Techie Xplorer » Security http://www.techiexplorer.com Xploring Gadgets, Computing and Technology Thu, 29 Jul 2010 09:06:06 +0000 en hourly 1 http://wordpress.org/?v=3.0 McAfee update breaks Windows XP computers http://www.techiexplorer.com/2010/04/mcafee-update-breaks-windows-xp-computers.html http://www.techiexplorer.com/2010/04/mcafee-update-breaks-windows-xp-computers.html#comments Thu, 22 Apr 2010 20:51:50 +0000 sylv3rblade http://www.techiexplorer.com/?p=255 First it was Nvidia’s drivers with the fan control speed issues and now it’s McAfee and their XP killing update. It seems like a lot of company updates are hitting the fan.


The recent update of McAfee for their antivirus software on windows XP is causing computers to shut down and revert to an infinite loop of resets/restarts. The company has offered the following statement:

McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).

Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.

McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers

So what exactly does McAfee’s 5958 virus definition do that it sends XP computers in an infinite loop of death? it seems that the 5958 DAT file flags svchost.exe file (a common Windows services file) as malware, deletes it and kills your machine.

How do I fix a computer that has updated to McAfee’s 5958 DAT file?

McAfee recommends the following solution

  1. From a computer that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.
  2. Take the portable media to each affected computer and run the tool.NOTE: If you are not able to run the tool on the affected computer, (re)start your computer in Safe Mode.
    For instructions on starting in Safe Mode, see http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true
  3. Run the Recovery SuperDAT tool.
  4. Restart in normal mode.

via here

The problem is that you still need a working computer to run download the file.  If you have none, ask a friend for this favor as it’s the only to recover your machine aside from a complete reinstall.  If you have any questions and/or clarifications, please post them in the comments.

© sylv3rblade for Techie Xplorer, 2010. | Permalink | 2 comments | Add to del.icio.us
Post tags: , , ,

Feed enhanced by Better Feed from Ozh

]]> http://www.techiexplorer.com/2010/04/mcafee-update-breaks-windows-xp-computers.html/feed 2 Fake Security Suite in the wild http://www.techiexplorer.com/2010/03/fake-security-suite-in-the-wild.html http://www.techiexplorer.com/2010/03/fake-security-suite-in-the-wild.html#comments Mon, 15 Mar 2010 00:41:40 +0000 sylv3rblade http://www.techiexplorer.com/?p=205 A fake version of Microsoft Security Essentials (MSE), Redmond’s free antivirus program is quietly spreading under the guise of the original’s brand recognition.  The rogue “antivirus” software is called Security Essentials 2010.


If your computer displays the screenshot shown above, then your system is infected trojan called TrojanDownloader:Win32/Fakeinit. Microsoft’s official statement on the programs describes it as such: fake scanner that informs the user that they need to pay money to register the software and remove these non-existent threats, much like past rogue “antivirus” softwares like Antivirus 2009 and Antivirus 2010. What’s worse is that Security Essentials 2010 also terminates certain processes (like some of the “weaker” antivirus programs), edits the registry to disable Task Manager, lowers your security settings, hijacks your Web browser, and changes your background image to one of an ominious spyware warning.

How to Remove Fake Security Essentials 2010

Manual Method

  1. Clean your System with HijackThis.
    1. Download and install HijackThis.
    2. Run HijackThis, click Do a System Scan Only
    3. Select the following entries from the scanned list:
      F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
      O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
      O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
      O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
    4. Close all other applications (except HijackThis of course) and click the fix checked button.  This will remove all entries of Security Essentials 2010 from your registry.
    5. Close HijackThis
  2. Clean Security Essentials 2010 DLL files.
    1. Download and install LSPFix from LSPFix and unzip it to your Desktop.
    2. Run LSPFix and tick the option I know what I’m doing under the Advanced Options.
    3. On the Keep box, click helper32.dll
    4. Press the >> button to transfer it to the Remove box.
    5. Press Finish>> button to remove the helper32.dll file.
    6. Once the removal process is done, LSPFix will display a summary of it’s actions.  Press OK to close it.

Automated Method

Simply install the following programs, update their database and scan.

For reference Security Essentials 2010 makes the following additions to your computer:

Security Essentials 2010 creates the following files and folders

C:\Program Files\SecurityEssentials2010
C:\Program Files\SecurityEssentials2010\SE2010.exe

Security Essentials 2010 creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Essentials 2010

If you have any other question, post a comment.  Good luck!

© sylv3rblade for Techie Xplorer, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: , ,

Feed enhanced by Better Feed from Ozh

]]> http://www.techiexplorer.com/2010/03/fake-security-suite-in-the-wild.html/feed 0 How to Remove Antivirus 2009 http://www.techiexplorer.com/2009/10/how-to-remove-antivirus-2009.html http://www.techiexplorer.com/2009/10/how-to-remove-antivirus-2009.html#comments Mon, 05 Oct 2009 11:46:46 +0000 sylv3rblade http://techiexplorer.com/?p=14 Most of us has experience with Malware but this strain simply takes the cake. It’s a rogue application that disguises itself as an antivirus, tells you that your computer is infected as asks you to pay the guy who created it to remove it.

Screen shot of Antivirus 2009

How to Remove Antivirus 2009

Manual Method

  1. Kill Antivirus 2009 Processes.
    1. Download and install Process Explorer.
    2. Open Process Explorer.
    3. Locate the Antivirus 2009 processes listed below.
    4. To kill an Antivirus 2009 process, right-click the Antivirus 2009 process and choose the option “Kill Process Tree”.
    5. Kill the following Antivirus 2009 processes:
      AntivirusPro2009.exe
      %PROGRAMFILES%\Antivirus 2009\av2009.exe
      ieexplorer32.exe
      AV2009Install[1].exe
      Power-Antivirus-2009.exe
      c:\WINDOWS\system32\ieupdates.exe
      c:\Program Files\Antivirus 2009\av2009.exe
      AV2009Install_880405[2].exe
      AV2009Install_880405[1].exe
      av2009[1].exe
      AV2009Install.exe
      Antivirus2009.exe
      av2009.exe
  2. Kill Antivirus 2009 DLL files.
    1. Right-click the Explorer.exe process and choose the option “Properties”.
    2. Click on the “Threads” Tab, locate and highlight the Antivirus 2009 DLL files listed below.
    3. To kill Antivirus 2009 DLL files, click the “Kill” button.
    4. Kill the following Antivirus 2009 DLL files:
      %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
      c:\WINDOWS\system32\winsrc.dll
  3. Delete Antivirus 2009 Registry Keys and Values.
    1. Right-click on your Desktop > select “New” option > select “Text Document” (.txt file) option.
    2. Rename the .txt file as a .reg file and call it “Delete_Registry_
      Antivirus 2009_Entities.reg”      . This renamed .reg file is a command that creates a shortcut to your Windows registry and allows you to easily delete registry values.
    3. Right-click and select the “Edit” option.
    4. Copy and paste the Antivirus 2009 keys listed below.
    5. In the menu bar, go to “File” > select “Save” > then click the “X” button to close the file.
    6. Double-click on the .reg file.
    7. When the message box appears saying “Are you sure you want to add the information in C:DOCUME~1%username%DesktopDELETE~1.REG to the registry?”, click the “Yes” button.
    8. When the message box appears saying “Information in C:DOCUME~1
      %username%DesktopDELETE~1.REG has been successfully entered into the registry.”      , click the “OK” button.
    9. The Antivirus 2009 registry keys have been deleted from your registry.
    10. Copy and paste the following Antivirus 2009 keys:
  4. Delete Antivirus 2009 Directories.
    1. To locate Antivirus 2009 directories, go to “Start” > “My Computer” > “Local Disk (C:)” > “Program Files” > “Show the contents of this folder”.
    2. Search and delete the Antivirus 2009 directories listed below.
    3. Right-click on the Antivirus 2009 folder and select “Delete”. option.
    4. When the message box appears saying “Are you sure you want to remove the folder [FOLDERNAME] and move all its contents to the Recycle Bin?”, click the “Yes” button.
    5. When the message box appears saying “Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?”, click the “Yes” button.
    6. Search and delete the following Antivirus 2009 directories:
      %ProgramFiles%\AntivirusPro2009
      %ProgramFiles%\AV9
      %ProgramFiles%\Power-Antivirus-2009
      %UserProfile%\Start Menu\Antivirus 2009
      %ProgramFiles%\Antivirus 2009
  5. Restore Original Default Home Page.
    1. Go to “Start” > “Control Panel” > “Internet Options”.
    2. Click on the General Tab > click the Use Default button under Home Page.
    3. Click “Apply” and then click the “OK” button.
    4. Open a Web browser to verify that your default homepage has been restored.
  6. Remove the Antivirus 2009 Icons.
    1. If the Antivirus 2009 icons still remain on your Desktop, you can drag and drop them to the “Recycle Bin”.
    2. Reboot your computer to make sure all changes made for the removal of Antivirus 2009 are complete. If your computer still has issues, you should scan your computer for Antivirus 2009 with a spyware scanner.

Automated Method

Simply install the following programs, update their database and scan.

Good luck!

© sylv3rblade for Techie Xplorer, 2009. | Permalink | No comment | Add to del.icio.us
Post tags: ,

Feed enhanced by Better Feed from Ozh

]]> http://www.techiexplorer.com/2009/10/how-to-remove-antivirus-2009.html/feed 0 How to remove JARGON.VBS http://www.techiexplorer.com/2009/10/how-to-remove-jargon-vbs.html http://www.techiexplorer.com/2009/10/how-to-remove-jargon-vbs.html#comments Thu, 01 Oct 2009 23:33:27 +0000 sylv3rblade http://techiexplorer.com/?p=9 I’ve encountered this virus/malware the other day and while it was fairly easy to remove, I thought it would be useful to provide instructions on how to remove jargon.vbs. A quick search on GOOG turned out several useless results (okay, a lot of useless results) so I thought of doing my part to help.

Here’s how you can remove JARGON.VBS from your computer and your infected flash drives.

  • Download: Flash Disinfector | Mirror
  • Run the Flash_Disinfector.exe. Explorer will close (your desktop will disappear leaving you with windows of currently running programs) and restart. This will have stopped the script.
  • Now you’ll have to delete the malware files so your system won’t get infected again, to do this you need to display hidden files.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading unselect Do not show hidden files and folders.
    • Browse your flash drive (DON’T CLICK AUTOPLAY or you’ll run the malware again) and remove the following files:
      • autorun.inf
jargon.vbs
wscript.exe

      Repeat this step for all infected drives.

    • Go to C:/Windows and delete
      • jargon.vbs
  • Congratulations, you’ve removed that annoying malware

© sylv3rblade for Techie Xplorer, 2009. | Permalink | 20 comments | Add to del.icio.us
Post tags: ,

Feed enhanced by Better Feed from Ozh

]]> http://www.techiexplorer.com/2009/10/how-to-remove-jargon-vbs.html/feed 20