Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Monday, October 27, 2014

Remove n10.adshostnet.com pop-ups (Virus Removal Guide)

N10.adshostnet.com is a potentially dangerous website that may display misleading pop-up ads on your computer. The problem with those pop-ups is that most of them will suggest you to install programs that are very often detected as Adware.Downware.2519, not-a-virus:Downloader.Win32.Agent.bwfm, RDN/Generic PUP.z!eh and even a Trojan.ADH.2 by Symantec. (VirusTotal scan). I'm betting that you've heard of adware – after all, you're reading this article – but we're also willing to bet that you've been infected by it, whether you realize it or not. I know I certainly have! If you're worried that you might have adware that displays n10.adshostnet.com pop-ups on your computer or other device that connects to the Internet, hopefully I will be able to give you a few pointers on how to tell, how it got there, what it can do, how to avoid it in the future, and what to do about it now.

Explaining n10.adshostnet.com pop-ups

Adware that displays these pop up ads is computer software that displays adverts on your screen whenever you're connected to the Internet. These adverts are often geared towards products or services that you've recently viewed online. How this works is because the adware program, once downloaded, installs a component on your PC or device that monitors the websites that you visit, captures this data and sends it back to the software developer, thus allowing them to customize the adverts that are shown to you. These adverts can be pop-up or pop-under windows, banners, boxes or simply links to websites. Many people find these adverts annoying - but in reality they can have detrimental side affects too. However, n10.adshostnet.com ads may simply promote adware and potentually unwanted programs that will display even more ads on your computer. A good example of such programs would be the Open Download Manager which supposedly downloads videos faster. It might, who knows, I haven't tried it but what this pop-up ad totally forgets to mention is that it will also display ads on your computer.


You certainly do not want to install more sophisticated and aggressive adware on your computer because such adware can:
  • Hijack your browser, tool bar, home page or default search engine and redirect you to websites that the developer wants you to visit
  • Negatively interact with other programs installed on your machine which can cause issues with your operating system - which slows your CPU and Internet connection down
  • It may also affect operating and connection speeds due to your computer having to work harder than normal as the adware component is constantly sending data back to its developer
  • Create vulnerabilities in your PC or device's security by destabilizing it thanks to the issues it causes with other installed programs and your operating system
The good news is that it is easy to tell if you have adware that displays n10.adshostnet.com ads on your machine because adverts are pretty hard to ignore! The bad news is that the actual program and component are usually hidden so deeply that they can be tricky to find and remove.

How do I protect myself from n10.adshostnet.com ads?

There are a few things you can do to defend yourself against annoying ads:
  • Install a reputable anti-malware program on your PC. But don't just install it and forget about it: run it frequently and make sure it's kept up to date.
  • Install a firewall and turn on your pop up blockers.
  • Don't download anything from a third party website – adware is often bundled with freeware.
  • Read License Agreements carefully when downloading from the Internet as adware is overwhelmingly mentioned in the agreement and gives you the option of not installing. Most of us just don't bother to read it however!
Don't take the risk: stop n10.adshostnet.com pop-ups and remove adware that displays them from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



n10.adshostnet.com Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove n10.adshostnet.com pop-ups related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Quiknowledge
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove n10.adshostnet.com pop-ups related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



Remove n10.adshostnet.com pop-ups related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



Remove n10.adshostnet.com pop-ups related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Friday, October 24, 2014

What is tor4pay.com?

Tor4pay.com is a Web-to-TOR gateway controlled by cyber crooks who created the CryptoWall ransomware. They previously used TOR organization's Web-to-TOR gateways but most of them were shut down when organization discovered that CryptoWall was utilizing them. New malicious gateways were identified and blocked within a few hours. Cyber crooks had to create their own gateways if they wanted to stay in business. Unfortunately, CryptoWall payment servers can be reached again which means they can receive bitcoin payments once again.

Tor4pay.com itself isn't malicious. It's just a web page with your OS and IP address information as well as instructions on how to pay the ransom. If you were redirected to this web page then your computer is probably infected by CryptoWall virus.

The updated virus also has unique bitcoin payment addresses and more aggressive file encryption and deletion algorithms. To remove this virus from your computer, please read this removal guide.

Decrypt service

Your files are encrypted.

To get the key to decrypt files you have to pay 500 USD/EUR. If payment is not made before (time/date) the cost of decrypting files will increase 2 times and will be 1000 USD/EUR.



Written by Michael Kaur, http://deletemalware.blogspot.com

Read more

Thursday, October 23, 2014

Remove Groovorio Search Virus (Uninstall Guide)

Groovorio Search (groovorio.com) is a potentially unwanted search engine that comes bundled with freeware downloads. Groovorio Search virus is what most users usually say when they get infected with this potentially unwanted program. If it's becoming more and more of a pain trying to play it safe when you're using the Internet, I feel you. Computer viruses, malware, adware, Trojans and unwanted programs are just some of the threats to our online safety – and our online sanity!

If you've ever experienced the annoyance of having a previously unseen homepage, browser or tool bar suddenly appear on your computer, tablet or other device then, congratulations, you've been a victim of a Potentially Unwanted Program. But how did your home page disappear in the blink of an eye, only to be replaced by an inferior imposter? And, more importantly, how can you stop this happening again?


Sadly there is no definitive solution because no two Potentially Unwanted Programs are exactly alike. In this case, it's a PUP that installs addition web browser components, mostly add-ons, to replace your home page and default search engine provider. It may also install Groovorio toolbar. What is more, it may display pop-ups and insert ads into web pages. Some of the ads are very misleading and may redirect you to shady services and products. About 80% of installs come from the United States. So, it's pretty obvious which country scammers have chosen as the primary target. Some anti-virus engines detect it as malware or a Trojan horse. But whilst the difference between a Trojan Horse virus and a PUP like Groovorio – may be glaringly obvious, even within the PUP community there can be variants. One thing is for certain though, and that it is vital to protect yourself from all types of Internet parasite by installing a reputable anti-virus program on your PC. This is your first line of defense against online nasties and a good anti-virus should find and uninstall most malware. However when it comes to PUPs and browser hijacker, these can be a little sneakier – because they are only potentially unwanted.

Groovorio displays a number of annoying traits: it installs an adware component on your computer which will torture you with an endless stream of pop-up, pop-under and banner adverts, and they will hijack your browser and install one of the aforementioned tool bars. You're used to the way your current tool bar operates and chances are you don't have any burning desire for a new one. Particularly one that has fewer functions than your old one! And that's not all for some tool bars will install software on your computer that redirects all of your Internet searches to websites that the software developer who created the PUP wants you to visit.

It might seem completely mystifying as to how this Potentially Unwanted Program ended up on your machine in the first place but, sorry to break it to you, it was all down to you! Potentially Unwanted Programs including Groovorio are most often found bundled with other software, so when you download the latest episode of your favourite TV show or install a piece of software that creates PDF documents, you may also be installing adware, a PUP or a browser hijacker.

Whilst having a decent anti-virus program installed is crucial, this PUP is able to bypass their security checks due to their status as being possibly wanted – it's a real grey area. However there are things you can do to stay one step ahead of this infection.

Most importantly, you need to pay more attention when you're downloading programs, software or files from the Internet. Don't use third party websites, or sites that you don't trust 100%. You also need to read license agreements carefully and check that any boxes which refer to ‘added extras’ are checked or unchecked depending on the wording. Don't get bitten by a PUP!

There's an official website for this PUP and guide on how to remove it. However, the guide is incomplete and I'm pretty sure they've done this on purpose. Even when you remove Groovorio Search related programs, the malicious browser modifications remain pretty much the same which means you will still be redirect to groovorio.com. And your search results will be redirected to Yahoo Search. By the way, it's quite interesting that this PUP doesn't use its own database and simply returns results from other search engines. So, there's really no reason for keeping it on your computer because it's just imitating a search engine. To remove Groovorio Search and associated malware from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Groovorio Search Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Remove Groovorio Search related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Groovorio Search
  • Groovorio New Tab extension


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Groovorio Search from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Groovorio New Tab, BookmarkTube extensions.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!

Remove Groovorio Search from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Groovorio, BookmarkTube browser extensions. Close Add-ons manger.



3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: groovorio

Now, you should see all the preferences that were changed by groovorio.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Groovorio Search from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Groovorio Search and click Remove to remove it. Close the window.


Read more

Wednesday, October 22, 2014

CryptoWall Malware Removal Guide

CryptoWall is a piece of malware called ransomware which encrypts files with a very strong 2048-bit RSA cryptosystem algorithm. This malware was first noticed at the end of April 2014. Macs are currently susceptible to the CryptoWall malware. Cyber crooks target Windows systems. The latest variants of this malware were digitally signed and delivered mostly by sending mass emails, mentioning something like "UPS invoice week ending 19/10/2014" something about missed delivery with an attached zip file that contains an executable file (.exe), for example this one. I'm pretty sure that cyber crooks could easily target big companies with very well made scam emails. Besides, they are clearly targeting those who have important data and could pay $500 or even $1000 to get the decryption tool. Usually, this malware starts of slowly and invisibly. Why? The reason is simple - it has to encrypt as many files as possible before displaying a notification that your files were encrypted followed by instructions on how to get them back. In other words, starts asking for the ransom. It doesn't damage Windows, so the computer stays usable. Encryption keys that are very important for successful file decryption are securely stored on their servers. So, there's really no way you can get those keys unless you know how to trace and hack those servers. Just for the record, no one succeeded so far.

Do you remember the ancient Greek myth about the Trojan horse? The gigantic wooden horse that members of the Greek army hid inside to trick their enemies in Troy into giving them access to the walled city they held under siege – consequently attacking them in the dead of night after opening the city gates to their fellow soldiers. Are you wondering where I'm going with this? Well, knowing the background of this story, gives you a very good idea of what a modern day ransomware is all about.



Today's Trojan Horses are a form of malicious software, more commonly referred to as malware. And just as the Greek army conned their way into the city of Troy by making the inhabitants believe the wooden horse was a peace offering, this CryptoWall malware sneaks its way onto your PC by also asking you to invite it in. What is more, the latest variant of this malware is very sophisticated. It uses unique bitcoin payment addresses to track every infected computer. Cyber crooks have their own TOR gateways operating under the following domains: tor4pay.com, pay2tor.com, tor2pay.com, and pay4tor.com. Some of these domains may be blocked but or changed any time but the fact is that scammers will not run short of Web-to-TOR gateways any time soon. The unique URL where you need to go using TOR browser looks like this: paytorhrosnsbfkd.tor4pay.com. The first part is your unique number then goes the web to TOR gateway. CryptoWall creators have also improved the way files are encrypted and deleted from the computer minimizing recovery chances close to zero if you don't create back ups. However, there are still some tricks that can help you restore at least some of your files. For more details, please follow the steps in the removal guide below.

Here's how the DECRYPT_INSTRUCTION.HTML reads:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

Ok, so how it does this is by disguising itself as a program which has the appearance of something useful – and harmless. Perhaps it will look like a game, or maybe even an anti-virus program! Whatever guise it takes, you probably won't think that it could be designed to do you harm. Just like you don't think that an email from UPS may contain malware. You may be alerted to the existence of the malware by a pop up window or in an email sent by the software developer behind the malware. In all innocence you click on the pop up or email link or attachment and this will trigger the CryptoWall malware, allowing it to gain access to your operating system.

It can also be hidden in ActiveX controls on targeted websites or hidden in freeware and shareware. Not to mention infected websites that redirect users to exploit kits. Nowhere is safe!

Once the malware is installed on your computer it may be also working behind the scenes to gather your personal data – such malware can log your keystrokes so they know what you're entering or typing and they can also steal data from your hard drive. They can also divert data before it's reached the server it was intended for. The problem is that you can't really know how badly your computer was infected. Before recovering your files it's very important to remove all malware from your computer.

As you probably already know, some Trojan Horses are created simply to wreak havoc on your machine, deleting files and modifying your operating system. Others will add fuel to the fire by downloading even more malware. CryptoWall is some where between. However, regardless of whether a hacker is utilizing a Trojan to cause trouble for their own entertainment or to steal your identity you really need to be defending yourself.

So how do you do that exactly? Such malicious programs often use the .exe file extension in Windows so you should not run these unless you are certain that you know and trust the source. It goes without saying too, that you should ensure your anti-malware program is by a reputable company and that you run it frequently and keep it bang up to date.

One other tip is to shut your computer down properly and not leave it in sleep mode when it's not in use. Malicious programs, mostly Trojans, scan networks and the Internet looking for vulnerable operating systems and therefore by default, the longer you leave your PC switched on, the more chance you have of being found by a Trojan.

So how do you protect yourself and avoid being attacked again by CryptoWall? That's the 60 million dollar question, surely? To protect yourself you really need to know how it infects your computer in the first place. And we have to break it to you; you installed yourself!

That's because Trojans are designed to look innocent and will dupe you into opening – and running – them on your PC. To limit the chances of this happening again in future there are a number of things that you should (and shouldn't) do. Here's are a couple of the most important things to remember.
  • Never open emails from senders that you don't know - and if you do so by accident, definitely do not download any attachments or click on any links in that email. If spam makes its way into your inbox, delete it.
  • Ensure you have a reputable anti-malware program running on your PC. It must be up to date too so make sure you upgrade it with any new versions or patches released by the developer.
  • Also be careful when you look at (or avoid visiting!) websites of an adult or dubious nature as these may have been infected by CryptoWall.
  • Also, consider enabling software restriction policies, some useful info can be found here.
And most importantly, start creating backups regularly. In case similar virus hits you again you won't lose your files.

We hope this helps you stay safe and avoid the menace of this malware.

Of course, the most frequently asked question is how to restore files encrypted by CryptoWall? The best method is obviously to restore your files from a recent backup. If you have been performing backups, then you should use your backups to restore your files. If you don't have backups then you can try restoring your files with a program called Shadow Explorer. It may work and or may not. I know some users managed to get at least some of their files back using this program. You can try it too. There's really nothing to lose after all.

Another question I often get is about the decrypt program. Does it really work or maybe it doesn't even exist? Well, that's a good question because cyber crooks can surely lie about it. However, a few readers have confirmed that after sending bitcoins to cyber crooks they got a download link for decrypter.zip. The download usually includes the decryptor program and 2 files with keys. They ran the program. Decrypting started and finished successfully. Don't get me wrong, I don't recommend paying the ransom and supporting their evil business. However, I know that some people can not afford losing important data. Since there are no working decryption tools right now, some people are simply left without a choice.

If you have any questions, please leave a comment down below. Last, but not least, if there's anything you think I should add or correct, please let me know. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing CryptoWall and related malware:


Before restoring your files from shadow copies, make sure CryptoWall is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by CryptoWall malware:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Before using Shadow Explorer, you can try to decrypt some of your files using RakhniDecryptor.exe and RectorDecryptor.exe from Kaspersky. These tools might help you, but please note that they were not designed decrypt the data encrypted by this ransomware virus. However, you can still try them.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Monday, October 20, 2014

Browser Redirect Virus Removal Guide

Most browser redirects are caused by adware and potentially unwanted programs (PUPs). A PUP is a software program that is downloaded onto your PC or other Internet-enabled device without clearly stating its intention to do so. That in itself is rather worrying and has us immediately questioning the software developer's intentions, and the PUP's ability to do us harm. But does it mean that it is malware?

At first glance it would be easy to label PUPs that redirect your browser to shady and sometimes even malicious websites as malware simply because of the sneaky way which it installs itself on your computer. Certain adware and potentially unwanted programs add web browser extensions that can track your web usage and redirect you to fake Flash update sites, fake Java update and other websites that offer misleading services and even malicious programs. But the fact is that most such programs don't actually do any damage: they're not password crackers or key loggers which record login details and other information and they won't shut your operating system down or corrupt your files. That means that technically speaking, browser redirects and programs that cause tahem are not considered malware. So what are they?


What is a browser redirect?

First of all, there's a really huge problem that most anti-virus programs do not take browser redirects as a serious threat. Even though, browser redirects are not malicious but they do redirect users to shady websites. Most of them try to trick users into install malware, adware or other potentially unwanted programs. The name Potentially Unwanted Program comes from the way in which the PUP is installed. It's a program because generally speaking it will have a use. For example, it may be a tool bar. But if that’s the case, why is it potentially unwanted? This is the real difference with malware – although your PUP isn't malicious it's still something you haven't made a conscious decision to install. Therefore PUPs lie in somewhat of a grey area: you might wind up finding that tool bar useful. Or you may not. As a matter of fact, some users even get used to browser redirects thinking that they came with the latest web browser updates.

It might amuse you to know that software developers who create adware and PUPs take offense to their programs being called malware and will counteract any such accusation with the argument that their creation is actually useful. The fact that you didn't know you were downloading it in the first place is neither here nor there! Question remains then how should be call a program that installs additional modules on your computer that are responsible for web browser redirects? I don't know about you but I'm pretty certain it's a virus or malware to say the least.

So while there may be some practical features to a PUP, why then may you not want the program? Well, browser redirect aside (and really, weren't you happy with the one you were using anyway?) the problem is that most Potentially Unwanted Programs, adware and malicious browser extensions can be pretty darn annoying.

Potentially Unwanted Programs - the dark side

Okay, so you'd rather have browser redirects on your computer than a Trojan Horse, but you'd really be better off without either! Even if you get used to redirects or new home page it will only be a matter of time before you start noticing it's not all it seems.

The issue is that PUPs and browser hijackers have been developed to create a source of income for the developer and as such they will change your browser settings and your home page to one that the developer wants you to see. Not only this but typing a search query into the search box or a URL into the browser will redirect you, not to the website you want to visit, but again, to one that the developer wants you to go to.

Removing browser redirect

PUPs and adware are usually simple to get rid of through the Windows Control Panel but because they're not classed as malware many anti-viruses don't spot them. My advice? Install a reputable anti-malware program and run a full system scan. Then reset your browser settings and clean %Temp% folders. If you don't know how to do that properly, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Browser Redirect Virus Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove browser redirect related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Quiknowledge
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove browser redirect related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.



Remove browser redirect related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove BlocckkTheAds, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



Remove browser redirect related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove WordProser Ads (Virus Removal Guide)

Ever wondered why if you are looking at potential holiday destinations online, you're now constantly seeing adverts for hotels in one of the locations you were researching, or for cheap flights to the same region? No, it's not a spooky coincidence: welcome to the world of adware. WordProser is one of many adware programs that display ads on infected computers and may redirect users to shady websites.


What is WordProser?

WordProser or Word Proser is computer software that has the ability to either display or download online adverts on your PC when you're connected to the Internet. It's fairly easy to spot new ads on websites that previously had no ads or had at least had less space occupied by ads. Once infected with this adware, you will most likely notice 'WordProser Ads' or 'Ads by WordProser' above or below ads. These adverts come in different shapes and sizes: they may be pop-up or pop-under windows, they might be banner adverts, they could be links, or they might be boxes that are displayed at the edges of the screen. As mentioned, they most likely represent something you've been looking at or are interested in. And while initially this may seem like a bit of a weird coincidence it won't be long before you notice that anything you've spent any reasonable amount of time looking at online is now appearing as on screen advertising. On the other had this adware may simply display ads that are currently available without taking ant other consideration like your searches or visited websites. Very often, it displays fake pop-ups saying that your Flash player is outdated. Sometimes, it displays fake Java update pop-ups and similar ads.

How does WordProser work?

Often times WordProser will be bundled with a computer program or some software that you are downloading. And don't make the mistake of thinking that adware is only bundled with dodgy downloads or freebie wallpapers; it can be packaged with these, yes, but it is just as likely to come with something you've paid for. I got it after downloading download accelerator program. The adware was introduced as a useful tool that allows you to find information easier. Right after that, it clearly indicates that Word Proser will install as ad supported software. Word Proser labeled intext, transitional, shopping, and image advertisements will be inserted to appear within sites you visit during general internet usage. In other words, it says that it will display ads on your computer.

So who creates such adware, and why? Adware is created by software developers who use adware as a means of recouping the cost of developing the main software program by generating income via the ads. This enables them to offer their genuine product for little or no cost to the end user.

So how does this adware actually know what you're browsing and therefore which adverts to show you? One of the 'features' of WordProser adware is that the software developer has designed it in such a way that it has the capability to monitor your Internet usage. It will record which websites you visit and send that data back to the developer. They will then use this information to customize the adverts you're seeing based on the websites that you've recently been browsing.

You could be forgiven for thinking that this might actually have its advantages for you as a user but you’ll probably soon find that targeted adverting is pretty annoying and intrusive. Especially the relentless pop-up or pop-under adverts. And when you stop to consider that somebody is monitoring your browsing habits so that they can try and give you the hard sell, you’ll probably start to see adware as not just simply ‘advertising’ but as an invasion of your privacy.

How worried should I be about it?

Multiple anti-virus engines have detected malware in WordProser: InfoAtoms (fs), a variant of Win32/AdWare.Vitruvian.D.

Although software developers normally contest the invasion of privacy theory, there are an increasing number of people who are not happy about having their Internet usage monitored by a complete stranger. The developers may claim that their tool is simply collecting website visits, but how do we really know for sure what data they're gathering? Don't take the risk: remove this adware and from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


WordProser Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove WordProser related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • WordProser
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove WordProser related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove WordProser, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove WordProser related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove WordProser, BlocckkTheAds, HD-Plus 3.5 and other extensions that you do not recognize.

Remove WordProser related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more