Why need to backup the registry?
It is really important that we need to backup the registry before you manually remove a virus from your computer. Removing certain registry entries might crash your operating system sometimes your applications will become unstable. So we can use this backup to and restore it to the default and recover your operating system.
I will strictly recommend you to take a backup of your registry and your personal data before you attempt for a virus removal.
Let us see how to backup your registry:
1. Click Start>Run Type there Regedit then press enter. It will open up the registry window.
2. Now click on the File on the toolbar menu and click on Export. Make sure you save this file in your root of C Drive. This file will have the extension of .Reg
See the below Screenshot
The same way you can Restore the registry using the Import option on the File menu of the Registry.
August 15, 2008
How to backup registry
How to remove Power Antivirus 2009
What is Power Antivirus 2009?
It is a rogue anti-spyware program that will show false spyware results and you to purchase its full version to remove all those infections from your computer. PowerAntivirus2009 is an updated version of Antivirus 2008.
Mostly this infection will get in to your computer from any porn websites. It is actually ZLOB/MediaAccess Codec installer and get dropped in your computer when you accidentally clicked on any of these pop up advertisements.
Once this is installed in your computer there would be a shortcut on your desktop for this program it will take you to the Power Antivirus 2009 and ask you to purchase this program.
Here is the screenshot of this program:
Manual removal of this program:
1. Restart the computer in Safe mode
2. Go to this location %program files% ( by default your program files folder will be in C drive)
Then delete this folder Power-Antivirus-2009
3. Click on Start>Run Then type Regedit.exe to open the registry
Now navigate to these keys and delete them
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Power-Antivirus-2009"
HKEY_CURRENT_USER\Software\Power-Antivirus-2009
4. Click on Start>Run Then type %UserProfile%\Application Data
From the Applciation data folder delete the folder named Power-Antivirus-2009
5. Now restart your computer in normal mode and start your security scan.
The best of way to prevent from this infection is never install any unknown programs to your computer and never click on any advertisement pop ups.
August 13, 2008
Discount on Symantec products- Discount Coupons
Save $5 on Norton AntiVirus 10.0 for Macintosh when purchased via the US store! Click Here
Save 10% on Norton 360 in Germany! Use coupon code: 064rvs Click Here
10% discount on Endpoint Protection products
Enter the coupon code and save 10% on Endpoint Protection products
Offer Expires 10/03/08
Coupon Code: 08EPPromo
Save 10% on pcAnywhere
Save 10 % of on pcAnywhere products by entering the following coupon code: 08EPPromo.
Offer Expires 10/01/08
Coupon Code: 08EPPromo
10% off Norton AntiVirus 2008
United States - Norton AntiVirus 2008 - 10% off Coupon Offer Expires 10/01/08
Coupon Code: 10NAV08
Norton Internet Security 2008
United States - Norton Internet Security 2008 Offer Expires 10/01/08
Coupon Code: 15NIS08
Save 15% on Norton Internet Security 2008
Australia - Norton Internet Security 2008 - 15% off Coupon Offer Expires 10/01/08
Coupon Code: 15NIS08
10% off Norton AntiBot
Australia - Norton AntiBot - 10% off Coupon Offer Expires 10/01/08
Coupon Code: 10NAB08
August 2, 2008
C:\WINDOWS\hinhem.scr issue keep sending message in Yahoo messenger
Today I have come across a new issue. You can see the screenshot below. The infected computer's yahoo messenger will send spam messages to everyone in the contact list.
YM ID: C:\WINDOWS\hinhem.scr
YM ID: E may, vao day coi co con nho nay ngon lam http://nhatquanglan.xlphp.net/ 
When I research on this issue I have come to know that its getting infected from your USB Flash drive. Once this is infected it will start created "Newfolder" that you didn't!
How to manually fix this issue:
Delete these files
C:\Autorun.inf
C:\FS6523.dll.vbs
C:\WINDOWS\FS6523.dll.vbs
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\nhatquanglan20.exe
C:\WINDOWS\system32\SCVHSOT.exe
C:\WINDOWS\system32\blastclnnn.exe
C:\WINDOWS\FS6523.dll.vbs
C:\WINDOWS\system32\naoway.exe
Your Flashdrive:\SCVHSOT.exe
Your Flashdrive:\autorun.inf
Your Flashdrive:\nhatquanglan20.exe
Most of these file will be hidden so you have to enable the show all files and system files
July 25, 2008
Try your Symantec products for free
Do you want to try all your Symantec products for free? Download your favorite product now from here. This includes the Norton Addon packs which provides extra features like Norton Antispam for your Norton Internet Security products.
Norton has provided trialware for all their products.
XLGuarder Manual removal steps
What is this XLGuarder?
XLGuarder is a misleading application that may give exaggerated reports of threats on the computer.
Risk Impact: Medium
Let's see how to remove this.
1. Start the computer in safe mode
2. Deleted these files
C:\WINDOWS\sysutils\winsystip.exe
C:\WINDOWS\sysutils\sysutil.exe
C:\WINDOWS\iebho.dll
C:\WINDOWS\sysutils\settings.ini
C:\WINDOWS\sysutils\sysutil_s.exe
C:\WINDOWS\sysutils\uninstall.exe
C:\WINDOWS\sysutils\sounds\01.wav
C:\WINDOWS\sysutils\sounds\02.wav
C:\WINDOWS\sysutils\sounds\03.wav
C:\WINDOWS\sysutils\warning\alertpage.jpg
C:\WINDOWS\sysutils\warning\spacer.gif
C:\WINDOWS\sysutils\warning\warningpage.html
3. Click on Start>Run Type Regedit then press Enter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012}
HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} HKEY_CLASSES_ROOT\iebho.tieadvbho
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysutils HKEY_CURRENT_USER\SOFTWARE\sysutils HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
4. Restart the computer in Normal mode
