Rogue Spyware

Rogue security software mainly relies on social engineering in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers. Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as: * A browser plug-in or extension (typically toolbar) * An image, screensaver or archive file attached to an e-mail message * Multimedia codec required to play a certain video clip * Software shared on peer-to-peer networks * A free online malware scanning service Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or e-mail clients to install themselves without any manual interaction. More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. Example of rogue software: Antivirus* (2008, 2009, 2010) If your computer infected, please do not hesitate to contact me via email and describe the symptom and screenshoot. I will guide you how to remove it (FOC).

Disable autorun.inf & Re-enable Task Manager

Disable autorun.inf To Prevent Virus Infection

There are so many viruses spread out due to usb drive. It activates by inserting it through a port and after double clicking the drive it infects the computer.

lt scans and check if there is a ‘autorun.inf’ file and then write into ‘mountpoint2′ registry,’mountpoint2′ and will modify the act to open a disk or pop up menu. Although you already set up ‘ disable auto play’ ,use right click or use ‘explore’ to open disk,the result still will run ‘virus .exe’.

And so we need to restrict the ‘mountpoint2′ registry area.

1.START ->RUN ->Key in ‘regedit’ to open registry.
2. HKEY_CURRENT_USER\ Software\Microsoft\ Windows\CurrentVersion \Explorer\MountPoints2,
3.Right click ‘mountpoints2′ and select ‘permission’
4.Then click ‘Advance’,uncheck ‘inherit from parent the permission entires that apply to child objects. Include these with entires explicity defined here’.
5.Click ‘remove’.’Yes’ and ‘ok’.

Now,even you insert a usb drive with virus and your computer couldn’t affected.

Be careful in editing your registry, this should be done if you are quite familiar in doing so. Backup your registry before trying this.

Re-enable Task Manager

Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enablethis key, that is DISABLE TaskManager
Value: 0=Disablethis key, that is Don’t Disable, Enable TaskManager