Tag Archives: windows xp

Latest Entries

How to remove hidden Windows malware with GMER

WindowsGMER is a free anti-malware tool that is useful to have in your Windows PC armoury. The GMER application is a very powerful tool and for the novice might feel daunting. It will work on all PCs (XP or later) but is well suited to those running 64-bit.

You want to remove a hidden malware (mainly rootkits) that hasn’t been completely removed by another Anti-Rootkit application, then you should download GMER. www.gmer.net This rootkit remover scans for hidden process, threads, modules, services, files, disk sectors; alternate data streams; registry keys; drivers hooking SSDT; drivers hooking IDT; drivers hooking IRP calls and inline hooks.

  • Download GMER EXE* and run the file ‘2m1tnvv0.exe’ (latest version)
  • Wait for software to load and then click > Scan
  • Optional – you can choose > Quick scan or C:\
  • Optional – on first scan tick all the boxes on the right i.e. System; Sections; IAT/EAT; Devices etc)

*Don’t trust the download file? Why not use http://code.kliu.org/hashcheck/ to check the hash.  GMER.exe SHA256 can be found at www.gmer.net

This scan will take some time and will impact the performance of your PC. GMER uses considerable memory, so I suggest you run this with no other programs running. You can see how much memory processes GMER consumes by opening > Windows Task Manager.

Posted in anti-virus, malware, windows | Tagged , , , | 0

How to use the Windows hosts file to block adverts

WindowsOnline advertising is an important industry for job creation, but unfortunately there are still many advertising companies that use aggressive (including Windows circumvention tactics) to deliver software bundles and with that all sorts of misleading webpages (think those download buttons!) and annoying and malicious adverts.

For the most part adverts which are not intrusive (this doesn’t include persistent cookies) and or follow you from site to site, are a fact of life and necessary if you want to consume online content without having to pay for it.

Some of my readers might already use ad blocking plugins such as AdBlock, but there is another way to block adverts by editing the Windows ‘hosts’ file. This file is your Windows address book for website domains. Every time you type an website address into your browser, the ‘hosts’ file will log it.

Note: All website domains are translated into IP address’s which then allow you to connect to that website. The ‘hosts’ file can also be used to block any web address from accessing your computer. It’s this blocking feature that I will discuss in this post.

Here is how you can block adverts from appearing in your software and your ad-supported software:

Posted in browser, google, privacy, windows | Tagged , , , , | 2

How to remove the GoSave Windows browser extension

WindowsGoSave is bundled ad software, often referred to as ‘adware’ which displays pop-ups and ads on web pages that you visit. It is commonly found to target the Windows operating system. How might this find its’ way onto your computer? You might have downloaded this from a download.com website as part of a software bundle.

GoSave is a software program that installs a browser extension. The browser extension will be found in Firefox, Internet Explorer and Google Chrome. It is designed to be very difficult to remove. The following step-by-step was tested on Windows 7 and works on the latest variant of GoSave. Here is how you can remove the GoSave application and browser extension(s):

  • Open Control Panel > click > Uninstall a program under ‘Programs’ category
  • Scroll through the listing and look for currently installed programs. There isn’t a definitive list of programs that come bundled with GoSave, so you will have to check each program carefully
  • Use Revo Uninstaller if you experience problems uninstalling a program
  • Next – download and install AdwCleaner and Junkware Removal Tool
  • Close all open programs and browsers and open AdwCleaner – click > Scan
Posted in anti-virus, browser, google, malware, privacy, windows | Tagged , , , | 2

Stop nagware badware with Windows Process Hacker

WindowsProcess Hacker (a useful replacement for Windows Task Manager) is a Windows operating system open source tool that allows you to take a closer look at what is going on within your browser and active programs. This might involve identifying and blocking rogue toolbars or pop-ups.

As we know stopping badware (not necessarily adware) from running and being difficult to remove from your computer and or browser can be quite a challenge. Not all ‘adware’ is suspicious/malicious and or slows down your PC. It’s worth remembering this when using Process Hacker.

Download and install Process Hacker http://processhacker.sourceforge.net/ Here is how you can identify and stop nagware and badware on your computer using Process Hacker:

  • Open Process Hacker and load the default Processes tab
  • Scroll down to ‘explorer.exe’ and identify the browser you are using (i.e. chrome.exe)
  • Chrome.exe (example) is running – look for ‘child’ processes that stem from it
  • Most of the chrome.exe processes will be yellow, which means that they are safe
  • Some chrome.exe processes might be red, which indicates suspicious activity
  • Red processes are stopped and removed automatically (actually hidden from view)*
  • To view hidden processes on 32-bit Windows systems only Click > Tools > Hidden Processes**
Posted in browser, google, privacy, windows | Tagged , , , , | 0

How to check Java updater for Windows is genuine

Java icon_largeNOTE: This post is applicable to all Windows versions, but for the benefit of this post I used Windows 7 Pro SP1.

Jucheck.exe is a Java update verification process which notifies users when new Java updates are available. I’ve seen instances of Jucheck disguised (as a Trojan) that keep prompting the user to allow a “malicious” copy of Java to make changes to your computer. It’s nagware in behaviour and will no doubt encourage users to click > Yes – don’t! You will then invite malware and backdoors onto your computer.

Suspicious Java updaters will normally install to %Temp% or %Windir% folders. If this has happened to you, you should run an anti virus software immediately or rebuild your computer.

How can you confirm you have a genuine Java updater installed? Easy. A genuine Java Updater would be signed by the Publisher > Sun Microsystems, Inc. or Oracle America, Inc.

When the ‘User Account Control’ (UAC) appears and the Publisher is “Unknown” – DO NOT INSTALL! Click > No. (You can also restart your computer without clicking > No too). If you see ‘Sun Microsystems’ this should confirm it’s authenticity. Also, you can use Java Control Panel to View and manage Java Runtime versions and settings for Java applications and applets (see Java Control Panel section below for more information).

Posted in anti-virus, malware, windows | Tagged , , , , | 0