×

Notice: this is a preview of the original feed. Please, read our copyright notice. If you are the copyright holder of this feed click here.

feed

Tags: blogspot remove somoto.com instruction malici malware comput uninstall toolbar software mountain view

Malware Removal Instructions
From network security to phishing and malicious software. Whatever problem you have, we're here to help you solve it!...

by Admin, Mountain View (geolocate), published: Thu 21 May 2015 07:49:00 PM CEST.

Favicon Delta-homes Removal Guide
21 May 2015, 7:49 pm
Delta-homes is a browser hijacker that modifies your web browser settings and changes your home page and default search engine to http://www.delta-homes.com. It can seem like it's getting harder and harder to spend any amount of time online and not put yourself in harm's way of being infected by malware or a virus. With online attacks now big business for the thousands of phishers, scammers and other cyber criminals, it's harder than ever before to stay safe. And unlike before when avoiding infection meant simply avoiding illegal downloads, pirated software and adult content websites, now anything, everything and everyone is fair game in an attacker's eyes.

Browser hijackers

Just one more thing that have been designed to cause us irritation when we're browsing the internet, delta-homes and similar browser hijackers, search engines that will, without warning, take the place of your existing ones. You'll log on to your computer only to find that delta-homes.com has got rid of your existing one for you and replaced it. That'd be fine if the replacement home page was better than your original - or at least equal to it in functionality – but that won't be the case. After all, the major search engines and operating systems know what they're doing when it comes to giving you search capabilities – more so, I'm willing to bet, than some bedroom programmer/spammer. Unlike most browser hijackers, it displays different home pages for users from different regions, in other words it has a pretty decent localization module. However, that's not really useful and probably won't convince you to use it instead of Google or Bing. Besides, it's actually a pseudo search engine because it redirects users to govome.inspsearch.com and other websites that simply grab search results from Yahoo or Google.


If you've had a new delta-homes home page foisted upon you, chances are you're wondering how to stop it from happening again in the future. Well unfortunately there is no great catch all answer to the problem but, of course, there are a number of practical steps you can take; exercising more caution when you're using the internet being just one of them.

Of course, installing a good anti-malware program on your PC is your first line of defense in the war against online parasites and this will stand you in far better stead of staying safe when you're connected to the World Wide Web. However the problem is that when it comes to browser hijackers, the fact that they are designated potentially unwanted can lead many anti-malware solutions to be fooled by them and view them as potentially wanted instead. It's two sides of the same coin.

What does delta-homes do?

It has quite a few unappealing features. Delta-homes might download adware onto your PC so that you'll be subjected to non-stop pop-up adverts. It generally makes your computer run more slowly and it can cause your internet connection to slow down or keep crashing too. And of course, as mentioned a moment ago, one of its very favorite things to do is to hijack your browser and and change your home page to delta-homes. And in the majority of cases, these browser hijackers are merely a means for manipulating your web searches and redirecting them to websites that the browser hijacker's programmers wants you to visit instead of the destination you were aiming for.

How does delta-homes end up on your PC?

Delta-homes is normally packaged with other programs, meaning when you download Program A you could also be downloading a browser hijacker! The solution: read license agreements properly and check or uncheck boxes mentioning add-ons.

How do I remove delta-homes?

Delta-homes removal can be a tedious task. It modifies browser settings and also makes modifications to Windows registry. Hopefully, the removal guide below will help you to remove this browser hijacker from your computer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Delta-homes Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this browser hijacker from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Uninstall delta-homes related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove eSave Security Control, GoPlayer, Desk 365 and any other recently installed application. It won't be listed as delta-homes.com in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.



Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove delta-homes from Google Chrome:

1. Click on Customize and control Google Chrome icon. Select Settings.




2. Click Set pages under the On startup.


Remove delta-homes.com by clicking the "X" mark as shown in the image below.



3. Click Show Home button under Appearance. Then click Change.



Select Use the New Tab page and click OK to save changes.



4. Click Manager search engines button under Search.



Select Google or any other search engine you like from the list and make it your default search engine provider.



Select delta-homes.com from the list and remove it by clicking the "X" mark as shown in the image below.



5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file. Nothing more.




Remove delta-homes from Mozilla Firefox:

1. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: delta-homes



Now, you should see all the preferences that were changed by delta-homes. Right-click on the preference and select Reset to restore default value. Reset all found preferences!




4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.




Remove delta-homes in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select delta-homes.com and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.



6. Finally, go to ToolsInternet Options and restore your home page to default. That's it!

Share this post


Favicon Remove isp-survey.com pop-up (Uninstall Guide)
20 May 2015, 8:54 pm
I'm going to take a shot in the dark and guess that you want to learn a little bit more about isp-survey.com pop-ups or phishing scam. Well you've come to the right place as I'll tell you how it winds its way on to your computer and most importantly how to get rid of it.

If you're constantly getting isp-survey.com pop-ups then your computer is infected with adware and probably some other potentially unwanted programs. Most adware and potentially unwanted programs come bundled with free programs, files and apps – and as most of us don't really give more than a second thought to downloading things from online, that means that we are all putting ourselves at risk of an adware infection, as well as even more serious types of malware and viruses. Adware that displays isp-survey.com pop-ups can be packaged as an add-on to almost anything, including TV series, music, games, and software, not to mention the myriad of apps that we are all addicted to! If you've noticed that after downloading some tempting freebie, you have then been subjected to isp-survey.com then you have already been infected by adware.


Why does adware exist?

Adware usually comes with freeware and shareware – i.e. programs that are given away or files that are shared for no cost. The programmer or owner of the program or file is looking for a way to make the effort of creating the program, or even sharing the file, worth their while – financially. For people who create free software or apps for a living, they need to find a way to recoup their production costs – and they do this by creating and selling or using adware. Adware can be used in different ways. Isp-survey.com pop-up survey is just one of them. The problem is that such pop-ups are very often misleading and promote questionable products or services. The domain name itself is misleading enough. What is more, scammers tend to trick users into revealing certain information that is usually valuable to them or can be sold to third-party companies. For example, scammers can ask you to answer a few quick questions and then ask for your phone number.

Are there any other ways adware can be installed?

I'm afraid so. Adware that displays isp-survey.com and similar popups might also end up installed on your PC if you visit a website that has been compromised by an adware program due to lax security. Simply being unfortunate enough to have been in the wrong place at the wrong time can enable adware to be automatically installed.

Can I remove adware myself and stop annoying pop-ups?

The good news is that most adware programs are fairly easy to remove, even with a very basic knowledge of how your computer works. You can actually find programs online that will help you uncover and remove adware from your machine. Do be careful though as hackers and cyber criminals are not averse to creating fake removal or anti-malware programs that will simply infect your computer with something even nastier than adware once installed. Therefore make sure you know the names of a couple of reputable tools by reading relevant internet forums or asking a technically minded friend or co-worker.

How can I protect myself from adware?

For a start you need to make sure your anti-malware software is fully up to date and has the newest patches. Malware – and adware – are big business and programmers are constantly finding new ways in which to infect us. That means that your anti-malware program needs to be equipped to handle the latest threats as they hit the internet. If it's already too late and you just want to stop annoying isp-survey.com pop-ups and remove adware from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Isp-survey.com Pop-ups Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove isp-survey.com pop-ups related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Glass Bottle
  • GoSave
  • Active Discount
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove isp-survey.com pop-ups related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Glass Bottle, Active Discount, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove isp-survey.com pop-ups related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Glass Bottle, Active Discount, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove isp-survey.com pop-ups related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Remove 1-844-534-8203 Debug Malware Error Pop-up (Uninstall Guide)
19 May 2015, 7:32 pm
1-844-534-8203 phone number is being used by "tech support" scammers. Such fake pop-up messages are very common and they all are trying to achieve the same goal - to scare you into thinking that your computer is infected with malware. If you keep getting 1-844-534-8203 pop-up warning from microsoftsecurities.info and similar websites then your computer is indeed infected but not with debug malware error 895-system 32.exe virus as scammers would say but with adware and probably some other potentially unwanted programs. Adware and potentially unwanted programs come packed with freeware and popular software downloads that did not adequately disclose that other software would be installed along with it. Once installed, adware or a PUP adds a few browser extensions and add-ons which wait for commands form control and command servers and then begin to display misleading ads and 1-844-534-8203 pop-ups that usually say:

There is a .net frame work file missing due to some harmful virus.
debug malware error 895-system 32.exe failure
Please contact Microsoft technicians to rectify this issue.
Please do not open internet browser for your security issue to avoid data corruption on your registry of your operating system. Please contact Microsoft technicians at
Tollfree Helpline at 1-844-534-8203.


How did I get a Potentially Unwanted Program or adware on my computer?

Most PUPs find their way on to your computer by the art of deception, or more accurately by being sneakily bundled with another program, tool, application, or file. The publisher of this software or download might be fully aware that a Potentially Unwanted Program is packaged with their product, but oftentimes they are just as an unwitting party to the scourge of the PUP as the rest of us.

The programmers who create and disseminate PUPs are well aware that most of us wouldn't forsake add-on that displays 1-844-534-8203 pop-ups for their inferior product, so they have to use these underhand installation methods instead.

Are Potentially Unwanted Programs dangerous?

PUPs, despite their surreptitious ways and means of installing themselves, are not usually thought to cause you any great harm. Having said that, though, they can be extremely annoying! Especially, 1-844-534-8203 pop-ups saying that your computer is infected. PUPs are not malware or viruses but when you take into consideration the fact that you don't want to see misleading adverts on oyur computer, the fact that the PUP doesn't give you a choice in the matter is seen by many as to be almost as bad.

How to defend yourself from 1-844-534-8203 pop-ups

But what of those annoying traits we just mentioned? Well Potentially Unwanted Programs can cause your computer to run more slowly, make your internet connection crash, harass you with pop up adverts, and redirect your searches to websites that the programmer wants you to visit – which is the main reason for the PUP being created in the first place. How to defend yourself? Follow the simple steps below:

Don't use random sites to download software – always use the owner's site or a well known reputable provider
Want to view a video clip but it's telling you that you need a new media player? Don't download it – these are prime PUP stomping grounds.
Ensure your computer's security patches are the latest versions and that you have the most up-to-date versions of all software and programs that you're running on your PC installed

If it's already too late and your computer has been infected by adware, then please follow the steps in the removal guide below. If you have questions, please leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



1-844-534-8203 Pop-ups Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-844-534-8203 pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • CrazyScore
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-844-534-8203 pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove CrazyScore, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-844-534-8203 pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove CrazyScore, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-844-534-8203 pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Remove Buzzdock Ads Malware (Uninstall Guide)
17 May 2015, 8:40 pm
Among the myriad of different types of malicious software Buzzdock adware is not normally seen to be quite as dangerous. It's from the same malware family as Assist Point. After all, we are all told to be on our guard against spyware, Trojan Horses, viruses, fake security software and malware that hijacks your computer and holds your data hostage. But what is it about Buzzdock adware as it's more commonly known – that also makes it something that you should also protect yourself from?


So what is it? Buzzdock at its most basic form is described as a form of software that is installed on your computer (usually without your knowledge) which then tracks your internet usage by monitoring the websites you visit. It does this so that it can then send you Buzzdock adverts that are related to the pages, products or services that you've been looking at.

Surely that's spying?

Well, yes it certainly could be perceived as an invasion of your privacy, which is why so many people have an issue with adware. But that's not all Buzzdock can be guilty of. When it's in its worst incarnation it will bombard you with annoying pop-up windows which appear out of the blue and refuse to go away. It can also have a real negative effect on your computer's operating speed and slow down both your CPU and your internet connection. This can make programs and websites slow to load and you may even find the web keeps crashing rendering it virtually useless.

How do you know if your computer has Buzzdock adware infection?

Well it is not a shy and retiring type of malware so it is actually pretty easy to tell if your computer has adware on it. These are some of the warning signs:
  • Your PC is running a lot slower than it was
  • Your internet is also slower and possibly keeps crashing
  • You are being driven insane thanks to numerous Buzzdock pop-up adverts
  • You have a new toolbar, home page or search engine and your default ones have disappeared
How do you protect yourself from Buzzdock?

There are steps you can take to guard against this adware, and in actual fact, most of these apply to all types of malware too:
  • First of all, never open attachments or click links in emails or instant messages unless you know and trust the sender
  • When you download a program or app read the license agreement as adware is often bundled with other software – however it is normally mentioned in the small print.
  • Don't download programs from third party websites
  • Close Buzzdock adverts by clicking the red 'X' in the corner. Clicking on 'OK' or 'Close' may trigger an installation of further malware
  • Install a firewall on your computer as well as pop-up blockers
  • And probably most important of all, make sure you have a great anti-adware program running on your computer and keep it bang up to date.
However, if it's already too late and you just want to stop annoying ads and get rid of it, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Buzzdock Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Buzzdock related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Buzzdock
  • GoSave
  • Assist Point
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Buzzdock related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Buzzdock, Assist Point, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Buzzdock related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Buzzdock, Assist Point, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Buzzdock related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Remove "Glass Bottle" Ads Malware (Uninstall Guide)
16 May 2015, 9:18 pm
You know as well as we do that there are numerous threats that we need to be alert for when we're online and connected to the internet. Whether you're using a desktop, laptop, tablet or even a smartphone, no one, and no device, is safe. From spyware to Trojan Horse malware, there is a seemingly endless list of attackers just waiting in line to do us harm, and one of those is Glass Bottle adware/malware. It's basically a new variant of BrowseFox malware. Many people tend to brush adware as the baby of the bunch when it comes to malware however it can be a gateway to more serious infection, and is often more damaging than a lot of internet users realize.


Besides being extremely irritating, Glass Bottle is also responsible for committing a number of crimes against your computer. It affects the way it operates and, worse, it can leave you vulnerable to security breaches. Think you might have an adware infestation on your computer or handheld device? Don't ignore it – do something about it – and now! Glass Bottle is possible to remove by yourself, even if you are not particularly technically minded, but any reputable PC repair store or center should also be able to rid your device of it for you quickly and easily. So what exactly IS adware, and how do you stop it installing itself, without your knowledge, on your computer, tablet or phone?

What is Glass Bottle? Well, no prizes for guessing that Glass Bottle is a type of computer software that has been designed to show you advertising. The clue was in the name, right? And while ads by Glass Bottle might not seem so bad in themselves, it's the knock on effect that adware can have on your machine that is the real eyebrow raiser. For starters, it might redirect any searches you make on the internet, instead sending you to websites that the adware programmer wants you to go to. Not fun!

Some forms of this adware also spy on which websites you visit, monitor which products or services you are browsing, collect this data, and then send it back to the programmer so that they can then match the adverts that you see to the things you are recently viewing on other websites.

Naturally, this means that by displaying Glass Bottle adverts that are more in tune with things you might be interested in purchasing, the likelihood of you clicking on the advert and visiting the website in question and perhaps even purchasing something is greatly increased. This has the desired effect of both generating traffic, and potentially income, for the programmer or their customer.

How does Glass Bottle install itself on my PC or phone?

Glass Bottle is most often packaged with another program or application. From TV series to lifestyle apps, if something is available for free, there is usually a catch! Therefore, to avoid downloading adware you need to be more careful when downloading from the internet. And that means reading End User License Agreements and the small print properly. It will be mentioned as an add-on so make sure you're not knowingly also downloading it. If it's already too late and you just want to stop annoying ads and get rid of it, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Glass Bottle Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Glass Bottle related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Glass Bottle
  • GoSave
  • Active Discount
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Glass Bottle related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Glass Bottle, Active Discount, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Glass Bottle related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Glass Bottle, Active Discount, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Glass Bottle related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon 1-855-770-9879 Norton Security Warning Support Scam
15 May 2015, 8:40 pm
1-855-770-9879 pop-ups and redirects to alerttechhelp.com means that your computer is infected with a potentially unwanted program and adware. We know that we are not the only people to have been attacked by a Potentially Unwanted Program – after all they are so rife on the internet that it's almost hard to find someone that hasn't been a victim. It doesn't matter whether you are working, gaming, shopping, reading the news or catching up with the latest sports results, the 1-855-770-9879 Norton Security Warning can seemingly come from nowhere. One minute it was business as usual – and the next, you see a pop-up claiming that your computer is not protected or even infected in your browser. In this particular case, scammers claim that your computer is infected with spyware/adware called Trojan cssr.exe. Next comes the usual part about your credit card and passwords being in danger. Nothing really new, just a typical tech support scam with a little twist - Norton logo. So where do these mystery pop-ups come from and who on earth put them there?


The answer is more than simple - adware and a PUP. Potentially Unwanted Programs – or PUPs for short: What are they? What do they do to your PC? How do you defend yourself from them? So many questions, so let's get on with it! As you probably noticed, they display ads and redirect you to misleading websites. They can see your browsing history and display you ads based on websites you visit the most.

How did I get a Potentially Unwanted Program or adware on my computer?

Most PUPs find their way on to your computer by the art of deception, or more accurately by being sneakily bundled with another program, tool, application, or file. The publisher of this software or download might be fully aware that a Potentially Unwanted Program is packaged with their product, but oftentimes they are just as an unwitting party to the scourge of the PUP as the rest of us.

The programmers who create and disseminate PUPs are well aware that most of us wouldn't forsake add-on that displays 1-855-770-9879 pop-ups for their inferior product, so they have to use these underhand installation methods instead.

Are Potentially Unwanted Programs dangerous?

PUPs, despite their surreptitious ways and means of installing themselves, are not usually thought to cause you any great harm. Having said that, though, they can be extremely annoying! Especially, 1-855-770-9879 pop-ups saying that your computer is infected. PUPs are not malware or viruses but when you take into consideration the fact that you don't want to see misleading adverts on oyur computer, the fact that the PUP doesn't give you a choice in the matter is seen by many as to be almost as bad.

How to defend yourself from a PUP

But what of those annoying traits we just mentioned? Well Potentially Unwanted Programs can cause your computer to run more slowly, make your internet connection crash, harass you with pop up adverts, and redirect your searches to websites that the programmer wants you to visit – which is the main reason for the PUP being created in the first place. How to defend yourself? Follow the simple steps below:

Don't use random sites to download software – always use the owner's site or a well known reputable provider
Want to view a video clip but it's telling you that you need a new media player? Don't download it – these are prime PUP stomping grounds.
Ensure your computer's security patches are the latest versions and that you have the most up-to-date versions of all software and programs that you're running on your PC installed

If it's already too late and your computer has been infected by adware, then please follow the steps in the removal guide below. If you have questions, please leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



1-855-770-9879 Norton Security Warning Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-855-770-9879 pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • CrazyScore
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-855-770-9879 pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove CrazyScore, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-855-770-9879 pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove CrazyScore, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-855-770-9879 pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove SC Advertisement Malware (Uninstall Guide)
15 May 2015, 6:26 pm
If you have opened your web browser only to be greeted by "SC Advertisement", "brought by SC", "Ad by SC" or just "by SC" advertisements that you've never seen before then, I hate to break it to you but you arr the victim of a PUP which also installs adware component on your computer. And despite their rather cute name, there is nothing very lovable about technical PUPs. A PUP – or a Potentially Unwanted Program to give it its full name – is a type of malware which surreptitiously installs itself on your PC and then does its best to drive you mad by changing your settings and displaying ads labeled SC or sometimes SuperClick.

How is SC or SuperClick installed?

It may have been pre-installed on a new computer when you purchase it. It rarely happens but I thought you should know this. Others have infected websites and attack you by default when you visit that site. However the majority of PUPs install themselves automatically when you download another program or application. These have been bundled with the software you are installing or the file that you are executing, and their presence is not always the easiest things to spot. That's exactly how SC or SuperClick is distributed. If you don't want to see intrusive and sometimes even misleading SC Advertisements on your computer then better start reading the EULA and not just clicking 'Next' all the time.


How to avoid downloading a program that has been packaged with SC adware/PUP

Clearly saying don't download anything ever again' is not a practical course to take - we are now a race of avid downloaders and installers after all! From TV shows to lifestyle apps and from anti-viruses to video clips, we're all constantly adding the latest must watch entertainment or must have app to our devices. So, the thing that you really need to know is what you need to be on the lookout for when you're downloading.

Of course installing a great anti-malware program is crucial (as is running it often and making sure you have the very latest version) but you can also bolster your online defense by ensuring that your computer is fully up to date when it comes to having the latest Microsoft security patches installed too.

Another thing you really need to do is one that a lot of people tend to overlook and that is to regularly check that all the other apps, software and programs you have running on your PC are also up to date. If you're using an old version of anything, whether it's Skype or a language translation app, it won't have the newest security measures in place and can leave your machine open to abuse or attack by malicious third parties.

Finally, and probably most importantly, you need to start exercising a little more caution than you may already do when it comes to downloading and installing things on your PC. SC adware is normally mentioned in End User License Agreements so make sure you read the small print carefully when you're downloading something. If you notice an add-on is being forced upon you (at this time SuperClick 1.10.0.16) or that check boxes have been pre-configured to auto install something extra, it might be worth considering how much you want to download that program. If it's already installed and you don't know how to remove it and stop SC advertisements, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



SC Advertisements Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove SC Advertisement related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • SuperClick
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove SC Advertisement related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove SuperClick 1.10.0.16, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove SC Advertisement related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove SuperClick 1.10.0.16, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove SC Advertisement related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove Strong Signal Ads Malware (Uninstall Guide)
13 May 2015, 7:48 pm
Have you ever been left bewildered because you have switched on your computer, logged in and then discovered that you are the owner of a brand spanking new Strong Signal adware? Or maybe you have noticed lost of Strong Signal ads while surfing the internet. Worried you're starting to lose the plot – after all, you're 99% certain that you didn't install anything new before logging off the last time you used your PC, so what on earth is going on? Don't worry, you're not going crazy, what has happened is that you've been infected by a Potentially Unwanted Program or adware. Different anti-virus engines give slightly different detection and classification but basically both are correct. It's a potentially unwanted program and it displays advertisements.

I've been infected by a what?!

PUPs and adware programs are something found all too frequently on the Internet. They are a real pain as they will change your default browser settings, display ads and double underline certain words on web pages. They can even replace your default home page and search page. The reason for this being that they can then manipulate your searches so that you are redirected from the website you want to visit to one that the PUP's programmer wants to you to go to instead. Scammers also use Strong Signal and similar programs to display ads on your computer. They can be labeled "Ads by Strong Signal" or simply "by Strong Signal". Either way, that doesn't change the fact how annoying and intrusive these ads can be.


So how did this mysterious Strong Signal adware get onto your computer in the first place? Such programs usually install themselves in a few different ways, and you don't necessarily have to have downloaded any pirated software or visited any websites of a dubious nature – although doing either of these will definitely increase your chances of getting infected by adware!

If you have visited a website – of any type - that has been compromised by adware you will in turn become infected by it. However the most common route to Strong Signal infestation is when you download some software that it has been packaged with. Finally, you may be unlucky enough to have purchased a new computer that has an adware already installed on it. Thankfully, not this adware.

The good news is that many Strong Signal adware variants are easy to remove, even if you're a complete self-confessed technophobe. Others can be a little tougher, but the first thing you should do before calling manufacturer helpdesks or taking your PC into a repair center is to try and remove it yourself. If you are running the Windows Operating System all you need do is follow the simple instructions here:
  1. Go to the Windows Start icon in the bottom left of your screen
  2. Go to the Control Panel
  3. Find Programs and click the link below that says Uninstall a Program
  4. Identify the adware program and click on it to highlight it. It may be installed under a different name.
  5. The option to 'Uninstall' will appear at the top of the box – click upon that
  6. Next scan your computer with anti-malware software
If the type of Strong Signal on your machine is one of the less virulent types you should find that it has disappeared. If it is still there, however, you might need to enlist the help of someone more technical. If it's already installed and you don't know how to remove it, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Strong Signal Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Strong Signal related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Strong Signal
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Strong Signal related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Strong Signal, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Strong Signal related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Strong Signal, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Strong Signal related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove Bit Cryptor Virus and Restore Encrypted Files
12 May 2015, 8:49 pm
Bit Cryptor or BitCryptor is a file-encrypting ransom virus (ransomware) that encrypts your files using AES-256 encryption algorithm so they are not accessible and repairable without the unique encryption key. In order to get the key and decrypt your files you need to pay a ransom of 1 bitcoin which is currently about $240. It targets all version of Windows. Files stored on Network-Attached Storage (NAS) and other computers on the same network can be encrypted as well. Just like any other ransomware it scans your computer for data files and then encrypts them silently in the background. Most users probably won't even notice anything suspicious. Once the ransom virus has encrypted your files it will display a Bit Cryptor program that contains instructions on how to get your files back. As you can see, it has a countdown clock and apparently the ransom cost will increase if you won't pay on time. Each victim has a unique bitcoin payment address. Cyber criminals allow you to decrypt one file for free.


You know as well as I do that as we all spend increasingly large portions of our waking lives working, playing, shopping and browsing online, the higher the risks of contracting a computer virus or being infected by ransomware are. There is big money to be made in the cyber crime industry and malicious programmers are creating online attackers that are now more sophisticated than ever before. It's like watching a dog chase its tail, watching antiviruses and malicious software play this endless game of outsmarting each other with their creations. But where does that leave us – the people who rely on the internet to earn money, relax or simply keep our busy lives in order? Well where we're left is in the position of now having to be increasingly alert if we want to defend ourselves from becoming yet another faceless victim in the online war.

But the issue is that because the two sides of good and evil are constantly battling to stay one step ahead of each other, ransomware is constantly reinventing itself and finding new ways to cause havoc on our PCs or extort our hard earned cash from us. Bit Cryptor is a good example of how cyber criminals constantly improves their malware making it more sophisticated and dangerous. This particular variant, unlike most ransomware, block Task Manager and other program that can be used to disable it. As a result, it might be difficult to run anti-malware software and remove the ransom virus. Bclock.exe is the main process of this ransomware. It's usually located in C:\Users\[YourUserName]\AppData\Roaming\Microsoft\Windows\ folder. So, in case you can't open anti-malware programs or Windows tools, try to remove or at least disable the bclock.exe program first. If you can't do this using Task Manager, try Process Explorer. There's also a filelist.locklst file which contains a list of all files encrypted. Don't delete it. It's not dangerous and besides you may still need it.

Here's how BitCryptor Your files have been encrypted wallpaper stored in %Temp%\wallpaper.jpg looks like:


What is ransomware?

Ransomware is, to put it frankly, a nightmare. Yes, Bit Cryptor is a nightmare too. Not only does it try and con you out of money, it also causes major issues on your computer, and it can cause you very real stress and upset too. It certainly is something that is worth taking the time to learn a little more about. Ransomware seems to come and go so read on and make sure that the next time it's doing the rounds you stand the best possible chance of not falling victim to it.

You're probably already one step ahead at this point and have guessed that ransomware is a type of malware that operates by holding you hostage. Actually, it holds your files, data, programs or operating system to ransom, but when your life is stored on our computers it may as well be you! In a nutshell, ransomware will kidnap, or lock, your computer and hold it hostage until you pay a release fee. It also display a ransom note in a text file, not just the Bit Cryptor decryptor window.

Your personal documents and files on this computer have just been encrypted.
The original files have been deleted and will only be recovered by following the steps described below.
Click on "Show encrypted files" to see a list of files that got encrypted.

The encryption was done with a unique generated encryption key (using AES-256).
This means that encrypted files are of no use until they get decrypted using a key stored on a server.

This server will only release the key if the amount of Bitcoins (displayed left of this window) is send to the Bitcoin address shown on the left of this window.

Each time the timer expires, the total cost will raise with the starting price.

...

How does Bit Cryptor infect you?

Like most types of malware, Bit Cryptor will infect you through a program, file or app that you have downloaded. Some ransomware attacks websites, infecting them and then you the visitor by default. Other ransomware is hidden in an attachment sent in a spam email or instant chat application. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

What to do when this ransomware attacks?

Don't panic. And DON'T pay a ransom. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing Bit Cryptor and related malware:


Before restoring your files from shadow copies, make sure Bit Cryptor virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Bit Cryptor crypto virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Remove 'Los Pollos Hermanos' Crypto Virus and Restore Encrypted Files
11 May 2015, 9:16 pm
Los Pollos Hermanos crypto virus (ransowmare) has begun spreading in Australia and some other countries. If you are a fan of Breaking Bad then you will immediately notice that cyber criminals reference this TV show by using the Los Pollos Hermanos branding image in ransom demand. They even use a theonewhoknocks @ mailinator.com email for "support related inquiries". That's another reference to the popular TV show. Another than that, it's just another ransom virus from the CryptoLocker ransomware family that encrypts your files and then demands that you pay a ransom ($450 to $1000 AUD) in order to decrypt your files. It's not the most innovative and sophisticated ransommware but it does encrypt your files using the Advanced Encryption Standard (AES) encryption algorithm and you can't really decrypt them without the private key. So, I guess we could say that 'Los Pollos Hermanos' virus does its job well.


I'm sure you're no stranger to the fact that the more time we spend online these days, the more we are putting ourselves at risk of becoming a victim of some sort of virus, phishing scam or malicious software program. And it's a real cat and mouse game for as soon as one of the programs, operating systems, or applications we use releases a new version or patch, the malware programmers and scammers that inhabit the darkest corners of the internet will release their 'upgraded' – i.e. more dangerous version too.

So what should you do if you want to get the best possible protection in the face of all these threats that are just waiting to do us harm? The main thing is to ensure that you are always as well informed as possible when it comes to online issues that could cause you very real problems. And one type of malware that you should increase your knowledge about is ransomware, in this case the so-called "Los Pollos Hermanos" virus. Trust us; this is something that I can guarantee that you are not going to want installed on your computer.

A closer look at 'Los Pollos Hermanos' ransomware

Most malware is named pretty accurately. For example, adware is software that bombards you with adverts. Spyware is software that spies on you. Therefore if you're thinking that ransomware might just be something that will hold you to ransom, then go straight to the top of the class! A Los Pollos Hermanos ransom attack results in you, or rather more accurately, your files being held hostage. It kidnaps your data and demands payment from you to release it. It's a good old fashioned method of extortion, repackaged and upgraded for the twenty first century. This ransom virus attack the most common file types, so expect that your work documents and images will be encrypted. Once this crypto virus encrypts your files it will display a ransom note:

Your important files have been encrypted: photos, documents, videos, etc.
If you want to decrypt your files you must pay the fee of $450 AUD
Failure to pay within the specified time will mean you must pay $1000 AUD
For support related inquiries contact:
theonewhoknocks[edited]@mailinator.com

I have ransomware on my computer. How did it get there?

'Los Pollos Hermanos' ransomware, like virtually all types of malware, attacks your computer when you download something that has been packaged with it. This could be anything from some software, an app or a file – and the host program may or may not know that ransomware is included. Similarly this ransomware can also be spread via spam emails that have infected links or attachments in them. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

Has my data been kidnapped?

If there's one (albeit it dubious) thing to be said for ransomware is that it is extremely easy to know if you've been targeted. This is not a subtle attack: it is after your dollars after all! You will usually experience the following:
  • You are unable to open a program or document on your computer
  • You are shown a 'ransom note' in the form of a pop-up window, a full screen message, or perhaps an email
So should you pay the ransom? Absolutely not! Paying these people only perpetuates their belief that they are onto a good thing, so don't pay anything or click on any links or buttons. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who know, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing 'Los Pollos Hermanos' and related malware:


Before restoring your files from shadow copies, make sure 'Los Pollos Hermanos' virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by 'Los Pollos Hermanos' crypto virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Encrypted Files (.exx extension) Malware Removal Guide
10 May 2015, 8:37 pm
Today we are going to take a look at a particularly unpleasant type of malicious software that encrypts your data and appends the .exx extension to file names. Ladies and gentleman, allow me to introduce you to ransomware. In this case it's a new variant of TeslaCrypt ransomware. At the beginning of this month I wrote about Alpha Crypt ransomware which is a slightly modified version of TeslaCrypt. And now, we have a new or slightly modified variant that uses the .exx extension. It's detected as Win32/Filecoder.EM or Win32/Filecoder.ER by some anti-virus engines. But other than that the only difference is the file extension. If your computer is infected with this ransomware you will notice that your files changed to *.pdf.exx, *.avi.exx, *.jpeg.exx, *.docx.exx, *.xls.exx, etc. The ransom will likely change your wallpaper with information and links on how to get your files back. There might also see a decryptor window with the same information.


Taking a more in depth look at .exx ransomware

Ransomware is among the types of malware that is looking to make a dent in your bank account by conning you out of your hard earned cash. In this instance it demands a ransom in return for releasing your data that it has held hostage, or the ability to use your computer.

It does a number of things to coerce you into parting with your money. Here are the most common ones:
  • It can change your default browser settings so that you have trouble accessing the internet. This has the double pronged benefit (for the attacker) of not only frustrating you into paying the ransom but it also makes it harder for you to find a resolution to get rid of it.
  • Ransomware can also disable your files and documents by encrypting them. As you already know, it encrypts your files and appends the .exx extension. That's the only thing you can use to identify which ransomware do you have on your computer. In other words, holding them hostage until you pay the ransom. The warning sent by the attacker, either by email or displayed on your screen, will state that they will send you a code that you can key in, in order to deactivate the ransomware and release the data. However, this is often not the case and you will be quite literally paying (a not inconsiderable amount) of money for absolutely nothing. Ransom notes are usually HELP_TO_SAVE_FILES.txt and HELP_TO_DECRYPT_YOUR_FILES.txt. You can wind the in each folder with at least one encrypted file.
  • Some types of ransomware are designed to look like antivirus software and will display a pop-up warning saying that your PC is infected with a virus or malware. It will scare you into paying to install the program so that it can clean your machine. Of course, it’s not going to alert you to its own presence, so again, you will be paying for a fake scan, fake viruses, and a software program that does absolutely nothing.
One of the main issues with ransomware is that is can be extremely difficult to remove – sometimes even impossible, which is why it is important that you back your files and data up on a regular basis. Having this saved and stored on a hard drive or another computer makes you less likely to cave in and pay any ransom that is demanded of you.

So I shouldn't pay a ransom?

If you've been infected by ransomware that uses the .exx extension to make your files inaccessible, no, you really should not pay a release fee. Firstly, by giving in to cyber criminals, you are only convincing them that they are in the right line of business. Secondly, chances are, as mentioned, you are paying for thin air. There's no guarantee that they will decrypt your files. At the time I was analyzing this rabsomware, cyber criminals demanded to pay 2.2 Bitcoins which is more than $500. The decryption service can be accessed by using Web to Tor services: dlosrngis35.com, anfeua74x36.com, tor2web.blutmagie.de. Cyber criminals wrote a very detail guide on how to buy bitcoins and even made a support ticket system in case you have any questions.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .exx. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing .exx extension ransomware (TeslaCrypt) and related malware:


Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by .exx extension (TeslaCrypt) virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.

Method 5: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Encrypted Files (.encrypted extension) Malware Removal Guide
8 May 2015, 9:21 pm
If all your files are encrypted with an .encrypted extension then your computer is infected with the Crypt0L0cker ransomware. It's very similar to the CryptoLocker but encrypts files in a slightly different way. It basically scans your computer and encrypts any files that do not match an exclude list (a list of files that cyber criminals think could cause a problem with Windows, mostly system files). Once a file is encrypted this ransomware appends the .encrypted extension to the file name, so for example your Word document becomes project.docx.encrypted instead of just project.docx. The same thing happens to all other files that are encrypted. They become inaccessible and you can't just simply decrypt them because Crypt0L0cker uses a rather sophisticated and strong encryption algorithm. When a file is encrypted it will append the .encrypted extension to the file name.


The majority of people working or playing with computers have heard of a good number of the assorted malicious software programs that are out there. We all know the threat of Trojan Horses, the sinister tactics of Spyware, the aggravating Adware and the pest that is Potentially Unwanted Programs, and let's not forget vicious viruses. However there is one type of malware that never seems to garner the same levels of notoriety as its cousins, and that is something named Ransomware. So what exactly is Crypt0L0cker ransomware and is it something that you should be overly concerned about if it's not as well known? In a word: yes. Crypt0L0cker most definitely IS something you should know a little more about, and do your utmost to protect yourself from.

Here we are going to take a closer look at what ransomware is, how it spreads itself, what it can do to your files and PC - and more importantly - how you protect yourself from becoming a victim.

How does ransomware take control of your PC?

The Crypt0L0cker (.encrypted) ransomware is spread in a number of different ways; all of them seemingly innocuous, and therefore increasing the chances of us falling prey to the malware. Sometimes this ransomware is disseminated by email attachments or in links in mails or instant messages. Just a few days ago the AFP warned about AFP traffic infringement scam that distributed this ransomware.


The Trojan dropper is detected as TR/Crypt.Xpack.197573, Trj/RansomCrypt.C and Win32:Crypt-SAR [Trj]. Some users got caught by this virus campaign and immediately noticed that all jpeg, pdf and doc files had the extension ".encrypted" after them. Other variants of this ransomware are unleashed by programs or even entire websites that have been infected by it. So what do you need to do to lower your likelihood of being attacked? You need to be careful when opening emails and instant messages – especially if you don't know the sender – and of course you should exercise extreme caution when opening attachments, images, files or links within them. You also need to be very careful when downloading apps or programs in case they have been compromised. It's hard to say that you should also watch what websites you visit, as any site can be targeted by malware but the general rule of thumb is to avoid anything that your instincts tell you is low quality or contains dubious content.

What is Crypt0L0cker's MO?

Ransomware, as you may have already guessed, exists to extract money from you in the form of a ransom. And to do this it needs to hold something hostage, in this case, your computer.

A ransomware attack paralyses your operating system, leaving you unable to open files or programs. When you try, you'll be hit with a ransom note sent by email or displayed on your screen telling you that you have been found to have downloaded illegal or pirated software or accessed a website of an illicit nature. It then demands a sum of money in return for the release of your documents or system.

Even worse, some ransomware will tell you that you are now on a watch list and about to be investigated for your alleged cyber crimes by the government or police! Clearly this is to convince you to pay the ransom, however, don't give in, but follow the steps in the removal guide below. First, you should remove the ransomware and any other related malware from your computer. Secondly, don't pay the ransom and try to restore your files with the tools listed below. If you back up your files regularly, you can retrieve some of your information, if not all of it, if your files suddenly become encrypted and have this odd *.encrypted extension. If you don't have any backups then you can try to restore at least some of your files with Shadow Explorer and other Windows system tools. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing Crypt0L0cker (.encrypted) and related malware:


Before restoring your files from shadow copies, make sure Crypt0L0cker virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Crypt0L0cker (.encrypted) virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Ads by GenerationVine Removal Guide
7 May 2015, 8:29 pm
GenerationVine: there's something that sounds familiar. But what it is and why are we talking about it in an article about adware? Well, because it's adware that displays "Ads by GenerationVine" or powered by GenerationVine just about everywhere. It can injects ads just above your Google search results or double underline certain works on a web page and show a pop-up advertisement. Here I'm going to tell you what you need to know about modern adware – the name given to a type of malware which unfortunately is less of a myth and all too real.

How do I know if I have GenerationVine on my PC?

Adware is no shy and retiring wallflower, so it will be obvious if you have been infected. The nastier types of adware will bombard you with a proliferation of pop up and pop under windows, as well as garish banner ads by GenerationVine. However, that's not all as adware can be more than just irritating; it can have a negative effect on your computer as well as your sanity. Once installed, this adware will add a few web browser extensions, for example Youtube-to-MP3 or even use some random names. The adware will use these extensions to track your browsing habits and access internet history. Such information can be very valuable and even sold to third-party companies, ad networks, etc. Of course, adware's progarmmers can use such information to display more accurate and relevant ads on your computer.


How does this adware get on to your computer?

As mentioned, the Generation Vine adware will be installed by methods of deception. It could be disguised as a game, a great lifestyle applications, even some very popular program. Great you think – I need that. So you download and install it – and bingo, you've just unleashed the GenerationVine adware on to your machine.

Some variants of this adware are hidden in shareware or freeware and will be downloaded in conjunction with other files. Others are attached as a file in an email or as a link in either a mail or instant chat message. Open that attachment or click the link and the adware will run and infect your PC.

Our advice is to steer clear of downloads from third party websites, be careful when installing programs: read the reviews and only install from official websites, don't open email attachments from unknown sources, and of course, install an anti-malware program!

How to get rid of ads by GenerationVine?
Open Control Panel then choose Uninstall a program and search for GenerationVine and Youtube-to-MP3. Uninstall both programs. Please note that it can be installed under a different name. In that case, list all the programs by date they were installed on your computer. The most recently installed programs will probably be the culprit. Then reset your web browser and finally scan your computer with recommended anti-malware software. Detailed removal guide can be found below. You should now be clear. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



GenerationVine Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove GenerationVine related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • GenerationVine
  • GoSave
  • Youtube-to-MP3
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove GenerationVine related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove GenerationVine, Youtube-to-MP3, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove GenerationVine related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove GenerationVine, Youtube-to-MP3, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove GenerationVine related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove TermBlazer Ads Malware (Uninstall Guide)
6 May 2015, 9:33 pm
Chances are you know exactly what TermBlazer or Term Blazer adware is and what it can do but unless you've actually had to deal with an advertising supported software infestation on your computer you might not realize what a nightmare this adware can be. It's true that adware is not as malicious as some other malware types but that doesn't mean you should grin and bear it if you do wind up with the nastier type of adware on your PC. Some online advertising is nothing more than literal adverts – links or traditional ads that are aiming to get you to click on them and visit their website and spend your hard earned cash. But there are others that display endless ads by TermBlazer and pop-up or pop-under windows that don't seem to disappear, no matter how many times you try and close them.

What is TermBlazer?

In its most innocent format, it is merely online marketing, however even that can have a rather creepy side. And that's because it customizes the adverts that you see displayed on your computer monitor to match your interests. How does it do this? By installing a component on your computer, usually web browser extension, that monitors which websites you visit and the goods or services that you view. The component records this data and sends it back to the person or company who created the adware – so that they can then decide which ads by TermBlazer you are shown. Clearly this rather aggressive form of marketing has been designed to increase the chances of you visiting a site and spending money, therefore generating revenue for the programmer and the website. As a knock on effect, this also increases traffic to the site which helps it rank higher in the search engines.


How does TermBlazer infect my computer?

Most adware programs come packaged with other programs, TermBlazer is no exception. These can be anything from a shared TV series download, to wallpapers, games or even reputable software upgrades. It doesn't even matter whether or not you pay for them; adware programmers (and advocates) show no mercy and will attach it to virtually anything downloadable, clickable or installable! So, when you download this software, file, program or download you will also be downloading the adware onto your computer too. And of course, you'll also be downloading the tracking device that records which websites you visit.

The side effects of TermBlazer

Make no bones about it; a true adware problem can be a nightmare to deal with. Not only is it annoying to be bombarded with pop-up windows and spooky to think that someone knows which websites you are visiting but the tracking component can cause your computer to run much more slowly than usual. It might also slow your Internet connection down and you'll find web pages are constantly crashing.

Protect yourself from adware. Install a good anti-malware and start being a little more discerning when it comes to downloading software! If it's already too late in your computer is infected, then please follow the steps in the removal guide below to remove TermBlazer and related malware from the system. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



TermBlazer Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove TermBlazer related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • TermBlazer
  • GoSave
  • Active Discount
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove TermBlazer related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove TermBlazer, Active Discount, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove TermBlazer related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove TermBlazer, Active Discount, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove TermBlazer related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Remove stoppirates@yahoo.com IAC/SOPA PIPA Virus and Restore Encrypted Files
6 May 2015, 8:32 pm
Warning! You have a computer found pirated content! All your files are encrypted! To decrypt files you need visit the site http://utrozen.pixub.com and follow the instructions posted on it. If the site is for some reason unavailable refer to the stoppirates@yahoo.com. Your id 598742.

You can enter a password 5 times. Above this limit, all files will be deleted! Independent attempts to decrypt the data can lead to their loss.

That's the ransom note (a text document inside each folder entitled HOW TO DECRYPT FILES.txt) of a new ransomware which is detected as a Trojan Horse TR/Crypt.XPACK.171354 and Win32/Filecoder.E by some anti-virus engines. So, if your files are encrypted and you got this ransom note than your computer is definitely infected with a ransom virus. The good news is that it's not the most sophisticated ransomware, actually it's not even close to CryptoWall 3.0 or CryptoLocker, but it can still cause some serious problems. Thankfully, there are a few tools that can be used to remove the virus and restore your files. You have probably have heard of ransom Trojan in the malware sense but if you want to find out a little more about this spiteful internet attacker, you've come to the right place. In order to adequately protect yourself when you]'re using your PC you should know exactly what a stoppirates@yahoo.com Trojan ransom is, how it gets on to your PC, and what it can do to you once it has installed itself. Even more crucially you need to know how you can protect yourself from being infected.

What do ransom Trojans do?

It encrypts your files (two words: back up!) and turns your computer into a zombie. Far less entertaining than the TV show, The Walking Dead, if your computer is recruited by an attacker as one of their zombie hoards it could be using your own PC to further spread its poison. For example, they could be using YOUR computer to email YOUR contacts with THEIR ransomware! Basically when your PC becomes a zombie computer this malicious third party is in control of your operating system. But that's the additional module of this infection. The main goal is to encrypt your files. Then it displays a ransom note with information and links on how to make a payment (could be $300 or more). Payment instructions are available on http://utrozen.pixub.com and http://str.fulba.com. Both websites provide the same information. They are regionally localized to show you the ransom instructions in your language. In the image below you can see the US ransom payment site. As you can see, it starts with the International Police Association - IAC warning claiming that you downloaded illegal files. It even shows your IP address probably to scare you into thinking that authorities will be able to find you in case you decide not the pay their fine. At the bottom of the page and in the ransom note as well there's a email stoppirates@yahoo.com which can be used in case you have some difficulties or questions.


The ransom virus can also change your desktop background image to a fake wartning that states: CONTENT Blocked by SOPA PIPA under authority granted by H.R. 3261 & S.968. That's probably just another trick to make you think that this is a real thing and you're in big trouble right now. Don't worry, you're not!

Since this stoppirates@yahoo.com / SOPA PIPA ransom virus doesn't use very sophisticated encryption algorithm, you can expect to have your files back quite easily. All the tools needed to restore your files are given below. Please note, that this ransomware appends a 6 digit extension to any encrypted file, for example work.docx.598742, so I suggest you to keep it that way. Don't try to manually change or remove the appended extension because you may corrupt the file.

How does the stoppirates@yahoo.com Trojan ransom infect your PC?

Sorry to break it to you but it's your fault! Okay, that's a little harsh maybe but the fact is that you do have a part to play in your computer being infected. And that's because stoppirates@yahoo.com Trojan Horse ransomware plays on our weaknesses, insecurities and perhaps even our boredom or our relaxed attitude to downloading software and files. Let us explain. In order for a Trojan ransom to be able to disrupt your machine it needs you to install the server part of the application yourself. That's because ransom Trojans are not viruses and don't spread themselves – they need you to do their dirty work for them. And to do this they lure you in by trying to tempt you with attractive looking apps or games, the most technically advanced antivirus tool, or any other must have software, applications, files or programs.

The name given to this is social engineering, meaning that the Trojan's programmer is trying to manipulate you into undertaking an action – in this case downloading their app or tool. You're sucked in, you simply can't live without that latest farm game, but unknown to you, it is actually a Trojan ransom in disguise.

There are a couple of other methods programmers use to ensure the best possible chance of their product making its way on to your computer, and that is by sending it you over email or in a instant chat message. You'll receive an attachment or link, which, once clicked upon or opened and run, will install the Trojan. Furthermore, it will run every single time you log on, causing more and more chaos. Which brings us to...

How to avoid becoming a victim of stoppirates@yahoo.com / CONTENT Blocked SOPA PIPA ransomware

Trojans might be cool on the big screen; on your computer, not so much. Therefore, never open attachments or click links in emails or chat messages if you don't know the sender – no matter how tempting the offer or freebie looks. And of course, make sure you have great antivirus software installed.

So what should you do your files have been encrypted? Easy to say, but try not to panic and most definitely do not pay any money unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber criminals will recover your files.

If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing stoppirates@yahoo.com IAC/SOPA PIPA and related malware:


Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by stoppirates@yahoo.com IAC/SOPA PIPA virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon How to Remove Sale Charger Ads Malware (Uninstall Guide)
4 May 2015, 9:08 pm
Sale Charger or SaleCharger is a potentially unwanted program or adware that displays Sale Charger ads on your computer. It can also display pop-ups and make your computer nearly unusable. It has been detected as adware or malware by multiple anti-virus engines Adware.BrowseFox, see VirusTotal scan results. Previous variants of BrowseFox adware were quite persistent and displayed ads pretty much everywhere including even the most popular websites like Youtube. Sale Charger does the same thing. It even injects ads into Google search results page, just above the organic listings.

Being infected by malware, from the most serious identity-stealing types down to the slightly less viscous like Sale Charger, but still completely undesirable programs, there really are innumerable predators just waiting for their chance to infiltrate our systems and cause us stress, grief, and worry. Once installed, it will hijack your web browser as well. It will install a few web browser extensions and add-ons that can be difficult to remove. These extensions will be used to display adverts and pop-ups or even redirect your browser to dodgy websites. It can track your browsing habits and even access your browsing history. Needless, to say you should get rid of this adware immediately.


While it stands to reason that all malware, or malicious software, is unwanted, there are actually a group of programs which are specifically named just that and Sale Charger is one of them. Potentially Unwanted Programs, or PUPs as they're not so affectionately known, are a type of software that sneak their way onto your computer without you knowing about it. But just how do you end up with a software program that you haven't downloaded on your computer? That's Potentially Unwanted Programs for you!

It hijacks your browser, implements it's own tools, removes yours – and leaves you having to deal with its unfriendly design, limited functionality, and other annoying quirks. Usually, it installs a web browser extension and uses it to display Sale Charger ads. It can also gather your web browsing history or search terms and send this information to advertising companies or other third-parties.

By the way, those 'quirks' may include things like redirecting every single internet search you make to websites that the programmer of the adware wants you to visit. Every single time! Therefore it goes without saying that it can be incredibly annoying to have to deal with. But that's not the only thing you need to be concerned about because it can also cause your computer's security to slacken, leaving you, your data and your operating system open to further dangers from even more malicious programs and software.

Anything else to report? Just that it also like to harass you with numerous Sale Charger pop-up adverts and they will often also slow your operating speeds down as they're busy working away behind the scenes.

I'm going to stick my neck on the line now and wager that it is a fairly safe bet that you really don't want to have to deal with a browser hijacking and the annoying adware that comes with it. Therefore let's find out how such programs are installed on your computer so that you can be better prepared to fend off an attack should you need to.

It is most commonly downloaded in conjunction with other software, specifically free programs (freeware) and shared apps or files (shareware). And that's why reading End User License Agreements (EULAs) properly is crucial. These should tell you if something is included with your original download so if you see anything that's talking about add-ons or extra programs, stop and think whether you really need to download that program. If you absolutely must, ensure that you have configured the check boxes correctly so that the Sale Charger won't automatically be installed too. If it's already installed and you don't know how to remove it, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Sale Charger Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Sale Charger related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Sale Charger
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Sale Charger related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Sale Charger, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Sale Charger related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Sale Charger, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Sale Charger related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove HELP_TO_SAVE_FILES.txt Virus and Restore Encrypted Files
4 May 2015, 8:38 pm
HELP_TO_SAVE_FILES.txt is a ransom note that contains links and information on how you can pay the ransom to decrypt your files that were encrypted by Alpha Crypt ransomware. The Trojan ransom encrypts your files using a very strong RSA-2048 encryption algorithm, appends the .ezz extension to each encrypted file and creates multiple HELP_TO_SAVE_FILES.txt files on your computer. Basically, this ransom note can be found in every folder with at least one encrypted file. In this day and age, we all need to know as much as we can about the different types of malware that are out there trying to do us harm. And one of those pieces of malicious software that it is in our interests to know a little more about is ransomware. Staying one step ahead of cyber crime is crucial, therefore if you want to know how to best protect yourself from falling victim to this particularly nasty form of malware, carry on reading as I will give you a couple of simple ways to keep the ransomware at bay.

What is Alpha Crypt and why it creates HELP_TO_SAVE_FILES.txt?

You may have heard of a Trojan ransom because it's one of the most commonly found strain of malware. It is also one of the most unpleasant for sure. Not only does it cause carnage on your computer by encrypting your documents but it can have a serious affect on your overall security too, making you even more vulnerable to further attack by other types of malware, for example spyware.


How does this ransomware work?

If you have been infected by HELP_TO_SAVE_FILES.txt or Alpha Crypt ransomware it will 'kidnap' your files and hold them hostage until you pay for their release. Some users reported that cyber criminals asked to pay 1 Bitcoin while others mentioned only 0.5 Bitcoin. One way or another, it's still at least $100. It's a classic and time worn method of extorting money – the only difference is now we're dealing with online kidnapping. But this one is even more evil. It tries to delete shadow copies and even restore points to make it nearly impossible to restore your files. Luckily, it does not always succeeds, so there is a chance you can recover your encrypted data files using file recovery programs such as TeslaCrypt Decryption Tool by Cisco. Cisco programmers did a great job. The tool worked well with the previous version of this ransomware called Tesla Crypt.

Two ways of defending your computer from ransomware
  1. The majority of ransom Trojans are spread via email attachments or links in instant messenger chats. Therefore never open attachments or click on links in messages where you don't know the sender. Other Trojans are packaged with shareware or peer to peer files so only download from reputable sources.
  2. A smaller, but still significant amount of Trojans are installed during a 'drive by installation' meaning you have visited a website that has been compromised by the malware. There's no way of telling which sites are infected but bear in mind that the shadier the site, the more chance you have of leaving with some kind of infection
So, this is the strategy that HELP_TO_SAVE_FILES.txt ransom virus employs. It is designed to look innocent, or useful, and fool you into thinking you are downloading a game, the latest Taylor Swift album from a freeware or shareware file (if Taylor's your thing!), or maybe even an anti-virus tool. All things that look benign, fun or useful; but chances are you might actually be downloading ransomware instead.

Is there a way to recover my files?

Unfortunately, at this time there is no way to decrypt the files without your unique decryption key which can be bought from cyber criminals for 1BTC. However, do not pay the ransom unless your files are very important to you and are worth more than $100 or $300. And of course, if the tools given below do not work. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom: Shadow Explorer and TeslaCrypt Decryption Tool by Cisco. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who know, maybe you will be the lucky one. Please follow the steps in the removal guide below.

If you have any questions, please leave a comment below. And now you're done reading this, may I suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to HELP_TO_SAVE_FILES.txt ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing Alpha Crypt and related malware:


Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Alpha Crypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.

Method 5: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon 1-855-399-8171 BSOD Error 333 Registry Failure Scam
2 May 2015, 9:40 pm
Phone number 1-855-399-8171 is being used by scammers on various misleading websites like computer-alert-triggered.com and virus-alert-triggered.com that display fake error message or virus warnings. The goal of these websites and fake warnings is to trick you into installing spyware and other malware on your computer. Don't call 1-855-399-8171 unless you want to lose $100 or more on fake tech support services. It's one of many tech support scams. If you got this fake error message just close it (force close if necessary) and scan your computer with anti-malware. There's a good chance that your computer is infected with adware and potentially unwanted programs.

WINDOWS WARNING

0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELING_PENDING_OPERATIONS

WINDOWS HEALTH IS CRITICAL DO NOT RESTART

PLEASE CONTACT MICROSOFT TECHNICIANS

BSOD : Error 333 Registry Failure of operating system - Host : BLUE SCREEN ERROR 0x000000CE

Please contact Microsoft technicians at toll free : 1-855-399-8171

To immediately rectify issue to prevent data loss


As you can see, it's just a simple web page not the actual BSOD error. However, less computer savvy users might think it's the real thing and call the number 1-855-399-8171. It's not legitimate.

As you may already know, adware and potentially unwanted programs come bundled with freeware and popular downloads, for example TV shows and game mods. Fake virus warning do not come out of nowhere. There's a program on your computer or a web browser extension that displays those warnings. You might be wracking your brain trying to think where this unfamiliar program has come from – after all, it's not anything insignificant – it is something like a new tool bar or a browser extension. But if you think back to just before the appearance of this misleading 1-855-399-8171 BSOD warning, then you may well recall that you installed a new software program, upgraded an existing app, or downloaded the next episode of your must watch TV show onto your computer. And that is very likely to be the root cause of your infestation. It's starting to take shape but the missing piece of the puzzle is, how exactly were these new programs installed without your say so?

Welcome to the world of PUPs and adware

PUPs and adware programs are sometimes pre-installed on a new PC or laptop, very occasionally they infect you because you have visited a website that was targeted by a PUP (AKA a drive by installation) but for the most part, Potentially Unwanted Programs come packaged with a program that you have actually chosen to knowingly download. How sneaky! Once installed, they start display adverts and pop-up windows that may be very misleading of fake, just like the one shown below.

The good news is that it is easy to check whether you definitely have adware on your computer and all you need to do is to open your (Windows) PC Control Panel. Find 'Programs' and then 'Uninstall a Program' – anything running on your machine will be listed and if you see something you don't recognize you should be able to uninstall it here. I also listed a few adware and unwanted programs that are known to display fake virus warning and promote fake tech support services like 1-855-399-8171. However, yours might be completely different as scammers tend to change programs and extensions to avoid easy detection and removal.

A smart thing to also do to limit the chances of being infected again (although to be honest, this is a bit of a lottery) is to click on 'Installed On' on the bar above the list and this will then sort all of the programs on your computer in chronological order. This tells you that, let's say, if the unknown program was downloaded on the 10th of May at 10.15am, the program directly above it or below it in the list, with the same date and time was the culprit that led to you installing the PUP or adware.

How to remove it and protect yourself in the future

I'm not saying you're guilty of downloading illegal or pirated software or files but the fact is, anything can come packaged with a PUP or other malware. Therefore, read EULAs – End User License Agreements carefully so you know exactly what you are installing on your PC. To remove fake 1-855-399-8171 BSOD warning pop-ups, please follow the steps in the removal guide below. If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



1-855-399-8171 BSOD Warning Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-855-399-8171 pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Safe Web
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-855-399-8171 pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-855-399-8171 pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-855-399-8171 pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove Alpha Crypt Virus and Restore Encrypted Files
1 May 2015, 9:57 pm
Alpha Crypt is a Trojan ransom (ransomware) from the same malware family as TeslaCrypt. It encrypts your files using RSA-2048 encryption algorithm and then demands a ransom payment in order to decrypt your files ($500 USD in Bitcoins). Do you want to know what exactly it does, and how it infects your computer? If so you've come to the right place, so carry on reading as we uncover the mystery of this strangely named ransomware Alpha Crypt.


If you're pretty careful about what you do and don't download on your PC, it might shock you to know that in actual fact, you are almost wholly responsible for letting Alpha Crypt infect your computer. Why, you ask? It is because to enable a Trojan ransom to attack you in the first place, you must install the server component of the program. Of course, you don't do this wittingly; the ransomware has to con you into doing that. It will convince you that it is an innocent gift (or something useful) and that you really should accept it onto your PC.

Some variants of Alpha Crypt appear as pop-ups, caused by a previous infection of malware, others are packaged with files, apps or programs that are available for download on the internet, while others may be included as an attachment or link in an instant messenger chat app or an email sent to you by the programmer or disseminator of the malware. Open the attachment which is being distributed through the Angler Exploit Kit and, hey presto, you have triggered the ransomware simply by running the .exe file which will then install it. Once it is on your machine the server that the ransomware runs on will run the program each time you log on.


How much harm will Alpha Crypt do to me?

Plenty is the unfortunate answer to that. It is not nice, to say the least. It can cause serious issues that affect your hard drive and your operating system as well as your files, documents and other data. It will encrypt your files and append the .ezz extension to each of them. Since your files are encrypted and have this strange extension you can open them without a special decryption tool and decryption key. Both can be bought from cyber criminals. You just need to send then the RECOVERY_FILE.TXT file and of course pay a ransom. It's called AlphaTool Decryption Service. Don't get fooled, it's not your friendly decryption service run by geeks, it's in control of the same cyber criminals who created the Alpha Crypt ransomware. In short they can make using your computer an absolute nightmare – and that's not even taking into consideration the impact of lost data. When the encryption has finished, it will change your dekstop background to theHELP_TO_SAVE_FILES.bmp ransom note and then open the the HELP_TO_SAVE_FILES.txt ransom note. Finally it will open the Alpha Crypt encryptor program shown above. Bot the ransom note and encryptor program contain links and information on how you can pay pay the ransom to decrypt your files.

How can I ensure I don't get fooled by ransomware?

The good news is that there are things you can do to lower the risk of an attack from Alpha Crypt. Due to the way most ransom Trojans are spread, the biggest preemptive strike you can make is to never open emails if you don't know the sender. Opened one by mistake? Whatever you do, do not click on any links or open any attachments. The same goes for chat messages sent from unknown sources. You should also be wary even when you do know the sender before opening files or links as you never know if your contact has been hacked. Finally: a reputable antimalware – install one NOW if you haven't already!

What should you do if you've been infected by Alpha Crypt? Should you pay the fine?

In a word, no! There are two reasons for this: a) you're only encouraging further criminal activity and b) how do you know that you'll receive the decryption key anyway? If the encrypted files are not very important or you don't have money to pay the ransom, you can try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below like TeslaCrypt Decryption Tool by Cisco. Even better if you have backups or copies in the cloud. Please note that even of you decide to pay the ransom there's really no guarantee that cyber criminals will send you the private key and you will be able to decrypt your files. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing Alpha Crypt and related malware:


Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Alpha Crypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.

Method 5: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Encrypted Files (.ezz extension) Malware Removal Guide
1 May 2015, 8:59 pm
If most of your files are encrypted and have a .ezz extension, for example docname.docx.ezz or image.jpg.ezz then your computer is almost certainly infected with the Alpha Crypt ransomware. It's a new veriant of the TeslaCrypt ransomware. Obviously, encrypted files cannot be opened by the standard program. They must be decrypted first but the problem is that you need to purchase your private key using Alpha Crypt service (AlphaTool Decryption Service) in order to do so. The fact that malicious software exists, and exists purely to do us harm, is yesterday's news. We all know about the proliferation of the various types of malware from spyware and Trojan Horses to Potentially Unwanted Programs and adware, but the one thing that we do need to be aware of is the fact that malicious software is in a constant state of self-improvement. If improvement is the right word to use! And that means that we need to educate ourselves about the latest programs if we are to arm ourselves with the best defense against attack.


With that in mind, I'm going to take a closer look at ransomware that encrypts your files and append the .ezz extension to them; an unpleasant type of malware that is definitely an inhabitant of the more viscous end of the malware scale.

What does Alpha Crypt do?

Well we're giving no prizes away for guessing and the clue is most definitely in the name here as ransomware has been designed to hijack, or kidnap your files or data and render them unusable. It then sends you a ransom note HELP_TO_SAVE_FILES.txt which demands payment for the release of the files. You will be paying for a code which purports to be the key to unlocking the encrypted data. However, take any promises to send you this code with a bucket load of salt. Many ransomware programmers simply take the money and run, which shouldn't come as any great surprise, considering the people we're dealing with here! Alpha Crypt can be no exception.

How does ransomware send you a ransom note?

A ransom letter in the malware world won't be carefully cut out letters from newspapers like in the films of our youth (depending on how old you are!) but will be sent via an email or displayed on your screen. Some ransom notes are pop-up windows, others, rather menacingly take over your entire screen. This ransomware simply drops multiple HELP_TO_SAVE_FILES.txt files in folders where at least one file was encrypted. It also changes desktop background to HELP_TO_SAVE_FILES.bmp which displays the same ransom note as in the text file.


And just to add to the panic that you're no doubt experiencing since finding your computer in lock down mode, ransom notes amp up the fear factor in order to get you to pay quickly by telling you that the code will be invalid and you'll never be able to retrieve your files if you don't pay by a certain date (usually within 3 days).

But hold on, as it gets worse. Some types of ransomware design the note to look as if it was sent by the FBI, CIA or other law enforcement or government agency. The note will explain, in no uncertain terms, that you are being investigated due to your habit of visiting suspicious websites or illegally downloading programs. Even if you KNOW you haven't been on any websites supporting terrorism or download explicit images, the worry is still there. Did you accidentally click a link that you didn't mean to? Did someone else use your computer? Does the FBI know about that episode of The Walking Dead that you downloaded last week?

So now what? Should you make the problem go away by paying the ransom? The answer is most emphatically no. Do not encourage these online scammers. If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .ezz. You can also use TeslaCrypt Decryption Tool by Cisco. It might just work with Alpha Crypt as well. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing Alpha Crypt and related malware:


Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Alpha Crypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post

© 2015 Frêney, S.r.l. - V.A.T. ID IT03001860166