Recently, many worms have threatened users of Facebook, including Win32/Yimfoca.AA and Win32/Fbphotofake, which followed the older virus (which is still active in Facebook) called Koobface.

Specifically, Win32/Yimfoca.AA is located in the top ten list of ThreatSense.Net in many European countries such as Austria, Italy, the Czech Republic and Slovakia in recent weeks.

According to Marek Polesensky, Malware Researcher of ESET, the Yimfoca worm uses Facebook chat to attack users, while Fbphotofake is a social engineering worm, which attacks victims by itself but also in combination with other malicious software through spam messages on Facebook. “The Yimfoca worm acts as a backdoor and can be controlled remotely, transmitting the virus through IM software such as Skype, MSN or Yahoo Messenger».

Moreover, Yimfoca can download and put into operation other malware programs circulating on the Internet – including rogue anti-virus software, by changing security settings or turning off the firewall in Windows. The Fbphotofake worm appears mainly as spam on Facebook. Users are advised to be careful not to open suspicious and unknown attachments or click on dubious links.

About the recent malware attacks, David Harley, Senior Research Fellow of ESET, noted the spread of the Nigerian letter scam on Facebook. “It is a typical case of Advance Fee Fraud (AFF), with an extra emotional blackmail,” says Harley. Moreover, he advises users to “Be always sure of the identity of the sender of instant messages or the content of messages on Facebook”. Also, Randy Abrams, Director of Technical Education of ESET North America, notes that “Part of the problem is that the philosophy of Facebook does not include security and this is a very difficult hurdle for specialists in the field of antivirus and security”.

Recent threats on Facebook include the following:

• The Win32/Yimfoca.AA worm has reached the Top Ten list of ThreatSense.Net in several European countries in recent months.
• Fbphotofake spreads spam on Facebook. For the case of the two worms mentioned above, users must be careful not to open suspicious and unknown attachments or click on dubious links.
• The Nigerian letter scam is spreading through the messages in Facebook, too.
• Koobface worm which is one year old but can be found sometimes nowadays as well.

Information about safety in Facebook can be found here: http://www.facebook.com/security.

If you are infected from any of the above viruses (especially Koobface), download Spyware Doctor 2011 below to clean up your computer. I suggest you to Download the trial version of the software and run it on your PC. If the tool finds any of the Facebook viruses, you can purchase the full version to clean up the infection.

Total Security 2009 is a rogue program that claims to be a legitimate antivirus tool but it is actually a malware. It has its origins to the Antivirus 360 which was also a rogue security software. Total Security Virus impersonates the Windows Security Center showing fake alerts that your system is supposedly unprotected. The main intention of Total Security virus is to scare the user in order to purchase the rogue software.

Total Security virus is very persistent in staying alive on your system. It hijacks your Internet Explorer thus blocking your ability to visit legitimate security sites for downloading antivirus tools. It also prohibits the user from opening the windows task manager saying that “task manager has been disabled by your administrator”. I have found a solution for cleaning up Total Security 2009 after searching around. Let’s see together how to do it:

1. Go to Start>Search>For files or Folders
2. On the left side of the search window, select the option “All files and folders”
3. Under the field “All or part of the filename” type *.exe
4. Click on the “When was it modified?”, select “Specify Dates” and on the drop down menu select “created date”. Below that, enter your current date in both “from” and “to” fields.
5. Hit the Search button. It will find an executable under the following folder:

c:/documents and settings/all users/application data/10176254

6. Browse to the above path. If you don’t see the folder “application data”, then go to Tools>Folder Options>View and Select “Show Hidden Files and Folders”
7. Maybe the folder numbers at the end will be different in your case, but they should be under the application data path. Go to the folder and rename it. Then Restart your computer.
8. After restarting, the malicious program will not find its executable to run it, so hopefully you will be able to run your antispyware tool.
9. Download Free Trial of Spyware Doctor Here and perform a free scan of your system. It will find all files associated with Total Security on your system. The free version of spyware doctor is for scanning purposes. To clean up the infection you will need to register the program.

Another tip for removing Total Security, is to use the “sysinternals” process explorer at the following link. (http://live.sysinternals.com/procexp.exe). Run the program and find the process tsc.exe. Click the Red X button to kill the process. You may also find a process with a random number. Kill that one as well.

 Good luck.

Important Note: If you got infected with TrustCop and paid money for it, you must contact your credit card company immediately and request your money back.

In this article I will show you with details how to remove TrustCop virus (either automatically or manually) from your computer. For a free scan of your computer to verify if you are infected with TrustCop virus, download the Antispyware tool below, install it and perform a full system scan.

TrustCop is another malware program that appeared recently on the Internet. It looks like a legitimate security antivirus scanner, but it is actually a rogue program with a sole purpose to steal money from innocent computer users. TrustCop infiltrates your computer with the help of a Trojan virus. The Trojan first gets into your PC (maybe from freeware programs that you installed or via browsing illegal websites) and then it downloads and installs TrustCop. The Trojan virus will then configure TrustCop to start automatically every time you boot your computer. Also, several random files will be created on your hard disk which will look like virus infected files. The purpose of these fake files is to have them “detected” by the TrustCop program which will ask you to purchase its full version in order to delete them. The picture below shows how TrustCop performs a fake scan of a computer system in order to convince the user that it is supposedly a legitimate security tool.

To get rid of TrustCop virus you can follow either the Automatic or the Manual method I will explain below. The Automatic method is recommended for a safe TrustCop removal. The manual method is recommended ONLY if you are expert in Windows Operating System, since it involves messing around with the Registry which can cause fatal problems if you don’t know what you are doing.

Remove TrustCop Automatically

Fortunately there are a few trusted Antispyware tools on the market which can effectively remove TrustCop virus and many other malware programs permanently. One such tool is the famous Spyware Doctor from PCTools software company. I would recommend to Download the Free Trial of Spyware Doctor Here, or visit the Spyware Doctor Website for more information.

If you have already downloaded Spyware Doctor from the beginning of this article (Free Scan Button) then you can skip this step.

After Downloading Spyware Doctor, run it and have it scan your PC for free. The free version of Spyware Doctor is for malware detection only. After detecting the TrustCop virus, you can purchase the full version to automatically clean up your PC from TrustCop or from any other viruses that reside on your system. If you don’t have already an Antispyware tool, then it is an excellent opportunity now to get a good one, like Spyware Doctor.

Remove TrustCop Manually

Before proceeding any further, I strongly suggest you to backup everything, and especially your registry. We take no responsibility for any damage you may cause to your computer.

Step1: Stop the following Processes

(Note: some processes might have a different name on your case)

• TrustCop.exe
• uninstall.exe
• 28a6d9wnlzader1957.exe
• ca85mxcq.exe

 
Step2: Unregister the following DLL files

(Note: To unregister a DLL file, open a command prompt window and type:
C:\> regsvr32 /u filename.dll ). You may need to navigate to exact path where the DLL file is located.
 

• 288995acktool3z1.dll
• 10134spamb9zb95.dll
• 1015zpyware2930.dll

 
Step3: Delete the following Registry Values (be careful)

HKEY_CURRENT_USER\Software\TrustCop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustCop
HKEY_LOCAL_MACHINE\SOFTWARE\TrustCop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ca85mxcq.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “TrustCop”

Step4: Delete the following files

c:\Program Files\TrustCop Software\TrustCop\TrustCop.exe
c:\Program Files\TrustCop Software\TrustCop\uninstall.exe
c:\Program Files\TrustCop Software\TrustCop
c:\Program Files\TrustCop Software
c:\Documents and Settings\All Users\Desktop\TrustCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustCop
c:\Documents and Settings\All Users\Start Menu\Programs\TrustCop\1 TrustCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustCop\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustCop\3 Uninstall.lnk
%Temp%\ca85mxcq.exe
c:\WINDOWS\10134spamb9zb95.dll
c:\WINDOWS\1015zpyware2930.dll
c:\WINDOWS\10753tzo5931.bin
c:\WINDOWS\system32\288995acktool3z1.dll
c:\WINDOWS\system32\28935virus54z.ocx
c:\WINDOWS\system32\28a6d9wnlzader1957.exe

Then, reboot your machine and cross your fingers!!!

GOOD LUCK

If you have ever been infected with the Google Redirect virus, you’ll know how annoying it can be. A Google Redirect virus affects your searching abilities. When you go to Google, or any other search engines, and do a search, the virus randomly redirects you to websites that are totally irrelevant to your search terms. Your computer will also start to slow down dramatically. It may take you two or three tries to eventually end up on the right site.

Not only is a Google redirect virus very annoying and time consuming, but it also may lead to a malicious website that could further infect your computer. Your computer can become infected with spyware and other viruses, also known as browser hijacking.

Most of the time you’ll never know that your computer has been taken over. Then the spyware infiltrates your system and gets access to personal information like credit card numbers, passwords, personal banking info and more. This is the start of your identity being stolen.

The first thing you should do to get rid of the Google redirect virus is to scan your computer using any free spyware scanner. Sometimes this simple scan and clean will clear out the virus. If that doesn’t work, then try scanning your computer in the ‘safe mode’. Then remove any infected files.

If the previously mentioned solution doesn’t work then you’ll have to go out and buy a trusted anti-spyware software like PCTools’ Spyware Doctor. When you’re looking for an anti virus software you should be going online to find one that has had some good reviews written about it. Spyware Doctor has received great reviews through the years like PC Magazine Editor’s Choice and PC World Best Buy Award. Go ahead and download Spyware Doctor below and perform a free scan of your system. This will give you an excellent view regarding the health of your system and verify if you are infected with Google Virus or any other malware.

When you do find one tool that you trust, simply download to your computer by following the prompts. Once it has been successfully downloaded you can run the ‘scan’ feature of the program. This will initiate the scanning of all your files and directories and notify you when it has found a malicious virus. This process may take a little time as it has a lot to go through. Once the program has finished its scan, you can view a list of all the infected files and directories.

In most cases you’ll have the option of completely deleting them or you can have them quarantined or sent to a vault for safe keeping. Either one of those options are sufficient. To make 100% sure that your anti virus software found all there was to find, it is recommended that you reboot your computer and do another scan.
If you want to remove a Google redirect virus completely, and make sure that it doesn’t come back, then purchasing an anti virus software will be your best bet. Some anti virus software will come complete with life time updates, while others may only be good for one year. So be sure that you know exactly what you’re getting. Another great way to find software that will eliminate the Google redirect virus is to talk to your local computer repair store like Geek Squad or similar. A lot of the time they’ll tell you to bring it in, but if they’re kind they’ll tell what they would use to fix it.

Make Sure to Follow all steps exactly below.

STEP 1: Download the Antispyware Tool Below

STEP 2: Download the Following two Registry Fix Files

Enable-Task-Manager.reg
Enable-Executables.reg

STEP 3: Read ALL Details Below

If you see a window pop-up like the picture below, it means that you are infected with the Windows Police Pro virus, and this is not good at all!!! Read more details below to learn how to Remove Windows Police Pro both manually and automatically.

As you can see from the picture above, Windows Police Pro looks like a legitimate antivirus software, but this is not true. It is a rogue program that claims to be genuine antivirus software in order to convince the computer user to purchase it. Of course, if you fall in the trap and pay for it, you will just lose your money because Windows Police Pro is a virus itself. For a free scan of your system to verify if you are indeed infected with Windows Police Pro, download the Antispyware tool that I mention in Step1 above, install it and perform a full system scan. If you are unable to run the Antispyware tool I suggest, Download and run also the two Registry Fix Files that I mention in Step 2 above. More Details in the Automatic Removal section below.

If you got infected with this pesky malware, it will block your PC from running various windows legitimate programs stating that they are infected with viruses and thus you can not execute them. Furthermore, various bogus windows warnings and system alerts will start showing up stating that your computer is under attack and that you should purchase Windows Police Pro to fix your system.

You MUST take action immediately to get rid of this scam parasite as soon as possible. You can remove Windows Police Pro either manually or automatically (recommended). Manual removal requires you to be expert in computers and is not recommended since you have to delete entries in the Registry or delete files under “Program Files” folder which makes it kind of dangerous if you don’t know what you are doing. Anyhow, read below for both methods of removing Windows Police Pro permanently.

Remove Windows Police Pro Automatically (Recommended)

Since Windows Police Pro will not allow you to run any programs on your PC and also will disable your task manager, you need to download the following two files and save them on your desktop.

Enable-Task-Manager.reg
Enable-Executables.reg

First double click on the first file (Enable-Task-Manager.reg) and press YES when it asks you to merge the data into your current registry. After you do that, you will be able to start the Task Manager as following:

Press Start + R and then type “taskmgr” and press Enter. This will open the Task Manager window. Put a checkmark on “Show processes from all users”. Then go to “Processes” tab and find the process WindowsPolicePro.exe. Right click on it and select “End Process”. Using the same procedure, stop also the following processes (some processes might not be present on your own system):

svchast.exe or svchasts.exe
ANTI_files.exe
dbsinit.exe
minix32.exe

After you terminate the processes, you need to enable again the ability to execute windows programs on your computer. Double click on the second file that you downloaded above (Enable-Executables.reg) and select YES when it asks you to merge the data into your current registry. After you do that, you will be able to run antispyware tools to clean the infection as described below.

To safely remove Windows Police Pro and any remnants of it, or any other malware and viruses residing on your computer, I would recommend to Download the Free Trial of Spyware Doctor Here, or visit the Spyware Doctor Website for more information. If you have already downloaded and installed the Spyware Doctor in Step 1 at the beginning of this guide then you can skip this step.

You can download the free version of Spyware Doctor and perform a system scan. Spyware Doctor free version is for spyware detection only. If the computer scan confirmed that you are infected, you can register the full version of Spyware Doctor to remove Windows Police Pro permanently.

Remove Windows Police Pro Manually

The following steps are not guaranteed to always work and we take no responsibility for any computer damage. You should proceed only if you know what you are doing. Backup your registry first before proceeding by going to Start>Run>regedit and then File>Export to save the registry.

Step1: Stop Windows Police Pro Processes
Press Start + R and then type “taskmgr” and press Enter. This will open the Task Manager window. Put a checkmark on “Show processes from all users”. Then go to “Processes” tab and find the process WindowsPolicePro.exe. Right click on it and select “End Process”. Using the same procedure, stop also the following processes (some processes might not be present on your own system):

svchast.exe or svchasts.exe
ANTI_files.exe
dbsinit.exe
minix32.exe

Step2: Delete the following Registry Values
Press Start + R and then type “regedit” and press Enter. Delete the following registry keys: (Your system might not contain all the registry keys shown below)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “minix32″
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100

Step3: Delete the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desote.exe

Delete the following folder with all files inside the folder:

c:\program files\windows police pro\

Delete also the following:

%UserProfile%\start menu\Programs\windows police pro\Windows Police Pro.lnk
%UserProfile%\Desktop\Windows Police Pro.lnk
c:\WINDOWS\svchasts.exe