Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Tuesday, March 3, 2015

Remove 1-866-978-1337 Virus Warning Popup (Uninstall Guide)

Where do 1-866-978-1337 pop-up windows about viruses and adware come from all of a sudden, are they dangerous, and how can you make them go away? It's time to take a closer look at adware because it's the main source of those annoying and clearly fake virus warning pop-ups that promote tech support scam. These scammers are based in India and they try to trick you onto into thinking that your computer is infected and that you need to pay $400.00 to fix. They claim to be from Microsoft and want to install bogus malware removal programs. Here's how the fake virus warnings look like:

(1) Firewall Alert:
YOUR COMPUTER MAY HAVE ADWARE /SPYWARE VIRUS
Call immediately for assistance on how to remove the potential virus. Contact customer support at +1-866-978-1337 (Toll Free)
Possible networks damages if potential viruses are not removed immediately:
UNKNOWN

DATA EXPOSED TO POSSIBLE RISKS:
1. Your credit card details and banking information
2. Your e-mail passwords and other account passwords
3. Your Facebook, Skype, AIM, ICQ, and other chat logs
4. Your private photos, family photos and other sensitive files
5. Your webcam could be accessed remotely by stalkers with a VPN virus

MORE ABOUT THE VIRUS
Seeing these pop-ups means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk. It's strongly advised that you call the number above and get your computer inspected before you continue using your internet, especially for shopping.


And here's another pop-up warning displayed by the same adware:

COMPUTER SECURITY AT RISK!
Your computer still under attack. Dangerous programs were found to be running in the background. System crash and identity theft detected. Remove malware now and get real time intrusion protection?


None of these are true. Down't download them and most importantly don't call this phone number. They are scammers!

As you may already know, adware is a computer program that has been created to show us online adverts. And it is an adware infection on your computer that is responsible for those relentless 1-866-978-1337 pop-ups. Adware, or advertising supported software to give it its full title, is something that the programmers who either create or share files and software for free, use to generate an income from their product.

Why do I often hear adware mentioned in conjunction with spyware?

Spyware and adware are often mentioned in the same breath and this is because a lot of adware programs exhibit some seriously spyware type behavior. Adware comes with a component which monitors your Internet usage and then relays the information gathered back to the programmer. This gives them insight into which websites you have visited and which products or services you looked at when you were on those sites. Using this data they can then choose which adverts you see based on your preferences.

Before you get too alarmed, just because you can see 1-866-978-1337 pop-up warnings on your screen it doesn't necessarily mean that you are being monitored as not all adware has a tracking component – although much of it does – the problem is, how do you know?

Despite this unpleasant behavior using adware is not actually against the law, unless of course it displays fake virus warnings. But I think we can probably all agree that being spied upon whenever we are connected to the Internet is a real invasion of our online privacy regardless. The other additional problem that this spying activity causes is that the constant monitoring and relaying of data also slows your computer and your Internet connection right down – not great, especially considering you're the victim here!

If you have questions, leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


1-866-978-1337 Pop-up Warning Removal Guide:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove 1-866-978-1337 virus pop-up related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Safe Web
  • LyricsSay-1
  • Websteroids
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove 1-866-978-1337 virus pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove 1-866-978-1337 virus pop-ups from Google Chrome:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Safe Web, LyricsSay-1, Websteroids, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove 1-866-978-1337 virus pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove Ad by Lights Cinema 1.2 beta Malware (Uninstall Guide)

Is your computer infected with Lights Cinema 1.2 beta? Annoying isn't it?! When you have this adware, or advertising supported software installed on your PC or laptop you will certainly know about it. Once installed, it displays annoying pop-up ads and may even redirect your web browser to dodgy websites.

The risks associated with living our lives online

As online attacks become ever more sophisticated you really need to stay alert, no matter what it is you are using the Internet for. These days putting yourself in danger's way, in the online sense of the word, isn't just the exclusive domain of people who frequent or download from adult content websites. Simply downloading the latest must have game app, installing a player that enables you to watch video clips, or downloading One Direction's latest album (you didn't, did you?!) can leave you open to abuse from Lights Cinema 1.2 beta adware. Basically, the things that you and I do online almost every day. Apart from the One Direction part.


Where does Lights Cinema 1.2 beta fit into this?

Adware is generally considered to be a lesser evil when compared to some of the other types of malware. But that isn't to say that you should ignore it if you get infected it by it. It is not just something that shows you a few random "Ad by Lights Cinema 1.2beta" adverts for cheap flights, fitted kitchens or new sneakers; it can have a very real knock on effect on the way that your computer operates, including causing websites to crash and your CPU to slow right down.

The characteristics of Lights Cinema 1.2 beta

It is created with two things in mind: driving traffic to a website and generating revenue, either through clicks or actual sales. And it increases the likelihood of these two things happening by showing you advertising that is customized to match your interests. But how does Lights Cinema 1.2 beta adware know what you're personally interested in? It finds out by monitoring the websites that you visit, specifically the pages on those sites, and the goods or services that you click on or search for.

The data that is collected during this monitoring process (which is occurring whenever you are connected to the Internet) is sent back to the adware's developer or owner. They of course, will now make more informed decisions regarding the types of adverts you are shown.

How do you prevent adware from being installed on your computer?

Lights Cinema 1.2beta is usually packaged with other programs – normally free software. A developer attaches the adware to this product in the hope of recouping the costs of developing the free program.

Luckily for us Lights Cinema 1.2 beta adware is usually mentioned in the End User License Agreement that you are supposed to read before okaying a download. You know where I'm going with this don't you? Next time you download software, instead of skipping through the small print – read it! It is only by doing so that you will know just exactly what you are saying 'yes' to.

If you've recently started having issues with Lights Cinema 1.2 beta ads and you don't know how to get remove this malware and stop annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Lights Cinema 1.2 beta Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Lights Cinema 1.2 beta related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Lights Cinema 1.2d
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Lights Cinema 1.2 beta related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Lights Cinema 1.2, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Lights Cinema 1.2 beta related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Lights Cinema 1.2, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove Lights Cinema 1.2 beta related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Monday, March 2, 2015

How to Remove External Source Ads Malware (Uninstall Guide)

It's probably a given that you have heard of advertising supported software, or adware as it's more commonly referred to. Especially considering it is one of the most well known - and most virulent – types of malware. Many of us have also been unlucky enough to have been affected by External Source ads as well. There is, however, a way to limit the chances of you being affected by this adware and that is to know how it installs itself, and what it can do to your computer. After all, you know what they say: know your enemy!

How does External Source work?

It operates by displaying 'Ads by External Source' adverts on your screen when you're online. No huge surprise there! You can't really fail to miss it – virtually every website you look at will be displaying some form of advertising, from clickable links to banners to boxes, there is no escaping. You might be able to see some right now as you're reading this in fact! And if you take a closer look at those adverts, do you notice that they are closely related to – or maybe even the same as – products or services that you have been looking at online in the past few days? No, the Internet doesn't have a sixth sense: this is how External Source adware works... and the reason that a lot of people have a problem with it.


When the adware is downloaded onto your computer (more of that later) it also takes the opportunity to install a component that monitors you (or spies on you, depending how you look at it). This component watches which websites you visit, records that information and then relays it back to the person who created, or owns, the adware. And that's why the External Source adverts you can see are spookily related to searches you've conducted online recently. The developer, armed with your browsing history, is now able to select which adverts they want you to see.

How does External Source install itself on my computer?

It normally comes bundled with another program. That means if you're downloading a file, application, or software, you could be unknowingly also downloading and installing External Source at the same time. And while you may be tempted to think that a few ads aren't that much of a deal, the fact is that the adware component can cause you some associated issues.

Problems caused by External Source adware:
  • Your computer's CPU will run more slowly than before thanks to the constant activity conducted by the adware component
  • And that also affects your Internet connection which it is using to send streams of data back to the developer. You may find that the Internet keeps crashing too
  • Browser hijacking. Found a new toolbar that you didn't install? New toolbar keeps redirecting your Internet searches to websites you don't want to visit? You can thank the adware for that
  • Weakened security can also be an issue as the adware can interact with other programs on your PC and cause conflicts, thus leaving your security more vulnerable
I doesn't seem quite so innocent now, does it? If you've recently started having issues with External Source ads and you don't know how to get remove this adware and stop annoying ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



External Source Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove External Source related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • External Source
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Roll Around related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove External Source 2.0, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove External Source related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove External Source 2.0, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.


Remove External Source related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Remove fud@india.com Ransom Virus and Restore Encrypted Files

There are a number of different ransomware strains doing the rounds at any given time - you may well have heard of the vicious fud@india.com ransomware one in particular - however most types of this thoroughly unpleasant malware work in the same way. They attack your computer, then encrypt your files, making them inaccessible, and then send or show you a ransom note demanding you pay a sum of money for them to release their victim: your file. Payment is usually requested either by a prepaid voucher or by the digital currency known as Bitcoin. This particular ransom virus is just a new variant of decode@india.com virus that was detected in November last year. Nothing has changed since then. It still works in the same way: encrypts files and asks to pay a 1 Bitcoin ransom. The only difference is the email given for contacting cyber criminals. Now, it's fud@india.com and if it doesn't work or is down for some reason you can send an email to fudx@lycos.com. Here's how the ransom note reads:

Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email fud@india.com with the subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.
fudx@lycos.com


The good news is that all is not lost if you do get held hostage by fud@india.com ransomware as it is actually possible to remove some varieties without also having to kiss your files or data goodbye, but that does depend on the malware in question, and again, it is only possible with some types.

One extremely important thing you can (and should!) do to protect yourself in the event of a ransomware attack is to backup your data on a regular basis to an external hard drive so that if you do lose anything you can simply wipe your disk drive clean - including the infected file - and re-upload everything back on to your computer.

Because the characteristics of ransomware vary, the means of eliminating them from your computer differ too. You might be lucky enough to get away with just scanning for viruses or you may have to go down the offline scan route and use advanced recovery tactics. Fud@india.com spreads via infected email attachments. Be very careful opening attached files even from senders that you know and trust. Otherwise, you may install a Win32/TrojanDownloader.Elenoocka.A Trojan horse which will download and install this ransomware Win32/Filecoder.DG on your computer that rncrypts your files and holds them for ransom, demanding a fee in exchange for the decryption key or code. Keep in mind that cyber criminals may or may not give you the code, even after you've paid. So, think twice before paying a ransom.

So how do you protect yourself from becoming a victim? The good news is there are a few easy – and free - steps you can take:
  • Install a reputable anti-malware program. Run it regularly and ensure it is always up to date with the latest patches
  • Be careful when downloading software – don't use third party websites
  • Don't open emails from unknown senders – and if you do by mistake, DO NOT click on attachments or links
  • Create backups on a regular basis to an external hard drive
And now you're done reading this, may I suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

If you have any questions, please leave a comment below. To remove fud@india.com ransom virus, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing fud@india.com virus and related malware:


Before restoring your files from shadow copies, make sure fud@india.com ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by fud@india.com virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Friday, February 27, 2015

How to Remove TeslaCrypt Virus and Restore Encrypted Files

TeslaCrypt or Tesla Crypt is a Trojan-ransom (ransomware) infection that encrypts your files using AES encryption and then demands a ransom payment in order to decrypt your files ($500 USD in Bitcoins or $1000 USD in PayPal My Cash Cards). Unlike other ransowmare, it accepts an alternative method to pay a ransom. CTB-Locker or CryptoWall 3.0 victims were limited to Bitcoin payments only. I guess cyber criminals realized that not everyone knows how to buy Bitcons, so they probably decided to allow payments with PayPal My Cash Cards that can be bought at popular US store chains. However, due to higher risks of the illegal gains being confiscated by PayPal they doubled the price. Another major difference with this TeslaCrypt is that it targets specific video game related files. As you may know, other ransom Trojans encrypt every singly file on your computer. It doesn't matter if it's a picture or a Word document. What is more, it pays peculiar attention to Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, Steam and other popular games files. It could target more that 50 different video game related files or maybe even more. With the vast majority of us being, not just connected to the Internet but virtually inseparable from it, it means that the chances of us being attacked by cyber criminals or computer hackers are substantial. These disreputable abusers of our online freedom and safety have a huge number of targets quite literally sitting there and waiting to be defrauded, whether we are working or surfing the web for leisure.


So it makes sense that as cyber crime grows, we too should take steps to combat it and protect our identities, our privacy and our bank accounts from attacks that can often cause untold pain, hassle and damage.

Just one of the many types of malware to look out for: TeslaCrypt ransomware

One of the most potentially deceptive – and dangerous – malware programs is TeslaCrypt. Unlike some malicious software this is not designed to show you pop-up adverts or redirect your Internet searches; it has a far more financially driven motive in mind than that. No, ransomware isn't interested in your website traffic – it wants your cold hard cash. And if it can scare you in the process, then so much the better!

How can TeslaCrypt affect you?

As the name suggests, ransomware is a program which kidnaps something and holds it to ransom: in this case files on your computer. Yes, physical kidnapping is not the only thing we need to watch out for (although if you’re like me the chances of your files being cyber kidnapped are far higher than being actually kidnapped in person!) But still, let's not make light of this because having your computer hijacked is a definite nightmare in its own way too.

In simple terms, TeslaCrypt will infect your PC, 'kidnap' – i.e. encrypt - your files, and then demand that you pay a ransom for them to be 'released'. It scans your computer for files with .7z, .rar, .m4a, wb2, .rtf, .wpd, .dxg, .xf, .dwg, docm, .docx, .doc, .odb and many other extensions. It does encrypt your files with AES encryption algorithm and at least for know there's really know way to decrypt them without a unique decryption key. One installed, the ransom Trojan will change your Desktop wallpaper to a ransom note and create another ransom note called HELP_TO_DECRYPT_YOUR_FILES.txt on your desktop. Here's how it reads:

v4
Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.


As you can see, tt says you have 3 days to make payment. It also allows you to decrypt one file for free, just like the CryptoWall 3.0 virus. HELP_TO_DECRYPT_YOUR_FILES.txt contains the same information. In reality releasing your files means sending you a key or code to decrypt the file. Payment is made either by digital currency such as Bitcoins or by a PayPal My Cash card which you need to purchase. Usually, users of malware steer clear of taking credit card payments or using online payment platforms such as PayPal as these are too easily traceable but not this time.

How does this ransomware infect your computer?

TeslaCrypt attacks and installs itself on your PC either through an infected email attachment, or through a drive-by installation – meaning you have picked it up from a compromised website or program.

What should you do if you've been infected by TeslaCrypt? Should you pay the fine?

In a word, no! There are two reasons for this: a) you're only encouraging further criminal activity and b) how do you know that you'll receive the decryption key anyway? If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will send you the private key and you will be able to decrypt your files. If you have any questions, please leave a comment below. If there's anything you think I should add or correct, please let me know. And now you're done reading this, may we suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing TeslaCrypt and related malware:


Before restoring your files from shadow copies, make sure TeslaCrypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by TeslaCrypt virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Thursday, February 26, 2015

What is fiber.js and how to remove it?

Fiber.js is a JavaScript file that comes prepacked with Binkiland browser hijacker and other potentially unwanted programs (PUPs.) The file itself isn't malicious but it clearly indicates that your computer is infected with malware. The Windows Script Host error about missing fiber.js file usually appears every half an hour or so. It's really annoying but at the same time it reveals malware presence on your computer, so I guess it's a good thing. If you know anything about malware then you probably know that for the most part, it sneaks its way onto your PC thanks to it having been bundled with another piece of software or a file that you are downloading from the Internet. It could be an upgrade to something reputable and well known such as the VoIP (Voice over Internet Protocol) software Skype, or your anti-virus program or something less – necessary shall we say – such as desktop wallpapers or a peer to peer file share of a TV series or pop album. No, it really doesn't matter what you're installing or downloading - Potentially Unwanted Programs will just about piggy back off anything.

Windows Script Host
Can not find script file C:\ProgramData\335CDB9F-63DE-0A19-D258-7A9B02DAA915\1.9.1.1\fiber.js

How do I continue to download files or programs without getting infected?

It is pretty unfeasible to say that we're never going to download some software or an app ever again – most of us would be forced to admit that it's hard to remember life before Skype and Candy Crush after all! So let's say you're 100% sure that you trust the company or programmer that is offering the program, file or application but you're still, quite rightly, worried about also installing a Potentially Unwanted Program, or PUP, along with it. Most potentially unwanted programs cause serious problems and fiber.js error is a good example.

The good news is that there are a number of ways that you can circumvent PUPs – or at least drastically reduce your chances of getting bitten by one. (If you'll excuse the pun.)

Here are some methods you can use to avoid PUPs and fiber.js errors
  • Read software license agreements carefully. Potentially Unwanted Programs – because they're not technically malware – are usually mentioned in the fine print. Watch out for any check boxes which have been pre-checked in favor of an extra component and make sure you are fully aware of what's about to be installed.
  • Make sure that your PC's operating system and security programs are bang up to date by installing Microsoft's latest security patches. In the same vein your anti-malware should also be the very latest version. In addition, you also need to ensure that you have the latest versions of any other software that's running on your machine. Check the aforementioned Skype if you have it, as well as iTunes, Adobe and any programs that enable you to view media files.
  • Finally when you are downloading something try and use the publisher's website and not a third party one as security is liable to be more lax on a site that is not pushing its own products
In order to stop fiber.js error pop up, you need to remove Binkiland and related malware from your computer. Otherwise, it will keep happening. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Fiber.js Error Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove fiber.js related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Binkiland
  • GoSave
  • deals4me
  • Youtubeadblocker
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove fiber.js related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Binkiland, Youtubeadblocker, Gosave, HD-Plus 3.5, BlockkTheAds and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove fiber.js related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Binkiland, Youtubeadblocker, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

Remove fiber.js related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more