Category Archives: anti-virus

Latest Entries

How to remove hidden Windows malware with GMER

WindowsGMER is a free anti-malware tool that is useful to have in your Windows PC armoury. The GMER application is a very powerful tool and for the novice might feel daunting. It will work on all PCs (XP or later) but is well suited to those running 64-bit.

You want to remove a hidden malware (mainly rootkits) that hasn’t been completely removed by another Anti-Rootkit application, then you should download GMER. www.gmer.net This rootkit remover scans for hidden process, threads, modules, services, files, disk sectors; alternate data streams; registry keys; drivers hooking SSDT; drivers hooking IDT; drivers hooking IRP calls and inline hooks.

  • Download GMER EXE* and run the file ‘2m1tnvv0.exe’ (latest version)
  • Wait for software to load and then click > Scan
  • Optional – you can choose > Quick scan or C:\
  • Optional – on first scan tick all the boxes on the right i.e. System; Sections; IAT/EAT; Devices etc)

*Don’t trust the download file? Why not use http://code.kliu.org/hashcheck/ to check the hash.  GMER.exe SHA256 can be found at www.gmer.net

This scan will take some time and will impact the performance of your PC. GMER uses considerable memory, so I suggest you run this with no other programs running. You can see how much memory processes GMER consumes by opening > Windows Task Manager.

Posted in anti-virus, malware, windows | Tagged , , , | 0

How to disable built-in Windows bundled components

WindowsMicrosoft doesn’t make it easy for you to uninstall built-in Windows bundled components (software) such as Internet Explorer, Windows DVD Maker and Windows Search. These built-in programs might be causing performance issues (i.e. storing unnecessary cache and Registry files) or taking up too much storage space.

Prior to Windows 7, you could not disable the bundled components. So, if you downloaded and installed Firefox as your primary browser, you couldn’t disable Internet Explorer to save resource. That all changed with Windows 7 which introduced a hidden tool for switching Windows bundled software off. The tool is called ‘optionalfeatures’ which will allow you to disable the built-in Windows components (including sub-components) . This features works with Windows 7, 8 and 8.1.

  • Go to Start menu or Start screen and type > optional features
  • Click > optionalfeatures in the list of results
  • Windows Features tool (windows) appears – you can tick (enabled) and untick (disabled) any number of built-in Windows components
  • Click > ‘+’ symbol – this allows you to manage the sub-components
  • You will then need to restart your computer

Note: My advice is to be extra careful when disabling certain components. Google a component to understand what it does first!

Posted in anti-virus, malware, privacy, windows | Tagged , , | 0

How to remove the GoSave Windows browser extension

WindowsGoSave is bundled ad software, often referred to as ‘adware’ which displays pop-ups and ads on web pages that you visit. It is commonly found to target the Windows operating system. How might this find its’ way onto your computer? You might have downloaded this from a download.com website as part of a software bundle.

GoSave is a software program that installs a browser extension. The browser extension will be found in Firefox, Internet Explorer and Google Chrome. It is designed to be very difficult to remove. The following step-by-step was tested on Windows 7 and works on the latest variant of GoSave. Here is how you can remove the GoSave application and browser extension(s):

  • Open Control Panel > click > Uninstall a program under ‘Programs’ category
  • Scroll through the listing and look for currently installed programs. There isn’t a definitive list of programs that come bundled with GoSave, so you will have to check each program carefully
  • Use Revo Uninstaller if you experience problems uninstalling a program
  • Next – download and install AdwCleaner and Junkware Removal Tool
  • Close all open programs and browsers and open AdwCleaner – click > Scan
Posted in anti-virus, browser, google, malware, privacy, windows | Tagged , , , | 2

How to check Java updater for Windows is genuine

Java icon_largeNOTE: This post is applicable to all Windows versions, but for the benefit of this post I used Windows 7 Pro SP1.

Jucheck.exe is a Java update verification process which notifies users when new Java updates are available. I’ve seen instances of Jucheck disguised (as a Trojan) that keep prompting the user to allow a “malicious” copy of Java to make changes to your computer. It’s nagware in behaviour and will no doubt encourage users to click > Yes – don’t! You will then invite malware and backdoors onto your computer.

Suspicious Java updaters will normally install to %Temp% or %Windir% folders. If this has happened to you, you should run an anti virus software immediately or rebuild your computer.

How can you confirm you have a genuine Java updater installed? Easy. A genuine Java Updater would be signed by the Publisher > Sun Microsystems, Inc. or Oracle America, Inc.

When the ‘User Account Control’ (UAC) appears and the Publisher is “Unknown” – DO NOT INSTALL! Click > No. (You can also restart your computer without clicking > No too). If you see ‘Sun Microsystems’ this should confirm it’s authenticity. Also, you can use Java Control Panel to View and manage Java Runtime versions and settings for Java applications and applets (see Java Control Panel section below for more information).

Posted in anti-virus, malware, windows | Tagged , , , , | 0

Android real-time APK scanning in Verify app

Google_play_smallGoogle are working on rolling out security improvements to Verify app, which is an application-based anti-malware feature (part of Google Play Services) on the Android platform. Verify app was first introduced with Android 4.2, which scans new apps at download and install as well as paying close attention to those that side-loaded apps (downloads from third-party markets).

This security feature will either disallow or warn you prior to installation of an app it suspects as being suspicious. For those of you who do not know where to find Verify apps, here is how: Settings > Security > scroll down to DEVICE ADMINISTRATION – you should then check that Verify apps is ticked.

An important note: When you verify applications, Google receives log information, URLs related to the app, and general information about the device, such as the Device ID, version of the operating system, and IP address.

After upgrading to Android 4.2, Verify app should always prompt you when you install an app. It did this but wasn’t really that good at detecting malicious APKs. Google’s Bouncer is the cloud-based platform that should stop most malicious APKs but if it doesn’t then Verify app would. The problem is, that apps are still getting through both security layers. Google is therefore planning to release Verify app with a real-time scanning capability, which I believe will work alongside another verification system on the Play Store Servers called Bouncer (above).

Posted in android, anti-virus, malware, mobile, privacy | Tagged , , , | 1