">
×

Notice: this is a preview of the original feed. Please, read our copyright notice. If you are the copyright holder of this feed click here.

feed

Tags: blogspot remove somoto.com instruction malici malware comput uninstall toolbar software mountain view

Malware Removal Instructions
From network security to phishing and malicious software. Whatever problem you have, we're here to help you solve it!...

by Admin, Mountain View (geolocate), published: Wed 02 Sep 2015 06:40:00 PM UTC.

Favicon Remove Windows 10 Browser Ads (Uninstall Guide)
22 Aug 2015, 7:21 pm
The list of Windows 10 new security features is both long and significant but unfortunately this OS is still vulnerable to various threats, including adware. You might not be particularly worried about adware that can infect Windows 10 and display annoying web browser ads and I admit that it is probably not the worst type of malicious software out there, especially when compared to real internet nasties such as Trojan Horses, spyware or ransomware for example. But that doesn't mean you should write it off completely as something that won't do you any harm, and you would definitely be advised to look into the ways that you can protect yourself from an adware infection even if you're using the latest Windows 10 and fully updated web browser.


Like most online scams, malware programs and viruses, the whole reason for adware's existence is to make money – and make no mistake, for business is booming when it comes to nefarious online commerce. Adware can generate a decent income for those who use it which is why the programmers who create it put in a not inconsiderable effort when it comes to ensuring that you are captivated by their browser adverts and very tempted to click on them and spend some of your hard earned money. Since most users switched to Windows 10, scammers had to make certain adjustments as well. And I'm afraid they did this very successfully because Windows 10 browser adverts and pop-ups appear all over the screen just like on Windows 8 and 7 no matter what browser you use. Yes, even the Microsoft Edge can be affected and display ads.

This also means that if you have been infected by adware, it can be difficult to find and delete it from your PC, but that's not to say that you should simply ignore it because adware has some disruptive traits that will soon start to have a negative effect on your user experience.

Adware is everywhere

There was a time, in the not too distant past, that adware was only really a problem if you visited websites of a 'certain nature' – i.e. adult and illicit or illegal content but that is no longer the case for adware can now be found on the websites of even the most reputable brands or businesses. So what that means for you and me is that we have a far greater chance of being infected by adware, especially if we happen to stumble across a website that has been compromised by adware – something known as a drive-by download.

What can adware do?

Adware has a number of side effects – none of them particularly desirable. It can make your computer run slowly, it can cause it to keep crashing, and it can send you insane with its incessant pop-up and pop-under windows. Some adware will even go as far as deleting and then installing a new tool bar so that it can manipulate your internet searches and redirect you to websites that the adware's programmer wants you to visit. And let's not forget that with all of this unwanted activity taking place on your PC, it can cause instabilities and weaken your PC's security.

How to protect yourself from an adware infection on Windows 10

Aside from drive-by installations, adware is normally installed as a package with another file or program. That means you need to be a lot more discerning when you are downloading something. Steer clear of third party download websites and only download from the publisher. You should also always read the End User License Agreement carefully and check or uncheck boxes that tell you that an optional extra is included in the installation.

How do I make Windows 10 browser ads disappear?

First of all, scan your computer with anti-malware software, especially if you are still not familiar with Windows 10. Adware's programmers are smart and try to hide malicious files on your computer making it difficult to find and remove each malicious file. To remove adware from your computer and stop the absolutely annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com




Windows 10 Browser Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove adware from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this adware. Hopefully you won't have to do that.






2. Remove adware related programs from your computer using the Uninstall a program control panel. Simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • TwistGrips
  • GoSave
  • Extag
  • SaveNewaAppz
  • and any other recently installed application


Simply select a suspicious application and click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Windows 10 adware related extensions from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.




2. Click on the trashcan icon to remove TwistGrips, Extag, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!


Remove Windows 10 adware related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools MenuAdd-ons.




2. Select Extensions. Click Remove button to remove TwistGrips, Extag, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove Windows 10 adware related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.




2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon What is ExtTag.exe and how to remove it?
21 Aug 2015, 8:01 pm

ExtTag.exe - by AgentMainService


What is ExtTag.exe?


ExtTag.exe is a browser hijacker that will redirect your web browser to dodgy and spammy websites. In a worst-case scenario you may be redirected to a malicious website and infect your computer. It's usually detected as RDN/Generic.dx, PUP.Optional.Linkury.PrxySvrRST, Generic6.BUEW, a variant of MSIL/Toolbar.Linkury.S potentially unwanted program. Detection ration is 18 / 57. Needless to say, such detection ration is pretty low and must be improved to ensure proper protection against this malware. As a savvy internet user you don't need me to tell you that there is a plethora of weird and (not so) wonderful things hiding in plain view on the internet and waiting to do us harm. Malicious software is big business and there are no end of different, innovate (and not in a good way) methods being used to con us out of our hard earned cash, corrupt our precious files and data and render our PCs virtually unusable. Browser hijackers can be as dangerous as spyware and Trojans. ExtTag.exe can not delete your files or steal sensitive information. However, it can modify proxy settings and redirect you to malicious websites. What is more, it runs multiple processes on your computer in order to download updates and install more malware. It goes without saying that it's not essential for Windows and can cause serious problems. It's not digitally signed too. I recommend you to remove ExtTag.exe and related malware from your computer. To do so, please run a full system scan with anti-malware software.






File name: ExtTag.exe
Publisher: AgentMainService
File Location Windows XP: C:\Program Files\ExtTag\
File Location Windows 7/8: C:\ProgramData\ExtTag\
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run → ExtTag.exe

Share this post


Favicon Remove help-file-decrypt.enc Virus and Restore Encrypted Files
21 Aug 2015, 6:57 pm
Help-file-decrypt.enc and pronk.txt files belong to Trojan.Cryptolocker.X ransomware. I wrote about it a few years ago. I was surprised to see that it's still active although slightly modified. Anyway, if you got these files in every folder on your computer and you noticed that most of your files are encrypted then your computer is infected with this encryption virus. It also renames encrypted files by adding either safefiles32@mail.ru or filesdecrypt@india.com at the end of each file name. Cyber criminals who created this ransomware use these email address to communicate with victims and send further information on how to decrypt files and of course how to pay the ransom. Basically, they expect you will contact them through safefiles32@mail.ru for more information.

It's a rather new variant first detected about a week ago. However, it doesn't bring anything new and instead use a well known encryption and extortion scheme. If you're a savvy internet user and you are well aware that there are numerous threats to your online safety. Whether you are a home user who uses the web for sending emails, shopping and reading the news or you’re a small business owner or manager, protecting the data that is rightfully yours is more crucial than ever before. And if you are the owner of a company, data security is often a matter of law and you will need to be compliant to avoid risking fines or other penalties.

It may appear that cyber criminals, hackers, phishers, spammers, call them what you will, only target big corporations, but the fact is you and your home PC or small business computer network are a far easier target. These people exploit our vulnerabilities and our lesser degree of technical expertise to make big bucks. And one of the ways they do this is through the use of a malicious software program, called ransomware.

What is help-file-decrypt.enc ransomware?

It is a program which has been designed to 'kidnap' your files or data by making them inaccessible to you. The files will be encrypted – i.e. held hostage – and only released back to you once you have paid the ransom. The ransom note pronk.txt will either be created in each folder with at least one encrypted file or displayed in a pop-up window or full screen message – pretty panic inducing for most of us. The message will tell you that once you have paid the kidnapper's demands, you will be sent a code so that you can decrypt your files. It allocates virtual memory in foreign processes and creates even more malicious files on your computer. It can also modify proxy settings and communicate with C&C servers. Not to mention that it can control your CPU usage and send sensitive information to cyber criminals.

Ransomware's method of attack

Like most malware, it is disseminated either by email, by being embedded on a compromised or malicious website, or included as an add-on with a download. And of course, as we all use email and the web every day, and download apps, software and files on a frequent basis, we are all at risk of potentially losing, not only our files, but a large sum of money too.

The trick is to stay vigilant

Just because you're not a world famous pop star or a global leader it doesn't mean you are not at risk of kidnapping – at least not this form of online cyber kidnapping anyway. Your data is just as prone to being kidnapped and held to ransom as that belonging to the most beloved film stars and loathed politicians! And that means that you need to be careful when downloading and installing things, and be very cautious when dealing with emails or chat messages from unknown senders.

You should also try to avoid visiting websites that may potentially be disreputable, and don't let yourself be suckered into downloading freebie games and apps that don't have any reviews or recommendations or are not offered via one of the big download websites.

Of course, installing a good anti-malware program on your PC is crucial too, as is making sure it is always up to date.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted. But before restoring your files, please remove the help-file-decrypt.enc ransomware and related malware files from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing help-file-decrypt.enc (Trojan.Cryptolocker.X) virus and related malware:


Before restoring your files from shadow copies, make sure the Trojan.Cryptolocker.X is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.






Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by help-file-decrypt.enc (Trojan.Cryptolocker.X) virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Remove "Ads by RotaryMasters" Adware (Uninstall Guide)
19 Aug 2015, 7:25 pm
One of the best things we can do to decrease the chances of being infected is to educate ourselves about the threats that are out there, and so here we are going to take a closer look RotaryMasters adware. There are so many different types of malware that it can be tricky to know what to look out for and how to protect ourselves when we're online. This form of online advertising or marketing is not the most dangerous of threats – although it can often be a lot worse than it is given credit for. Even if you don't object to the idea of being constantly marketed to, you may take umbrage at the fact that an unscrupulous third party has taken it upon themselves to install adware on your PC without your permission or your knowledge.


And that's not all because adware can actually impact negatively on your computer, making it run a lot more slowly than it did in its adware free days.

What is RotaryMasters adware?

It is a software program that either runs in the background on your PC or is a browser plug-in. The reason it can make your computer run slowly is that it installs a component on your machine that monitors your usage – for example it will track what websites you visit and note which pages you look at on that website. It then compiles a sort of profile on you and then sends this data back to the adware's programmer – this enables them to customize their advertising efforts to you so that you see "Ads by RotaryMasters" adverts relating to the sites, products and services you have recently been looking at, thus increasing the chances that you will click through and make a purchase.

The reason that your computer is running so sluggishly is because this tracking uses up a lot of your PC's resources which makes it harder for it to handle the extra tasks it's suddenly been given. In fact the problem can be so bad that it may even cause your internet connection to drop right off and cause websites to crash.

Other annoying traits of this adware

In its worst form, this adware will not simply show you RotaryMasters adverts that are embedded on a web page, but will also spam you with pop-up windows. These can be unbelievably irritating to deal with simply because they refuse to go away. They probably won't be customized to meet your tastes or interests either and are far more likely to be for websites that you probably have no interest in visiting such as gambling sites or even x-rated adult websites. Don't be surprised that your Google search page now has a quarter of it taken off with bad links labeled "Ads by RotaryMasters".

How does it get onto your computer?

Most of the time it comes packaged with free software and files, such as games, apps, wallpapers and other tempting goodies, and this is why you should be very careful about what you click on or download. Adware programmers also use spam emails and chat apps to disseminate links and infected files, so you need to be extra careful about what you are opening or clicking upon – especially if you don't know who sent the mail or message.

How do I stop RotaryMasters ads?

To remove this adware from your computer and stop the absolutely annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com




"Ads by RotaryMasters" Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.






2. Remove RotaryMasters related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • RotaryMasters
  • GoSave
  • Extag
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove RotaryMasters related extensions from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.




2. Click on the trashcan icon to remove RotaryMasters, Extag, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!


Remove RotaryMasters related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools MenuAdd-ons.




2. Select Extensions. Click Remove button to remove RotaryMasters, Extag, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove RotaryMasters related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.




2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Sidecubes Browser Hijack Windows 10 (Uninstall Guide)
17 Aug 2015, 7:20 pm
Sidecubes is a browser hijacker that changes your home page to http://search.sidecubes.com/?st=dn&q=, default search engine provider to feed.sonic-search.com and modifies other web browser settings. It can hijack not only Google Chrome but also Microsoft Edge on Windows 10. Needless to say, it's serious threat. With so many different types of malware, viruses and other scams and dangers to look out for it can sometimes feel like using the web is a little like swimming with sharks, albeit in a technical, virtual sense! Unfortunately the proliferation of scams and dangers out there make it more than a little confusing when it comes to trying to figure out what the risks are.


So if you are struggling to tell the difference between browser hijackers, malware and spyware and you don't know your Trojan Horses from your Potentially Unwanted Programs, don't worry I am here to clear up one of those mysteries as we take a closer look at browser hijackers that work even on the latest Windows 10.

Is Sidecubes the same thing as a computer virus or malware?

Not quite. It's potentially dangerous and can cause problems but it can't encrypt your files or steal your passwords. With a name that includes the words 'potentially' and 'unwanted' you could be forgiven for thinking that browser hijackers are yet another offender in the long line up of internet threats. However, while true malware is designed to either extort money or information from you, or to corrupt files and data purely for the programmer or hackers' own twisted amusement, browser hijackers are not quite as lethal.

Browser hijackers are not Viruses or Malware

Computer viruses are slightly different to malicious software and such browser hijackers as http://search.sidecubes.com/?st=dn&q=, in that they are self-replicating. A virus is a computer program that infiltrates your computer by way of an infected email attachment or via a program you have downloaded. They then spread their poison by infecting everyone in your address book and wreaking havoc on, not just your machine, but the people you come into contact online with too.

Malware is also normally packaged with another program or application and covers everything from programs that monitor your internet usage so they can aggressively market products and services to you (adware) and components which track the keys you type in order to steal your passwords and login details (spyware). Some malware will hijack your operating system and lock your files and demand you pay a ransom for their decryption (ransomware), while others will pretend to be an antivirus program and try and scare you into paying them to remove 'all the viruses they have found' on your computer when conducting a scan (rogue security software). Basically malware is out to make a quick buck!

In a similar vein, Sidecubes browser hijacker also has commerce at the heart of what it does but it falls into a different category, something which is known as grayware. It is generally agreed that browser hijackers are not malware because they do normally tell you that they will be downloaded in the License Agreement that comes with the program you are downloading and that they are packaged with. Their purpose is to install a new home page and search engine which will redirect your internet searches to websites that their programmer or owner wants you to visit, thus driving traffic and possibly sales.

How do I remove Sidecubes?

It can be a tedious task. It modifies browser settings and also makes modifications to Windows registry. Hopefully, the removal guide below will help you to remove this browser hijacker from your computer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Sidecubes Browser Hijack Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.






2. Remove Sidecubes related programs from your computer using the Uninstall a program control panel (Windows 7). Go to the Start Menu. Select Control PanelUninstall a Program.

If you are using Windows 8 or 10, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Sidecubes
  • Go_Sidecubes
  • GoSave
  • ExtTag


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Sidecubes from Google Chrome:

1. Click on Chrome menu button. Go to More ToolsExtensions.



2. Click on the trashcan icon to remove Sidecubes, GoSave, ExtTag, BookmarkTube extensions.

3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset.

6. Right-click Google Chrome shortcut you are using to open your web browser and select Properties.

7. Select Shortcut tab and remove "http://search.sidecubes.com/?st=dn&q=..." from the Target field and click OK to save changes. There should be only the path to Chrome executable file.



Remove Sidecubes from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Sidecubes, GoSave, ExtTag, BookmarkTube browser extensions. Close Add-ons manger.

3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: sidecubes.com

Now, you should see all the preferences that were changed by sidecubes.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://search.sidecubes.com/?st=dn&q=..." from the Target field and click OK to save changes. There should be only the path to Firefox executable file.



Remove Sidecubes from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Sidecubes and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://search.sidecubes.com/?st=dn&q=..." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.

Share this post

© 2015 Frêney, S.r.l. - V.A.T. ID IT03001860166