VirusMed’s goal is to help you remove and eliminate viruses and spyware from your computer for FREE. Computers are in many ways similar to humans, once infected, they run slow and become less productive. Currently, it is estimated that tens of millions of computers are infected worldwide with anything ranging from spyware to viruses to adware.
VirusMed receives hundreds of thousands of visitors each week / month and hopes to provide them with solutions to their personal computer problems. We can help with any type of malware (viruses, spyware, adware, worms, and many more). The guides will provides a manual and automatic way to remove the specific malware.If you have comments, please feel free to provide it on any of our posts.
Recent Entries
Mar 31, 2012 How to
Safe Mode With Networking is a diagnostic mode of the Windows Operating System which can be used to troubleshoot issues in the computer such as computer viruses. Safe Mode With Networking will only load programs necessary for operation of the computer and will allow internet access. However, the virus may make changes to the internet settings in Internet Explorer; therefore, the user will need to roll back these changes in order to access the internet.
Instructions to Enter Safe Mode:
1) Restart the Computer or Turn on the Computer
2) Immediately press F8 repetitively when the computer turns on
3) The screen below will come up (or a similar screen depending on the operating system)
4) Select “Safe Mode With Networking”
5) Once inside safe mode, hopefully the virus will not load (since it is not necessary for operation of Windows) and the user will be able to attempt to remove the virus
Mar 28, 2012 Rogue Application
Windows Debug Center is a fake computer program which is designed around the Windows interface to make the program look like many other programs on the computer. However, Windows Debug Center is a fake program with only one main goal: to attempt to make the user purchase the fake program. The user should remove Windows Debug Center immediately once it infects the computer since it is a virus. The fake program will find “fake” viruses on the computer and alert the user repetitively even though Windows Debug Center is essentially a virus. Windows Debug Center is similar to its predecessor, Windows Problems Stopper.
Windows Debug Center can be removed easily with the removal tool which is provided below called Malwarebytes, which is free. Malwarebytes will remove the virus for free. Alternatively, you can attempt a system restore or follow the instructions below to manually remove the virus.
Manual Removal -
Terminate Windows Debug Center Process (Click Here To Learn How)
protector-fmy.exe
Delete Windows Debug Center Files (Click Here To Learn How)
C:\Users\Administrator\AppData\protector-fmy.exe
Delete Windows Debug Center Registry Entries (Click Here To Learn How)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”protector-fmy.exe”
Mar 19, 2012 Rogue Application
Windows Problems Stopper is a fake computer program which uses the Windows interface to make the program look legitimate. Windows Problems Stopper does this in order to make the user believe that the warnings shown by the program are real. However, Windows Problems Stopper is a fake program and the warnings shown by Windows Problems Stopper are generally programmed to show on all computer. We recommend that the user save their money and remove Windows Problems Stopper.
There are FREE ways to remove Windows Problems Stopper, which have been highlighted below. The computer will be sluggish once Windows Problems Stopper is installed since the program will block programs from running in order to avoid removal by the user. Log into another user account or boot into safe mode to avoid Windows Problems Stopper. The removal tool provided below is Malwarebytes, which will provide free removal of viruses.
Manual Removal -
Terminate Windows Problems Stopper Process (Click Here To Learn How)
protector-fmy.exe
Delete Windows Problems Stopper Files (Click Here To Learn How)
C:\Users\Administrator\AppData\protector-fmy.exe
Delete Windows Problems Stopper Registry Entries (Click Here To Learn How)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”protector-fmy.exe”
Jun 25, 2011 Rogue Application
Vista Security 2012 is a fake utility which is an imitation of a real utility except that Vista Security 2012 can’t fix any issues like a real utility. Vista Security 2012 is downloaded and installed when on specific websites which have malicious code. Some of the code can be in advertisements shown by websites. Vista Security 2012 will block the internet by showing that the computer is infected with many issues such as Trojan-BNK.Win32.Keylogger.Gen, which is fake. Don’t waste money on Vista Security 2012 and remove it. The problem is Vista Security 2012 and the problem needs to be fixed. There are FREE ways to remove Vista Security 2012, which have been highlighted below. The computer will be sluggish once Vista Security 2012 is installed. Logging into another user account is a good way to use the internet if Vista Security 2012 is installed.
Malwarebytes has free removal of fake utilities such as Vista Security 2012. You can download Malwarebytes by clicking the button below.
Manual Removal -
Terminate Vista Security 2012 Process (Click Here To Learn How)
aad.exe
Delete Vista Security 2012 Files (Click Here To Learn How)
C:\Users\Administrator\AppData\Local\aad.exe
Delete Vista Security 2012 Registry Entries (Click Here To Learn How)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”aad.exe”
Jun 22, 2011 Rogue Application
XP Security 2012 is a fake utility downloaded and installed from a malicious website on the internet with a malicious file such as a trojan horse. This type of program is installed without user acknowledgment and may look like a Windows utility since it uses the Windows trademark. The program is randomly installed and it generally a surprise for the majority of users. XP Security 2012 is not a utility designed for Windows nor is it a utility designed by Microsoft or Windows. XP Security 2012 will report about 40+ issues such as Trojan-BNK.Win32.Keylogger.Gen and will recommend the purchase of XP Security 2012. XP Security 2012 is not a program which the user should want since it is fake and is a main reason behind current sluggishness in the computer.
Malwarebytes has free removal of fake utilities such as XP Security 2012. Malwarebytes can be downloaded below by clicking the button below.
Manual Removal -
Terminate XP Security 2012 Process (Click Here To Learn How)
dfw.exe
Delete XP Security 2012 Files (Click Here To Learn How)
C:\Documents and Settings\Administrator\Local Settings\Application Data\dfw.exe
Delete XP Security 2012 Registry Entries (Click Here To Learn How)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”dfw.exe”
Jun 20, 2011 Dangerous File
Windows Antidanger Center is a fake utility which is installed from the internet without user acknowledgment and attempts to look like a Windows program. Windows Antidanger Center is not a utility designed for Windows and is not a Microsoft application. The results from the computer scan from Windows Antidanger Center will be similar on all computers. The results will show a large number of errors and Windows Antidanger Center will then ask for money to fix the errors. Windows Antidanger Center is not a program which the user should want since it is fake.
There is free removal available for Windows Antidanger Center. Malwarebytes has free removal of fake utilities such as Windows Antidanger Center.
Download Malwarebytes Antimalware
Manual Removal -
Terminate Windows Antidanger Center Process (Click Here To Learn How)
prhfes.exe
Delete Windows Antidanger Center Files (Click Here To Learn How)
C:\Program Files\Administrator\Application Data\Microsoft\prhfes.exe
Delete Windows Antidanger Center Registry Entries (Click Here To Learn How)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”prhfes.exe”
Mar 13, 2009 Dangerous File, Helpful Information
Many times when you share files with friends, from a web sites or simply visiting a web site you could get your pc infested with a virus. This virus is know mostly as regsvr.exe virus, or as newfolder.exe virus and it can be identified as a file autorun.inf on your USB drives. Trend micro identified this as WORM_DELF.FKZ. It is spreading mostly using USB drives as the medium.
Here is how you can remove it manually or you can use a free detection software if you are not sure.
Follow all these steps very carefully to remove the virus.
Delete the content of the file
· Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
· Open the file in notepad and delete everything and save the file.
· Now change the file status back to read only mode so that the virus could not get access again.
· Click start->run and type msconfig and click ok
· Go to startup tab look for regsvr and uncheck the option click OK.
· Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
· Now go to control panel -> scheduled tasks, and delete the Al1 task listed their.
Enable Registry access
· Click on start -> run and type gpedit.msc and click Ok.
· If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
· Go to users configuration->Administrative templates->system
· Find “prevent access to registry editing tools” and change the option to disable.
· Once you do this you have registry access.
Delete regsvr files
· Click on start->run and type regedit and click ok
· Go to edit->find and start the search for regsvr.exe,
· Delete all the occurrence of regsvr.exe; remember to keep a backup before deleting, just incase if you need it. Make sure you know that regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
· At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” then just delete the regsvr.exe and leave the explorer.exe
Remove the virus
· Click on start->search->for files and folders.
· Their click all files and folders
· Type “*.exe” as filename to search for
· Click on ‘when was it modified ‘ option and select the specify date option
· Type from date as MM/DD/YYYY and also type To date as MM/DD/YYYY (today’s date)
· Now hit search and wait for all the exe’s to show up.
· Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed.
· Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
· Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
Re-start
· Now do a cold reboot (i.e. press the reboot button instead of shutting off power) and you are done.
Hope this helps you remove the virus from your PC and keeps it from infecting
Feb 26, 2009 Dangerous File, Trojan Virus
There are many viruses infecting computers around the World. Virus Trojan and virus horse are the common virus attacking computers now a days. Here I have described a way to identify viruses in your computer, safely remove it using detection tool, using antivirus software to get virus protection.
Trojan horse which is also known as trojan, which in the computer language describes as a class of computer threats which is also known as malware that looks like to perform a desirable function or functions but in reality performs malicious functions, without giving notice, that allows unauthorized access to the host computer of the person who created this virus, giving them ability to down load a file to monitor users activities, steal data, or even watch the user’s screen and control the computer remotely. This gives remote thieves full control of your computer using these types of Trojan or Trojan horse viruses.
This type of virus normally find a back door during let’s say when you are playing a computer game. By going through a back door, this virus can take control of the game. Trojan viruses gets down loaded when user is visiting a site, playing game online, shopping online, there are hundreds of way your computer can get inflected. This all happens without a notice or your permission. This Trojan virus term is derived from the story of the Trojan Horse.
There are many different type of Trojan viruses out there, here are the latest finding of some key viruses that your computer may have been infected.
wmisync.exe Trojan Virus; SpeedRunner.exe Trojan Virus; Srdshd.exe (Srdshd) Trojan Virus; Mlevsfdk.exe (Mlevsfdk) Trojan Virus; Sgxwd.exe (Sgxwd) Trojan Virus; Kva8wr.exe(Kva8wr) Trojan Virus; GetModule36.exe(Getmodule36) Trojan Virus; Gy.exe (Gy) Trojan Virus; Bkha.exe (Bkha) Trojan Virus; Perce.jpg.exe (Perce.jpg); Bogde.exe (Bofde) Trojan virus; Otdfi.exe (Otdfi); Cvsdfw.exe Trojan Virus; Viewtubesoftware.exe Trojan virus; Sdsxxdshd.exe Trojan Virus; Mswsivs.exe Trojan Virus; Dwwnw64r.exe Trojan Virus; Gsnd.exe(Gsnd) Trojan Virus; Gand.exe (Gand) Trojan Virus; Aspimgr.exe (Aspimgr) Trojan Virus
HOW TO REMOVE ABOVE VIRUSES FROM YOUR COMPUTER:
Virus listed above are most probably a Trojan Vundo or in general called Trojan type virus and it resides at following location. %\Documents and Settings\Users\Application Data\drivers\xxxxx.exe. You probably got this virus loaded in your computer when you visited some site and down loaded a file from internet. Be extra careful in removing these types of virus from your computer. Just deleting the file xxxxx.exe will not help spreading or harming your computer. If you are not sure use the FREE detection tool and remove the virus professionally or use the following procedure. Procedure varies slightly depending upon the virus type but you should have success if your computer knowledge is sufficient to follow steps describe below.
The procedure described here may vary a little depending upon what AV and Operating System you are using for your Computer. If you are not computer savvy then just use the FREE detection tool and it will tell you what viruses are present in your computer.
CAUTION! These xxxx.EXE Is Dangerous file, This file can creates many unwanted activities in your computer.
Looks for these Symptoms:
· It disables all your antivirus services so even if you have antivirus s/w it will not stop from infecting your PC.
· When you boot-up your PC, a process called winupgro.exe takes all the CPU power of your computer.
· Deleting winupgro.exe will not work at all as it always reappears when you reboot your PC.
· Most probably xxxxx.exe will be located in this directory
C:\Documents and Settings\Administrator\Application Data\drivers
Here are the Reasoning’s why after deleting a file you still have problems:
When you reboot your PC and if xxxxx.exe appears, there must be a copy of it hiding some other location on your drive under a different name. You just have to find that file.
Use MD5 checksum approach in finding the copy of this file xxxxx.exe. Here is a batch file which generates the checksums for all files in drive C:\ drive using the utility md5deep.exe (available on the internet). The batch files output is called “out.txt”.
Here is a listing of the batch that you can use:
@echo off
if exist c:\out.txt del c:\out.txt
for /r c:\ %%a in (*) do (md5deep %%~sa >>out.txt)
It will take about 20min to run and will find all hidden copies.
REMOVAL PROCEDURE:
· Reboot your PC and Go to “Windows Task Manager”>”Processes”,
locate the xxxxx.exe process and kill it.
· Perform a search to find the location of the xxxxx.exe file in your computer and note down the path but do not delete. Example C:\Documents and Settings\Administrator\Application Data\drivers
· If you don’t have a copy of the md5deep.exe checksum utility, locate it from the internet and get it. You also can use any other checksum utility.
· Copy and paste the listing of the batch showed above into a batch file c:\tt.bat then save it.
· Run the batch file tt.bat , it will take about 20min to generate the checksums for all the file on your C:\ drive (it will output this into the out.txt file)
· In out.txt go to the line which shows the checksum string for xxxxx.exe
(it should be like 2c4f10fd730e73c97378262fa326e0f9).
· Next do a search in out.txt for files that have the same checksum as xxxxx.exe
(There could be more than one).Example below:
2c4f10fd730e73c97378262fa326e0f9 c:\DOCUME~1\ADMINI~1\APPLIC~1\drivers\xxxxx.exe
2c4f10fd730e73c97378262fa326e0f9 c:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
So copy of xxxxxx.exe was hiding in C:\Program Files\Common Files\Symantec Shared (ironically NortonAV’s directory) under the ccApp.exe name. Note that ccApp.exe is the name of a legitimate Norton application, which was replaced by the virus. Again, depending on your computer, names and paths will be different. The only thing which will be constant is the name of the virus (i.e. xxxxxx.exe).
· Now delete xxxxx.exe and ccApp.exe (or whatever file you found with the same checksum as winpgro.exe).
· Go to regedit (Register edit), do a search for all entries which contain references for xxxxx.exe and/or ccApp.exe (or whatever file you found with the same checksum as xxxxx.exe).
· Reboot your PC. You should no longer have the CPU hogging xxxxx.exe in your process list. Re-install your antivirus.
Conclusions:
Hope that this helped cure your computer problem, pass it along to a friends and collogues at work or in the school, not the Virus but this Vaccine!
Feb 19, 2009 Dangerous File, Helpful Information
There are so many different viruses infecting computers around the Globe. Here is a list of all computer viruses to date for Feb. 2009 month alone and detection instructions for suspicious files. Look for the updates posted here as new viruses are discovered.
FEBRUARY 2009 Virus:
wmisync.exe Trojan Virus; VirusResponse Lab 2009, Antivirus 2009; Perfect Defender 2009; WinDefender 2009; Virus Trigger; AntivirusPro 2009; SpeedRunner.exe Trojan Virus; Srdshd.exe (Srdshd) Trojan Virus; Mlevsfdk.exe (Mlevsfdk) Trojan Virus; Sgxwd.exe (Sgxwd) Trojan Virus; Kva8wr.exe(Kva8wr) Trojan Virus; GetModule36.exe(Getmodule36) Trojan Virus; Gy.exe (Gy) Trojan Virus; Bkha.exe (Bkha) Trojan Virus; Perce.jpg.exe (Perce.jpg); Hgdfhsiueme.dll BHO virus; Bogde.exe (Bofde) Trojan virus; Otdfi.exe (Otdfi); Asyoclg.exe; Xuntxnk.exe; Safeguard2009 Virus; S2dsxdshd.exe; Sdsxdshd.exe; Torsi2225487.exe; Vgwsn87150.exe; Ijdkq13324484.exe; Ocboo1892823.exe; Frmwrk32.exe; Imooo.exe; Msiconf.exe; Burolage.exe; K9261108.exe; ~Tmpa.exe Virus file; Sdsdsd.exe; Sdsdshd.exe; Xppolice.exe; Defender-2009.com; MySupervisor Virus; Window-security-scanner.com; Twext.exe; Explore.exe; Mstwain32.exe; GetModule23.exe; Cogad.exe; Manun.exe; Odb.exe; Sds2d2017.exe; VnrPack23.exe; VnrPack22.exe; VnrPack21.exe; VnrPack20.exe; GetPack28.exe; GetPack27.exe; Antimalwarescanner.com; Jkse73hedfdgf.dll BHO Virus file; Cvsdfw.exe Trojan Virus; Viewtubesoftware.exe Trojan virus; Sdsxxdshd.exe Trojan Virus; Mswsivs.exe Trojan Virus; Dwwnw64r.exe Trojan Virus; Gsnd.exe(Gsnd) Trojan Virus; Gand.exe (Gand) Trojan Virus; Aspimgr.exe (Aspimgr) Trojan Virus; winupgro.exe
HOW TO REMOVE ABOVE VIRUSES FROM PC:
Virus listed above are most probably a Trojan Vundo or in general called Trojan type virus and it resides at following location. %\Documents and Settings\Users\Application Data\drivers\xxxxx.exe. You probably got this virus loaded in your computer when you visited some site and down loaded a file from internet.
Be extra careful in removing these types of virus from your computer. Just deleting the file xxxxx.exe will not avoid this virus from spreading or harming your computer. If you are not sure use the FREE detection tool and remove the virus professionally or use the following procedure. Procedure varies slightly depending upon the virus type but you should have success if your computer knowledge is sufficient to follow steps describe below.
The procedure described here may vary a little depending upon what AV and Operating System you are using for your Computer. If you are not computer savvy then just use the FREE detection tool and it will tell you what viruses are present in your computer.
CAUTION! xxxxxx.EXE Is Dangerous file, This file can creates many unwanted activities in your computer.
Looks for these Symptoms:
· It disables all your antivirus services so even if you have antivirus s/w it will not stop from infecting your PC.
· When you boot-up your PC, a process called winupgro.exe takes all the CPU power of your computer.
· Deleting winupgro.exe will not work at all as it always reappears when you reboot your PC.
· Most probably xxxxx.exe will be located in this directory
C:\Documents and Settings\Administrator\Application Data\drivers
Here are the Reasoning’s why after deleting a file you still have problems:
When you reboot your PC and if xxxxx.exe appears, there must be a copy of it hiding some other location on your drive under a different name. You just have to find that file.
Use MD5 checksum approach in finding the copy of this file xxxxx.exe. Here is a batch file which generates the checksums for all files in drive C:\ drive using the utility md5deep.exe (available on the internet). The batch files output is called “out.txt”.
Here is a listing of the batch that you can use:
@echo off
if exist c:\out.txt del c:\out.txt
for /r c:\ %%a in (*) do (md5deep %%~sa >>out.txt)
It will take about 20min to run and will find all hidden copies.
REMOVAL PROCEDURE:
· Reboot your PC and Go to “Windows Task Manager”>”Processes”,
locate the xxxxx.exe process and kill it.
· Perform a search to find the location of the xxxxx.exe file in your computer and note down the path but do not delete. Example C:\Documents and Settings\Administrator\Application Data\drivers
· If you don’t have a copy of the md5deep.exe checksum utility, locate it from the internet and get it. You also can use any other checksum utility.
· Copy and paste the listing of the batch showed above into a batch file c:\tt.bat then save it.
· Run the batch file tt.bat , it will take about 20min to generate the checksums for all the file on your C:\ drive (it will output this into the out.txt file)
· In out.txt go to the line which shows the checksum string for xxxxx.exe
(it should be like 2c4f10fd730e73c97378262fa326e0f9).
· Next do a search in out.txt for files that have the same checksum as xxxxx.exe
(There could be more than one).Example below:
2c4f10fd730e73c97378262fa326e0f9 c:\DOCUME~1\ADMINI~1\APPLIC~1\drivers\xxxxx.exe
2c4f10fd730e73c97378262fa326e0f9 c:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
So copy of xxxxxx.exe was hiding in C:\Program Files\Common Files\Symantec Shared (ironically NortonAV’s directory) under the ccApp.exe name. Note that ccApp.exe is the name of a legitimate Norton application, which was replaced by the virus. Again, depending on your computer, names and paths will be different. The only thing which will be constant is the name of the virus (i.e. xxxxxx.exe).
· Now delete xxxxx.exe and ccApp.exe (or whatever file you found with the same checksum as winpgro.exe).
· Go to regedit (Register edit), do a search for all entries which contain references for xxxxx.exe and/or ccApp.exe (or whatever file you found with the same checksum as xxxxx.exe).
· Reboot your PC. You should no longer have the CPU hogging xxxxx.exe in your process list. Re-install your antivirus.
Conclusions:
Hope that this helped cure your computer problem, pass it along to a friends and collogues at work or in the school, not the Virus but this Vaccine!
Latest Entry