Thursday, December 30, 2010

Fraud theft has many faces – none of which are pretty – but perhaps the most insidious is that of Rouge Anti-Virus Software scams.

One of the newest virus threats online comes to your computer as a true “wolf wrapped in sheep’s clothing.” System Tool 2011, and other such malware, is being e-mailed to computers all over the world, causing damage and bilking its victims out of hundreds of dollars.

The Scam

Unless you work, live, and breathe for computers, you probably aren’t familiar with online theft information regarding the term “rogue” anti-virus software until you become a victim. This is not optimal way to learn about the deleterious effects it can have on your computer and bank accounts.

Rogue anti-virus software is spread over the Internet the same way other viruses are: in e-mail attachments, as a part of a shareware software bundle all with the help of a Trojan. (Trojans are software packets that sneak inside your hard drive hiding within another download, much the same way the actual warriors hid inside the horse.) One of the most successful, and most damaging, of these rogue anit-virus programs is System Tool (also known as systemtool and System Tool 2011).

Rogue anti-viruses have no affinity for malware, Trojan, or other harmful programs’ removal because they are in and of themselves malware. Their real and only purpose is theft fraud by capturing your credit card information under false pretenses. This qualifies rogue virus software as identity fraud theft scams at their finest.

How it Works

Once inside your computer, System Tool, or any other rouge anti-virus program, springs into action without your knowledge or consent. It self-installs and plants its malignant files deep within your registry. It sets itself to begin on your computer’s start up.

The next time you turn on your computer you will be greeted with a legitimate-looking scan results screen listing the many programs System Tool has detected within your computer. The list is fake – a scare tactic to motivate you to click the removal button option.

Once you click the remove button, a message will prompt to you to activate your account or subscription. To do this you need to pay for a one, two, or lifetime subscription option. To keep you motivated, new messages are popping up all the while proclaiming new infestations, infected files, and other damages needing repair.

Don’t fall for it. The messages are fake. The infections are fake. The computer scan results are also fake. They are all part of System Tool’s design to entice you to impart of your credit card information willingly. This program is a virus itself, so it will not do anything but mess up your computer and then take your money and run.

Recovery

First off, if you have paid for System Tool (now that you are wiser), call your credit card company and dispute the charges.

The next step is getting it off of your computer. This can be tricky because part of the programming is aimed at keeping itself alive inside your hard drive by blocking attempts to remove it. Legitimate virus removal software does not always recognize and remove it because the malware looks like real anti-virus software.

To be certain you are rid of System Tool, you will most likely need the help of an experienced computer wiz, a visit from the Geek Squad, or someone similarly qualified.

The process of starting the computer in safe mode and sifting through real system files from fake ones will be simple for them but difficult and dangerous for a novice.

Tuesday, December 28, 2010

In order to uninstall Disk Doctor you’ll need Malwarebytes’ Anti-Malware tool

1. First and foremost you should print out the following instructions as you may be asked to close all open windows later on in the cleaning process.

2. You might encounter downloading issues if your computer is infected with Disk Doctor, so it’s possible you won’t be able to download anything on your own computer. If this is the case, you’ll need to download the specific files for the removal procedure on another computer and then transfer them using a CD/DVD, a flash drive or an external drive.

3. In order to proceed with the cleaning, you must first close any active processes that belong to Disk Doctor so they won’t interfere. You can do that by downloading RKill from this link. Remember to use the iExplore.exe download link, and save the program on your desktop.

4. Next, open the iExplore.exe file, and the program will begin to automatically close all processes associated with Disk Doctor and other Rogue programs as well. It’s important that you let RKill finish running, even if at some point it will display a message that RKill itself is an infection. Again, this is another fake message from Disk Doctor that might even stop the process and close RKill. In case this happens, the first method of tricking Disk Doctor is by not closing the warning window, instead leaving it on the screen and running RKill once more. If RKill still hasn’t managed to run all the way to the finish point, try running it a couple more times, until the malware is no longer running on your computer. If after all this, you still encounter problems in running RKill all the way, try downloading a renamed version of RKill here, which is in fact simply a renamed copy of RKill. After RKill will eventually finish its job, do not reboot you computer as the malware programs will pop out again.

5. After you get rid of all Disk Doctor associated processes, download Malwarebytes’ Anti-Malware (MBAM) from the link provided above and, once again, save it on your Desktop.

6. After the download has finished, close all programs and windows on your computer (including this one).

7. Open the file mbam-setup.exe from your desktop to start installing MBAM on your computer.

8. In order to complete the installations you just need to follow the prompts and you must remember not to make any settings changes along the way. When the installation process finishes, keep in mind to leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. After you hit the Finish button be very careful not to reboot your computer even if Malwarebytes’ asks you to.

9. After you finish the installation, MBAM will automatically start with a message that advises you to update the program before performing any scan. Once you hit the OK button a new window with the main program will appear as shown below:

10. On the Scanner tab choose Perform full scan and click the Scan button.

11. The scanning process can take quite a while, so be patient while you’re staring at a window like the one below:

12. When MBAM has finished scanning your computer, hit the OK button from the message window that will appear.

13. You’ll now be sent back to the main Scanner screen where you should select Show Results.

14. A window with all the malware that MBAM discovered will be seen, like the one provided below. You must now press the Remove Selected button and MBAM will start deleting all files and registry keys and will add them to the programs quarantine. MBAM might require you to reboot the computer at some point in order to remove some files and you must allow the program to do that.

15. When MBAM has finished removing the malware, a Notepad scan log will be displayed. After you close the Notepad Window, you can exit the MBAM program.

16. Disk Doctor should now be completely removed from your computer, but we strongly recommend that you also scan the computer for vulnerable programs (you can use Secunia PSI to that end), as many rogues and malware are installed through out-dated and vulnerable programs. Hope this guide turns out helpful. Please let us know if you successfully removed Disk Doctor.

Friday, December 10, 2010

HDD Diagnostic is a rogue (malware, virus) parading as a system optimizer software that, once installed, tries to convince users there is something wrong with their system by displaying various fake error messages.
HDD Diagnostic is installed via Trojans or the TDSS Rootkit. Don’t worry, this removal guide will also show you how to get rid of the TDSS Rootkit.
Once installed, HDD Diagnostic will start every time you log into Windows and it will display error messages when the user tries to launch any program or delete files. It will then ask you to analyze your system with the program and, if you do that, it will display numerous warnings and errors that can only be fixed if…surprise, surprise…you buy the full version of HDD Diagnostic. Of course this is a scam so don’t be tricked into giving your credit card info.
HDD Diagnostic Removal Guide
If HDD Diagnostic prevents you from downloading files, you need to get them on an uninfected system and transfer them via USB, CD/DVD etc.
1. Launch iExplore.exe in order to stop all the processes associated with HDD Diagnostic. It might take a while but you’ll know that iExplore has finished when the black window disappears.
Note: You might receive some messages saying that iExplore.exe is a virus. Don’t worry, this is just HDD Diagnostic’s way of defending itself. If such a message appears leave it on the screen and run iExplore.exe again. If you’re still having problems download RKill.com and/or eXplorer.exe from the provided link and try again ( they are just renamed copies of iExplore.exe )
2. Execute the downloaded MBAM ( Malwarebytes’ Anti-Malware ) setup file and complete the installation following the on-screen instructions ( just make sure that both “Update Malwarebytes’ Anti-Malware” and “Launch Malwarebytes’ Anti-Malware” boxes are checked ).
Attention ! Don’t reboot your system even if MBAM prompts you to as you’ll have to start over.
3. Once the installation finishes MBAM will automatically start. Select Scanner, then Perform full scan and click Scan. The scanning process might take a while.
4. When the scan finishes click on Show Results, make sure every box is selected and then hit the Remove Selected button. Good Job!
You can now restart your system as HDD Diagnostic should be removed by now.