Resources

ParetoLogic Antivirus was going to delete some Microsoft files along with the cookies. Why? Doesn’t Microsoft need to verify that I have all their files?

You’re right; Microsoft doesn’t want you removing important operating system files. This is one reason why the operating system hides many of its system files. Unfortunately, malware makers are smart. They know that if they name their virus after a legitimate Microsoft file, computer users are less likely to delete the file. After all, if a user thinks a file is a necessary Windows file, he’s not going to delete it.

Viruses as Imposters

It is not uncommon for malware makers to give their viruses the same names, or clever variations, of legitimate operating system files. For example, the “lsass.exe” (spelled with an “L”) file is a legitimate Microsoft operating system file but a file named “isass.exe” (spelled with an “I”) is malware. This is one of my favorite examples because depending on the font and case used, the “L” and “I” can be easily confused. For example, don’t the following two words look remarkably similar?

• lsass.exe
• Isass.exe

Another example is “systray.exe” versus “systemtray.exe.” If you’re thinking that Microsoft uses one of these files to control the “System Tray” area of the taskbar, you’re right; one of these files does do that. The other is a nasty imposter. Casual users aren’t necessarily equipped to know which one is which. That’s why we rely on antivirus products. In this example, the legitimate Microsoft file is systray.exe and the systemtray.exe file is part of the Bigfoot Trojan.

The svchost.exe file is another popular Windows file that virus makers like to name their viruses after. Below are a few filenames based on the svchost.exe name that have been used by known malware programs:

• svchosts.exe
• sychost.exe
• syshost.exe

While these are examples of malware that use a similar looking filename, many other viruses use the exact same name as a real Microsoft files or folders. For example, your Windows computer contains a legitimate operating system folder called System32, but you’d better be careful if you find an actual system32.exe file - it’s most likely malicious!

How Antivirus Programs Know Real Microsoft Files from Fake Files

It’s tough for computer users to know the difference, but not so tough for antivirus programs. After all, these programs use complex algorithms and huge databases to sniff out the malicious programs. These programs know where the legitimate files are supposed to be stored on the computer and recognize imposters hanging out in the wrong directories.

Therefore, if your computer’s antivirus program is telling you that it has found malicious files and these files appear to be Microsoft files, it’s highly probable that they are in fact malware. If you’re unsure, do a quick check on the Internet using a phrase such as, “Is the ___.exe file a virus?”    

Can I get a free anti-virus program that will scan and get rid of viruses from my computer and if so, what is the site?

Yes, you can get free antivirus programs that will scan and remove viruses from your computer. However, before you do so, I want you to be aware of some of the pitfalls of freebies so that you can make the best choice possible for your limited budget.

Fake Antivirus Programs

The first warning is to be extremely careful! We get questions from our readers all the time asking how to remove a so-called free antivirus program. In most cases, it turns out that the downloaded program is actually a fake! These rogue antivirus programs often generate ads or alarming security alerts, prompting the user to pay for the full version of the product.

Search for free antivirus programs through trusted sites such as the developer or one of its partners. Do NOT click on advertisements for “free antivirus” programs as you never know who’s behind the ad or where the ad will direct you. In other words, do your research and go directly to the source.

The Pros and Cons of Free Antivirus Programs

Many good antivirus programs are available for free. However, keep in mind that free usually comes with a price as far as performance goes. You may not pay in money, but you may have to deal with manual updates, less frequent updates, or limited support. You may have to view advertisements in exchange for “free.” On the other hand, these tradeoffs may be just right for your needs.

We have done quite a bit of research into the more popular antivirus products on the market in 2009. Look through our reviews and you will find several reputable antivirus developers that offer free versions for personal use. Avira Antivir and Avast are both good choices that come to mind.

No matter which free antivirus product you choose, realize that your computer is not necessarily protected against all threats. Look for protection from spyware too.

Earlier free AVG found numerous viruses and Trojans. Is it possible there are fragments left on laptop? The online scan at ESET showed about then variants of the Trojan “Viruits.” My home page has been replaced with a URL for Guarddog 2009 which is listed under AVG’s vault as dl.guarddog.generic13.ASQV.bm8 tem. In addition, my USB keyboard no longer works properly and my cursor acts up. Would you advise me to install a fresh copy of Windows or do full restore to factory setting to solve these problems? Is it safe to delete User Data found under Documents & Settings in C:/? Is it too late to use the Windows recovery disc?

Looks like you still have quite a few problems on your laptop, including remaining malware. Perhaps I should caution you to back up any data that you want to keep on the computer. Since it appears as if not all of the virus and malware infections have been removed from your computer, you will need to make sure that all of these malware entities have been removed before you reinstall, repair, or reformat the computer. If you don’t get rid of these infections first, then they will remain on the laptop, continuing to mess it up. After you get rid of all of the bad stuff, then you can take care of your Windows operating system. However, drastic measures such as reinstalling the operating system may not be needed once you remove these infections.

Scanning for Malware

One of the biggest problems with malware is that some of it slips by one anti-virus/anti-spyware application. This is why running two separate applications to remove the infections is a good idea. 

1. First, print these directions so you will have them to refer to. Then, close out all applications before running your anti-spyware/anti-virus applications. Hit the CTRL + ALT + DEL keys together to bring up the Windows Task Manager. It will show you if anything is still running on your computer. Simply select “Applications” in the upper left and close any programs that remain running.
2. Run AVG again and see what it comes up with on the laptop. It is important to note that this application doesn’t always catch things like tracking cookies which are also know to disrupt mice, keyboards, web browsing, etc.
3. Run a second application such as Anti-Virus PLUS, Ad-Aware, or PCTools to remove any remaining remnants of Trojans, spyware, or viruses. Anti-Virus PLUS offers a free scan and you can use this to see what type of infections remain on the computer. In particular, I’ve come across a lot of people who suggest that Malwarebytes does a good job of removing the KRYPTIK Trojan which you had listed in your original question. This should also remove guarddog2009.
4. Reboot and run your anti-spyware/anti-virus applications again to ensure that all malware has been removed.

Repairing Windows

Before making the decision that you need to completely repair of restore the computer’s operating system, why not try cleaning the registry and checking the hard disk to repair important files? You can use a registry cleaner such as RegCure and the chkdsk utility that comes with Windows.

To use chkdsk, click Start→ click Run→ Type cmd→ press Enter. Type in chkdsk volume:/r in order to locate bad sectors, repair errors, and recover readable information.

Of course, you can always use the installation disks to complete a recovery. If you follow these directions, your documents and files will be saved, but you will have to reinstall any programs and modify your personal settings:

1. Insert the installation disk into the CD drive while the laptop is on.
2. Turn the laptop off.
3. Wait a minute and turn the power on. The laptop should be able to boot up. If it doesn’t, press a keyboard key to get it to work/ follow prompts that appear/ try pressing “ESC” and “F1.”
4. Don’t press the “R” option for the “Recovery Console.” Press the “R” to “Repair” your system when the prompt appears.
5. Follow remaining prompts as they appear until finished.

Deleting User Data

User Data is created by Windows. It defines your User Profile and should not be tampered with unless you can identify it as data unnecessary for maintaining the profile.

Where can I get an automatic virus killer?

Many antivirus products are virtually automatic virus killers though some are better than others and some require more user interaction than others. You’re smart to want one that automatically detects and kills viruses. So, let’s look at antivirus programs that offer real-time protection.

Why is Real-Time Protection Important?

In the past, antivirus programs installed on your computer and launched at startup. When you turned on your computer, the program would scan your system for viruses. Daily scanning used to be good enough. However, what if you don’t turn off your computer for days at a time? What if a virus arrives in between scans?

Real-time virus protection protects against viruses the second that they are encountered. The moment a virus arrives, the real-time protection detects it and blocks it. The virus never has a chance to wreak havoc on your computer.

Automatic Updates

However, a real-time antivirus program is only as good as its last update. After all, if it doesn’t know about a new virus, it can’t defend your computer against it. No matter which virus killer program you choose, make sure that not only does it defend against viruses in real time, it also updates itself automatically. In addition, set the auto update feature up for frequent updates, such as several times per day. This is because new viruses are discovered and frequently.

Automatic Scans

Even with real-time protection and automatic updates, regular scans are still required. This is because new viruses may slip in before your antivirus software developer has created a fix. Given time, a defense will soon arrive but your computer won’t know it’s been infected until you have the update and then scan the system. Look for a virus killer with a scheduling feature so that you can rest easy knowing that your software will regularly scan for viruses.

Where to Get Virus Killers

Earlier, we reviewed the top twenty or so antivirus applications for 2009. You’ll find many excellent programs in this list, including a few free ones. We recommend ParetoLogic’s Antivirus Plus software because it meets all of these crucial requirements plus it protects against other threats like spyware, adware, and Trojans.

I think my computer has a virus, but I don’t know which one. I got an error once logged in saying Windows will not open Internet Explorer for security reason. When I scroll over the toolbar all I get is the loading symbol. No applications open. I want to restore it so I tried reconfiguring the BIOS to boot from a CD but it wouldn’t work. Please help!

Removing Computer Virus

Since you think that you might have a computer virus that is affecting your ability to use Internet Explorer, we are going to start there. Close out all open applications or programs for the best results. If you have an antivirus application, make sure that it is the latest version by checking for updates before you run it. If you don’t have an antivirus application, then I can recommend Anti-VirusPLUS. This program offers you a free scan, so that you can see exactly what type of computer viruses have infected your computer.

It is important to understand that you definitely need an antivirus application to remove a computer virus from your computer. Completing a restore or repairing your Windows installation isn’t going to remove the virus for you. In particular, an IE virus would lead to problems using your Internet and it could even cause Internet Explorer to shut down.

Troubleshooting after a Virus Infection: Internet Explorer

Sometimes after a computer has been infected with a virus, it might not function properly and it becomes necessary to complete a few simple tasks. If your Internet Explorer is still not functioning properly you can try to repair it using these directions:

1. Open Internet Explorer.
2. Select the option for “Tools.”
3. Select “Internet Options.”
4. Select the option for “Advanced.”
5. Select “Reset.” Hopefully, this fixes the problem for you.

Troubleshooting Failed Internet Explorer

If Internet Explorer shuts down or won’t even open after trying the above strategies, perhaps you need to reinstall your version of Internet Explorer. Make sure that you have the latest version and update it if you do not.

Alternatively, if you are referring to a problem that exists because of your security setting, then you can adjust the setting to a less restrictive one. To do so, follow these steps:

1. Click “Start.”
2. Click to open “Internet Explorer.”
3. Click “Tools.”
4. Click “Internet Options.”
5. Click “Security.”
6. Click “Internet.” You should see a slider in the window. All you need to do is to move this slider to a lower setting

Troubleshooting after a Virus Infection: Clean up with a Registry Cleaner

If you think that your computer is experiencing some other type of problem even though you have gotten rid of the virus, try the following strategies:

1. Run your antivirus application again to be sure that the computer is clean.
2. Clean the registry using a good registry cleaner such as “RegCure.”

My PC started working slower, took time to start up and open a new window or new tab. I suspected a virus. I ran Spybot and found my PC was infected with win32.agent.nmy trojan horse. I cleared it using Spybot, used CCleaner to clear my registry and defragment. I ran Spybot again and it was all clear, no more trojan horse. But it still takes time to start up and open a new tab, what should I do now?

Check Windows Add/Remove for Bad Programs

OK - I think that we should go through your computer and make sure that all the malware is gone, even though Spybot says it is. It’s worth checking thoroughly because some infectious code is cleverly programmed to evade your virus scans and hang out in your computer. First of all, you can use Windows Add/Remove Programs to look through all the programs that are installed on your system and make sure that there is nothing dangerous or suspicious. To open Add/Remove Programs just click Start, then choose Control Panel, and then Add/Remove Programs. Here is a link to a list of dangerous programs to look for, if any of them appear delete them. You should also delete your download of CCleaner, we’ll get the latest version later.

Remove Java and JSE - Java Sun Environment - Programs

While you are in Windows Add/Remove, delete any and all installations of Java or JSE. Old versions have weaknesses and should be removed. Then you can go to the Java website and reinstall the newest version when you are finished troubleshooting your PC.

Start XP and Vista in Normal Startup

You should also set your computer to start up in normal mode while you are cleaning your system. This is important and not doing so can lead to more complications. If you are running Windows 98, ME or XP:

1. Click Start, then Run, and then type msconfig and click OK
2. Choose the General tab, then choose Normal Startup
3. Click Apply, then OK then turn your computer off and on again

If you run Vista:

1. Click Start, then type RUN in the search box and then click Enter
2. In the Run box, type msconfig and click Enter
3. Choose General, then choose Normal Startup
4. Click Apply, then OK, then reboot your computer

Empty Trash and Quarantined Files

Now empty all your trash and quarantined files. This will reduce the amount of data on your system, simplifying the scans and making the process faster and less complicated. Empty your Windows Trash - right-click the icon and choose to delete the contents. Also, if you use a Norton virus scan, empty the quarantined files and the protected recycle bins.

At this point you can download and install CCleaner, but run it with only the default options enabled to get rid of your temporary files. If you have more than one user account on Windows, you need to run the cleaner on all of them.

Make All Extensions Visible

Before you continue, you should make all file extensions visible, so that your scans have the best chance of finding everything. If you run Vista:

1. Right click Start, then choose Explore, then Organize
2. Choose Folder and Search Options, then the View tab, then Show Hidden Files and Folders
3. Click to remove the check from Hide Extensions for Known File Types AND Hide Protected Operating System Files
4. Click Yes, then Apply, then OK

If you run XP:

1. Click Start, then Explore, then Tools, then Folder Options
2. Choose the View tab, then Show Hidden Files and Folders
3. Click to remove the check from Hide Extensions for Known File Types AND Hide Protected Operating System Files
4. Click Yes, then Apply, then OK

Follow Detailed Operating System Cleaning Instructions

Now use Windows Defender, which should already be on your system, or a reputable antivirus/antispyware program to scan your system one more time. Run a complete system scan. Sometimes, using a second anti-malware program catches malware that the first application did not catch.