This is what the HDD Virus (Malware) looks like

The HDD virus advertises itself as a legitimate program, a hard drive defragmenter, but it’s really malware. If you fall for their ploy while trying to defragment your hard drive, you won’t be the first, since we’re seeing many infected computers in the Ducktoes virus lab.

To get rid of HDD virus:

1. Download and run Malwarebytes. Click here to get Malwarebytes. If you have trouble downloading and installing Malwarebytes, start in Safe Mode, by tapping the F8 key while booting. Then pick “Safe Mode with Networking.” Either way, you’ll need to update and run the program. Restart the computer.

2. Next download and run either AVG or Avira. These are both excellent anti-viruses and both free for home use.

3. Then just to be safe, download and run Super-Anti-Spyware.

You should now be HDD Virus Free.

The next blog post will be about good, safe legitimate defragmenters, so stay posted.

If you’re having trouble removing viruses from your computer and you live in Calgary, come to our shop at 902 Centre St. NE right outside downtown or give us a call. We’re Ducktoes Calgary Computer Repair and Virus Removal.

Outside of Calgary, you can use Bleeping Computer to fix your computer for free.

If you need computer repair click here or IT business services click here.

I just fixed an odd virus: the “Open With” Virus. Everything I tried to open including my usual anti-virus programs prompted a dialog box asking what I wanted to open the AVG with. Of course that’s silly, you can’t open AVG with another program like Microsoft Word or Adobe Reader. It kept me from doing anything. That’s why it’s called the “Open With” virus. The virus asks, What would like to open that with? Oh, I think I’ll open Internet Explorer with Civilization 4 (I have sons). And I’ll open itunes with Instant Messenger. See, it doesn’t make sense, and moreover it doesn’t work, in fact nothing works, and you are stuck. You are deep in the doo doo of Malwareland.

You're in the deep doodoo of Malwareland.

Some techs say you have to reformat if you get this virus, but Ms Ducktoes hates that word “reformat”. I’ve seen it make a grown man cry. And then when he cries, I cry, and then I get a sinus headache and my mascara runs down my cheeks. So I find it much better and less embarrassing to do this instead:

Right click on the program you want to run, such as AVG. From the choices displayed, click on “Run as” and pick your own user. There’s a box you have to uncheck too. I ran AVG and it quarantined the virus. Then I was able to do the usual virus clean up.

But if you don’t have an anti-virus on the computer already what do you do? Install Malwarebytes on another computer. You’ll get a set up icon on your desktop. Stick a flash drive (you can buy them at any electronics store) into the usb port and go to My Computer (Start > My Computer, or just “Computer” on Vista) and you’ll see all your drives, your hard drive or drives, your dvd player, and now the flash drive. Click on the flash drive. A window will open. Now drag the set up icon of Malwarebytes into the flash drive’s window. Remove the flash drive.

Then put the flash drive into the infected computer. It will probably have to install as a drive. Go to My Computer. Find the Malwarebytes set-up icon. Right click on it and “Run As” your user. Let it install and run and do it’s thing.

After that go to this page on my blog, click these words here and follow the rest of the instructions.

If you want, Ducktoes Computer Repair can fix your virus. Click here to read more about our remote service. Or click here to book remote appointment. http://ducktoes.com/book_online.php We’ll get back to you.

1.First I ran Combofix. (I did this in Safe Mode with Networking.)

To get into Safe Mode, I had to tap F8 as the computer booted. If you tap at just the right time, a list of options in black and white is displayed on your screen. If you get the usual Windows boot up, you’ve missed Safe Mode so you’ll have to restart and tap again.

Pick Safe Mode with Networking. Then you’ll see a message asking if you’re sure you want to go into Safe Mode or if you’d rather use System Restore. Click yes you do want to go into Safe Mode. In Safe Mode you can then download and run Combofix.

When you get to the page, you’ll have to scroll down. I usually pick the Bleeping Computer link.. you’ll have to scroll down. It looks like this.

This is a photo of the Bleeping Computer website where you download Combofix.

Download Combofix here.

If you can’t download or run Combofix then you have very serious virus problems so see this post.

After I ran Combofix, enough spyware had been removed so that I could do the following in regular Windows mode.

2. Downloaded and installed AVG.

3. Downloaded and installed Malwarebytes.

4. Ran Malwarebytes. Malwarebytes caught quite a few Trojans. Also when I ran Malwarebytes, AVG’s residential shield caught a few more things that Malwarebytes going through the files seemed to stir up.

4. Ran a full scan of AVG. The AVG is what caught our friend Trojan Horse Clicker.

I removed Starware from a photographer’s computer this week. The computer was oppressively slow and Outlook was crashing a lot. My client couldn’t work efficiently, since the interruptions slowed down the work he could do in a day. He was sooo frustrated.

Starware took a tenacious hold of the operating system. It’d installed hundreds of registry keys, files, and applications. The apps were running in the background, making the compute insufferably slow. All for one harmless-looking toolbar.

If you must have a toolbar cluttering up your browser, use Google’s or Yahoo’s. And indeed, it seems you must have both of them, since they are omni-present, appearing out of nowhere onto your browser with one mindless click of the mouse. It’s hard not to have them, whether you want them or not. But I digress..

After removing Starware, the computer acted normally and Outlook worked again. The photographer could get on with his business.

Starware is a good name, since it was designed by someone much like a character out of Star Wars, not a hero like Hans Solo, but a Darth Vader who callously likes to muck up people’s lives and businesses by damaging their computers. Someone who’s sold out to the dark side.

To remove Starware, I used Malwarebytes. To download Malwarebytes, click here. Or go there by typing http://malwarebytes.org in your browser’s address bar. Be sure to update before you scan.

And take care out there.

Oh, baby, baby it’s a wild web.

Hey the other night, I was at a house in Northeast Calgary that had a huge tv on the wall right in front of the computer. So I got to watch the Flames game while I fixed the computer which had the nasty and new Gaopdx rootkit. It was an exciting evening with a really close game on the wall, and a really close fight with the computer..We all won in the end, both the Flames and Ms. Ducktoes. I used Malwarebytes and Combo Fix to remove the potent rootkit.

Ducktoes is on her way, saving computers everyday!!! It took me a couple of hours since Gaopdx made the computer so slow. And the usual anti-spywares and anti-viruses didn’t work.

Malwarebytes removed these parts of the Gaopdx: Trojan.Agent and Trojan.DNSChanger, but not the rootkit itself. ComboFix removed the rootkit.

Since the malware would not let me download anything in Normal mode, I had to go into to Safe Mode to download both Malwarebytes and ComboFix.

This is what you need to do:
Click here to download Malwarebytes and here for ComboFix.

But if your browser won’t let you download them, then you’ll have to go into Safe Mode by restarting the computer. As the computer reboots, tap the F8 key several times. You should get a black and white screen listing several options. Pick “Safe Mode with Networking.” When Safe Mode starts Windows you’ll be asked if you want to continue. Pick “Yes.”

Now click here for Malwarebytes. Download the free version unless you’d like to buy the full one. It’s a great program. Then download and run ComboFix. There’s also a tutorial. Read it to learn how to run the program. ComboFix removed the Gaopdx rootkit completely.

Whew, that was a close one!!!

Ms. Ducktoes is really busy removing spyware and replacing power supplies today, but I’ve noticed an influx of this new worm. So I thought I should warn you. It’s called the Downandup/Conficker worm. Millions of computers are infected. To avoid getting it, turn off Autoruns on your computer. Click here to learn how to turn off Autoruns.

To fix or remove Downandup or Conficker worm, there are these free removal tools:
ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

Then run the usual Malwarebytes et al as in this post on Free Anti-spyware just to get rid of any remaining spyware. More later, my chickadees.

Sometimes computer repair jobs turn into something else. Sometimes Ms. Ducktoes is sitting quietly, concentrating on a computer and the client starts to talk, and before Ms. Ducktoes can say, “I think your hard drive is going bad,” she finds herself in the middle of a sensitive personal disclosure.

Other times people request services that Ms. Ducktoes doesn’t do. Like installing spyware.

Yesterday, Friday, a man called Ms. Ducktoes. I’ll call him Henry. Henry said he was worried about spyware on his computer. But when I arrived at his door, it turned out what Henry really wanted was a program that would secretly track everything done on his computer, all e-mail, all websites visited, all Instant Messenger chats. So he’d have a backup, he said.

I stared. “You want a keylogger for a backup?”

Henry, probably hearing the incredulity in my voice, turned pale. “What’s a keylogger?” he said.

“A keylogger is a type of spyware that records every keystroke typed on the keyboard and sometimes take screenshots of websites visited and e-mails viewed.”

He said, “Yes, that’s it, a keylogger.”

When I sat down in front of his computer, the screen displayed only one user: Naomi. “Who’s Naomi?” I asked.

“My wife. It’s her computer.”

“Does Naomi know you’re making a backup of everything she does on-line?”

His voice came out shaky. “Yes,” he said.

“Okay,” I said, “but. it can’t be secret. It has to give Naomi a warning the keylogger is recording her every keystroke.” I sat up straigher. “Otherwise it’s spyware.”

Henry raised his voice. “But I need to see what -.” He screwed up his face like he might cry.

“You need to see what she’s doing?”

He nodded and started to cry into his hands. “I think she’s seeing someone. Having an affair. She instant messages until late at night. She takes long lunches and is really distant. But she denies it so I need proof.”

I patted his shoulder. “Oh, I’m so sorry, Henry, but surely that’s not the best way.”

“I’m in so much pain,” he said.

“Yes, I’m sure you are. That’s a terrible thing to go through.”

He looked up, surprised.

“I’ve been down a road or two,” I said. “Or three. But can I tell you something I’ve learned from lots of counseling?”

Henry nodded.

“Spying isn’t going to relieve your pain or solve your problems. Spying just makes you a victim, too needy, too wrapped-up in Naomi’s activities, and too desperate. You need to do something positive, something for you. Something to raise yourself out of the emotional muck. Something to give you your dignity back.”

Henry nodded solemnly. “Like what?” he said.

“Well, you could exercise, and get buff, or take a class in something you like, or take a trip. Maybe get counseling.”

“I don’t feel like doing anything,” Henry said.

“No, probably not. But doing something fun or positive would relieve your obsession about your wife a bit. Would make you more attractive.”

“To Naomi?”

“To yourself. To heck with Naomi.”

He looked farway. “Maybe I’ll go skiing for the weekend. By myself.”

“Good idea,” I said. “Now give me some computer work to do.”

“Why?”

“Because I have to charge you my minimum charge anyway.”

So I took Henry’s own computer back to the shop and removed 259 spyware and viruses from it and really sped up its boot time. Then I called his cell. He didn’t answer but he did eventually call back from a hot tub in the mountains. His voice sounded quite serene. He said that his wife kept calling but he wasn’t returning her calls yet.

I know how tempting it can be to spy on your spouse’s or partner’s computer if they seem to be straying from you and the marriage. But its not an action that will help. If a marriage isn’t working for you don’t need spyware to act. Act from your own needs and desires. Do something to enhance your interest and joy in life and the world. Something positive and life-affirming. Your new outlook will be attractive to others.

You don’t need to buy spyware to save your marriage. An alternative might be the wonderful newsletter from the “Keep your Marriage” website. I’ve found it quite helpful and interesting. Their book was good too. It really helped me in making it through a bad time in my marriage and life.

There’s a new USB worm about. It loads on your computer when you stick an infected USB drive (Flash memory drive) into a USB port or an infected CD into the CD drive. Since it installs through the Autorun function on Windows, this type of worm is easy to prevent. Simply turn off Autorun.

To turn off Autorun do this:

1. Go to Start button then Run.
2. Type in “gpedit.msc” without the quotes.
3. The Group policy window will open.
4. Choose “System” under “Administrative Templates.”
5. Find “Turn off Autoplay” and double-click it.
6. You’ll see three choices with radio buttons (round check boxes) in front of them: Not configured, Enabled, Disabled. Pick “Enabled.”
7. Underneath the radio buttons you’ll see the words “Turn off Autoplay on.” Choose “All drives.”

Not only will this prevent the USB worm, it will also let you play some CDs without all the manufacturers’ restrictions.

Yes, it’s true, there’s a virus from Facebook called Koobface. If you haven’t noticed, Koob is “book” backwards. If let to run it’s course, Koobface will turn your Facebook account backwards too, or at least inside out. It’ll also infect your computer system. You’ll notice it takes longer to go from website to website. And sometimes when you search on Google, you may get a different search engine instead, a lame, bogus search engine whose primary purpose is to promote its ads. It’s adware.

Facebook suggests you immediately change your password and run a good anti-virus. A GOOD one. If you want the best try Spyware Doctor with Antivirus, the highest rated anti-spyware around.

Here’s a site that tells you how to fix your system.

Please feel free to comment and let me know how Koobface affects your Facebook account and your computer.

I’m concerned. Today while researching the Hallmark card and postcard.exe virus, I got these results on Google.

Image of Google Results

The highlighted result in the middle leads to a download site for Windows XP Antivirus 2008/2009, a rogue Antivirus that is really a deadly virus for your computer. I mean a nasty.

So this is the dramatic scenario, my innocent ducklings, you receive a Hallmark card or other e-card e-mail. You know you are not supposed to open attachments on e-mails especially those ending with .exe or .dll but on this e-mail there are none. So you feel safe. There is a link, however, for you to see the Hallmark card (or other e-card) someone sent you. You click the link. Instead of an ecard, your computer fills with the Hallmark card virus, and depending on what variant you download, a pretty bad virus.

Your computer is now looking and acting strange. You’re worried. You search online for solutions. You search for “Hallmark card virus removal”. You get results such as the ones above. You may luck out and click Ducktoes or another legitimate antispyware site or you may click a link to the fraudulent rogue anti-virus Windows XP Antivirus 2008/2009 above. Immediately your computer starts to fill with an even more lethal virus. So now you have one bad virus and one very bad virus.

The fraudulent website looks like this:

Bogus Antivirus Site

Now Ms. Ducktoes has to go to her day job fixing computers and get back to this later. Please be careful until then. Let me know what’s happening to your computer right now, so I have more information on what new variants there are and the type of frustation and problems you’re having, so I can help you more effectively.

Click on the Comment or No comment tag below. Or e-mail me at admin@ducktoes.com.

And the virus removal techniques in yesterday’s post about How to Fix Vundo in Safe Mode should also be quite effective agains the Hallmark Card and Windows XP Anti-virus. Give them a try. Until later.

Also I’m curious. What spyware or virus are you struggling with right now? Or if you don’t know, what symptoms do you have? I invite your comments. Comment here.

I’ve been fixing a few Vundo-infected computers this week among all the Windows XP Antivirus 2008/2009 infections. Vundo was not hard to remove, at least not as difficult as Windows XP Antivirus, but I had to do it in Safe Mode. In the normal mode, the malware kept me from going online. Well, actually, it let me go online but while online wouldn’t let me download any antispyware or tools to fight the malware. And if I tried to start (click on) an antivirus or antispyware, it just didn’t open.

To go into Safe Mode, restart your computer.

As the computer reboots, tap the F8 key repeatedly. A bunch of start up options will appear; pick “Safe Mode with Networking.” A long list of drivers will scroll down your screen in black and white. You’ll be asked if you want to go into Safe Mode, Y or N? Y is for Safe Mode or N is for System Restore. You want Y.

If you don’t tap F8 at just the right time, you’ll end up in normal Windows. Just reboot and try again.

Once in Safe Mode, go online, and once online, come back to this blog http://ducktoes.com/blog (or just bookmark this page) and click here to download Malwarebytes Antispyware.

After it’s installed, update and run Malwarebytes Antispyware. Remove the spyware and malware.

Now reboot and download SD Fix. If your computer is still too infected to download anything, boot into Safe Mode with Networking and download SD Fix from there. Either way, click on the icon and run it.

If you aren’t in Safe Mode already, reboot into Safe Mode.

Click on My Computer, then on the C drive. At the top of the C drive, look for a folder that says SD Fix. Open it. Inside the folder you’ll see a file that says RunThis.bat. Click on it. It will run a program to clean up the Trojans. Type Y to begin. SD Fix will delete all the spyware or trojans it comes across. Then you’ll be asked to type any key to restart the computer. Do it, type a key.

Your computer will reboot. As it does, it will finish cleaning up the malware it has found.

After this, your computer should behave much better.

Ms. Ducktoes is still in a flap due Windows Xp Anti-virus 2008/2009. Too many people are losing everything on their computers and having to reformat their hard drives. People are losing irreplaceable family photos. Businesses are losing all their contacts and documents at enormous expense.

If your computer is infected, you can fix it without losing your precious photos, music, business data, and files. Spyware Doctor with Antivirus is one easy, no fuss solution. And as a bonus, afterward, your computer will be safe against future infections of other types of malware. Otherwise if the malware progresses, you’ll may lose everything and end up hiring a tech to reinstall your operating system. Save yourself a lot of trouble and cost now and by using this top-rated anti-spyware. It repairs Windows XP Antivirus and many other difficult malwares.

Windows XP Antivirus 2008/2009 is a rogue antivirus. It is made by criminals in Russia. They’re trying to get your money by invading your computer. Their malware manufactures fake alerts about trojans and spyware right on your desktop. Eventually it’ll wreck your operating system. And if you actually buy this fraudulent product, the owners steal your credit card numbers. And then flood your computer with even more spyware and malware. It can be difficult to remove and hides deep in the coding of the operating system. Once removed, it tends to return.

So all you darling ducklings out there everywhere, never buy anything that creates ads or alerts right on your desktop. No legitimate company invades your desktop (nest-top) like that.

The creators of this destructive malware are generating many, many versions of their malware. This is to make it difficult for anti-spyware and anti-virus programs to catch, remove, or heal all the different variants. Elizabeth Rood of PC Tools says, “…last count, we have defined at least 22 variants of the program being offered. They (creators of Windows XP Antivirus 2008) update the program every week, however, so keeping up is tricky. I believe the changes in the program behavior are being randomized via an automated programming method.”

To get rid of this menace once and for all, this is what she and I recommend:
1. Instead of just Spyware Doctor, purchase Spyware Doctor with Antivirus.
2. Update Spyware Doctor with Antivirus and then run multiple scans.
3. After running one full scan, reboot in safe mode (Restart computer, tap F8 as computer starts up, choose Safe Mode.)
4. It typically takes more than one scan to remove it.

I found Spyware Doctor with Antivirus very effective against Windows XP Antivirus. If you just want to get rid of this terrible danger to you computer easily and prevent future dangers of all types, then get Spyware Doctor with Antivirus. It’ll remove Windows XP Antivirus now, at this instant. Click the small ad of Spyware Doctor below.

If you need help with the install, let me know, and I’ll help you via phone or remotely over the computer.

Call 403-483-0105.

Click here for my e-mail.