Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Saturday, May 2, 2015

1-855-399-8171 BSOD Error 333 Registry Failure Scam

Phone number 1-855-399-8171 is being used by scammers on various misleading websites like computer-alert-triggered.com and virus-alert-triggered.com that display fake error message or virus warnings. The goal of these websites and fake warnings is to trick you into installing spyware and other malware on your computer. Don't call 1-855-399-8171 unless you want to lose $100 or more on fake tech support services. It's one of many tech support scams. If you got this fake error message just close it (force close if necessary) and scan your computer with anti-malware. There's a good chance that your computer is infected with adware and potentially unwanted programs.

WINDOWS WARNING

0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELING_PENDING_OPERATIONS

WINDOWS HEALTH IS CRITICAL DO NOT RESTART

PLEASE CONTACT MICROSOFT TECHNICIANS

BSOD : Error 333 Registry Failure of operating system - Host : BLUE SCREEN ERROR 0x000000CE

Please contact Microsoft technicians at toll free : 1-855-399-8171

To immediately rectify issue to prevent data loss


As you can see, it's just a simple web page not the actual BSOD error. However, less computer savvy users might think it's the real thing and call the number 1-855-399-8171. It's not legitimate.

As you may already know, adware and potentially unwanted programs come bundled with freeware and popular downloads, for example TV shows and game mods. Fake virus warning do not come out of nowhere. There's a program on your computer or a web browser extension that displays those warnings. You might be wracking your brain trying to think where this unfamiliar program has come from – after all, it's not anything insignificant – it is something like a new tool bar or a browser extension. But if you think back to just before the appearance of this misleading 1-855-399-8171 BSOD warning, then you may well recall that you installed a new software program, upgraded an existing app, or downloaded the next episode of your must watch TV show onto your computer. And that is very likely to be the root cause of your infestation. It's starting to take shape but the missing piece of the puzzle is, how exactly were these new programs installed without your say so?

Welcome to the world of PUPs and adware

PUPs and adware programs are sometimes pre-installed on a new PC or laptop, very occasionally they infect you because you have visited a website that was targeted by a PUP (AKA a drive by installation) but for the most part, Potentially Unwanted Programs come packaged with a program that you have actually chosen to knowingly download. How sneaky! Once installed, they start display adverts and pop-up windows that may be very misleading of fake, just like the one shown below.

The good news is that it is easy to check whether you definitely have adware on your computer and all you need to do is to open your (Windows) PC Control Panel. Find 'Programs' and then 'Uninstall a Program' – anything running on your machine will be listed and if you see something you don't recognize you should be able to uninstall it here. I also listed a few adware and unwanted programs that are known to display fake virus warning and promote fake tech support services like 1-855-399-8171. However, yours might be completely different as scammers tend to change programs and extensions to avoid easy detection and removal.

A smart thing to also do to limit the chances of being infected again (although to be honest, this is a bit of a lottery) is to click on 'Installed On' on the bar above the list and this will then sort all of the programs on your computer in chronological order. This tells you that, let's say, if the unknown program was downloaded on the 10th of May at 10.15am, the program directly above it or below it in the list, with the same date and time was the culprit that led to you installing the PUP or adware.

How to remove it and protect yourself in the future

I'm not saying you're guilty of downloading illegal or pirated software or files but the fact is, anything can come packaged with a PUP or other malware. Therefore, read EULAs – End User License Agreements carefully so you know exactly what you are installing on your PC. To remove fake 1-855-399-8171 BSOD warning pop-ups, please follow the steps in the removal guide below. If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



1-855-399-8171 BSOD Warning Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-855-399-8171 pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Safe Web
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-855-399-8171 pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-855-399-8171 pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-855-399-8171 pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Friday, May 1, 2015

How to Remove Alpha Crypt Virus and Restore Encrypted Files

Alpha Crypt is a Trojan ransom (ransomware) from the same malware family as TeslaCrypt. It encrypts your files using RSA-2048 encryption algorithm and then demands a ransom payment in order to decrypt your files ($500 USD in Bitcoins). Do you want to know what exactly it does, and how it infects your computer? If so you've come to the right place, so carry on reading as we uncover the mystery of this strangely named ransomware Alpha Crypt.


If you're pretty careful about what you do and don't download on your PC, it might shock you to know that in actual fact, you are almost wholly responsible for letting Alpha Crypt infect your computer. Why, you ask? It is because to enable a Trojan ransom to attack you in the first place, you must install the server component of the program. Of course, you don't do this wittingly; the ransomware has to con you into doing that. It will convince you that it is an innocent gift (or something useful) and that you really should accept it onto your PC.

Some variants of Alpha Crypt appear as pop-ups, caused by a previous infection of malware, others are packaged with files, apps or programs that are available for download on the internet, while others may be included as an attachment or link in an instant messenger chat app or an email sent to you by the programmer or disseminator of the malware. Open the attachment which is being distributed through the Angler Exploit Kit and, hey presto, you have triggered the ransomware simply by running the .exe file which will then install it. Once it is on your machine the server that the ransomware runs on will run the program each time you log on.


How much harm will Alpha Crypt do to me?

Plenty is the unfortunate answer to that. It is not nice, to say the least. It can cause serious issues that affect your hard drive and your operating system as well as your files, documents and other data. It will encrypt your files and append the .ezz extension to each of them. Since your files are encrypted and have this strange extension you can open them without a special decryption tool and decryption key. Both can be bought from cyber criminals. You just need to send then the RECOVERY_FILE.TXT file and of course pay a ransom. It's called AlphaTool Decryption Service. Don't get fooled, it's not your friendly decryption service run by geeks, it's in control of the same cyber criminals who created the Alpha Crypt ransomware. In short they can make using your computer an absolute nightmare – and that's not even taking into consideration the impact of lost data. When the encryption has finished, it will change your dekstop background to theHELP_TO_SAVE_FILES.bmp ransom note and then open the the HELP_TO_SAVE_FILES.txt ransom note. Finally it will open the Alpha Crypt encryptor program shown above. Bot the ransom note and encryptor program contain links and information on how you can pay pay the ransom to decrypt your files.

How can I ensure I don't get fooled by ransomware?

The good news is that there are things you can do to lower the risk of an attack from Alpha Crypt. Due to the way most ransom Trojans are spread, the biggest preemptive strike you can make is to never open emails if you don't know the sender. Opened one by mistake? Whatever you do, do not click on any links or open any attachments. The same goes for chat messages sent from unknown sources. You should also be wary even when you do know the sender before opening files or links as you never know if your contact has been hacked. Finally: a reputable antimalware – install one NOW if you haven't already!

What should you do if you've been infected by Alpha Crypt? Should you pay the fine?

In a word, no! There are two reasons for this: a) you're only encouraging further criminal activity and b) how do you know that you'll receive the decryption key anyway? If the encrypted files are not very important or you don't have money to pay the ransom, you can try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below like TeslaCrypt Decryption Tool by Cisco. Even better if you have backups or copies in the cloud. Please note that even of you decide to pay the ransom there's really no guarantee that cyber criminals will send you the private key and you will be able to decrypt your files. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing Alpha Crypt and related malware:


Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Alpha Crypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Encrypted Files (.ezz extension) Malware Removal Guide

If most of your files are encrypted and have a .ezz extension, for example docname.docx.ezz or image.jpg.ezz then your computer is almost certainly infected with the Alpha Crypt ransomware. It's a new veriant of the TeslaCrypt ransomware. Obviously, encrypted files cannot be opened by the standard program. They must be decrypted first but the problem is that you need to purchase your private key using Alpha Crypt service (AlphaTool Decryption Service) in order to do so. The fact that malicious software exists, and exists purely to do us harm, is yesterday's news. We all know about the proliferation of the various types of malware from spyware and Trojan Horses to Potentially Unwanted Programs and adware, but the one thing that we do need to be aware of is the fact that malicious software is in a constant state of self-improvement. If improvement is the right word to use! And that means that we need to educate ourselves about the latest programs if we are to arm ourselves with the best defense against attack.


With that in mind, I'm going to take a closer look at ransomware that encrypts your files and append the .ezz extension to them; an unpleasant type of malware that is definitely an inhabitant of the more viscous end of the malware scale.

What does Alpha Crypt do?

Well we're giving no prizes away for guessing and the clue is most definitely in the name here as ransomware has been designed to hijack, or kidnap your files or data and render them unusable. It then sends you a ransom note HELP_TO_SAVE_FILES.txt which demands payment for the release of the files. You will be paying for a code which purports to be the key to unlocking the encrypted data. However, take any promises to send you this code with a bucket load of salt. Many ransomware programmers simply take the money and run, which shouldn't come as any great surprise, considering the people we're dealing with here! Alpha Crypt can be no exception.

How does ransomware send you a ransom note?

A ransom letter in the malware world won't be carefully cut out letters from newspapers like in the films of our youth (depending on how old you are!) but will be sent via an email or displayed on your screen. Some ransom notes are pop-up windows, others, rather menacingly take over your entire screen. This ransomware simply drops multiple HELP_TO_SAVE_FILES.txt files in folders where at least one file was encrypted. It also changes desktop background to HELP_TO_SAVE_FILES.bmp which displays the same ransom note as in the text file.


And just to add to the panic that you're no doubt experiencing since finding your computer in lock down mode, ransom notes amp up the fear factor in order to get you to pay quickly by telling you that the code will be invalid and you'll never be able to retrieve your files if you don't pay by a certain date (usually within 3 days).

But hold on, as it gets worse. Some types of ransomware design the note to look as if it was sent by the FBI, CIA or other law enforcement or government agency. The note will explain, in no uncertain terms, that you are being investigated due to your habit of visiting suspicious websites or illegally downloading programs. Even if you KNOW you haven't been on any websites supporting terrorism or download explicit images, the worry is still there. Did you accidentally click a link that you didn't mean to? Did someone else use your computer? Does the FBI know about that episode of The Walking Dead that you downloaded last week?

So now what? Should you make the problem go away by paying the ransom? The answer is most emphatically no. Do not encourage these online scammers. If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .ezz. You can also use TeslaCrypt Decryption Tool by Cisco. It might just work with Alpha Crypt as well. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing Alpha Crypt and related malware:


Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Alpha Crypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Thursday, April 30, 2015

How to Remove Oursurfing (Uninstall Guide)

Oursurfing is a browser hijacker that is surreptitiously installed onto your computer without making it clear to you that is what it is going to do. If that sounds a little weird and has you wondering just how a piece of software can install itself without telling you, then read on and I will explain. Clearly the purpose of this can't be good, and despite its rather benign appearance, a browser hijacker is actually not quite as innocent as it sounds, however does that mean it is malware or a virus? Let me explain. Oursurfing hijacks your web browser and changes your default search engine and home page to oursurfing.com. The full URL is hxxp://www.oursurfing.com/?type=sc&ts=1524875624&from=amt&uid=ST8542168DF_4VDSZ051XXXX5VFKH051 or similar because there are some variables for example uid (most likely user id) and ts (most likely time stamp) that will be different for all users. It's from the same family as globososo.com browser hijacker and iStartSurf.


Just knowing that the Oursurfing browser hijacker operates in a covert way has us wondering but the truth is that browser hijackers are not technically speaking malware. But don't let that fool you into thinking they are all sweetness and light because even though most browser hijackers don't really cause you any harm, they are still something that, in my opinion, you won't want installed on your computer.

Just what is a browser hijacker?

A browser hijacker due to the method in which the programmer chooses to install it; yes, it's a program because it has a nominal use – browser hijackers are usually home pages and search engines – so why is it potentially unwanted? That's where the difference between browser hijackers and "real" malware comes in because even though browser hijackers are not malicious generally speaking they still remain a piece of software that you didn't knowingly install yourself. Thus the poor old browser hijacker inhabits a bit of a no man's land – meaning that while you might not want that, frankly not very good home page, your buddy or co-worker might actually think it's not half bad!

Indeed, to the untrained eye, there might be some features that Oursurfing can boast of which begs the question, why WOULDN'T you want it? Well just because it's a new home page or search engine, for example, and forgetting for a moment that it installed itself without asking you if you even wanted a new home page or search engine, many browser hijackers exhibit some pretty antisocial behavior.

Why we don't like browser hijackers

The thing is, while browser hijackers may be potentially unwanted to some people, when you know what they can do, we think they are definitely unwanted! Your new home page or search engine might look the part but it is extremely unlikely that it will have the same functionality as your previous one. And by previous one, we mean the one it so rudely deleted and usurped!

And that's not all because, you see, the real reason Oursurfing is created is to generate revenue for their programmer. And that means that they will hijack your browser and whenever you search for a web page or a set of keywords, instead of bringing up the website you wanted to visit, or a list of relevant search results, they will instead send you directly to a website that the programmer wants you to visit, in this case oursurfing.com. They might not be malware, but browser hijackers certainly are annoying. I suggest you to remove it from your computer as soon as possible. If you don't know how to do that, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Oursurfing Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Remove Oursurfing related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Oursurfing
  • Go_Oursurfing
  • GoSave
  • MassTube


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Oursurfing from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Oursurfing, MassTube, BookmarkTube extensions.

3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset.

6. Right-click Google Chrome shortcut you are using to open your web browser and select Properties.

7. Select Shortcut tab and remove "http://www.oursurfing.com...." from the Target field and click OK to save changes. There should be only the path to Chrome executable file.


Remove Oursurfing from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Oursurfing, MassTube, BookmarkTube browser extensions. Close Add-ons manger.

3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: oursurfing

Now, you should see all the preferences that were changed by www.oursurfing.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.oursurfing.com...." from the Target field and click OK to save changes. There should be only the path to Firefox executable file.



Remove Oursurfing from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Oursurfing and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.oursurfing.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executab
Read more

Wednesday, April 29, 2015

Remove 1-888-834-1353 Virus Warning Popup (Uninstall Guide)

Don't bother calling 1-888-834-1353 because it's just yet another phone number being used by scammers. If you got a pop-up message saying "Windows detected security error due to suspicious activity found on your computer. Contact our Certified Live Technicians 1-888-834-1353." then your PC or laptop is infected by adware and probably some other Potentially Unwanted Programs (PUPs). Well don't worry, because I am here to reassure you that you are not going mad – but sorry to say, you might have been infected by a Potentially Unwanted Program or adware. And now knowing that you may well be wondering how this fake virus warning got there – and what you can do to get rid of it.


As you may already know, adware and potentially unwanted programs come bundled with freeware and popular downloads, for example TV shows and game mods. Fake virus warning do not come out of nowhere. There's a program on your computer or a web browser extension that displays those warnings. You might be wracking your brain trying to think where this unfamiliar program has come from – after all, it's not anything insignificant – it is something like a new tool bar or a browser extension. But if you think back to just before the appearance of this misleading 1-888-834-1353 popup warning, then you may well recall that you installed a new software program, upgraded an existing app, or downloaded the next episode of your must watch TV show onto your computer. And that is very likely to be the root cause of your infestation. It's starting to take shape but the missing piece of the puzzle is, how exactly were these new programs installed without your say so?

Welcome to the world of PUPs and adware

PUPs and adware programs are sometimes pre-installed on a new PC or laptop, very occasionally they infect you because you have visited a website that was targeted by a PUP (AKA a drive by installation) but for the most part, Potentially Unwanted Programs come packaged with a program that you have actually chosen to knowingly download. How sneaky! Once installed, they start display adverts and pop-up windows that may be very misleading of fake, just like the one shown below.

The good news is that it is easy to check whether you definitely have adware on your computer and all you need to do is to open your (Windows) PC Control Panel. Find 'Programs' and then 'Uninstall a Program' – anything running on your machine will be listed and if you see something you don't recognize you should be able to uninstall it here. I also listed a few adware and unwanted programs that are known to display fake virus warning and promote fake tech support services like 888-834-1353. However, yours might be completely different as scammers tend to change programs and extensions to avoid easy detection and removal.

A smart thing to also do to limit the chances of being infected again (although to be honest, this is a bit of a lottery) is to click on 'Installed On' on the bar above the list and this will then sort all of the programs on your computer in chronological order. This tells you that, let's say, if the unknown program was downloaded on the 10th of May at 10.15am, the program directly above it or below it in the list, with the same date and time was the culprit that led to you installing the PUP or adware.

How to remove it and protect yourself in the future

I'm not saying you're guilty of downloading illegal or pirated software or files but the fact is, anything can come packaged with a PUP or other malware. Therefore, read EULAs – End User License Agreements carefully so you know exactly what you are installing on your PC. To remove fake 1-888-834-1353 virus warning pop-ups, please follow the steps in the removal guide below. If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



1-888-834-1353 Pop-up Warning Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-888-834-1353 virus pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Safe Web
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-888-834-1353 virus pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-888-834-1353 virus pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-888-834-1353 virus pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Tuesday, April 28, 2015

What is AnyWhereAccess Setup Wizard and how to remove it?

Before I tell you how to best protect yourself from being infected by AnyWhereAccess Setup Wizard, we are first going to take a look at what it actually is. As they say, to be forewarned is to be forearmed and if you want to know how to adequately defend yourself against this pest of the internet, knowing your enemy is a very good step in the right direction.

AnyWhereAccess Setup Wizard is a Potentially Unwanted Program (PUP) that surreptitiously installs itself on your PC or laptop. It's not a virus as some people would call it. Usually without you suspecting a thing about it! So why it is only 'potentially unwanted' and not 'definitely unwanted' as you may assume? Does that mean that you might actually want a AnyWhereAccess Setup Wizard installed on your computer? Well, no, not really, because PUPs are generally not only useless, but they can have a real negative effect on your user experience too. The only reason these programs are potentially unwanted is because they come in the shape of tools and extensions that might actually be useful, at least some users may think so. The fact is though, that not only do they have way less usability than the ones you already had installed but they have a very annoying habit of redirecting your internet searches to websites of their own choice.


And the way in which they do this gives cause for concern too, for when AnyWhereAccess Setup Wizard is installed on your PC it will hijack your browser, remove your old tool bar etc and replace it with their own. You have no say in this whatsoever! It must be noted that most PUPs are not dangerous - they won't steal your data or lock your files and hold them to ransom like some ransomware, but they can be extremely annoying. Besides, they can install adware and browser hijackers on your computer which isn't a good thing either.

How is AnyWhereAccess Setup Wizard installed?

In the majority of cases it is packaged with another app or program. Sometimes this occurs when an established company decides to do an emerging company a good deed by allowing the AnyWhere Access Setup Wizard to piggy back on their product, thereby helping them to drive traffic to their website. However, it is actually more likely that programs or tools on offer from totally legit companies are being packaged with PUPs – completely unbeknown to them.

How do I bypass the AnyWhereAccess Setup Wizard trap?

A good place to start is by checking what programs you actually have installed on your computer. That way, if something odd pops up, you'll be able to identify the culprit and delete it as quickly as possible – as soon as you notice that new pop-up window at startup for example. And let's face it- it's hard NOT to notice a new pop-up! What is more, you may notice a new Desktop shortcut called "Continue live installation.lnk". C:\Users\[User Name]\Desktop\Continue Live Installation.lnk. It's also a sing on adware/PUP infection. It can also modify Windows registry and create schedule tasks that display AnyWhereAccess Setup Wizard window each time Windows starts.

Secondly, what you really need to be doing is to pay greater attention when you are downloading something. Because Any Where Access Setup Wizard is only 'potentially' unwanted, it does usually get a name check in End User License Agreements, so read these carefully – and avoid getting bitten by it!

If it's already too late and you keep getting AnyWhereAccess Setup Wizard pop-up window when you turn on your computer, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



AnyWhereAccess Setup Wizard Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove AnyWhereAccess Setup Wizard related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • AnyWhereAccess
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove AnyWhereAccess Setup Wizard related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove AnyWhereAccess, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove AnyWhereAccess Setup Wizard related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove AnyWhereAccess, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove AnyWhereAccess Setup Wizard related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more