Antivir Solution Pro is a remake of Antimalware Doctor and Antispyware soft. It is a fake antivirus, sharing the name with legitimate Antivir made by Avira. While Avira’s Antivir is one of the most widely recommended free antiviruses packages, the Antivir Solution Pro is dangerous for the PC.

First of all, Antivir Solution Pro is distributed by security vulnerabilities, like infected Adobe PDF files, Javascript ads on various websites. This is a first sign that a software can not be trusted. Secondly, it will start showing popups and alerts blocking normal processes and limiting access to legitimate websites to scare user into downloading and buying its full version. Thirdly, Antivir Solution Pro might reconfigure the PC to allow easier reinfection in the future, by changing proxy settings, modifying way DNS addresses are recognized and downloading other parasites to weaken the PC.

Antivir Solution Pro can be removed by rebooting into safe mode and scanning the PC with Spyware Doctor or Malwarebytes. Full scan is strongly recommended. As the trojans might block the scan, it is highly recommended to disable the processes before the scan by killing all processes named with random letter strings (especially ending in tssd.exe). If such processes are successfully killed, One can run msconfig and remove startup entries referencing such processes. Still many of the infected files might be missed by manual removal, thus a single secure way is scanning with several automatic removal tools for Antivir Solution pro.
Full removal guide is available here : http://www.2-viruses.com/remove-antivir-solution-pro

Most of my income is done in computer security market, and I have follow various tools and events to stay on the top. As with any other market, there are very interesting how the computer security is reflected in social media or how Social media is used in it. Security market got it all backwards and released semi-global unlike button for its own market in terms of MyWOT.

I have reviewed MyWOT positively in the past, and the points are still valid. However, it is time to talk about several downsides of it (and why I see no real use for it in the future).

First, it works as global unlike button in security market. Lots of people know about it in this area and use it to manipulate listings. Experts do not rate good sites in this area – there are too many, and no one cares if they are not their own. For example, one negative review of one Rogue cleaner in my blog resulted at negative review in MyWOT of my site by him (with several accounts). I know pretty much, that some of other ratings are voted by people advertising similar or same products:)

Second, the toolbar itself is made in the way that suggest auto-confirming votes. It blocks all sites with negative ratings, and many of the negative ratings are reconfirmed by users which do not see the site itself. I had a looong discussion with MyWOT platinum member to remove his comment (and rating), which was made WITHOUT checking website. The mailing forth and back lasted couple days, and I the last mail I got was that he removed the comment and will check the website once he has time.

Third, the sources of auto-rating. MyWOT uses 3 sources (maybe more) to confirm that site is valid : hphosts, delicious and digg. First one is negative, other ones have no bigger impact. All of them have no real basis. Everyone can submit to digg and delicious. Listing in hphosts is not purely black or white either: some of listings are irrelevant (“marketing strategies”) , some are out of control ( IPs history) , some are valid (distribution of malicious software). However, I haven’t seen users evaluating these properly. Everyone would just vote all bards the same.

4th, the site banner issue. I do not think it is ok, but whatever. If people would like to pay for displaying how crowd things the site is secure, then it is great for mywot. All banners based on real testing are much more useful.

5th. Malware, response time and such. MyWOT will not rate sites at once. Thus malware sites will not be rated as dangerous on first vote. Next, lots of malware is spread through sites with good reputation. Like facebook. Thus it will not make web any safer.

To summarize, to protect from parasites I would advice to use Site Advisor Toolbar and not Mywot. However, MyWOT could become much better if adding some changes. For example, incorporating Site Advisors ratings (including possitive and negative sides), checking spent time on the site on rating, checking overall distribution of ratings, etc.

Somewhat funny note is that my site was rated badly by Site Advisor as well, as I have provided a link to Malwarebytes executable or download page (can’t remember). Later on I get my WOT ratings because I am one of the few people that does not advertise Malwarebytes as “the best single protection” or smth.

Additionally, recently it started using name “Green AV security Suite”. It looks like it is same parasite in general.

To remove Antispyware Soft, first you have to reenable internet connection first. To do so:

1. Reboot into safe mode with networking.

2. Launch your internet explorer and make sure your internet connection does not uses proxy server. Do so in other browsers as well

3. Download Spyware Doctor using this link (it should not be blocked by Antispyware Soft). Run and perform full scan.

If it fails, try blocking Antispyware Soft manually.

The best way to do so is start task manager (or, for example, process explorer) and stop all Antispyware Soft processes. The processes typically end in tssd.exe.

Afterwards, I would recommend doing full scan  with Spyware Doctor or Malwarebytes anti-malware.  It is critical to have a security suite that provides real time protection against such infections like this.

Antivirus Soft

Antivirus Soft is a rename of rogue Antivirus live. The crooks had not bothered to change much, the most significant change is in name only. Antivirus soft uses same means to reproduce : fake websites, malicious ads in social networking sites or good old fake codecs and movies.

After the download, your PC will stop executing other programs becouse they are “infected”. Usually, it is not true as single infection is Antivirus Soft  itself. They expect you to agree paying for it and funding these scammers.

The Antivirus Soft removal process is quite similar to antivirus live :

1. Reboot into safe mode

2. Remove proxy server from IE settings.

3. Search your user directory for file ending with sysguard.exe. Delete it. If you cant, press ctrl+shift+esc and stop process with same name and repeat deletion.

4. Reboot and scan with spyware doctor to make sure you got everything out.

I recommend having an anti-malware with real time protection running all the time to avoid problems like this.

Slow PC Fighter is a registry cleaner from same family as Spam Fighter or Virus Fighter. Registry cleaners allow fixing errors and inconsistencies in PC’s registry making PC boot and operate a bit faster. Many of them are made by security companies.

Slow PC Fighter website claims that running Slow PCFighter will increase PC speed up to 40%. That might be true on really badly supervised PC, but I would not expect such things on each PC.

Slow PCFighter free scanner installation was quite quick and easy. The download is around one megabyte. What impressed me, it recognized my Windows as 64 bit one and installed correct version of application itself.

The scan is was quite quick and found around 2000 errors, mostly missing files or empty registry keys. It had not shown any false positives, which is good.

The free version of SLOW PC Fighter removes 25 registry errors, which is quite little compared to errors it found.

Verdict: I would definitely give it a try to see if there are lots of errors in the PC. It might be useful and safe to have this product if you hate reinstalling windows like I do. The downside is that you would have to purchase full version as free scanner is not too useful except for trying the product out.

You can download Slow PCFighter here.

First, I must state here that I am affiliate of couple security products that have little to do with this post on itself. This rambling is about people motivation and truthfulness.

Spending time in some forums and social boards I met couple types of people that give professional advice there: people that were in same situation, contractors and affiliates or products. The most of people would argue that the last group is most annoying and they can not discern between contractor and other two groups. However, I would like to slightly disagree.

First, a security contractor is a person that is on payroll by specific security software or service company and gets static amount of money for his job and/or bonus on how well company is doing. An affiliate is a person that works for oneself and gets money from specific amount of product sales. Quite often affiliate has more than single products he offers. So, what is the practical difference? Here are some myths:

Myth no 1. Contractor’s quality of advice is often better as many of them have better knowledge in the field.

Partly true, most of contractors work in the field. However, it is not true for hired marketers compared to security experts that refuse to work on contract bases and earn additional income from sale.

Myth no 2. Contractors have stable income, so they do not need to force each sale

Not true. If contractor does lousy job, he will lose his income (contract) completely. Doing good job might yield a bonus. If an affiliate does lousy job, his profits will diminish. However, lot of affiliates try selling as much as possible because they seek profit.

Myth no 3. A contractor does not need to use sneaky tactics at promoting product

Completely not true. Contractor has additional benefit at using sneaky tactics because they can pretend being former customers and there is hardly anything that would prove it otherwise. They do not need to use tracking codes, they do not need to disclose anything. They spamming techniques might reach borderline.

Myth no 4. An affiliate will not promote best product because he is out for profit

That is again not true as you can’t promote BAD product for long. Additionally, affiliate has a huge benefit of being able to choose what product to promote and what not. A truly good affiliate is not forced to promote a product using false comparison tables, spam or by accusing competitions business model.

Sure, there are all kinds of affiliates and contractors. However I would check such things as:

1. Accusing other reputable products being bad because option x is paid one
2. Leaving user without a choice when choosing product
3. Calling other marketers spam because they promote different product than they do
4. Calling others a scam because they do same things and are paid by performance
5. Avoiding giving free information and pushing a product
6. Forcing user to pay for free things to boost sales of product without giving them to try it
7. Making a set of disclosure rules others (affiliates) have to follow to be legitimate but not following them themselves.

I got a lot of examples of such behavior. And sadly it will remain that way in the market.

And there is one thing I have to disclose – I was a contractor of security company for a short while too (No, it was not Malwarebytes, but the experience would be the same I guess). I did not liked the experience, because my freedom to promote right product in each situation was reduced. Now I can give suggestions of any product I think is good for the customer. Even if I get 0 cents from it. That is freedom I have working for myself and not being a contractor.

And if you think it would be if I would work in different company, that promotes “best” “free” product? Well, think again. I will have less freedom and less choices.

Now I do not say that being contractor is evil. Being contractor and not disclosing it when suggesting a product is evil, though. Much more evil than being affiliate, which is easily seen in most cases. Calling other legitimate products malware is evil when you are paid by competitors. Calling others spammers when you do the same is evil.

Antivirus live is a rogue antispyware application on the same platform like cyber security and system security. It infects system by drive-by-downloads, shareware or infected websites. The difference is that Antivirus live uses a bit more complex way to protect its executables against removal and removal software.

First of all, Antivirus live enables proxy server in the common browsers. The server either goes through Trojan process on localhost or through infected websites. This allows manipulation of search results and inserting various popups into web pages. This hinders downloading of anti-spyware applications as well.

Second, Antivirus Live processes disable launching of other, non-white listed executables. Thus it is harder to get rid of antivirus live while process is active.

To get rid of Antivirus Live, you have to disable its processes. There are couple ways to do so : First, start task manager right after logging in into windows (while Trojan has not launched). Keep pressing ctrl+shift+esc . Then stop all processes that end with sysguard or other processes that should not be there. Second way is using safe mode (press F8 on boot up). If it fails, download process explorer from Microsoft (you might have to rename it to .pif ) and try using it.

Second step of Antivirus Live removal procedure is fixing your browser. For this simply disable proxy server and empty hosts file on your PC. Overall, it is good idea to disable add-ons of unknown companies as well.

The last step is removal of infected files. Although you can search for them on hard disk (files ending with sysguard.exe), the better approach is to download and install good Anti-spyware application. Personally, I recommend Spyware Doctor for Antivirus Live removal and keeping your computer protected from similar parasites in the future. Other good choices include superantispyware and malwarebytes.

Security Tool is a rogue antivirus scam, using generic name for disguise. Together with Cyber Security, they are hitting computers hard and forcing users into buying their “full” versions to remove non-existing virus infections. Typically, Security tool states that one’s PC is infected with Spyware.IEMonster or similar parasites, however, the real infections are very different.

The main problem with Security tool and alike is that they prohibit most of downloads and render computer unusable. However, there is a way to remove it.

Step 1.

Check if you can access your Task Manager and Regedit. Task manager can be accessed by pressing ctrl+alt+del and choosing it from menu. regedit is accessed by simply running it.

If you can not access task manager, but you can access regedit, search for TaskMgr entry in registry (using regedit) and delete it. This should reenable task manager.

Alternatively, you can download process explorer (you might need to rename it to iexplorer.exe or iexplorer.bat for launching) . Also, you might need to download it to another PC and bring it using USB drive

Step 2.

If you can launch process explorer or task manager, do it. If not, go to Step 3.

Now you need to kill the processes blocking downloads. Typically, it is run under your username, and not under system user. Search for processes named with random numbers or unknown applications. And stop them. Note down the process names ( you will need these in step 4).

Step 3.

Now you need to check if there are additional blocks to visit other websites. This includes : disabling all proxy servers on your internet explorer or firefox browser, checking your hosts files ( it should be nearly empty, no known sites except localhost).

Step 4.

You have a choice : Search for Security Tool files in Security tool removal instructions or download anti-spyware like spyware doctor, and execute scan and removal.

If you choose manual removal, delete the files you have stopped in step 2 ( with random numbers in name). Also, modify registry and delete all keys mentioning these names.

Step 5.

Reboot and check if everything is ok. If not, repeat steps 2-4 And scan with antispyware you havent scanned. Superantispyware would be my choice nr2, but malwarebytes anti-malware will work too.

Thats it.

I have a very mixed feelings about one issue in anti-spyware community. That is how products are marketed as free. During the years as I work in the industry, there were a large amount of products marketed as free despite the fact that their important features are paid ones. Typically, this was the remover itself. However, some tools has changed the scene.

One of these tools is Malwarebytes anti-malware. It provides free detection and removal for parasites in database, and its paid feature is real-time protection module. So, what is the problem with it?

The problem is how this tool is positioned for end user. You are told that Malware bytes Antimalware provides the best free protection, however it is not so. Protection it is not same as removal. Protection from computer parasites depend on capabilities of real-time protection module. But few promoting this tool mentions this. Some of the experts can’t even see the difference in these statements.

However, Malwarebytes anti-malware is a free good program for SOLVING infections, and in most cases this is one of the first tools I install on infected PCs. It has quite good detection ratio, and quite often was enough to solve the problem. Then again, there are quite a few cases when I had to install spyware doctor or other program to finish off remains.

That brings me to another issue I do not like about Malwarebytes anti-malware: its naming conventions. Most of trojan parasites are hidden under simple name of Trojan.downloader so users can not find more information on what infected their PC at other anti-virus and anti-spyware vendors. Some might argue that this information is not important. I disagree, as other vendors might provide better, more in-depth information about particular parasite.

Thus I would stick to other anti-spywares like  super anti-spyware or Spyware doctor for reliable protection, and keep malwarebytes as a just in case tool only.

Savedefense is a skin of rogue parasite TrustNinja, whose family seems to use very strange names. It was released in the end of August and marks a start of new season of rogue parasites. Apparently, Personal Antivirus is no longer a trusted name, however the malware distribution method  used still works.

The most likely place for Savedefense infection are fake “online antivirus scanners” and browser hijackers that pretend to scan your PC. You can not exit the site easily, as blocking alert is used to push a download at these clearly fake antispyware sites. After install, the Save Defense parasite will try to scan your PC again with even more parasites found, and then it will ask for registration key. Which has to be purchased at some rogue payment processor you have never heard about.

If you think the problems will end after paying for Savedefense or similar parasite, you are wrong. Firstly, Savedefense key will not like to work. Secondly, you will notice that your bank account is overcharged. So you should remove Safedefense and not pay for this rogue and better invest in reputable anti-spyware software.

The biggest nightmare for me is having my websites inaccessible for public. This had happened in the past, and it will happen no matter how good your hosting or programmers are. There are many reasons:

• Bad code makes website database corrupt
• Database table went corrupt, or mysql is down
• Apache is down
• The whole server is down or compromised
• You are in middle of DOS attack
• Your DNS servers are down or domain has expired
• You forgot to pay for hosting or your hosting company has problems
• And a lot of many other problems that you can’t imagine before seeing them happen.

Typically, these problems happen in middle of the night, on weekend and when you are not on PC. How to prepare for them?

1. Create a list of people that can bring your server up. That is you, your admins, maybe hosting company. It depends on your infrastructure. Also put down their phone numbers, contacts, working times.   Lots of time losses could be solved if the people working with websites would always know whom and how to contact. Make sure each of these people know how to solve common problems like restart the server or know whom to contact in cases they can’t do that.
2. Use at least one monitoring service (like host-tracker.com, webmetrics, etc) or install 2 of monitoring softwares (like nagios) on your servers. If you got one server only, you have to rely on remote monitoring service. The problem is you have limited options on notifying someone from server that has high load or other heavy problems already. Your notification system should work if any of your servers is down. You can purchase a low-cost VDS server and run nagios from there if you got one server only. Check if your hosting company provides some monitoring, however you should implement some simple monitoring outside your hosting company  as well. Sometimes the hosting company goes down completely, although it is rare cases.
3. SMS/pager notifications are the best way to be informed in my opinion and you should not rely too much on email notifications. There are some desktop applications as well.
4. Consider hiring server administration from company rather than hiring single admin. Just make sure the company has couple admins and at any time during the day there is a person responsible that supervises servers. Hiring administrator is better when there are larger amount of servers and you can afford hiring more than one of them.
5. Have a backup and worst case plan. What is worst case? Just imagine your hosting company went down. What would you do next? You should have backups in reliable place (like NAS) and alternatives for any companies you work with that are related to your hosting.

Anything else? Comment bellow.

AntivirusBest is a scam – a parasite designated to capture your attention with multiple popups or fake security center alerts, and then convice you to pay for its full version. It is not different to other rogues from 2009 batch – that is it has no useful capabilities and only pretends to scan your PC for infections.

The main problem with AntivirusBest is that you might get its popups without downloading anything intentionally. This is due to fact, that rogue parasites are spread with help of trojans or worms, that infect your PC or are hidden in some shareware, fake codecs or images. Removal of these parasites is tedious and most important fact, as they leave your computer exposed to more infections, like keyloggers, or other spyware. Thus seeing simple popups might be sign of bigger problems than simple AntivirusBEST rogue.

I recommend spyware doctor or malware bytes anti-malware for removing AntivirusBEST. These tools are reputable and will not damage your PC. Also, for more advanced users here are manual AntivirusBEST removal instructions.

Contraviro… does this name sounds familiar? Yeah, it is a slight variation of ContraVirus, a rogue active a year ago. It looks like Contra Viro method is timeless : push infections in fake video sites, or add a Trojan present to some crappy shareware. After that, wait push fake security alerts into the botnet of infected PCs. Contraviro alerts will shows exaggerated reports of infections, or maybe some fake hacker attacks that cannot be stoped unless you download and buy full version of this scam.
Funny enough, Contraviro got “flexible” payment model as well. You may be charged for 50 or 100 dolars depending on the wish of these scam developers. Of cause, your credit card details will be sold further as well, so it is not so good idea to pay for this scamware. If you had, contact your bank and stop all charges for Rogue applications.

I recommend getting rid of Contraviro with these instructions as soon as possible. Alerts promoting it shows that you already got an infection and that you should take care of your PC security. Failing to do so might lead to loss of sensitive information due to various spyware parasites that might be uploaded to your PC by creators of these parasites.

Privacy center is quite annoying piece of rogue anti-spyware programs because it uses multiple trojans for spreading around. The problem is, most of single removers fail to remove all versions of these Trojans now, as it is stated in comments of these Privacy Center removal tips.  Thus an infection might be a big problem.  

So, how to deal with such infection like this one? I would use couple of tools to ensure one’s system is clean. First, I am recomending Spyware Doctor as primary spyware remover – it has quite big database and reliable detection scheme. Also, Spyware doctor should take care of parasites that block legitimate websites. However, it might miss some trojans, thus one needs alternative tool to detect left-overs. Leave Spyware Doctor real time protection running and download malwarebytes anti-malware ( http://www.malwarebytes.org/mbam.php ).  It allows free scan, though you would have to pay for real-time protection. This should take care of the rest.

Just remember, anti-spyware program alone can not provide 100% security of the system. You have to update windows and scan your PC with anti-spyware and anti-virus programs periodically. Also, a good firewall program like comodo firewall is strongly recommended to keep unwanted applications like Privacy Center out of your system.

Conficker (latest one is Conficker.C) is one of the few malwares nowdays that bring something new in the market that relies on new names and new skins only. The thing distinguishing it from crowd is unique registry modification scheme that makes its removal difficult for comon spyware removers.

The trick used by Conficker.C is seting up registry permissions instead of inserting registry keys only. And you can not modify registry permission from the lowest leaf of affected tree – you need to traverse whole tree and start modifying it from top node. Thus removal instructions, just stating that you need removing single node  like

HKCUSoftwareMicrosoftWindowsCurrentVersionRun[Random String] = “rundll32.exe [Worm Executable], [Random String]”

are not fully correct. You need to check and fix the whole tree!.

There are couple dedicated tools that help you with removing Conficker and similar parasites. One of them is produced by enigma software group – conficker remover. Though I would suggest using complete spyware remover like Spyware Doctor or Malwarebytes Anti-Malware.