HomeViruses & DataPrinter Friendly Version

Viruses & Data

Contains helpful information about ways to backup and protect your data, prevent a virus attack, and remove an existing virus infection

1. Backing Up Personal Data

1.1. How to Synchronize and Backup Bookmarks - Firefox

How to Synchronize and Backup Bookmarks - Firefox

 

Web content has become a vital part of our daily lives, for research, teaching, collaboration and more.  It's inevitable that a bookmark you need is either on another computer, or in a different web browser.

Here is the easiest  way to keep all bookmarks current, back them up and, synchronize them across multiple computers regardless of the web browser, or Operating System.

It's easy and it's FREE.

 

Firefox Users

Go to https://addons.mozilla.org/en-US/firefox/addon/2410

 

Click on the "Add to Firefox" button

Follow the prompts to restart Firefox when the add-on completed

When Firefox restarts...

 

 

When installation completes, the Foxmarks wizard will start. Click "Next"

 

Select "Yes, I am a registered Foxmarks user"

Click "Next"

 

Enter the username or email address you created an account with, and the appropriate password

Click "Next"

 

Note: For this next section, the options shown will abandon all Internet Explorer bookmarks and replace them with those saved in Firefox. If you do not want this, please do not follow these steps. Instead, select the options that suit your own personal needs.

Select "Change sync Settings"

 

If you are new to Foxmarks, select "Discard Favorites on the server; keep favorites on this computer", or "Merge Favorites with the server, starting with this computer"

If you already have Foxmarks saved on the server, select "Keep Favorites on the server; discard those on this computer"

 

IMPORTANT

You will receive a confirmation. READ IT CAREFULLY before proceeding.

If you want to continue, select "Synchronize"

1.2. How to Synchronize and Backup Bookmarks - Internet Explorer

How to Synchronize and Backup Bookmarks - Internet Explorer

 

Web content has become a vital part of our daily lives, for research, teaching, collaboration and more.  It's inevitable that a bookmark you need is either on another computer, or in a different web browser.

Here is the easiest  way to keep all bookmarks current, back them up and, synchronize them across multiple computers regardless of the web browser, or Operating System.

It's easy and it's FREE.

 

Internet Explorer users

Go to https://login.foxmarks.com/

Click on "Need to sign up?"

Or log in if you already have an account.

Fill out the web forms and complete your enrollment.

You can log in and view book marks

http://my.foxmarks.com/

 

Click on the link to "Install Now"

 

Click on the icon to "Download Foxmarks for Internet Explorer"

 

Follow the prompts for installation, Click "Next"

 

Accept the End-User License Agreement (EULA)

Click "Next"

 

Use the default path, Click "Next"

 

Click "Install"

 

Click "Finish" to complete installation

 

When installation completes, the Foxmarks wizard will start. Click "Next"

 

Select "Yes, I am a registered Foxmarks user"

Click "Next"

 

Enter the username or email address you created an account with, and the appropriate password

Click "Next"

 

Note: For this next section, the options shown will abandon all Internet Explorer bookmarks and replace them with those saved in Firefox. If you do not want this, please do not follow these steps. Instead, select the options that suit your own personal needs.

Select "Change sync Settings"

 

If you are new to Foxmarks, select "Discard Favorites on the server; keep favorites on this computer", or "Merge Favorites with the server, starting with this computer"

If you already have Foxmarks saved on the server, select "Keep Favorites on the server; discard those on this computer"

 

IMPORTANT

You will receive a confirmation. READ IT CAREFULLY before proceeding.

If you want to continue, select "Synchronize"

1.3. List of Free Data Backup Options

List of Free Data Backup Options

 

ZumoDrive and other free services can make your music accessible from any device with Internet access and a music player. It allows file storage up to 1GB for free.  Higher levels of storage are available for a fee.

Here are some other services that can be used to backup essential data,  and make data accessible from any device with an Internet connection.

 

Data and Music

Here are several applications that use your google gmail account for online storage.

Gspace is a small Firefox plug in. It allows you to use your gmail account as a data storage location. You can even use it to store music and play it back later. It is free and allows up to 2GB of storage. By using Gmail's "plus sign" trick you cold have  virtually unlimited storage.  gDisk is an application that allows you to transfer files to and from your Gmail account FTP-style. Login, create a "directory" and upload your file. The next time you log in to your Gmail account, you'll see that a new label has been created bearing the name of the "directory" you created, and that the file you uploaded is in your "Drafts" folder.  GMail Drive shell extension is an application that is not browser specific.

Boxstr offers up to 5GB of free storage.

 

Data only

IDrive includes a free backup and synchronization application.

Here is a list of 28 Free File Storage Hosting Websites many of them can be used for music storage.

Music Only

MP3tunes offers up to 2GB for free and has different subscription levels for more storage.

2. Free Antivirus

2.1. Free Antivirus Software and Helper Apps

http://helpspot.business.uconn.edu/index.php?pg=kb.page&id=270

3. Virus Protection

3.1. How to Install Microsoft Forefront Antivirus

How to Install Microsoft Forefront Antivirus

 

Remove any existing "live" antivirus applications

Remove Symantec Antivirus, or Symantec Endpoint or any other "live" antivirus application. Applications that are passive such as Malwarebytes, Spybot Seach & Destroy, may be left on the PC.

Reboot the PC after all "live" antivirus components are removed.

 

Installing Forefront AV

The installation files are on the server: \\sbpuhfiletoo\root\swlibrary\Applications\Forefront AV

Copy the ForefrontClientSecurity Folder to the c:\ of the PC you are installing Forefront on.

Browse to the appropriate client for your installation

  • Windows 32 bit
    • C:\ForefrontClientSecurity\CLIENT
  • Windows 64 bit
    • C:\ForefrontClientSecurity\CLIENT\X64

 

Locate the CLIENTSETUP.EXE file and right click on it.

Select Properties

 


Select the Compatibility Tab and click on "Change settings for all users"

 

 

In the "Privilege Level" section select "Run this program as an administrator"

Click the "OK" button

 

 

Open a DOS windows and drag the CLIENTSETUP.EXE file to the DOS Prompt.

 

 

Press the space key and /NOMOM and press the enter key

The /NOMOM switch installs Forefront as a standalone client that gets its updates from the Internet. If Forefront is not installed in client mode it will not get updates.

3.2. How to Prevent USB Drives From Spreading Viruses

How to Prevent USB Drives From Spreading Viruses

 

Many Viruses are Spread with the Help of a Flash Drive.

Instructions on How to Prevent This:


Create a folder named "autorun.inf" in ALL flash drives or external harddisk. That's IT!

This technique can prevent auto-running viruses from spreading through your flashdrive or external HDD, aka hitch-hiking.

Note that if your flash drive is already infected or if there's already a file named "autorun.inf" you cannot create the folder. You'll have to find a way to delete that file first.

If you can't see the hidden autorun.inf file, you need to show hidden files then delete it.
To unhide hidden files and folders:
1. Open My Computer (or any folder)
2. Go to Organize > Folder and Search Options
3. Go to the View tab
4. Check/tick: "Show hidden files and folders"

If there are no Folder Options under Tools, and you are sure you have administrative rights, you're probably infected with a virus which hides that menu option (and ALL the hidden files). Uh oh. Don't hide any important files because you won't be able to find them later! Find a way to kill that virus, and quick! See our other Help Documents for ideas on how to get rid of it.

3.3. How to Reduce Your Chances of Getting Viruses/Malware/Spyware

How to Reduce Your Chances of Getting Viruses/Malware/Spyware

The Best protection is to back up important data

The Service Desk has been inundated with student requests to remove virus/malware/spyware from their lease laptops. To make sure all traces of malicious code has been removed the hard drive is completely overwritten with a fresh version of the applications and operating system. All user installed, applications, application settings and data are destroyed.

Now more than ever it is extremely important for you to practice efficient and organized data management and commit to a backup strategy.

You, the end-user, are responsible for implementing, and utilizing an effective data backup regimen to protect your data; this is especially important prior to having IT Services work on your device.

Having your important data consolidated in a single directory (NOT C:\) is an important first step. For example the School of Business uses C:\ for applications and for the operating system, D:\ is meant for data. Create a folder, on D:\, "important" for example and add subfolders if necessary. Save all important work in that directory and back it up nightly, either with an external USB Hard drive, USB flash drive or burn data to a CD or DVD.

Yes - Antivirus Even for Macintosh Users!

More info here http://www.appleinsider.com/articles/08/12/01/apple_now_encourages_antivirus_use_for_mac_os_x.html

Files that should be considered for backup include, but are not limited to:

  • Documents

  • Spreadsheets

  • Databases

  • Digital camera pictures

  • Graphic design work

  • PDF files

  • Internet Explorer and Firefox Favorites

How to reduce your chances of getting viruses/malware/spyware on your computer

  • Use Mozilla Firefox

  • Use Internet Explorer only when uconn.edu is part of the web address

  • Set Windows to update automatically

  • Make sure your software firewall is enabled

  • DO NOT USE LIMEWIRE

  • DO NOT USE DC++

  • Do not install additional CODECS or players

    • If the file you want to listen to or view prompts you to install a CODEC or player then terminate the browser. It is likely to deliver viruses/malware/spyware

  • DO NOT download ANY anti-spyware, or antivirus software on your computer -- It has already been provided.

    • Symantec Antivirus

      • Run daily live updates

      • Run Nightly scans

    • Adaware

      • Run this when you are not using the PC, suspect you have a problem. Or use Spybot Search & Destroy instead

    • Spybot Search & Destroy

      • Run this when you are not using the PC or suspect you have a problem

  • Be wary of ALL popups ! The latest series of viruses/malware/spyware look like system and antivirus updates

Example below is a malicious downloader

Most common virus/malware/spyware on student computers:

  • Fake-Alert-AB!htm

    • Symptom - Red X in system tray and XP Antivirus 2009 popup

    • Symptom - StartMenu\XP Antivirus 2009

  • Generic PUP.x

    • Symptom - Virus Payload C://WINDOWS/system32/amvo.exe and amvo.dll

  • Downloader-UA

    • Installs with Play MP3z

3.4. How to Update Microsoft Forefront Client Security

 

Search for Windows Update in the Start Menu 

 

Click on the hyperlink Find out more next to "Get updates for other Microsoft products"

 

Check the box next to "I agree to the Terms of Use for Microsoft Update."

Select Install.

 

Windows Update will run automatically and check for new updates on both Windows and Microsoft products.

 

Select all Important or Optional Updates (except Langauge Packs, unless needed)

 

Let updates run normally and restart when prompted. Microsoft Forefront (as well as other Microsoft products installed on the machine) should now update automatically when regular Windows Updates are run.

3.5. What to Do When a Pop-Up Appears

What to Do When a Pop-Up Appears

 

While browsing if you get a popup that minimizes your browser windows and displays a pop-up dialogue box like the following:

 

STOP!

DO NOT CLICK ANYTHING.

At this point you are about to receive the malware payload for Antivirus 2009.

To make sure the malware is NOT installed on your computer Press CTRL+ALT+DEL and select the Task Manager


Highlight the web browser application you are using (Firefox was used in this example) and click on the End Task button

 

Click End Now to terminate the browser

 

The process is identical for Firefox, Safari (for Windows), Internet Explorer, and Opera

 

Firefox, Opera and Safari users DO NOT restore the previous session

Click Start New Session to avoid being returned to the problem link

When the browser window opens, you may have to Maximize the window to see your start / home page.

Then clear your Internet Cache Files

 

 

To Clear Your Internet Cache Files

Select Tools from the toolbar, then scroll to Clear Private Data


Select at least these options to clear:

  • Browser History
  • Cache
  • Off-line Website Data

Click Clear Private Data Now

3.6. How to Disable Autorun in Windows XP

How to Disable Autorun in Windows XP

 

Warning: Only Advanced users should ever attempt registry key manipulation!

 

Modify these Registry Settings, Using Regedit. Then navigate to the following Key:

  • HKEY_CURRENT_USER
  • Software
  • Microsoft
  • Windows
  • CurrentVersion
  • Policies
  • Explorer
  • "NoDriveTypeAutoRun"

4. Virus Removal

4.1. How to Remove Viruses/Spyware/Malware with Malwarebytes

How to Remove Viruses/Spyware/Malware with Malwarebytes

 

Software you often never intended to install, or rogue software will make it appear that your system has been compromised. You will start to see everything from fake Blue screen stops codes or errors, which are in fact cleverly devised screen savers, to popup warning constantly appearing in the system tray.

If your PC is very slow to startup, shutdown or fails to shutdown because a file similar to 34sdf3.exe is still in use, or you have problems launching and using web browsers, you may have a virus or other rogue application on your PC.

 

In most cases the false threats are actually the very Trojans that advertise, urging you to pay for a download to remove itself. If Antivirus 2009 has been installed on your system are seeing popup advertising or recommending that you use Antivirus 2009 to remove the zlob Trojan.

You are strongly advised to follow these removal instructions.

*WARNING: You must backup your personal data! There are instances where removing viruses/spyware/malware can damage or remove essential system files, preventing the PC from starting normally again.

 

Screen capture of Antivirus 2009 –A rogue application

 

 

Screen capture of Antivirus 2009 –A rogue application

 

Malwarebytes' Anti-Malware is a useful application to detect and remove rogue applications, and it's  free. Please download the current version of Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the final step, be sure a checkmark is placed next to:

Update Malwarebytes' Anti-Malware

Then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, it is recommended that you save all work and select the option to restart your PC.

Let's assume your PC has just started up. The drive light is on, it has taken several minutes and you are still looking at a blank desktop.

Here's a trick –Press CTRL SHIFT ESC. This shortcut will launch the task manager.

Select the Applications tab and press the New Task Button

 

 

In the Create New Task dialog box enter explorer.exe and click the OK button.

This will restart the explorer shell and should prompt the desktop to load.

If you were unable to access the Windows Task Manager wait until the hard drive light stops and hold the power button down to restart the PC.

You may have better luck in safe mode. Please see the section below on starting in Safe Mode.

Safe Mode

Restart your PC

When the Display turns black start pressing the F8 key to access the boot screen, you may have to press is several times, every ½ second or so until your see the Safe Mode Prompt.

Select Safe Mode and wait for Windows to start. You will be prompted to restore the system if you System Restore is setup correctly.  Don't restore...Save that for plan B.

Wait for the Windows desktop to load, then Click on the Malwarebytes icon

Select Perform quick scan, then click Scan.

In some rare cases the virus will set a policy that blocks mbam.exe from running. If Malwarebytes does not launch from the icon browse to the file. Malwarebytes usually installs to c:\program files\malwarebytes\mbam.exe. Change the executable name to malremover.exe and double click on it.  The application should start normally despite the name change.  Delete your desktop short cut or change it to link to the newly changed filename.

When the malwarebytes scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

Restart your PC and run the whole process from Safe Mode start, scanning, remove selected and repeat until a scan does not identify anymore viruses. Then restart normally.

Verify that your Antivirus software is working properly.  Make sure it is updating properly.  If not remove it, remove it's update software if it did not remove and reboot.

Install your antivirus software and check your web browsers.  You may have to reinstall them as well.

4.2. How to Remove FakeSpypro from Windows 7

If your real-time antivirus protection was unable to prevent Java Rexec.A from initiating and the payload FakeSpypro application was delivered and initiated here are directions on how to remove it.

Don't waste your time trying to launch or install Malwarebytes, or other antivirus applications. The application has been engineered to prohibit installing any software or running apps such as Malwarebytes and other popular virus removal agents.

The easiest way to remove the application that prevents you from removing the virus is to load a different operation system.

Load a self contained Operating System such as Ubuntu Live, Knoppix, PartPE, or live or rescued CD/DVD loadable operation system.

Navigate to and delete "c:\users\username\AppData\Local\kixleppwm\lugmuibtssd.exe"

You will likely not see the specific file in the example but will see a similar nonsensical folder with an unfamiliar filename.  Write down that file name for use later. Check the file details or date modified. It will show the date and time of the first antivirus warning message.

Restart the Windows Operating System in safemode use msconfig to locate the virus payload file found in the previous step

"O4 – HKCU\..\Run: [jbdmjsle] C:\Users\chris\AppData\Local\kixleppwm\lugmuibtssd.exe"

Or the file name you removed in "c:\users\username\AppData\Local\kixleppwm\xxxxxxxxxx.exe"

and disable or remove the key

Eject the CD/DVD and boot your PC in safe mode (F8) Run your antivirus software to remove any remnants that you may have missed.

4.3. How to Remove Windows Antivirus Pro (Advanced)

How to Remove Windows Antivirus Pro (Advanced)

What is Windows Antivirus Pro?

It is another fake malware scanner that is malware itself. It creates many pop ups that are difficult to avoid, prompting you to purchase the software to remove a Trojan it installed to compromise the system and the false threats it is indicating, as well as its own obtrusive payload.

The software itself has not been known to damage data files.

Reboot the PC in safe mode (F8 after bios screen loads, boot in safe mode with networking support if you need to download the files linked below)  or see the Kill process below. To begin the removal process

Kill processes:

Taskkill /f
Kill processes:
AVP2009.exe AntivirusPro2009.exe Install[1].exe Uninstall.exe

  1. Open CCleaner and clear out all the temp browser cache files.
  2. VundoFix.exe from here: www.atribune.org/ccount/click.php?id=4
    1. Run and follow prompts
    2. SmitfraudFix from here: siri.urz.free.fr/Fix/SmitfraudFix.zip
      1. Rename the executable so the program cannot block it. (hazzah.exe etc)
      2. Run the app and follow prompts
      3. Change the name of the  Malwarebytes installer (dittosetup.exe etc)
        1. Rename the malware bytes executable (oyster.exe etc) and Update Malwarebytes  antivirus signature database
        2. Reboot in Safe Mode (NOT WITH NETWORK SUPPORT) (press F8 just after the bios screen disappears) Launch Malwarebytes ( now renamed oyster.exe ) and run a through scan.
        3. Delete the registry entries below

HELP:
how to kill malicious processes

 

 

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus Pro 2009"

HELP:
how to remove registry entries

 


Unregister DLLs:
AVEngn.dll htmlayout.dll pthreadVC2.dll msvcm80.dll msvcp80.dll msvcr80.dll gutysolyk.dll buryleto.dll pisijupag.dll

HELP:
how to unregister malicious DLLs

 


Delete files:
c:\\Program Files\\AntivirusPro2009\\AntivirusPro2009.cfg c:\\Program Files\\AntivirusPro2009\\AntivirusPro2009.exe c:\\Program Files\\AntivirusPro2009\\AVEngn.dll c:\\Program Files\\AntivirusPro2009\\htmlayout.dll c:\\Program Files\\AntivirusPro2009\\pthreadVC2.dll c:\\Program Files\\AntivirusPro2009\\Uninstall.exe c:\\Program Files\\AntivirusPro2009\\wscui.cpl c:\\Program Files\\AntivirusPro2009\\data\\daily.cvd c:\\Program Files\\AntivirusPro2009\\Microsoft.VC80.CRT\\Microsoft.VC80.CRT.manifest c:\\Program Files\\AntivirusPro2009\\Microsoft.VC80.CRT\\msvcm80.dll c:\\Program Files\\AntivirusPro2009\\Microsoft.VC80.CRT\\msvcp80.dll c:\\Program Files\\AntivirusPro2009\\Microsoft.VC80.CRT\\msvcr80.dll c:\\WINDOWS\\dyxad.bat c:\\WINDOWS\\gutysolyk.dll c:\\WINDOWS\\oheva._dl c:\\WINDOWS\\uhuleko.bat c:\\WINDOWS\\ulysi.bin c:\\WINDOWS\\votadiboz.sys c:\\WINDOWS\\xocorepen.lib c:\\WINDOWS\\system32\\_scui.cpl c:\\WINDOWS\\system32\\mehydohahe.scr c:\\WINDOWS\\system32\\owah.bat c:\\WINDOWS\\system32\\uquhoti.reg c:\\WINDOWS\\system32\\zuxeme._dl c:\\Program Files\\Common Files\\buryleto.dll c:\\Documents and Settings\\All Users\\Application Data\\cyqi.sys c:\\Documents and Settings\\All Users\\Application Data\\gemegiqyno.ban c:\\Documents and Settings\\All Users\\Application Data\\pisijupag.dll c:\\Documents and Settings\\All Users\\Application Data\\pymom.lib c:\\Documents and Settings\\All Users\\Application Data\\wivodexy.reg c:\\Documents and Settings\\All Users\\Application Data\\yzotuxeka.vbs c:\\Documents and Settings\\User\\Application Data\\ydutufuj.inf c:\\Documents and Settings\\User\\Local Settings\\Application Data\\coziguduca._sy c:\\Documents and Settings\\User\\Local Settings\\Application Data\\fapeka._dl c:\\Documents and Settings\\User\\Local Settings\\Application Data\\gukusozy.sys c:\\Documents and Settings\\User\\Local Settings\\Application Data\\iluqopohaz.ban

HELP:
how to remove harmful files

 


Delete directories:
C:\Program Files\AntivirusPro2009
C:\Program Files\AVP2009\
c:\Documents and Settings\User\Start Menu\Programs\AntivirusPro2009[1]

  1. Reboot the PC in Safe mode again and rerun Malwarebytes. Continue the reboot, restart in safe mode and scan process until no further malware of viruses are found.
  2. Remove c:\Avenger and its contents
  3. Check c:\ Program Files\common files\
  4. Browse c:\ for any strange file names.
    1. Look at the properties of the file if the default language is Russian, delete the file
    2. Re-run CCleaner and clean up any registry problems, etc.
    3. Remove Norton or Symantec Antivirus and it's live update component
    4. Install Avast Antivirus
    5. Consider either Windows Defender or Spyware Terminator or Spybot Search and Destroy WITH TEATIMER to prevent reinfection.

 


[1] Remove AntivirusPro 2009. Description and removal instructions, July 29, 2009, 2-spyware,

http://www.2-spyware.com/remove-antiviruspro-2009.html