Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Wednesday, May 27, 2015

Remove "Suggested Deals" Adware (Uninstall Guide)

Ads by Suggested Deals are not only annoying but can also indicate that your computer is infected with adware and other malware. If you keep getting ads or popups "By Suggested Deals" then you should definitely scan your computer for malware. Thanks to the increasingly amount of time that we spend connected to the internet we are putting ourselves at increasing risk from attack by an unscrupulous hacker, phisher or adware programmer. In other words; the sort of people who use malware and other dubious tactics to either cause us stress or use us for their own financial gain. But of course, it's not quite as simple as saying 'go online less often' as we all rely on the internet to provide us with the resources we need to work and make the most of our free time. Even if that free time is spent online looking at gossip websites, updating our Facebook statuses, playing Farmville or shopping!


But where do these risks actually come from? Many of them, including Suggested Deals adware are the result of us having downloaded some freeware, or free software. There can't be many people who would say that they don't love a freebie, but an incredibly high proportion of freeware files and programs also come bundled with add-ons – and those add-ons can be adware or other types of malware.

How to avoid add-ons like Suggested Deals when downloading freeware or shareware

You've discovered the latest must-have application that really will help you embark on that new fitness regime (really!) or the latest episode of your favorite TV show is now available for download. You eagerly rush through the installation, skipping through the wording in the End User License Agreement (boring!) Well that's your first mistake right there because if the file or application is also bundled with Suggested Deals adware, you have automatically allowed it to install itself on your PC.

The point is that you actually need to read the licensing agreement. Yes, we know they're often long, and always tedious, but most of them do tell you if they are also going to install that extra program on your machine too. The declaration will probably be confusingly worded and you may also find that check boxes are pre-configured and checked or unchecked in the favor of the Suggested Deals adware installation.

Is it really worth the hassle of reading the End User License Agreement?

Well we think so and that is because the majority of advertising supported software comes with a tricky little component that installs itself on your PC so that it can track which websites you visit. This data is recorded and sent back (using your internet connection!) to the adware's owner or programmer so that they are able to show you advertising, "By Suggested Deals" in this case, that matches the products or services that you were looking at on those websites.

So to answer our own question, if you are downloading freeware or software, YES, we do think that it is worth spending a few minutes to read the End User License Agreement a little more closely. After all, this is your privacy we are talking about! Now, if your computer is already infected, please follow the steps in the removal guide below. It shouldn't be very difficult to remove Suggested Deals adware. And next time, pay close attention to programs you install, especially freeware. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Suggested Deals Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Suggested Deals related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Suggested Deals
  • GoSave
  • deals4me
  • eDeals
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Suggested Deals related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Suggested Deals, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Suggested Deals related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Suggested Deals, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Suggested Deals related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Tuesday, May 26, 2015

What is srptm.exe and how to remove it?


Srptm.exe - by ReSoft LTD.


What is srptm.exe?


Srptm.exe is a part of snap.do browser hijacker. Multiple anti-virus engines have detected it as PUA/Linkury.Gen2, Adware.Linkury, not-a-virus:WebToolbar.MSIL.SmartBar.d and unwanted program. The fact that it has a valid digital signature doesn't make it less harmful. So, you've found srptm.exe malware but you're being proactive and trying to find out a little more about it. Good for you – knowing as much as you can about all the different types of malware is a very good step towards protecting yourself and your computer as much as you can. When talking about browser hijackers, in particular, knowing how they got their name is a good clue to the way they operate, and will give you a better understanding of how to avoid one if possible. Browser hijackers, to the untrained eye look like harmless – even useful software programs. Getting suckered in by this browser hijacker can leave your data corrupted, your files deleted and your security severely weakened. Not so harmless after all. Needles to say, I recommend you to remove srptm.exe and related malware from your computer. To do so, please run a full system scan with anti-malware software.





File name: srptm.exe
Publisher: ReSoft LTD
File Location Windows XP: C:\Program Files\LPT\
File Location Windows 7/8: C:\Program Files (x86)\LPT\
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run → srptm.exe

Read more

Remove "Crazy Score" Ads Malware (Uninstall Guide)

It can feel like we are under constant threat as we go about our daily lives. And as we all spend more and more hours of the day staring at a computer or smartphone screen, those risks are only increasing. It really doesn't matter what you're doing online as viruses and malware attacks are no longer only a problem for people who visit shady or dubious websites, they can affect any of us. Malware can be hidden in compromised websites, programs, files and applications of any nature. Malware and cyber crime is a multi-billion dollar business and those who make their living indulging in this kind of activity are constantly upgrading their methods and looking for new vulnerabilities, both technical and behavioral to exploit.

One of those big money spinners, so beloved by malware practitioners is Crazy Score adware. Of course advertising has always been used to generate revenue – it's how commerce has worked since the dawn of time – way before the days of Mad Men anyway! But adware can be more than just a type of online marketing.

What is Crazy Score?

Many people don't view Crazy Score to be as dangerous as the other types of malware, and while it's true that it is nowhere near as harmful as something like ransomware or a Trojan Horse, it is still something that you should protect yourself against.


At its simplest, Crazy Score is simply a software program that displays adverts (often labeled 'Ads by Crazy Score' or 'Powered by Crazy Score') when you're online. However, it takes a slightly more sinister turn when you realize that the majority of the Crazy score adverts that you are seeing are spookily close to goods or services that you were recently browsing. And that is because this adware software comes with a component that – to put it bluntly – spies on you. The websites that you look at are recorded and the pages that you specifically visit are monitored. The component collates this data and sends it back to the programmer or owner of the adware – so that they know which adverts to display to you.

What's the programmer getting out of all this?

Clearly by showing you adverts that are tailored to your interests increase the chances of you clicking on them. This will drive more web traffic to a site that the programmer may have a vested interest in. Obviously they are hoping that you will be suckered in to making a purchase too.

The other benefit to a programmer is to sell their adware program to businesses and organizations. Normally this profit is used to offset the cost of creating a program or application that the programmer provides to internet users for free.

Should I be concerned about Crazy Score?

Many people see adware as necessary if they want to avail themselves of freeware, even if they know the websites they visit are being tracked. However, many of the programmers who design adware like Crazy Score want to eke as much profit from their program as possible and will sell the data collected on to a third party – and who knows what that could lead to. I suggest you to remove Crazy Score adware from your computer and run a full system scan with anti-malware software. Very often, such programs come packed with spyware and other malicious software. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Crazy Score Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Crazy Score related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Crazy Score
  • GoSave
  • deals4me
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Crazy Score related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Crazy Score, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Crazy Score related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Crazy Score, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Crazy Score related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Sunday, May 24, 2015

How to Remove Locker Virus and Restore Encrypted Files

Locker is a file-encrypting ransom virus (ransomware) that encrypts your files using RSA-2048 encryption algorithm so they are not accessible and repairable without the unique encryption key. I've seen a few different versions of this ransomware so far: Locker v5.52, Locker v3.30, Locker v4.55, Locker v4.81 and Locker v2.60. Basically, it's the same ransomware only with different version numbers. I bet there are even more versions out there but I'm not quite sure why cyber criminals decided to do this. Anyway, no matter which version you have installed on your computer, it's the same ransomware. It does encrypt your files, it's not a joke. If you don't have backups you might be in trouble. This vicious malware is most definitely something that you would be well advised to finding out more about so that you are better able to protect yourself from an attack. It is also extremely useful to know why you shouldn't give in to ransomware's demands and what to do if you have been infected.


Locker virus payment page:


It demands to pay 0.1 BTC and gives information on how to buy Bitcoins. There's also a payment address which is unique for every victim.

What does Locker ransomware do?

You have probably already guessed that the clue to unlocking the way ransomware works is in its name. Locker has been created to kidnap your files or data, freeze them and make them inaccessible or unusable. After doing this the program will send you an updated version of the old fashioned ransom note, demanding that you pay 0.1 BTC (about $25) for your files to be released or unlocked. Once you've paid (which, by the way, you shouldn't – more of that in a minute) you will be sent a code that allows you to unlock your encrypted files. But when we say 'you will be sent' don't take that at face value as many cyber criminals using Locker ransomware will not bother to send you anything, simply taking your money and disappearing, never to be heard of again. And don't think you'll be able to negotiate with them either – these types of people don't tend to have a customer care helpline.

And that's not all...

So that they can ensure you will be more likely to pay, victims of Locker will turn the fear factor up to eleven. You're already wondering if you're ever going to see your files and the data they contain again, but to pile even more stress upon you, many of these so called ransom notes will either tell you that they have been sent by a law enforcement agency, such as the FBI or CIA, or tell you that the unlock code will become invalid and your files destroyed if you don't pay by a certain date. In this case, cyber criminals give you 3 days to pay the ransom. The Locker ransom program says:

All your personal files on this computer are locked and encrypted by Locker [ver]. The encrypting has been done by professional software and your files such as: photos, videos, and cryptocurrency wallets are not damaged but just not readable for now. You can find the complete list with all your encrypted files in the files tab.

The encrypted files can only be unlocked by a unique 2048-bit RSA private key that is safely stored on our server till [date]. If the key is not obtained before that moment it will be destroyed and you will not be able to open your files ever again.

Obtaining your private unique key is easy and can be done clicking on the payment tab and pay a small amount of 0.1 BTC to the wallet address that was created for you. If the payment is confirmed the decryption key will be sent to your computer and the Locker software will automatically start the decrypting process. We have absolutely not interest in keeping your files encrypted forever.

You can still safely use your computer, no new files will be encrypted and no malware will be installed. When the files are encrypted Locker [ver] will automatically uninstall itself.

It's very similar to BitCryptor ransomware. It shows time remaining, lists all the encrypted files and gives you a personal Bitcoint wallet address.

What do I do? Pay the fine and make the problem go away?

It's not a good idea but if you really really care about the files, pay the ransom, although no guarantee that you'll get the files back. Besides, by paying you'll be perpetuating cyber crime. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!


Written by Michael Kaur, http://deletemalware.blogspot.com

IMPORTANT! Before running anti-malware software and trying to restore your files COPY the encrypted files, your Bitcoin wallet address (see under Payment tab) and %PROGRAMDATA%\rkcl, %PROGRAMDATA%\tor, %PROGRAMDATA%\steg or %PROGRAMDATA%\Digger folder (with files) to external hard drive, CD/DVD or a USB flash key. You should have these in case you decide to pay the ransom or someone creates a decryption tool.



The ransomware is also known to disable certain system features like system restore, delete shadow copies, and prevent the uninstalling of software. This makes it incredibly difficult to remove it or roll back to solve the issue.


Step 1: Removing Locker and related malware:


Before restoring your files from shadow copies, make sure Locker virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Locker virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try to recover at least some of your files with Recuva software. It's a free file recovery tool.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Read more

Thursday, May 21, 2015

Delta-homes Removal Guide

Delta-homes is a browser hijacker that modifies your web browser settings and changes your home page and default search engine to http://www.delta-homes.com. It can seem like it's getting harder and harder to spend any amount of time online and not put yourself in harm's way of being infected by malware or a virus. With online attacks now big business for the thousands of phishers, scammers and other cyber criminals, it's harder than ever before to stay safe. And unlike before when avoiding infection meant simply avoiding illegal downloads, pirated software and adult content websites, now anything, everything and everyone is fair game in an attacker's eyes.

Browser hijackers

Just one more thing that have been designed to cause us irritation when we're browsing the internet, delta-homes and similar browser hijackers, search engines that will, without warning, take the place of your existing ones. You'll log on to your computer only to find that delta-homes.com has got rid of your existing one for you and replaced it. That'd be fine if the replacement home page was better than your original - or at least equal to it in functionality – but that won't be the case. After all, the major search engines and operating systems know what they're doing when it comes to giving you search capabilities – more so, I'm willing to bet, than some bedroom programmer/spammer. Unlike most browser hijackers, it displays different home pages for users from different regions, in other words it has a pretty decent localization module. However, that's not really useful and probably won't convince you to use it instead of Google or Bing. Besides, it's actually a pseudo search engine because it redirects users to govome.inspsearch.com and other websites that simply grab search results from Yahoo or Google.


If you've had a new delta-homes home page foisted upon you, chances are you're wondering how to stop it from happening again in the future. Well unfortunately there is no great catch all answer to the problem but, of course, there are a number of practical steps you can take; exercising more caution when you're using the internet being just one of them.

Of course, installing a good anti-malware program on your PC is your first line of defense in the war against online parasites and this will stand you in far better stead of staying safe when you're connected to the World Wide Web. However the problem is that when it comes to browser hijackers, the fact that they are designated potentially unwanted can lead many anti-malware solutions to be fooled by them and view them as potentially wanted instead. It's two sides of the same coin.

What does delta-homes do?

It has quite a few unappealing features. Delta-homes might download adware onto your PC so that you'll be subjected to non-stop pop-up adverts. It generally makes your computer run more slowly and it can cause your internet connection to slow down or keep crashing too. And of course, as mentioned a moment ago, one of its very favorite things to do is to hijack your browser and and change your home page to delta-homes. And in the majority of cases, these browser hijackers are merely a means for manipulating your web searches and redirecting them to websites that the browser hijacker's programmers wants you to visit instead of the destination you were aiming for.

How does delta-homes end up on your PC?

Delta-homes is normally packaged with other programs, meaning when you download Program A you could also be downloading a browser hijacker! The solution: read license agreements properly and check or uncheck boxes mentioning add-ons.

How do I remove delta-homes?

Delta-homes removal can be a tedious task. It modifies browser settings and also makes modifications to Windows registry. Hopefully, the removal guide below will help you to remove this browser hijacker from your computer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Delta-homes Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this browser hijacker from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Uninstall delta-homes related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove eSave Security Control, GoPlayer, Desk 365 and any other recently installed application. It won't be listed as delta-homes.com in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.



Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove delta-homes from Google Chrome:

1. Click on Customize and control Google Chrome icon. Select Settings.




2. Click Set pages under the On startup.


Remove delta-homes.com by clicking the "X" mark as shown in the image below.



3. Click Show Home button under Appearance. Then click Change.



Select Use the New Tab page and click OK to save changes.



4. Click Manager search engines button under Search.



Select Google or any other search engine you like from the list and make it your default search engine provider.



Select delta-homes.com from the list and remove it by clicking the "X" mark as shown in the image below.



5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file. Nothing more.




Remove delta-homes from Mozilla Firefox:

1. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: delta-homes



Now, you should see all the preferences that were changed by delta-homes. Right-click on the preference and select Reset to restore default value. Reset all found preferences!




4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.




Remove delta-homes in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select delta-homes.com and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.delta-homes.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.



6. Finally, go to ToolsInternet Options and restore your home page to default. That's it!
Read more