How to Remove Virus w32/ w32 Removal Tool

[ad name=”new”]

I’ve removed viruses with W32 in their names, on hundreds of computers, and they’ve all been difficult to remove. W32 Fasec and W32-Patched kg are two of the most common and stubborn. Usually w32 are video codec or flash drive viruses. That means you got it from downloading a video codec or from an infected flash drive or stick. W32 means they are rootkits, embedded in the root in the system32 section of Windows, as the name w32 implies. They aggressively disarm anti-viruses and anti-spyware by not allowing the anti-malware to run even in Safe Mode.

I’ve been able to run Avast in Safe Mode to make the first inroad to removal. Then I zap them with Combofix and Malwarebytes. That usually does it.

I imagine most techs reformat the hard drives of the computers infected with this virus, since a repair install doesn’t remove it. Reformatting isn’t necessary and hard on the client (that means you). However if your tech insists, ask him or her to back up your data before reformatting. Then immediately install Malwarebytes and either AVG or AVAST on your clean install. If he won’t save your data, get a different tech and show him or her this post. You don’t have to lose everything, really, you don’t.

This is what I do with anything spyware or virus w32. The w32 action plan! The W32 Removal tool! Ta da. I boot into Safe Mode by tapping the F8 key as the computer boots up. You have to tap at the right point or else you’ll just boot back into the normal mode, so try again if that happens. You should get a black and white screen with several boot options. Pick Safe Mode with Networking. “With Networking” means your internet will work. (In regular plain old Safe Mode it doesn’t.) Then you’ll get a question about whether you really want to go into Safe Mode or if you want to use System Restore. Yes, you do want Safe Mode. While in Safe Mode go on the Internet. Type “” into the address bar.

This photo shows the address bar of the Firefox browser.
 Whatever browser you have, type "" into the address bar. Or click here. After downloading Avast, run it. It may ask you to do a boot scan. Say yes. Otherwise let it startup and you’ll get the funny silver-looking interface, which looks like a radio to me. Click the update button. The update button looks like Harry Potter’s scar or a lightening strike. After updating run Avast again. You may have to keep going back into Safe Mode.

After Avast runs and gets rid of some of the w32, then download and run ComboFix and Malwarebytes.

With ComboFix, just follow the prompts and ignore all the dire warnings about using it without a helper, I’ve used it hundreds of times without one bad incident. If you can’t disable your antivirus as ComboFix suggests or don’t know how to disable it (has anyone tried to disable Norton or Mcafee single-handedly? Good luck, they’re impossible to disable especially if you’re infected with a virus) just go ahead anyway. I do, all the time. Your computer is terminal anyway if you don’t use ComboFix at this point and it can only help. While Combofix runs it will install Recovery console, scan for viruses, reboot your computer and create a log file.

After ComboFix, use Malwarebytes. I find it easy to run. Install it, then go to the Update button, then to the Scan. Do a quick scan first. Then a full scan.

Now you’re safely on your way home from the dangerous wilds of the w32 wilderness. You’ve fought off the w32 beast!! You’re a Ducktoes hero. Your on your way home, your way home.

Let me know how it goes.

Ms. Da toes
[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

How to Remove Starware

[ad name=”new”]

I removed Starware from a photographer’s computer this week. The computer was oppressively slow and Outlook was crashing a lot. My client couldn’t work efficiently, since the interruptions slowed down the work he could do in a day. He was sooo frustrated.

Starware took a tenacious hold of the operating system. It’d installed hundreds of registry keys, files, and applications. The apps were running in the background, making the compute insufferably slow. All for one harmless-looking toolbar.

If you must have a toolbar cluttering up your browser, use Google’s or Yahoo’s. And indeed, it seems you must have both of them, since they are omni-present, appearing out of nowhere onto your browser with one mindless click of the mouse. It’s hard not to have them, whether you want them or not. But I digress..

After removing Starware, the computer acted normally and Outlook worked again. The photographer could get on with his business.

Starware is a good name, since it was designed by someone much like a character out of Star Wars, not a hero like Hans Solo, but a Darth Vader who callously likes to muck up people’s lives and businesses by damaging their computers. Someone who’s sold out to the dark side.

To remove Starware, I used Malwarebytes. To download Malwarebytes, click here. Or go there by typing in your browser’s address bar. Be sure to update before you scan.

And take care out there.

Oh, baby, baby it’s a wild web.

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

How to Fix Sysguard, Win32 Patched-Kg, and Malware Alerts

[ad name=”new”]

This week I found a new type of virus: Sysguard, Win32 Patched-Kg, and Malware Alerts difficult to remove. The usual ways of removal didn’t work since these spyware/viruses suppress ComboFix and Malwarebytes and keep them from running. I had to run Avast first. The boot scanner in Avast made the first dent in the viruses armor. After that I could run the other programs. I’ve been using Avast all week, for the first time on a regular basis, and am grateful for it’s effectiveness. Avast will probably help in all viruses that suppress installation or running of anti-spyware or anti-viruses.

So if you have a difficult virus, follow these steps:
1. Download Avast. Install and run it. It will run automatically and usually, if you have Sysguard, Win 32 Patched-Kg, or Malware Alerts, it’ll find a virus right away. Then it will want to run a bootscan. Let it. The bootscan should remove enough of the virus that you can now update Avast and run it again. So make sure you Update Avast. Click the button that looks like a lightening strike or Harry Potter’s forehead.

2. After updating and running Avast again, you can now download and run ComboFix. It will automatically delete some bad virus files.

3. Then download, run, and update Malwarebytes.

Let me know if this works for you or if you have another suggestion or comment.

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

How to Remove Privacy Center

[ad name=”new”]

The other day I fixed a computer infected with Privacy Center. The name made me laugh since the privacy offered by this rogue program is like walking naked downtown and handing out your credit card numbers, e-mail address, and cell phone number at the same time. Malwarebytes cleaned it up quite easily. All you have to do is download, save, and run Malwarebytes. It should update automatically the first time you use it but after that you’ll need to click the Update tab manually to get the updated malware definitions. Run Malwarebytes once a week or more to protect yourself.

And as always your comments are very welcome.

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Downandup or Conficker USB Worm Prevention and Removal

[ad name=”new”]

Ms. Ducktoes is really busy removing spyware and replacing power supplies today, but I’ve noticed an influx of this new worm. So I thought I should warn you. It’s called the Downandup/Conficker worm. Millions of computers are infected. To avoid getting it, turn off Autoruns on your computer. Click here to learn how to turn off Autoruns.

To fix or remove Downandup or Conficker worm, there are these free removal tools:

Then run the usual Malwarebytes et al as in this post on Free Anti-spyware just to get rid of any remaining spyware. More later, my chickadees.

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather