Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Wednesday, March 4, 2015

Does Firefox Private Browsing Hide Your IP Address?

You may have heard of Firefox private browsing mode but if you've ever wondered 'just how private is private?' then carry on reading as that is precisely the question that we're aiming to answer here. The short answer is No. Private Browsing on Mozilla Firefox doesn't hide your IP address or location. If you want to hide that you need to change your IP Address, and that means using either a proxy server or a VPN service.

Despite being known by a handful of names, private browsing mode is generally speaking the same feature that all browsers offer as standard. And if you ever have reason to hide or protect your Internet history from becoming common knowledge, then private browsing mode might sound like a dream come true. Not so fast though because while the private mode does offer a certain degree of enhanced privacy, it's not the all miracle cure that will cover your tracks entirely.

How does regular browsing work?

In a nutshell it alters the way that Firefox operates. But don't be fooled into thinking that it changes anything else. Look at it like this, when you browse the Internet in normal mode, your browser records your browsing history. The sites you visit, and the files you download, are noted and saved in your history. Cookies are also collected and saved. These collect data about you and are meant to enhance your user experience by auto-filling address or payment forms, or login or saved password boxes. Your computer's cache also stores certain aspects of web pages in order to make them load more quickly.

Of course, it doesn't take anyone with a even a passing knowledge of how PCs work to find this stored data. And they don't even need to go into your browsing history - simply starting to type a URL - or website address - into your PC's address bar - will bring up, or suggest, sites starting with the same letter(s) as ones you've searched for, or look at frequently. There is the opportunity to disable some of these functions but your default settings are configured to collect this data.

How does private browsing work?

So, let's say you've switched to private browsing mode. The news you're probably waiting to hear is that now Firefox won't be storing any of this information. Right. None of it: no browsing history, no cookies, no auto-filled data – nothing. Sometimes cookies are kept just while you are using the privacy mode but they will be abandoned once the mode is deactivated. However, it doesn't hide your IP address or your location.

Be aware, however, Firefox that private browsing only works for the web pages that you activate it for. Meaning that if you're looking at Website A in normal mode, and then open Website B and activate private browsing mode, Website A will remain in normal mode.

When is private not so private?

Although utilizing private browsing stops people who may be using your PC looking at what you've been viewing on the Internet, and thwarts websites who use cookies from storing them for future reference on your computer, the mode is not as watertight as the name may suggest.

Malware

Just because Firefox is no longer able to collect data about your usage in privacy mode, it doesn't mean that any malicious software installed on your PC is powerless too. For example, spyware is known for installing something called a keylogger - a piece of software that can track which keys you type - i.e. the passwords or credit card details you enter and even your personal correspondence. Think private browsing is going to prevent that? Think again. Put simply anyone that has access to your computer can see what you're doing, when you're doing it.

Take parental control software as an example. Private browsing won't help here as apps such as these monitor actual website visits and take screenshots at random. Good news for parents. Bad news for naughty children and curious teenagers everywhere!

Networks

Private browsing might stop your browser from storing history on your computer while it's activated but it is not able to instruct other PCs, a server or a router to obliterate your browsing history or hide your IP address. Let's say you've spent the morning at work looking at Twitter - in private browsing mode naturally! When visiting the site, your browsing search is, in effect, leaving your computer and making its way via your company's network and router in order to reach one of Twitter's servers. Meaning that, should your boss pull up data on how employees are using their time, he or she will be able to see your unproductive morning in all its glory.

And you're not safe at home either as search requests still travel via your Internet Service Provider who is able to record traffic data.

The conclusion: private browsing on Firefox can hide your browsing history from people logged into your PC - but that won't prevent it from being visible elsewhere. If you really want to browse the Internet in anonymity you need a VPN as this will go one step further than Private Browsing mode and hide your IP address - from everyone. It also encrypts data and traffic meaning that if you really don't want anyone to know which sites you visit, it's your only option.

Read more

How to Remove Sendori Ads Malware (Uninstall Guide)

I'm going to stick my neck on the line here and bet my bottom dollar that you've seen 'brought by Sendori' adware on your computer. I'm even going to stake a claim on the fact that you've seen it – let's face it, it's hard to avoid! – whenever you're connected to the Internet. But what exactly is Sendori, where does it come from, who creates it and why, and – perhaps most importantly of all - how do you stop it from bugging you?

What is Sendori?

It is a type of computer program and additional component that downloads itself onto your PC or laptop if you've been unlucky enough to visit a website that has been infected with adware or downloaded some software that has been packaged with it. Adware has two reasons for existing; one is to generate a source of income for the developer who balances the cost of giving away free software with the money they make from advertising, and the other is to display Sendori ads to you – so that you click through and hopefully spend some money!

Brought by Sendori advertisement
But how do developers encourage you to spend your money? They do this by ensuring that the adverts that you see contain products or services that you are interested in. And how do they know this? By monitoring the websites that you visit, collecting data, and then sending it back to the adware developer. This of course allows them to send you adverts that are more likely to get you clicking and spending.

So you're telling me that Sendori is spying on me?

I hate to break it to you, but yes. The fact that it installs itself surreptitiously and then watches your every online move is more than enough to have most people concerned. Advertising supported software really shouldn't just be seen as something to ignore – it really is an infringement of your privacy.

Add to that the fact that some developers utilize adware as a means of installing spyware on your computer and suddenly things take a real turn for the worse. Not only it's monitoring the websites that you visit so it can send you an advert for vacations in Jamaica, it's also sending information about your browsing habits that can be even sold to third-parties. How does it do this? By using malicious web browser extensions. They work on all major web browsers and can track your web browsing history and search queries. And of course, the same malicious browser extensions display Sendori ads on your computer.

OK, I'm worried – tell me how to avoid adware and potentially spyware

I can't be any clearer: if you're downloading software, read the small print in the license agreement carefully as it should tell you if Sendori adware is bundled with the program. Secondly, don't open emails from senders you don't know and don't click on links sent in instant messages if you don't recognize the sender. The rule is: stay alert and stay safe.

If you've recently started having issues with Sendori ads and you don't know how to get remove this malware and stop annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Sendori Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Sendori related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Sendori
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Sendori related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Sendori, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Sendori related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Sendori, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove Sendori related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Tuesday, March 3, 2015

Remove 1-866-978-1337 Virus Warning Popup (Uninstall Guide)

Where do 1-866-978-1337 pop-up windows about viruses and adware come from all of a sudden, are they dangerous, and how can you make them go away? It's time to take a closer look at adware because it's the main source of those annoying and clearly fake virus warning pop-ups that promote tech support scam. These scammers are based in India and they try to trick you onto into thinking that your computer is infected and that you need to pay $400.00 to fix. They claim to be from Microsoft and want to install bogus malware removal programs. Here's how the fake virus warnings look like:

(1) Firewall Alert:
YOUR COMPUTER MAY HAVE ADWARE /SPYWARE VIRUS
Call immediately for assistance on how to remove the potential virus. Contact customer support at +1-866-978-1337 (Toll Free)
Possible networks damages if potential viruses are not removed immediately:
UNKNOWN

DATA EXPOSED TO POSSIBLE RISKS:
1. Your credit card details and banking information
2. Your e-mail passwords and other account passwords
3. Your Facebook, Skype, AIM, ICQ, and other chat logs
4. Your private photos, family photos and other sensitive files
5. Your webcam could be accessed remotely by stalkers with a VPN virus

MORE ABOUT THE VIRUS
Seeing these pop-ups means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk. It's strongly advised that you call the number above and get your computer inspected before you continue using your internet, especially for shopping.


And here's another pop-up warning displayed by the same adware:

COMPUTER SECURITY AT RISK!
Your computer still under attack. Dangerous programs were found to be running in the background. System crash and identity theft detected. Remove malware now and get real time intrusion protection?


None of these are true. Down't download them and most importantly don't call this phone number. They are scammers!

As you may already know, adware is a computer program that has been created to show us online adverts. And it is an adware infection on your computer that is responsible for those relentless 1-866-978-1337 pop-ups. Adware, or advertising supported software to give it its full title, is something that the programmers who either create or share files and software for free, use to generate an income from their product.

Why do I often hear adware mentioned in conjunction with spyware?

Spyware and adware are often mentioned in the same breath and this is because a lot of adware programs exhibit some seriously spyware type behavior. Adware comes with a component which monitors your Internet usage and then relays the information gathered back to the programmer. This gives them insight into which websites you have visited and which products or services you looked at when you were on those sites. Using this data they can then choose which adverts you see based on your preferences.

Before you get too alarmed, just because you can see 1-866-978-1337 pop-up warnings on your screen it doesn't necessarily mean that you are being monitored as not all adware has a tracking component – although much of it does – the problem is, how do you know?

Despite this unpleasant behavior using adware is not actually against the law, unless of course it displays fake virus warnings. But I think we can probably all agree that being spied upon whenever we are connected to the Internet is a real invasion of our online privacy regardless. The other additional problem that this spying activity causes is that the constant monitoring and relaying of data also slows your computer and your Internet connection right down – not great, especially considering you're the victim here!

If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


1-866-978-1337 Pop-up Warning Removal Guide:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-866-978-1337 virus pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Safe Web
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-866-978-1337 virus pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-866-978-1337 virus pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-866-978-1337 virus pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove Ad by Lights Cinema 1.2 beta Malware (Uninstall Guide)

Is your computer infected with Lights Cinema 1.2 beta? Annoying isn't it?! When you have this adware, or advertising supported software installed on your PC or laptop you will certainly know about it. Once installed, it displays annoying pop-up ads and may even redirect your web browser to dodgy websites.

The risks associated with living our lives online

As online attacks become ever more sophisticated you really need to stay alert, no matter what it is you are using the Internet for. These days putting yourself in danger's way, in the online sense of the word, isn't just the exclusive domain of people who frequent or download from adult content websites. Simply downloading the latest must have game app, installing a player that enables you to watch video clips, or downloading One Direction's latest album (you didn't, did you?!) can leave you open to abuse from Lights Cinema 1.2 beta adware. Basically, the things that you and I do online almost every day. Apart from the One Direction part.


Where does Lights Cinema 1.2 beta fit into this?

Adware is generally considered to be a lesser evil when compared to some of the other types of malware. But that isn't to say that you should ignore it if you get infected it by it. It is not just something that shows you a few random "Ad by Lights Cinema 1.2beta" adverts for cheap flights, fitted kitchens or new sneakers; it can have a very real knock on effect on the way that your computer operates, including causing websites to crash and your CPU to slow right down.

The characteristics of Lights Cinema 1.2 beta

It is created with two things in mind: driving traffic to a website and generating revenue, either through clicks or actual sales. And it increases the likelihood of these two things happening by showing you advertising that is customized to match your interests. But how does Lights Cinema 1.2 beta adware know what you're personally interested in? It finds out by monitoring the websites that you visit, specifically the pages on those sites, and the goods or services that you click on or search for.

The data that is collected during this monitoring process (which is occurring whenever you are connected to the Internet) is sent back to the adware's developer or owner. They of course, will now make more informed decisions regarding the types of adverts you are shown.

How do you prevent adware from being installed on your computer?

Lights Cinema 1.2beta is usually packaged with other programs – normally free software. A developer attaches the adware to this product in the hope of recouping the costs of developing the free program.

Luckily for us Lights Cinema 1.2 beta adware is usually mentioned in the End User License Agreement that you are supposed to read before okaying a download. You know where I'm going with this don't you? Next time you download software, instead of skipping through the small print – read it! It is only by doing so that you will know just exactly what you are saying 'yes' to.

If you've recently started having issues with Lights Cinema 1.2 beta ads and you don't know how to get remove this malware and stop annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Lights Cinema 1.2 beta Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Lights Cinema 1.2 beta related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Lights Cinema 1.2d
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Lights Cinema 1.2 beta related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Lights Cinema 1.2, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Lights Cinema 1.2 beta related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Lights Cinema 1.2, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove Lights Cinema 1.2 beta related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Monday, March 2, 2015

How to Remove External Source Ads Malware (Uninstall Guide)

It's probably a given that you have heard of advertising supported software, or adware as it's more commonly referred to. Especially considering it is one of the most well known - and most virulent – types of malware. Many of us have also been unlucky enough to have been affected by External Source ads as well. There is, however, a way to limit the chances of you being affected by this adware and that is to know how it installs itself, and what it can do to your computer. After all, you know what they say: know your enemy!

How does External Source work?

It operates by displaying 'Ads by External Source' adverts on your screen when you're online. No huge surprise there! You can't really fail to miss it – virtually every website you look at will be displaying some form of advertising, from clickable links to banners to boxes, there is no escaping. You might be able to see some right now as you're reading this in fact! And if you take a closer look at those adverts, do you notice that they are closely related to – or maybe even the same as – products or services that you have been looking at online in the past few days? No, the Internet doesn't have a sixth sense: this is how External Source adware works... and the reason that a lot of people have a problem with it.


When the adware is downloaded onto your computer (more of that later) it also takes the opportunity to install a component that monitors you (or spies on you, depending how you look at it). This component watches which websites you visit, records that information and then relays it back to the person who created, or owns, the adware. And that's why the External Source adverts you can see are spookily related to searches you've conducted online recently. The developer, armed with your browsing history, is now able to select which adverts they want you to see.

How does External Source install itself on my computer?

It normally comes bundled with another program. That means if you're downloading a file, application, or software, you could be unknowingly also downloading and installing External Source at the same time. And while you may be tempted to think that a few ads aren't that much of a deal, the fact is that the adware component can cause you some associated issues.

Problems caused by External Source adware:
  • Your computer's CPU will run more slowly than before thanks to the constant activity conducted by the adware component
  • And that also affects your Internet connection which it is using to send streams of data back to the developer. You may find that the Internet keeps crashing too
  • Browser hijacking. Found a new toolbar that you didn't install? New toolbar keeps redirecting your Internet searches to websites you don't want to visit? You can thank the adware for that
  • Weakened security can also be an issue as the adware can interact with other programs on your PC and cause conflicts, thus leaving your security more vulnerable
I doesn't seem quite so innocent now, does it? If you've recently started having issues with External Source ads and you don't know how to get remove this adware and stop annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



External Source Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove External Source related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • External Source
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Roll Around related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove External Source 2.0, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove External Source related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove External Source 2.0, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove External Source related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove fud@india.com Ransom Virus and Restore Encrypted Files

There are a number of different ransomware strains doing the rounds at any given time - you may well have heard of the vicious fud@india.com ransomware one in particular - however most types of this thoroughly unpleasant malware work in the same way. They attack your computer, then encrypt your files, making them inaccessible, and then send or show you a ransom note demanding you pay a sum of money for them to release their victim: your file. Payment is usually requested either by a prepaid voucher or by the digital currency known as Bitcoin. This particular ransom virus is just a new variant of decode@india.com virus that was detected in November last year. Nothing has changed since then. It still works in the same way: encrypts files and asks to pay a 1 Bitcoin ransom. The only difference is the email given for contacting cyber criminals. Now, it's fud@india.com and if it doesn't work or is down for some reason you can send an email to fudx@lycos.com. Here's how the ransom note reads:

Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email fud@india.com with the subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.
fudx@lycos.com


The good news is that all is not lost if you do get held hostage by fud@india.com ransomware as it is actually possible to remove some varieties without also having to kiss your files or data goodbye, but that does depend on the malware in question, and again, it is only possible with some types.

One extremely important thing you can (and should!) do to protect yourself in the event of a ransomware attack is to backup your data on a regular basis to an external hard drive so that if you do lose anything you can simply wipe your disk drive clean - including the infected file - and re-upload everything back on to your computer.

Because the characteristics of ransomware vary, the means of eliminating them from your computer differ too. You might be lucky enough to get away with just scanning for viruses or you may have to go down the offline scan route and use advanced recovery tactics. Fud@india.com spreads via infected email attachments. Be very careful opening attached files even from senders that you know and trust. Otherwise, you may install a Win32/TrojanDownloader.Elenoocka.A Trojan horse which will download and install this ransomware Win32/Filecoder.DG on your computer that rncrypts your files and holds them for ransom, demanding a fee in exchange for the decryption key or code. Keep in mind that cyber criminals may or may not give you the code, even after you've paid. So, think twice before paying a ransom.

So how do you protect yourself from becoming a victim? The good news is there are a few easy – and free - steps you can take:
  • Install a reputable anti-malware program. Run it regularly and ensure it is always up to date with the latest patches
  • Be careful when downloading software – don't use third party websites
  • Don't open emails from unknown senders – and if you do by mistake, DO NOT click on attachments or links
  • Create backups on a regular basis to an external hard drive
And now you're done reading this, may I suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

If you have any questions, please leave a comment below. To remove fud@india.com ransom virus, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing fud@india.com virus and related malware:


Before restoring your files from shadow copies, make sure fud@india.com ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by fud@india.com virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Friday, February 27, 2015

How to Remove TeslaCrypt Virus and Restore Encrypted Files

TeslaCrypt or Tesla Crypt is a Trojan-ransom (ransomware) infection that encrypts your files using AES encryption and then demands a ransom payment in order to decrypt your files ($500 USD in Bitcoins or $1000 USD in PayPal My Cash Cards). Unlike other ransowmare, it accepts an alternative method to pay a ransom. CTB-Locker or CryptoWall 3.0 victims were limited to Bitcoin payments only. I guess cyber criminals realized that not everyone knows how to buy Bitcons, so they probably decided to allow payments with PayPal My Cash Cards that can be bought at popular US store chains. However, due to higher risks of the illegal gains being confiscated by PayPal they doubled the price. Another major difference with this TeslaCrypt is that it targets specific video game related files. As you may know, other ransom Trojans encrypt every singly file on your computer. It doesn't matter if it's a picture or a Word document. What is more, it pays peculiar attention to Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, Steam and other popular games files. It could target more that 50 different video game related files or maybe even more. With the vast majority of us being, not just connected to the Internet but virtually inseparable from it, it means that the chances of us being attacked by cyber criminals or computer hackers are substantial. These disreputable abusers of our online freedom and safety have a huge number of targets quite literally sitting there and waiting to be defrauded, whether we are working or surfing the web for leisure.


So it makes sense that as cyber crime grows, we too should take steps to combat it and protect our identities, our privacy and our bank accounts from attacks that can often cause untold pain, hassle and damage.

Just one of the many types of malware to look out for: TeslaCrypt ransomware

One of the most potentially deceptive – and dangerous – malware programs is TeslaCrypt. Unlike some malicious software this is not designed to show you pop-up adverts or redirect your Internet searches; it has a far more financially driven motive in mind than that. No, ransomware isn't interested in your website traffic – it wants your cold hard cash. And if it can scare you in the process, then so much the better!

How can TeslaCrypt affect you?

As the name suggests, ransomware is a program which kidnaps something and holds it to ransom: in this case files on your computer. Yes, physical kidnapping is not the only thing we need to watch out for (although if you’re like me the chances of your files being cyber kidnapped are far higher than being actually kidnapped in person!) But still, let's not make light of this because having your computer hijacked is a definite nightmare in its own way too.

In simple terms, TeslaCrypt will infect your PC, 'kidnap' – i.e. encrypt - your files, and then demand that you pay a ransom for them to be 'released'. It scans your computer for files with .7z, .rar, .m4a, wb2, .rtf, .wpd, .dxg, .xf, .dwg, docm, .docx, .doc, .odb and many other extensions. It does encrypt your files with AES encryption algorithm and at least for know there's really know way to decrypt them without a unique decryption key. One installed, the ransom Trojan will change your Desktop wallpaper to a ransom note and create another ransom note called HELP_TO_DECRYPT_YOUR_FILES.txt on your desktop. Here's how it reads:

v4
Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.


As you can see, tt says you have 3 days to make payment. It also allows you to decrypt one file for free, just like the CryptoWall 3.0 virus. HELP_TO_DECRYPT_YOUR_FILES.txt contains the same information. In reality releasing your files means sending you a key or code to decrypt the file. Payment is made either by digital currency such as Bitcoins or by a PayPal My Cash card which you need to purchase. Usually, users of malware steer clear of taking credit card payments or using online payment platforms such as PayPal as these are too easily traceable but not this time.

How does this ransomware infect your computer?

TeslaCrypt attacks and installs itself on your PC either through an infected email attachment, or through a drive-by installation – meaning you have picked it up from a compromised website or program.

What should you do if you've been infected by TeslaCrypt? Should you pay the fine?

In a word, no! There are two reasons for this: a) you're only encouraging further criminal activity and b) how do you know that you'll receive the decryption key anyway? If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will send you the private key and you will be able to decrypt your files. If you have any questions, please leave a comment below. If there's anything you think I should add or correct, please let me know. And now you're done reading this, may we suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing TeslaCrypt and related malware:


Before restoring your files from shadow copies, make sure TeslaCrypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by TeslaCrypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more