Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Monday, October 20, 2014

Browser Redirect Virus Removal Guide

Most browser redirects are caused by adware and potentially unwanted programs (PUPs). A PUP is a software program that is downloaded onto your PC or other Internet-enabled device without clearly stating its intention to do so. That in itself is rather worrying and has us immediately questioning the software developer's intentions, and the PUP's ability to do us harm. But does it mean that it is malware?

At first glance it would be easy to label PUPs that redirect your browser to shady and sometimes even malicious websites as malware simply because of the sneaky way which it installs itself on your computer. Certain adware and potentially unwanted programs add web browser extensions that can track your web usage and redirect you to fake Flash update sites, fake Java update and other websites that offer misleading services and even malicious programs. But the fact is that most such programs don't actually do any damage: they're not password crackers or key loggers which record login details and other information and they won't shut your operating system down or corrupt your files. That means that technically speaking, browser redirects and programs that cause tahem are not considered malware. So what are they?


What is a browser redirect?

First of all, there's a really huge problem that most anti-virus programs do not take browser redirects as a serious threat. Even though, browser redirects are not malicious but they do redirect users to shady websites. Most of them try to trick users into install malware, adware or other potentially unwanted programs. The name Potentially Unwanted Program comes from the way in which the PUP is installed. It's a program because generally speaking it will have a use. For example, it may be a tool bar. But if that’s the case, why is it potentially unwanted? This is the real difference with malware – although your PUP isn't malicious it's still something you haven't made a conscious decision to install. Therefore PUPs lie in somewhat of a grey area: you might wind up finding that tool bar useful. Or you may not. As a matter of fact, some users even get used to browser redirects thinking that they came with the latest web browser updates.

It might amuse you to know that software developers who create adware and PUPs take offense to their programs being called malware and will counteract any such accusation with the argument that their creation is actually useful. The fact that you didn't know you were downloading it in the first place is neither here nor there! Question remains then how should be call a program that installs additional modules on your computer that are responsible for web browser redirects? I don't know about you but I'm pretty certain it's a virus or malware to say the least.

So while there may be some practical features to a PUP, why then may you not want the program? Well, browser redirect aside (and really, weren't you happy with the one you were using anyway?) the problem is that most Potentially Unwanted Programs, adware and malicious browser extensions can be pretty darn annoying.

Potentially Unwanted Programs - the dark side

Okay, so you'd rather have browser redirects on your computer than a Trojan Horse, but you'd really be better off without either! Even if you get used to redirects or new home page it will only be a matter of time before you start noticing it's not all it seems.

The issue is that PUPs and browser hijackers have been developed to create a source of income for the developer and as such they will change your browser settings and your home page to one that the developer wants you to see. Not only this but typing a search query into the search box or a URL into the browser will redirect you, not to the website you want to visit, but again, to one that the developer wants you to go to.

Removing browser redirect

PUPs and adware are usually simple to get rid of through the Windows Control Panel but because they're not classed as malware many anti-viruses don't spot them. My advice? Install a reputable anti-malware program and run a full system scan. Then reset your browser settings and clean %Temp% folders. If you don't know how to do that properly, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Browser Redirect Virus Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove browser redirect related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Quiknowledge
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove browser redirect related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



Remove browser redirect related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



Remove browser redirect related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove WordProser Ads (Virus Removal Guide)

Ever wondered why if you are looking at potential holiday destinations online, you're now constantly seeing adverts for hotels in one of the locations you were researching, or for cheap flights to the same region? No, it's not a spooky coincidence: welcome to the world of adware. WordProser is one of many adware programs that display ads on infected computers and may redirect users to shady websites.


What is WordProser?

WordProser or Word Proser is computer software that has the ability to either display or download online adverts on your PC when you're connected to the Internet. It's fairly easy to spot new ads on websites that previously had no ads or had at least had less space occupied by ads. Once infected with this adware, you will most likely notice 'WordProser Ads' or 'Ads by WordProser' above or below ads. These adverts come in different shapes and sizes: they may be pop-up or pop-under windows, they might be banner adverts, they could be links, or they might be boxes that are displayed at the edges of the screen. As mentioned, they most likely represent something you've been looking at or are interested in. And while initially this may seem like a bit of a weird coincidence it won't be long before you notice that anything you've spent any reasonable amount of time looking at online is now appearing as on screen advertising. On the other had this adware may simply display ads that are currently available without taking ant other consideration like your searches or visited websites. Very often, it displays fake pop-ups saying that your Flash player is outdated. Sometimes, it displays fake Java update pop-ups and similar ads.

How does WordProser work?

Often times WordProser will be bundled with a computer program or some software that you are downloading. And don't make the mistake of thinking that adware is only bundled with dodgy downloads or freebie wallpapers; it can be packaged with these, yes, but it is just as likely to come with something you've paid for. I got it after downloading download accelerator program. The adware was introduced as a useful tool that allows you to find information easier. Right after that, it clearly indicates that Word Proser will install as ad supported software. Word Proser labeled intext, transitional, shopping, and image advertisements will be inserted to appear within sites you visit during general internet usage. In other words, it says that it will display ads on your computer.

So who creates such adware, and why? Adware is created by software developers who use adware as a means of recouping the cost of developing the main software program by generating income via the ads. This enables them to offer their genuine product for little or no cost to the end user.

So how does this adware actually know what you're browsing and therefore which adverts to show you? One of the 'features' of WordProser adware is that the software developer has designed it in such a way that it has the capability to monitor your Internet usage. It will record which websites you visit and send that data back to the developer. They will then use this information to customize the adverts you're seeing based on the websites that you've recently been browsing.

You could be forgiven for thinking that this might actually have its advantages for you as a user but you’ll probably soon find that targeted adverting is pretty annoying and intrusive. Especially the relentless pop-up or pop-under adverts. And when you stop to consider that somebody is monitoring your browsing habits so that they can try and give you the hard sell, you’ll probably start to see adware as not just simply ‘advertising’ but as an invasion of your privacy.

How worried should I be about it?

Multiple anti-virus engines have detected malware in WordProser: InfoAtoms (fs), a variant of Win32/AdWare.Vitruvian.D.

Although software developers normally contest the invasion of privacy theory, there are an increasing number of people who are not happy about having their Internet usage monitored by a complete stranger. The developers may claim that their tool is simply collecting website visits, but how do we really know for sure what data they're gathering? Don't take the risk: remove this adware and from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


WordProser Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove WordProser related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • WordProser
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove WordProser related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove WordProser, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove WordProser related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove WordProser, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

Remove WordProser related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Saturday, October 18, 2014

Remove Trojan.Gen.2 Virus (Uninstall Guide)

If you're reading this, chances are you've heard of Trojan.Gen.2 but you're not quite sure what it is. A few years ago, the only Trojan Horse most of us had heard of was the huge wooden one built by the Greeks and used to conceal their soldiers who connived their way through the city of Troy's gates after pretending that the horse was a peace offering. Well strange as it sounds, the Trojan Horse of Greek mythology actually has quite a lot in common with its 21st century counterpart.

Just as the Greeks used a very underhand method to enter Troy and attack it from within, Trojan.Gen.2 virus will employ the same means to attack your computer. That's because a modern Trojan Horse is a computer program that pretends to have useful qualities but actually will do far more harm than good. A Trojan Horse's MO is to con you into thinking it's useful or harmless when in fact it's the total opposite. This Trojan horse generic detection is usually used for detecting malware that cannot be identified and assigned to any particular malware family. Trojan.Gen.2 notification can be also shown when visiting infected websites. So, it's used not only to detect infected files and also websites.


What does Trojan.Gen.2 virus do?

Luckily it is pretty easy to spot if you have this Trojan horse on your PC - once you've installed it that is! There are a number of symptoms that will enable you to detect the presence of a Trojan horse, some of these are:
  • Your operating system has become sluggish and your computer keeps crashing
  • Your PC has suddenly become slow to start up when you turn it on
  • Opening websites takes a lot longer than you're used to
  • You start seeing a proliferation of pop up adverts
  • You have a new tool bar in your browser that you don't recall downloading
  • There are unrecognized icons in your list of programs or on your desktop
  • Your computer's default settings have changed - and keep changing even after you've switched them back
These symptoms are easy to notice however certain variants of Trojan.Gen.2 run in the background without any visible windows and pop-ups. The main goal of this virus is to download and install additional malware on your computer. It could be anything really, a browser hijacker or spyware. Since Trojan.Gen.2 is not the same for everyone and it keeps changing it's difficult to say what variant you have on your computer and what exactly it does. It may steal your personal information or maybe it will add your computer to a botnet. One thing is for sure - you need to remove it from your computer as soon as possible.

How to protect yourself from a malicious Trojan.Gen.2?

This is a list of a number of things you can do to make yourself as safe as possible when you're online:
  • Install a firewall to help stop unwanted and potentially dangerous connections from being made, thus preventing a Trojan horse from automatically connecting with your system. (Trojans scan networks and the Internet looking for vulnerable systems).
  • Always, always protect your computer from malware by installing a reputable anti-malware program. Manually run it with periodic frequency.
  • You need to make sure that your anti-malware is always the latest version and fully up to date too. Install the latest patches and upgrades that the developer issues.
  • Be careful opening attachments and links in emails if you don't recognize the sender.
  • Don't download software, programs, shareware or freeware if you don't know or trust the publisher or website. Trojans often piggyback on other, more legitimate, programs.
  • Be careful about the type of websites you visit. And that goes for anyone else who uses your PC too. Trojans target certain websites and install Active X controls on them, so do look out for these – and avoid wherever possible.
How to remove Trojan.Gen.2?

It's a very difficult infection to remove manually. Besides, it can download and install more malware on your computer which means you don't really know what else you have on your computer and where to find all the malicious files. A lot better idea would be to run a full system scan with anti-malware software and a few other on demand malware scanners. That's actually the only way to be 100% sure there are not other malicious file left behind that could possibly re-download deleted malware files. To remove this Trojan virus from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Trojan.Gen.2 Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.





2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.



Read more

Friday, October 17, 2014

How to Remove CryptoWall 2.0 Virus and Restore Encrypted Files

CryptoWall 2.0 is an encryption virus (ransomware) that encrypts your files and then requires a $500 USD, 500 EUR or 0.5 Bitcoin ransom in order to get a decrypter. It's very similar to the Cryptorbit virus but this one is actually a lot more sophisticated then previous variants. It now uses unique bitcoin payment addresses for each victim instead of hard coded links that were basically the same for most victims. Scammers now also use their own TOR gateways to stay hidden from the authorities but probably the worse thing is that the new CryptoWall 2.0 ransomware virus makes it almost impossible to recover your files unless you regularly create back ups. There are, however, one trick that might work for some of you. To remove this virus from your computer and restore at least some of encrypted files, please follow the removal guide below.


How does the CryptoWall 2.0 virus work? Well, once installed, it starts to encrypt your files in the background and sadly most people do not realize this ransomware virus is on their computer until it displays the ransom note and your files have already been encrypted. The ransom note is a simple HTML file with instructions on how to pay the ransom and get your encryption key. It's not a joke, it's a very serious problem. Here's how the DECRYPT_INSTRUCTION.HTML reads:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

And finally, there are instructions on how to pay the ransom and recover your files. Usually, there are a few links to TOR websites, for example tor4pay.com, pay2tor.com, tor2pay.com, and pay4tor.com. As I said, they are all unique for each victim ending with personal identification numbers.

CryptoWall 2.0 uses the RSA-2048 encryption algorithm to encrypt your files. Once your files are encrypted, it deletes the original files and if you don't have back ups there's really not much you can do to get them back.

Many of us spend a significantly high proportion of our time on a computer and on the Internet. And that leaves us open to attack by any number of viruses and different types of malware. And one of the most unpleasant of all of these is something called ransomware. This nasty Internet menace can cause untold harm to both your personal, and your PC's, security.

Despite what many people think, and despite its malicious characteristics, CryptoWall 2.0 is not actually a virus. But whatever you decide to call it, one thing is certain and that is that you really don't want it installed on your computer! They say that to be forewarned is to be forearmed, so let's take a closer look at what ransomware is, what effect it can have, and how to avoid it.

It's main 'modus operandi' is to attack and destroy your files and documents from within your operating system and encrypt personal files that are valuable to you. Such viruses are sneaky and stealthy and will install themselves on your computer by pretending to be something that they're really not - i.e. something harmless and useful. They are also distributed via infected websites and fake emails. How ironic is that?

Unlike a regular computer virus, CryptoWall 2.0 doesn't replicate itself and infect other PCs and users. What it will do however is encrypt your files and install more malware on your computer. Which in turn creates further problems and leaves your online security wide open and defenseless.

Therefore, protecting yourself from this infection is paramount but luckily there are a number of steps you can take to boost your line of defense. First of all, make sure that your PC has a firewall installed and turned on. Also, check that your anti-virus software is a reputable make and is running on the latest version and has up-to-date patches installed. You also need to run it regularly, manually, not just sit back and let it tick away in the background. Finally, don't download programs from untrustworthy sources or third party websites. Stay safe – stay ransomware free.

So what should you do your files have been encrypted? Easy to say, but try not to panic and most definitely do not pay any money unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that scammers will recover your files.

If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing CryptoWall 2.0 and related malware:


Before restoring your files from shadow copies, make sure CryptoWall 2.0 is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by CryptoWall 2.0 virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Before using Shadow Explorer, you can try to decrypt some of your files using RakhniDecryptor.exe and RectorDecryptor.exe from Kaspersky. These tools might help you, but please note that they were not designed decrypt the data encrypted by this ransomware virus. However, you can still try them.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Tuesday, October 14, 2014

Remove Ads By JSFeed (Uninstall Guide)

To the uninitiated (or those that have yet to be infected by it) JSFeed adware, or Advertising-Supported Software, may simply appear to be the online adverts that you see on your computer screen when you're connected to the Internet. And whilst this is indeed true, what you may not realize is that JSFeed can make a real nuisance of itself, as well as leaving your PC vulnerable to security issues. Therefore if you suspect that you've been infected by this adware and have it installed on your machine, we advise you to get rid of it as quickly as possible. To do so, please follow the steps in the removal guide below.


True, JSFeed is not as dangerous as some types of malicious software but it can still have an adverse effect not only on your computer but on your user experience too.

What is JSFeed adware?

JSFeed is a computer software program that has been created to display adverts on your PC. Ads usually say "Ads By JSFeed." It invades your privacy by monitoring the websites you visit, collecting data about your browsing habits and then customizing the adverts that you see to reflect recent searches, websites visited and products or services looked at. Everything is done using web browser extensions that may be installed under different names not necessarily JSFeed.

It has some undesirable side effects too. Not least of which is its ability to redirect your search to a website of its own choice when you're looking for something online. It will also slow your computer and Internet connection speed down because the component that this adware installs on your device to track your web usage is working in the background to send constant streams of data back to the software developer.

How can JSFeed affect my computer?

JSFeed by its very nature isn't subtle, and you should know if you have it on your machine purely by all the adverts you're seeing – particularly those that are tailor made to suit your Internet interests. Ads by JSFeed may be pop-up or pop-under windows, banners, 'traditional' advert boxes or links. However, this aside, if you actually took a look at the list of programs that are installed on your PC, you probably won't find anything that appears to be adware.

How did it get installed on my PC?

It is normally bundled with freeware or shareware programs. This method is widely used by software developers to generate income and recoup the development costs of the original freeware. However you may inadvertently install JSFeed by visiting a website that has been infected with it.

How to defend yourself against adware?

Many free software programs give you the option to upgrade, register for, or purchase an advert-free version so of course you could take this route. But if you'd prefer to not entertain the idea of adware in the first place you need to start reading License Agreements properly when you download something as adware is usually referred to in them, albeit in a rather around about way. Sometimes you'll find the wording ambiguous and checked boxes pre-checked (and vice versa) when they shouldn't be so watch out for that. Otherwise, the obvious answer is to download a reputable anti-malware program – ASAP! If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Ads By JSFeed Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove JSFeed related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • JSFeed
  • TinyWallet
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove JSFeed related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove JSFeed, TinyWallet, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove JSFeed related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove JSFeed, TinyWallet, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

Remove JSFeed related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Sunday, October 12, 2014

What is dnkt.exe and how to remove it?

dnkt.exe - by Perion Network Ltd.


What is dnkt.exe?


dnkt.exe is a part of adware and Webtoolbar. It's digitally signed by Perion Network Ltd. It's not a virus (see scan results) but it can cause havoc, slow down your computer and display ads. Even though, it's usually detected as not-a-virus:WebToolbar.Win32.Perinet.d, Adware-SweetIM you can see that other anti-virus engines have detected a lot more dangerous malware in dnkt.exe. For example, Trojan.Win32.StartPage.45 which means this antivirus program thinks it has characteristics similar to those of Trojan horses. Other well known anti-virus programs say it's a Trojan.Win32.WebToolbar.degcww. Once installed, this adware installs a few additional components that display ads on your computer. It may install malicious browser extensions as well. It can also change your Proxy settings without your knowledge and send your web traffic through rogue proxy servers that may later use all gathered information to redirect your web browser to dodgy websites or display ads on your computer. If you try to change modified Proxy server or disable it, dnkt.exe will change it back. So, it works pretty much as a browser hijacker. Needless to say, it's not essential for Windows and may cause serious problems. This program can be removed manually but it would be better to use an anti-malware program because if it's installed on your computer then there might be other potentially harmful software installed as well.







File name: dnkt.exe
Publisher: Perion Network Ltd.
File Location Windows XP: C:\Windows\SysWOW64\mjcm\
File Location Windows 7: C:\Windows\SysWOW64\mjcm\
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run → dnkt.exe

Read more

How to remove PUP-FNK (Uninstall Guide)

PUP-FNK is a potentially unwanted program that will display ads on your computer. It may also redirect your web browser to shady websites. In everyday life we encounter plenty of unwanted nuisances and unfortunately that also includes our online lives too. And seeing as how so many of us spend both our working and leisure time in front of a computer, the chances of us being bugged in this area of our lives is pretty high too.

From adware and spyware to viruses and Potentially Unwanted Programs like PUP-FNK, it seems we're under constant threat when we're using the Internet. PUPs are just one more annoyance that, whilst not being downright dangerous, are still something many of us don't have the time or the patience to deal with.


What are Potentially Unwanted Programs?

Potentially Unwanted Programs are software that installs itself without warning on your computer. They are most usually tool bars, browsers extensions and home pages. PUP-FNK, however, is a slightly different variant that is responsible for just one or few components of particular adware. Since there are many adware programs you will have to identify it yourself. It could be Yontoo for instance.

There are virtually innumerable different variations of PUP-FNK and unless you want the hassle of constantly trying to get rid of them when you're working, playing or browsing online, you should really find out a little bit more about them. For example, how do PUPs get on your machine in the first place and, crucially, what you can do to stop them.

What can PUP-FNK do to my computer?

As mentioned, PUP-FNK is a program that has been designed to target your PC with unwanted tools or applications. They can also install an adware component on your machine which will display endless pop-up, pop-under and banner adverts. There are other Potentially Unwanted Programs which even install additional software on your computer which, when you're searching online, will direct you not to the website you're looking for but to another one that the software developer wants you to visit instead. How annoying is that?

Is PUP-FNK a Virus?

Technically speaking, it's not a virus. That's not to say that it doesn't still exhibit some unpleasant behavior. And it's not just the browser hijacking antics or the new un-user-friendly tool bar, because it can also have a detrimental effect on your user experience. Think about the pain of having to constantly close reoccurring pop-up ads and never being able to get to the website you need to look at because you're always being redirected to rogue URLs.

Why Create a Potentially Unwanted Program?

Software developers create PUPs like PUP-FNK to generate revenue through advertising. Many PUPs contain adware so the developer can manipulate SEO (Search Engine Optimization) techniques and direct visitors to websites they have a vested interest in.

How did this infection get onto my PC in the first place?

Most likely it's when you downloaded some free software; a TV series, a tool that correctly displays non-Romanized characters on your PC etc. PUPs will be bundled with this software allowing them to sneak onto your PC.

How can I avoid PUPs?

Crucially you need to be alert when downloading software. Read the license agreement carefully and uncheck any boxes that say you agree to download any 'added extras'. These sneaky developers will try anything to surreptitiously slide their PUP-FNK past you!

To remove PUP-FNK from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


PUP-FNK Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove PUP-FNK related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Quiknowledge
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove PUP-FNK from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



Remove PUP-FNK from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



Remove PUP-FNK from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more