Resources

Earlier free AVG found numerous viruses and Trojans. Is it possible there are fragments left on laptop? The online scan at ESET showed about then variants of the Trojan “Viruits.” My home page has been replaced with a URL for Guarddog 2009 which is listed under AVG’s vault as dl.guarddog.generic13.ASQV.bm8 tem. In addition, my USB keyboard no longer works properly and my cursor acts up. Would you advise me to install a fresh copy of Windows or do full restore to factory setting to solve these problems? Is it safe to delete User Data found under Documents & Settings in C:/? Is it too late to use the Windows recovery disc?

Looks like you still have quite a few problems on your laptop, including remaining malware. Perhaps I should caution you to back up any data that you want to keep on the computer. Since it appears as if not all of the virus and malware infections have been removed from your computer, you will need to make sure that all of these malware entities have been removed before you reinstall, repair, or reformat the computer. If you don’t get rid of these infections first, then they will remain on the laptop, continuing to mess it up. After you get rid of all of the bad stuff, then you can take care of your Windows operating system. However, drastic measures such as reinstalling the operating system may not be needed once you remove these infections.

Scanning for Malware

One of the biggest problems with malware is that some of it slips by one anti-virus/anti-spyware application. This is why running two separate applications to remove the infections is a good idea. 

1. First, print these directions so you will have them to refer to. Then, close out all applications before running your anti-spyware/anti-virus applications. Hit the CTRL + ALT + DEL keys together to bring up the Windows Task Manager. It will show you if anything is still running on your computer. Simply select “Applications” in the upper left and close any programs that remain running.
2. Run AVG again and see what it comes up with on the laptop. It is important to note that this application doesn’t always catch things like tracking cookies which are also know to disrupt mice, keyboards, web browsing, etc.
3. Run a second application such as Anti-Virus PLUS, Ad-Aware, or PCTools to remove any remaining remnants of Trojans, spyware, or viruses. Anti-Virus PLUS offers a free scan and you can use this to see what type of infections remain on the computer. In particular, I’ve come across a lot of people who suggest that Malwarebytes does a good job of removing the KRYPTIK Trojan which you had listed in your original question. This should also remove guarddog2009.
4. Reboot and run your anti-spyware/anti-virus applications again to ensure that all malware has been removed.

Repairing Windows

Before making the decision that you need to completely repair of restore the computer’s operating system, why not try cleaning the registry and checking the hard disk to repair important files? You can use a registry cleaner such as RegCure and the chkdsk utility that comes with Windows.

To use chkdsk, click Start→ click Run→ Type cmd→ press Enter. Type in chkdsk volume:/r in order to locate bad sectors, repair errors, and recover readable information.

Of course, you can always use the installation disks to complete a recovery. If you follow these directions, your documents and files will be saved, but you will have to reinstall any programs and modify your personal settings:

1. Insert the installation disk into the CD drive while the laptop is on.
2. Turn the laptop off.
3. Wait a minute and turn the power on. The laptop should be able to boot up. If it doesn’t, press a keyboard key to get it to work/ follow prompts that appear/ try pressing “ESC” and “F1.”
4. Don’t press the “R” option for the “Recovery Console.” Press the “R” to “Repair” your system when the prompt appears.
5. Follow remaining prompts as they appear until finished.

Deleting User Data

User Data is created by Windows. It defines your User Profile and should not be tampered with unless you can identify it as data unnecessary for maintaining the profile.

My PC started working slower, took time to start up and open a new window or new tab. I suspected a virus. I ran Spybot and found my PC was infected with win32.agent.nmy trojan horse. I cleared it using Spybot, used CCleaner to clear my registry and defragment. I ran Spybot again and it was all clear, no more trojan horse. But it still takes time to start up and open a new tab, what should I do now?

Check Windows Add/Remove for Bad Programs

OK - I think that we should go through your computer and make sure that all the malware is gone, even though Spybot says it is. It’s worth checking thoroughly because some infectious code is cleverly programmed to evade your virus scans and hang out in your computer. First of all, you can use Windows Add/Remove Programs to look through all the programs that are installed on your system and make sure that there is nothing dangerous or suspicious. To open Add/Remove Programs just click Start, then choose Control Panel, and then Add/Remove Programs. Here is a link to a list of dangerous programs to look for, if any of them appear delete them. You should also delete your download of CCleaner, we’ll get the latest version later.

Remove Java and JSE - Java Sun Environment - Programs

While you are in Windows Add/Remove, delete any and all installations of Java or JSE. Old versions have weaknesses and should be removed. Then you can go to the Java website and reinstall the newest version when you are finished troubleshooting your PC.

Start XP and Vista in Normal Startup

You should also set your computer to start up in normal mode while you are cleaning your system. This is important and not doing so can lead to more complications. If you are running Windows 98, ME or XP:

1. Click Start, then Run, and then type msconfig and click OK
2. Choose the General tab, then choose Normal Startup
3. Click Apply, then OK then turn your computer off and on again

If you run Vista:

1. Click Start, then type RUN in the search box and then click Enter
2. In the Run box, type msconfig and click Enter
3. Choose General, then choose Normal Startup
4. Click Apply, then OK, then reboot your computer

Empty Trash and Quarantined Files

Now empty all your trash and quarantined files. This will reduce the amount of data on your system, simplifying the scans and making the process faster and less complicated. Empty your Windows Trash - right-click the icon and choose to delete the contents. Also, if you use a Norton virus scan, empty the quarantined files and the protected recycle bins.

At this point you can download and install CCleaner, but run it with only the default options enabled to get rid of your temporary files. If you have more than one user account on Windows, you need to run the cleaner on all of them.

Make All Extensions Visible

Before you continue, you should make all file extensions visible, so that your scans have the best chance of finding everything. If you run Vista:

1. Right click Start, then choose Explore, then Organize
2. Choose Folder and Search Options, then the View tab, then Show Hidden Files and Folders
3. Click to remove the check from Hide Extensions for Known File Types AND Hide Protected Operating System Files
4. Click Yes, then Apply, then OK

If you run XP:

1. Click Start, then Explore, then Tools, then Folder Options
2. Choose the View tab, then Show Hidden Files and Folders
3. Click to remove the check from Hide Extensions for Known File Types AND Hide Protected Operating System Files
4. Click Yes, then Apply, then OK

Follow Detailed Operating System Cleaning Instructions

Now use Windows Defender, which should already be on your system, or a reputable antivirus/antispyware program to scan your system one more time. Run a complete system scan. Sometimes, using a second anti-malware program catches malware that the first application did not catch.

Antivirus 2008 is hijacking my Mozilla browser and Malwarebytes doesn’t remove it. What should I do?

Antivirus 2008 is a rogue program from the people who brought you XP Antivirus and XP Cleaner. It uses a stealth installation from a Trojan or other malware and is difficult, although not impossible, to manually remove. Among other problems, it will often give you false pop ups alerting you of problems with your system. If you’ve tried Malwarebytes and that hasn’t done it, try Paretologic’s Antivirus Plus - there is a free download that will scan your system before you commit to a purchase. ParetoLogic’s database shows two versions of this virus, so it’s safe to say that this software is equipped to remove Antivirus 2008.

Manually Remove Antivirus 2008

If you want to try to manually remove the virus, you will have to alter the registry. If you are not comfortable with your computer, you might want to leave this to someone who is, and always make sure that everything important is backed up before you start.

First, you will have to kill these processes:

• AntiVirus2008.exe
• AntvrsInstall.exe
• AntvrsInstall[1].exe
• Antvrs.exe.

To do this, open Windows Task Manager (usually by pressing CTRL+ALT+DEL). Click on the Processes tab and you will see a list. Find the above processes and choose End Process to kill them.

Next, you need to get into the registry by going to Start and then Run. In the open box, type in: regedit. Then click OK. Navigate to the following registry values and delete them:

• HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
• HKEY_USERS\Software\antivirus 2008
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
• HKEY_CURRENT_USER\Software\Antivirus
  Software\Microsoft\Windows\CurrentVersion\RunOnce\3P_UDEC
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”
• Microsoft\Code Store Database\Distribution Units\3BA4271E-5C1E-48E2-B432-D8BF420DD31D

You need to unregister the dll files that are associated with the virus. They are shlwapi.dll and wininet.dll. Go to Start and Run and then type in: cmd. Click OK. Now navigate to the folder that contains the dlls. When you find the exact directory, type in: regsvr32 /ushlwapi.dll and click Enter. You should see the message that the process was successful. Do the same thing again, only this time, type in: regsvr32  /uwininet.dll.

You can find and delete the files by going to Start> then Search> Files and Folders and typing in the name of the file you are looking to delete. Delete the following files:

• AntiVirus 2008.lic
• AntiVirus 2008.lnk
• Antivirus.lnk
• AntiVirus2008.exe
• Antvrs.exe
• AntvrsInstall.exe
• AntvrsInstall[1].exe
• shlwapi.dll
• wininet.dll

Delete the directory:

• ProgramFiles\ANTIVIRUS 2008

As you can see, manually deleting everything you need to in order to get rid of the program is a bit arduous - you might want to try another program like Antivirus Plus before you give up completely.

WinPC Antivirus keeps popping up on the screen. I’m having trouble removing it.

What is WinPC?

WinPC Antivirus and WinPC Defender sure sound like legitimate computer security products, don’t they? Both programs are related with WinPC Antivirus typically arriving via fake security alerts that prompt you to download and install WinPC and WinPC Defender arriving as a hitchhiker with another download. Unfortunately, both versions of WinPC are fakes. That’s right, even though WinPC sounds legitimate and its screens look like a real antivirus program, it is an imposter. In fact, if your computer is infected with WinPC, you’ll see numerous security alerts prompting you to purchase the product in order to “resolve” the problems. You’re correct in trying to remove this malware.

Removing WinPC

First, do you have any legitimate computer security software installed on your computer? If so, technically, your computer security software should have blocked this infection. However, not all PC security products have real-time blocking which means that some infections can sneak in and won’t be resolved until the next update and scan. Assuming that you do have a good computer security product installed, go ahead and update the software and then run a complete system scan.

WinPC is classified as “scareware,” not a computer virus. Because of this, standard virus scanners may not detect it. If your computer security software doesn’t address all types of malware, then you’ll need additional tools. MalwareBytes and Windows Defender are two reputable free choices whereas if you want a complete Internet Security package, consider ParetoLogic’s Antivirus Plus.

Any of these products should safely remove WinPC from your system. No matter which product you choose, close out all running programs, update the scanner with the latest defenses, and then run a complete system scan. Complete scans are time consuming, so plan on not using your computer for several hours as the scanner searches for and destroys vicious and malicious software from your system.

How do I remove the Yoog virus on my computer? I have both Firefox and IE on my computer.

Since this is a relatively new virus, there are conflicting views on how to get rid of Yoog. There’s even a lot of controversy currently over whether you can even get rid of it. I’ll offer you a few ideas from what I have discovered and you can use these remedies at your own risk. I strongly suggest that you make sure to complete a backup of your data and Windows registry in case something goes wrong.

What is the Yoog Virus?

The Yoog virus typically appears as a search bar on your web browser. It can attack both Internet Explorer and Mozilla Firefox. It generally replaces the “Google” search bar. It is a form of malware that will create more than one type of problem for your computer. It can generate annoying pop ups that disrupt the functioning of the computer.

How to Remove the “Yoog” Virus

The primary strategy that I am going to suggest that you use is to run several anti-spyware/anti-virus applications on your computer one at a time. Run your existing anti-spyware/anti-virus application. If you have already run your current anti-spyware/anti-virus application, then move on to the download and installation of the following anti-spyware/anti-virus applications:

PC Tools

AdAware by Lavasoft

CyberDefender

Anti-VirusPLUS

Run each application alone and completely before moving on to the next anti-spyware/anti-virus application. Follow any directions that you receive to get rid of Yoog. While these applications are removing the remnants of Yoog, they will also remove any other forms of malware that have infected your computer. Quite frequently, when a computer is infected with one nasty virus, other viruses tend to join the bandwagon.

Suggestions from other Computer Users Afflicted with Yoog

If you are still experiencing problems with Yoog after completing the above steps, read through these suggestions and select the ideas that appeal to you. As I mentioned above, I cannot vouch for these remedies since there really isn’t enough data to go on at this point.

Reading through many online posts, I have discovered that you are far from alone with this infection. Other computer users have suggested removing Internet Explorer and/or Firefox and/or Outlook Express prior to running any of the anti-spyware/anti-virus applications on your computer. You will then have to reinstall each browser after you have gotten rid of “Yoog.” If you decide to take this path, let me remind you to save your bookmarks in your current browser so that you can reinstall them at the proper time.

If you do not want to remove your browsers, still others have suggested clearing the temporary Internet files, cookies, and browsing history prior to running the anti-spyware/anti-virus applications.

How can I get rid of some viruses on my computer?

Removing Computer Viruses

Several options are available for removing computer viruses including doing it yourself, using a remote technical support service, or taking your computer to the local computer shop. Each of these options has their pros and cons. For example, doing it yourself is the least expensive option but often frustrating and time consuming. Remote services are nice for those who want someone else to take care of the task, but if the computer is severely infected, connecting to the remote service may be problematic. Local computer shops require lugging the computer to the shop and leaving it for a few days.

What each of these methods has in common is the use of antivirus software. Whether you do it yourself, allow a remote technician to install the software for you, or go to a computer repair shop, the viruses on your computer will most likely be detected and removed by software.

With this in mind, if you choose to do it yourself, obtaining a good antivirus application is the solution. If you currently have a reputable antivirus program on your computer such as ParetoLogic, McAfee, Norton, or Trend Micro, update the software and run a full system scan.

If you do not yet have a good computer security product, we recommend going with a tried-and-true antivirus application rather than randomly clicking popup ads for free antivirus programs. While some of these ads are for legitimate programs, enough of them are malicious and it’s often impossible to tell the difference. For recommendations of specific programs, go to our 2009 Antivirus Reviews section. Most are reasonably priced, some are free, and many provide real-time protection against viruses and spyware.

Update Antivirus Software First

No matter which antivirus program you choose, make sure to update it before running a system-wide scan. Updating the software ensures that you have the latest protections and gives you the best chance of finding as many viruses as possible.

Run the Antivirus Scan

Close all programs and run a full system scan. Do not go for the quick scan if prompted. You want to scan everything! When the antivirus program finds a virus, it will quarantine or delete it.