Micro Antivirus 2009

Micro Antivirus 2009 is very similar to famous fake anti-spyware programs  MS Antivirus,  Vitae Antivirus 2008 and Vista Antivirus.

MicroAntivirus can be distributed by Trojans that are masked as fake video codecs.

If you try to install them, the trojan is activated. 

Then trojans issue fake security alerts.

To get rid on it you have to find in registry editor /Rubn regedt32/ all keys containing MicroAntivirus in their name and delete.

Then search computer for files containing MicroAntivirus in their name and delete them too.

Use firewall and antivirus software from wellknown and original brands /NOD32, Symantec, Panda, Kaspersky, AVG./


Antispywaremaster.com Virus

Yet another Myspace virus. It can be seen on Myspace forums. Pop ups offer you to download Antispywaremaster.com software telling you are infected with thousands of trojans and viruses. It is similar to WindowsAntivirus 2008 and AntispywareDeluxe.

The standard message is:

Warning! xx suspicious files found! Potentially dangerous files were found on your system during the last scan! IT is highly recommended to remove them as soon as possible…
Remove Now!”


The pop up is impossible to close, so you have to close the Myspace malicious page as soon as possible and use popup blockers and firewall.

If you got infected, first stop asm.exe and/or Antispywaremaster.exe processes /Alt+Ctrl+Del/ to open Task Manager, find processes and delete them.

Then run regedt32 and find and delete the following registry keys:


/Hint – try Edit menu –> search from the root ‘MyComputer’ for ‘AntiSpyware’ and delete all results found/

At the end, find and delete the following files:

AntiSpywareMaster 7.3.url
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk

/Hint – try Search console –> search ‘MyComputer’ for word ‘AntiSpyware’ as file name and delete all files  found/

Amber Alert on Myspace

Amber Alert http://www.amberalert.gov/  is an US Goverment program for kidnapped children.

When you see the alert “ATTENTION: There is an AMBER Alert in your area.
Please CLICK HERE to find out more information
.” it means that there is a kidnapped child in your area. You may click to see more info. The more people see this alert the bigger is chance to help. This way public gets involved in helping to spot the missing children.

How to add Amber Alert to your Myspace profile:

1. Go to your profile –>  click  Home link.

2. On your HomePage you have to find  the Application box.

3. In the Application box you click the Get Apps link.

4. Click the News & Weather category.

5. Then find the Amber Alert application and click it.

6.  You have to see  Add This App button. Click the button and Amber Alert is added to your profile.

Myspace Possible_HiFrm Virus

Myspace Possible_HiFrm Virus is detected by Trend Micro mainly in login pages.

It means this is a possible malicious software using iframes to redirect your browser.

Myspase itself is not spreading viruses. This is done by users who have put some corrupted scripts in their profiles.

If you are visiting unknown Myspace page and your anti-virus program alerts for possible virus, it  is better to leave this site immediately.

The Suspicious MySpace pages contain malicious javascripts that are detected as JS_DIRESEX.A.

The script is programmed to invisibly connect you to a pornsite. If such site which pops up unexpectedly – you have been infected.

As advice in case your computer behavies strange when visited some MS pages, you have to use pop up blocker, firewall, anti-virus programs /of course./ You have to delete temporaly Internet files and restore to earlier point.

IE7 – how to show menu

As you know, in Internet Explorer 7 the Menu doesn’t show.

Here is a simple way to bring it back:

1 Start IE
2  Toolbar –> RightClick
3  Uncheck “Lock Toolbars ” menu
4  Check Links
5  Check MenuBar

Net-Worm.Win32.Koobface net worm infects Myspace and Facebook users

There is a new virus spreading among both Facebook and Muspace uswers – Net-Worm.Win32.Koobface.

It has two variants: Net-Worm.Win32.Koobface.a. /for Myspace/  and Net-Worm.Win32.Koobface.b /for  Facebook/

In  their malicious action, the net worms transform victim computers  into zombie computers to form botnets.

What is a Botnethttp://en.wikipedia.org/wiki/Botnet 

The Net-Worm.Win32.Koobface.a. /for Myspace/ worm creates many commentaries to friends’ accounts.

 The Net-Worm.Win32.Koobface.b /targets Facebook users/ creates many spam messages and sends them to the infected users’friends via the Facebook.

Messages and comments can include ‘Paris Hilton Tosses Dwarf On The Street’; ‘Examiners Caught Downloading Grades From The Internet’; ‘Hello’;’ You must see it!!! LOL. My friend catched you on hidden cam’;’ Is it really celebrity? Funny Moments’ and many others.

Messages and comments include links to http://youtube     .pl.

If you click on this link, you are redirected to http://youtube      .ru,  – a site which contains a video clip.

If the user wants to watch it, a message pops up reading that you need the latest version of Flash Player to watch the funny clip.

Of course, instead of the latest version of Flash Player, a malicious file called codecsetup.exe is downloaded to  victimcomputer; this file is also a network worm.

Worm.Win32.GetCodec infects MP3 audio files

This worm was reported in July and is a new step in worms and viruses development.

The new is it converts the mp3 file into WMA file and embeds in it. When the file is opened, the Worm.Win32.GetCodec worm opens a web page telling you to download a new codec.

NEVER download and install codecs from unknown sites! It is 99% sure they are worms/trojans.

 If you agree to install the ‘codec’ file, a Trojan – known as Trojan-Proxy.Win32.Agent.arp is downloaded to your  computer, giving the hackers control of the victim’s PC.

if you got infected, use http://www.pctools.com/spyware-doctor/ to clean the worm.