOWS SAFE MODE to star scanning.
http://www.malwarebytes.org

*** you will see your windows perfomance is more better after all this tools you download and scanning.

7.) windows OneCare
Get tools (often free) to help protect, optimize, and keep your PC safe from threats. Is free 90 days trial used, you can try it, it sometime also good to used at some part.
http://onecare.live.com/site/en-us/center/download.htm

** Then at finally, please update your windows latest update pack, security update, and other windows components latest pack. Update your anti virus software etc one week per time. It will not 100% but they will protected your windows at least 90% before anyting happen.

Some Virus, spyware, malware, trojan etc is need used special unique removal tools to remove them. this is 90% + 10% = 100%.

Your windows will be anytime effected by virus, spyware,
trojan, malware when your computer plug and play external drive such as hard disk, pendrive etc, from your CD, DVD, Diskette, Network. and more from Internet website, webpages,
photo, flash, games, fake software, email attachment, update pack and more than this. So keep your anti virus software up to date is one of the basic way to help you avoid from them
at least 90%


Email me any trouble shooting and i try best way to help.
removetroubleshooting@gmail.com

Permalink | Leave a comment  »

]]>
http://files.posterous.com/user_profile_pics/262449/ricbass.jpg http://posterous.com/users/36jxT8e4Q5fb Ric Ristianny Chow malaysianaffiliateprogram Ric Ristianny Chow