Speed Up Internet ExplorerIt may be possible to speed up the browsing performance of Internet Explorer with some careful tweaking (assuming you already have a reasonably high speed connection, i.e over 512kbps).Normally Internet Explorer makes use of a maximum of 2 connections to a server when downloading a webpage. For example, this page is made up of a single HTML file, several images and other scripts. All of them are needed to render the page, so Internet Explorer uses 2 connections to download them as quick as possible.Two connections are used as this is a defined in the HTTP standards, however increasing this limit may speed up some pages made from many elements. This does involve modifying the registry, so should only be attempted if you are confident in doing so (and have appropriate backups).To start, load the Registry Editor by starting "regedit" from the run box (press WINDOWS KEY + R to load this):
Then browse to the following folder:
Code:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
In the right panel there are two entries called MaxConnectionsPerServer and MaxConnectionsPer1_0Server that store the maximum connection values. Double clicking each of them and selecting a decimal value will create a new connection limit. 8 Connections is a sensible limit to see how the performance changes:
Once you have restarted your computer, the new connection limit will be in place. To revert the changes, simply change the connection limit back to 2.
Add this code
Friday, January 9, 2009
How to remove winthb.exe virus?
This is a trojan virus.
Effects
1)It will change C:\ drive's icon.
2)It will change C:\ drive's Label to %$thb$% or !@#thb!@#
How to remove
1)Open search and type winthb.exe and then search autorun.inf
2)If you find these files you'r computer is infected.
3)Now restart you'r computer and enter in safe mode.
4)After enter Click on Start/Run .
5)Type cmd.
6)Now make sure you are using infected drive (for example C:\ drive).
7)Now type attrib -h -r -s winthb.exe
8)Then type del winthb.exe
9)Again type attrib -h -r -s autorun.inf
10)Type del autorun.inf
Now enter windows normally
11)To make sure virus is deleted, click start/run.
12)Type regedit
13)clickHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Advanced\Folder\Hidden\SHOWALL.
14)Right Click checked value.
15)click modify.
16)Change Hexadecimal value to 1 and click ok.
17)Now open My Computer and click on Tools and click folder options.
18)Now choose view tab and in Hidden files and Folders make "Show hidden Files and Folders".
19)look in C:\ drive (here C:\ drive) for autorun.inf and an icon named thb creations.
20)If no you'r computer is rescued otherwise call a mechanic.
Updates
Also do these to remove virus completely.
1) Press alt+ctrl+del key and click process tab.
2) Check for avgs.exe and win.exe processes.
3) Select these processes and click on end process.
4) Search for avgs.exe and win.exe.
5) Delete these files.
thx.
Add this code
Effects
1)It will change C:\ drive's icon.
2)It will change C:\ drive's Label to %$thb$% or !@#thb!@#
How to remove
1)Open search and type winthb.exe and then search autorun.inf
2)If you find these files you'r computer is infected.
3)Now restart you'r computer and enter in safe mode.
4)After enter Click on Start/Run .
5)Type cmd.
6)Now make sure you are using infected drive (for example C:\ drive).
7)Now type attrib -h -r -s winthb.exe
8)Then type del winthb.exe
9)Again type attrib -h -r -s autorun.inf
10)Type del autorun.inf
Now enter windows normally
11)To make sure virus is deleted, click start/run.
12)Type regedit
13)clickHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Advanced\Folder\Hidden\SHOWALL.
14)Right Click checked value.
15)click modify.
16)Change Hexadecimal value to 1 and click ok.
17)Now open My Computer and click on Tools and click folder options.
18)Now choose view tab and in Hidden files and Folders make "Show hidden Files and Folders".
19)look in C:\ drive (here C:\ drive) for autorun.inf and an icon named thb creations.
20)If no you'r computer is rescued otherwise call a mechanic.
Updates
Also do these to remove virus completely.
1) Press alt+ctrl+del key and click process tab.
2) Check for avgs.exe and win.exe processes.
3) Select these processes and click on end process.
4) Search for avgs.exe and win.exe.
5) Delete these files.
thx.
Add this code
How to Manually Remove Net Screen Watcher ?
Net Screen Watcher:1. a spyware program2. monitors user activity on the compromised computer3. can capture screenshots of the compromised computer4. also modifies Windows registry5. run each time Windows is startedSolution:
1. Temporarily Turn off System Restore.2. Update the virus definitions.3. Reboot computer in SafeMode (During BootUp process Press F8)4. Run a full system scan and clean/delete all infected file(s)5. Delete/Modify any values added to the registry.
Click Start > Run
Type regedit at the box
Click OK.
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Net Screen Watcher ÍøÂçÆÁÄ»¼àÊÓ¹ÜÀí¶Ë ÆóÒµ°æ V1.78 (2008.08.26) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen Watcher ÍøÂçÆÁÄ»¼àÊÓ¹ÜÀí¶Ë ÆóÒµ°æ V1.78 (2008.08.26) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Win98 V1.68 Beta3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Windows Vista V1.68 Beta3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Windows2000/XP/2003 V1.68 (2007.08.03) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ¾«¼ò°æ For Windows2000/XP/2003 V1.68 (2007.11.14) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\ZQNSWkey
HKEY_LOCAL_MACHINE\SOFTWARE\ZQkey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSWServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”mynsw” = “C:\Program Files\Net Screen Watcher\wntsrv.exe”
6. Exit registry editor and restart the computer.7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software.
Add this code
1. Temporarily Turn off System Restore.2. Update the virus definitions.3. Reboot computer in SafeMode (During BootUp process Press F8)4. Run a full system scan and clean/delete all infected file(s)5. Delete/Modify any values added to the registry.
Click Start > Run
Type regedit at the box
Click OK.
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Net Screen Watcher ÍøÂçÆÁÄ»¼àÊÓ¹ÜÀí¶Ë ÆóÒµ°æ V1.78 (2008.08.26) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen Watcher ÍøÂçÆÁÄ»¼àÊÓ¹ÜÀí¶Ë ÆóÒµ°æ V1.78 (2008.08.26) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Win98 V1.68 Beta3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Windows Vista V1.68 Beta3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ°æ For Windows2000/XP/2003 V1.68 (2007.08.03) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Screen WatcherÓû§¶Ë£¨ÊܼàÊӶˣ© ÆóÒµ¾«¼ò°æ For Windows2000/XP/2003 V1.68 (2007.11.14) wxw.mynsw.cn
HKEY_LOCAL_MACHINE\SOFTWARE\ZQNSWkey
HKEY_LOCAL_MACHINE\SOFTWARE\ZQkey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSWServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”mynsw” = “C:\Program Files\Net Screen Watcher\wntsrv.exe”
6. Exit registry editor and restart the computer.7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software.
Add this code
How To Manually Remove Vundo Trojan ?
Vundo Description:Vundo is a widely-spread trojan that shows large amount of unsolicited pop-up advertisements. The spyware also silently downloads from the Internet and runs arbitrary potentially harmful files, mostly adware components. Vundo is distributed by e-mail in messages containing links to insecure web sites, which exploit certain security vulnerabilities of the Internet Explorer web browser. Once the user clicks on such a link, Internet Explorer opens a dangerous site that automatically installs the trojan into the computer without user knowledge and consent. Vundo is responsible for the severe decrease of the amount of computer virtual memory available. This results in noticeable PC performance slowdowns. Vundo secretly runs on every Windows startup.Vundo Manual Removal Instructions:
Step 1 : Use Windows File Search Tool to Find Vundo Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Vundo" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Vundo", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Vundo in the following manual removal steps.
Step 2 : Use Registry Editor to Remove Vundo Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Vundo" value, right-click on it and select the "Delete" option.
Locate and delete "Vundo" registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainActiveState 02F96FB7-8AF6-439B-B7BA-2F952F9E4800
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents 8109AF33-6949-4833-8881-43DCC232B7B2 2316230A-C89C-4BCC-95C2-66659AC7A775
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
Step 3 : Use Windows Command Prompt to Unregister Vundo DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Vundo DLL file is located and press the "Enter" button on your keyboard. If you don't know where Vundo DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Vundo" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Vundo.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Vundo" DLL files: vzbb.dll
Step 4 : Detect and Delete Other Vundo Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Vundo" process and click on the "End Process" button to kill it.
Remove the "Vundo" processes files: vzbb.dll
Add this code
Step 1 : Use Windows File Search Tool to Find Vundo Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Vundo" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Vundo", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Vundo in the following manual removal steps.
Step 2 : Use Registry Editor to Remove Vundo Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Vundo" value, right-click on it and select the "Delete" option.
Locate and delete "Vundo" registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainActiveState 02F96FB7-8AF6-439B-B7BA-2F952F9E4800
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents 8109AF33-6949-4833-8881-43DCC232B7B2 2316230A-C89C-4BCC-95C2-66659AC7A775
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
Step 3 : Use Windows Command Prompt to Unregister Vundo DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Vundo DLL file is located and press the "Enter" button on your keyboard. If you don't know where Vundo DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Vundo" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Vundo.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Vundo" DLL files: vzbb.dll
Step 4 : Detect and Delete Other Vundo Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Vundo" process and click on the "End Process" button to kill it.
Remove the "Vundo" processes files: vzbb.dll
Add this code
How To Remove Zlob Trojan?
What's Zlob Trojan?
Zlob Trojan is a backdoor Trojan which can give an anonymous attacker remote control over your PC. Zlob Trojan also lets the attacker execute commands on your PC, so that the attacker can gain control of your system and disable your security. Zlob Trojan puts your personal and financial information at risk.
Do I have Zlob Trojan?
Slow computer performance
New desktop shortcuts or switched homepage
Annoying popups on your PC
How did I get Zlob Trojan?
Freeware or Shareware
Peer-to-Peer Software
Questionable Websites
Remove Zlob Trojan Manually!To remove Zlob Trojan manually, you need to delete Zlob Trojan files.
Step 1 : Use Windows File Search Tool to Find Zlob Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Zlob" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps. Step 2 : Use Windows Task Manager to Remove Zlob Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "Zlob" process by name.
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
msmsgs.exe
nvctrl.exe
msmsgs.exe
nvctrl.exeStep 3 : Use Registry Editor to Remove Zlob Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Zlob" value, right-click on it and select the "Delete" option.
Locate and delete "Zlob" registry entries:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Zlob" DLL files:
uimcu.dll
antzozc.dll
dtjby.dll Step 5 : Detect and Delete Other Zlob Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
uimcu.dll
antzozc.dll
dtjby.dll
dumpserv.com
zxserv0.com
vnp7s.net
Protect
RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
msmsgs.exe
nvctrl.exe
dumpserv.com
zxserv0.com
vnp7s.net
%UserProfile%\Application Data\Microsoft\Protect
%UserProfile%\Application Data\Microsoft\Crypto\RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
Note: Here "%System" is a variable referring to your PC's System folder. Maybe you renamed it, but by default your System folder is "C:\Windows\System32" on Windows XP, "C:\Winnt\System32" on Windows NT/2000," or "C:\Windows\System" on Windows 95/98/Me.
"%Program_Files", "%ProgramFiles", or "%Profile" is a variable referring to a folder in your PC where applications that aren't a part of your PC's operating system are installed by default. You may have changed this folder's name or moved it, but if you didn't touch it, find the folder as "C:\Program Files". If you're having trouble finding this folder, you can locate it by looking up registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir".
Also, "%UserProfile" is a variable referring to your current user's profile folder. If you're using Windows NT/2000/XP, by default this is "C:\Documents and Settings\[CURRENT USER]" (e.g., "C:\Documents and Settings\JoeSmith").
Add this code
Zlob Trojan is a backdoor Trojan which can give an anonymous attacker remote control over your PC. Zlob Trojan also lets the attacker execute commands on your PC, so that the attacker can gain control of your system and disable your security. Zlob Trojan puts your personal and financial information at risk.
Do I have Zlob Trojan?
Slow computer performance
New desktop shortcuts or switched homepage
Annoying popups on your PC
How did I get Zlob Trojan?
Freeware or Shareware
Peer-to-Peer Software
Questionable Websites
Remove Zlob Trojan Manually!To remove Zlob Trojan manually, you need to delete Zlob Trojan files.
Step 1 : Use Windows File Search Tool to Find Zlob Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Zlob" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps. Step 2 : Use Windows Task Manager to Remove Zlob Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "Zlob" process by name.
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
msmsgs.exe
nvctrl.exe
msmsgs.exe
nvctrl.exeStep 3 : Use Registry Editor to Remove Zlob Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Zlob" value, right-click on it and select the "Delete" option.
Locate and delete "Zlob" registry entries:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Zlob" DLL files:
uimcu.dll
antzozc.dll
dtjby.dll Step 5 : Detect and Delete Other Zlob Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
uimcu.dll
antzozc.dll
dtjby.dll
dumpserv.com
zxserv0.com
vnp7s.net
Protect
RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
msmsgs.exe
nvctrl.exe
dumpserv.com
zxserv0.com
vnp7s.net
%UserProfile%\Application Data\Microsoft\Protect
%UserProfile%\Application Data\Microsoft\Crypto\RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
Note: Here "%System" is a variable referring to your PC's System folder. Maybe you renamed it, but by default your System folder is "C:\Windows\System32" on Windows XP, "C:\Winnt\System32" on Windows NT/2000," or "C:\Windows\System" on Windows 95/98/Me.
"%Program_Files", "%ProgramFiles", or "%Profile" is a variable referring to a folder in your PC where applications that aren't a part of your PC's operating system are installed by default. You may have changed this folder's name or moved it, but if you didn't touch it, find the folder as "C:\Program Files". If you're having trouble finding this folder, you can locate it by looking up registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir".
Also, "%UserProfile" is a variable referring to your current user's profile folder. If you're using Windows NT/2000/XP, by default this is "C:\Documents and Settings\[CURRENT USER]" (e.g., "C:\Documents and Settings\JoeSmith").
Add this code
How To Manually Remove SCVHOST.EXE Virus?
In some antivirus they are detected as W32/YahLover.Worm.gen from McAfee Antivirus and Win32/Autorun.R.worm from NOD32Solution:
Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
And after you log-in the command prompt you must log-in as Administrator.
Type cd C:\windows\system32
Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
Type ATTRIB -H -R -S SCVHOST.EXE
Type ATTRIB -H -R -S BLASTCLNNN.EXE
Type ATTRIB -H -R -S AUTORUN.INI
Type DEL SCVHOST.EXE
Type DEL BLASTCLNNNN.EXE
Type DEL AUTORUN.INI
Type CD\
Type ATTRIB -H -R -S AUTORUN.INF
Type DEL AUTORUN.INF
You are almost done, reboot your PC.
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
Look the location entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.
We are now done. Please Restart your PC now
Add this code
Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
And after you log-in the command prompt you must log-in as Administrator.
Type cd C:\windows\system32
Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
Type ATTRIB -H -R -S SCVHOST.EXE
Type ATTRIB -H -R -S BLASTCLNNN.EXE
Type ATTRIB -H -R -S AUTORUN.INI
Type DEL SCVHOST.EXE
Type DEL BLASTCLNNNN.EXE
Type DEL AUTORUN.INI
Type CD\
Type ATTRIB -H -R -S AUTORUN.INF
Type DEL AUTORUN.INF
You are almost done, reboot your PC.
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
Look the location entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.
We are now done. Please Restart your PC now
Add this code
How to remove WORM_AGENT.VDO?
Solution:
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your computer with your antivirus product.
NOTE the path and file name of all files detected as WORM_AGENT.VDO.
Terminating the Malware Program
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
If the process you are looking for is not in the list displayed by Task Manager, proceed to the succeeding solution set.
Open Windows Task Manager.• On Windows 98 and ME, pressCTRL+ALT+DELETE• On Windows NT, 2000, XP, and Server 2003, pressCTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On computers running Windows 98 and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process.
On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Task Manager or Process Explorer, continue with the next solution procedure, noting additional instructions. If the malware process is in the list displayed by either Task Manager or Process Explorer, but you are unable to terminate it, restart your computer in safe mode.
Editing the Registry
This malware modifies the computer's registry. Users affected by this malware may need to modify or delete specific registry keys or entries. For detailed information regarding registry editing, please refer to the following articles from Microsoft:
HOW TO: Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows ME
HOW TO: Backup, Edit, and Restore the Registry in Windows NT 4.0
HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003
Removing Autostart Entry from the Registry
Removing Autostart Entry from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup. In this procedure, you will need the name(s) of the file(s) detected earlier.
If the registry entry below is not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.
Restoring Modified Registry Entry
Still in the Registry Editor, in the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft\Windows NT\CurrentVersion\Winlogon
In the right panel, locate the entry:Userinit = "%System%\userinit.exe, {Malware name}"(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Right-click on the value name and choose Modify. Change the value data of this entry to:Userinit = "%System%\userinit.exe,"
Close Registry Editor.
Deleting AUTORUN.INF
Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[Autorun]OPEN=fooool.exeshell\open=shell\open\Command=fooool.exeshell\open\Default=1shell\explore=shell\explore\Command=fooool.exe
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running AntivirusIf you have recently transferred file from your Symbian Series 60 phone to your desktop computer, please also perform the following solution. -->
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with antivirus and delete files detected as WORM_AGENT.VDO. To do this, users must download the latest virus pattern file and scan their computer
Add this code
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your computer with your antivirus product.
NOTE the path and file name of all files detected as WORM_AGENT.VDO.
Terminating the Malware Program
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
If the process you are looking for is not in the list displayed by Task Manager, proceed to the succeeding solution set.
Open Windows Task Manager.• On Windows 98 and ME, pressCTRL+ALT+DELETE• On Windows NT, 2000, XP, and Server 2003, pressCTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On computers running Windows 98 and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process.
On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Task Manager or Process Explorer, continue with the next solution procedure, noting additional instructions. If the malware process is in the list displayed by either Task Manager or Process Explorer, but you are unable to terminate it, restart your computer in safe mode.
Editing the Registry
This malware modifies the computer's registry. Users affected by this malware may need to modify or delete specific registry keys or entries. For detailed information regarding registry editing, please refer to the following articles from Microsoft:
HOW TO: Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows ME
HOW TO: Backup, Edit, and Restore the Registry in Windows NT 4.0
HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003
Removing Autostart Entry from the Registry
Removing Autostart Entry from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup. In this procedure, you will need the name(s) of the file(s) detected earlier.
If the registry entry below is not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.
Restoring Modified Registry Entry
Still in the Registry Editor, in the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft\Windows NT\CurrentVersion\Winlogon
In the right panel, locate the entry:Userinit = "%System%\userinit.exe, {Malware name}"(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Right-click on the value name and choose Modify. Change the value data of this entry to:Userinit = "%System%\userinit.exe,"
Close Registry Editor.
Deleting AUTORUN.INF
Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[Autorun]OPEN=fooool.exeshell\open=shell\open\Command=fooool.exeshell\open\Default=1shell\explore=shell\explore\Command=fooool.exe
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running AntivirusIf you have recently transferred file from your Symbian Series 60 phone to your desktop computer, please also perform the following solution. -->
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with antivirus and delete files detected as WORM_AGENT.VDO. To do this, users must download the latest virus pattern file and scan their computer
Add this code
How to manually remove Backdoor.livup (msstart.exe) Trojan-horse?
This method only works on Windows 2000/XP/2003/NT/ME.
Step 1: Configure Microsoft Windows Explorer to show all files, because most Virus and Trojan horse can hide itself. If you already did it, you may skip this step.
1. Click Start, point to Settings, and Control Panel, and then click Folder Options.
2. In the Folder Options dialog box, click the View tab.
3. In the Advanced settings box, deselect the Hide protected operating system files (Recommended).
4. Select the Show hidden files and folders.
5. Deselect the Hide file extensions for unknown file types.
6. Click OK to save changes.
Or Download RRT(Remove Restrictions Tool) a tool to re-enable Ctrl+Alt+Del, Folder Options and Registry tools.
Step 2: Press Ctrl+Alt+Del, open Task Manager Program, click Processes tab, and find msstart.exe process, if found, select it and click End Process to kill it.
Step 3: Go to the folder of SystemRoot\Winnt\System32 (If your Windows NT/2000/XP/2003 installed on driver C: then the folder is C:\Winnt\System32), find msstart.exe and directly delete it. Or you can also search for all of msstart.exe files by using Windows Search feature (WINDOWS+F shortcut key), and delete them all.
If all of the steps are completed correctly, then the Trojan has been completely removed.
Add this code
Step 1: Configure Microsoft Windows Explorer to show all files, because most Virus and Trojan horse can hide itself. If you already did it, you may skip this step.
1. Click Start, point to Settings, and Control Panel, and then click Folder Options.
2. In the Folder Options dialog box, click the View tab.
3. In the Advanced settings box, deselect the Hide protected operating system files (Recommended).
4. Select the Show hidden files and folders.
5. Deselect the Hide file extensions for unknown file types.
6. Click OK to save changes.
Or Download RRT(Remove Restrictions Tool) a tool to re-enable Ctrl+Alt+Del, Folder Options and Registry tools.
Step 2: Press Ctrl+Alt+Del, open Task Manager Program, click Processes tab, and find msstart.exe process, if found, select it and click End Process to kill it.
Step 3: Go to the folder of SystemRoot\Winnt\System32 (If your Windows NT/2000/XP/2003 installed on driver C: then the folder is C:\Winnt\System32), find msstart.exe and directly delete it. Or you can also search for all of msstart.exe files by using Windows Search feature (WINDOWS+F shortcut key), and delete them all.
If all of the steps are completed correctly, then the Trojan has been completely removed.
Add this code
How to confirm your xp is genuine?
1)Select Start/Run.
2)Type "oobe/msoobe /a" without quotes.
3)If you get a dialog box saying that "Thanks for using our product" or "Windows is already activated in your pc" then you have a genuine
copy of windows.
Add this code
2)Type "oobe/msoobe /a" without quotes.
3)If you get a dialog box saying that "Thanks for using our product" or "Windows is already activated in your pc" then you have a genuine
copy of windows.
Add this code
Subscribe to:
Posts (Atom)