Keep Virus Free

TO HELP PREVENT VIRUSES FROM LOADING
ALWAYS FOLLOW
THESE EMAIL RULES
BEFORE OPENING EMAIL ATTACHMENTS

Do not open the attachments of messages with a suspicious or unexpected subject.
If you want to open them,
first save them to your hard disk and scan them with an updated antivirus program.

Delete any chain e-mails or unwanted messages.
Do not forward them or reply to their senders.
This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic.

To see SAFE and DANGEROUS EMAIL FILES EXAMPLES OF WHAT TO DOWNLOAD click here

THE SIX STEPS TO
KEEP YOUR COMPUTER HEALTHY
PRIVATE, and FAST...

Follow my suggestions below to run
the latest and greatest security, virus detection software, spyware detection, and email tips
ALL SAFE & FREE TO YOU !!

Believe me, a licensed engineer, and computer geek since before there were desktop computers.
If you don't run these recommended programs, especially SPYBOT,
your computer will definitely be FULL of spyware, secret ads, and expensive dialers that take control and secretly command your computer
in such a way that it robs your system of internet speed, efficiency, and privacy.

1) I LOVE THIS FREE CLEANER
It will REMOVE all of your old TEMP files that WINDOWS doesn't delete.

It has deleted VIRUSES and ROGUE temp files that no other programs can find
And it will fix BUGS from VIRUSES in MEDIA PLAYER and other programs
It will find files so old you thought were gone YEARS AGO!

If you do a lot of internet surfing, run this program after an extensive session DAILY.

Run CCleaner and then set this option in CCleaner:
Click OPTIONS, ADVANCED, then UNCHECK
"Only delete files in Windows Temp folders that are older than 48 hours"

To clean your computer from SPYWARE:
Spyware will rob you of your speedy connections, slow your computer down, and compromise your privacy,
running in the background without your knowledge or consent.

I used to use SPYBOT, but I no longer like this program. It can actually slow your computer down
when it installs thousands of rouge websites that it says are dangerous. I found ZERO use for that.
So if you have SPYBOT, I recommend to UNINSTALL it! Read below (#6) for how to complete a true uninstall of SPYBOT.
Once all traces are removed - including the 1000's of rogue websites in Internet Explorer don't ever use it again.

Now I use the FREE EDITION of SUPERANTISPYWARE
The free edition wont run automatically...so I just run it myself once a week or so.
If you use ccleaner regularly...your computer will be mostly clean anyway as
spyware will generally be deleted by ccleaner.

Be careful during the install of this program
(and during any other program install),
NOT TO INSTALL any TOOLBARS from GOOGLE or BING.
There is a checkbox sometimes during the install process to clear!

*** And Check UPDATES once a month or sooner ***

3) VIRUS DETECTION
Most Highly recommended - follow the program's automatic scheduling
I run this program update and check DAILY!

And occassionally:

Install and run Malwarebytes which will check for viruses and spyware on a one time scan basis

No uninstall of old antivirus programs required!

wgsdgsdgdsgsd.exe removal & Repair Safe Mode Operation

I got hit by the virus wgsdgsdgdsgsd.exe 3 times in the last 3 weeks.
It came from questionable sites, but since I am unafraid of viruses, I keep going back for more challenges. So I finally learned the easy way to get rid of this virus.
If I had no Norton backups I would never have been able to figure it out.

First off, my firewall caught the file, asked permission, and I prevented it from running. But the file was still present in Windows\system32 on my disk.
I tried to delete it...I couldnt. I tried to end a possible linked process with WINDOWS TASK MANAGER (Ctrl-alt- del), but Task Manager wouldnt run. Humm...
I also knew from past experience with this virus, that SAFE MODE would NOT run (Blue Screen of Death)- even after the virus was deleted.

RogueKiller available here on Bleeping Computer came to mind...Always have that file on your hard disk! IT FOUND THE VIRUS chain and deleted the process.

BUT, the file wgsdgsdgdsgsd.exe was still in Windows\system32. BUT this time I could easily delete it! And double check check that it's not in your RecycleBin.

Now, the trickiest part...SAFE MODE will still not work...even though the virus chain is gone.
Previously I had to reformat and load my hours old backup, and once I swear even a long reformat didnt work - I couldnt get into SAFE MODE...just that blue screen after rebooting.
I had to write zero's to the drive and reinstall my backup - which worked. Except I got that virus again twice more.

Here is how to restore SAFE MODE operation again:
Run regedit and scroll to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.
When you try booting into safe mode on the machine that has this key deleted, you will receive the BSOD.

Go to this page and see how easy it is to repair the registry with a simple registry download fix...
Make a backup of your registry key after your computer is repaired, so you will always have it available.

Voila...and that's it!!

Also perhaps as a result of the virus remnants was found in the JAVA cache with AVIRA
To manually delete them go to:
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/ either delete ALL the cache files - or scan that location with AVIRA within Windows Explorer

SUMMARY:
1. Dont allow wgsdgsdgdsgsd.exe with ZoneAlarm
2. Run RogueKiller
3. Run ccleaner
4. c:\Windows\system32 -- SHIFT-DELETE wgsdgsdgdsgsd.exe
5. Run AVAST through IE on
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
6. Run SAFE BOOT...XP PRO from here

For FBI RANSOM BROWSER ATTEMPTS
Run Windows TASK MANAGER (ctrl-alt-del)
And close ALL BROWSER WINDOWS
CCLEANER to repair.

IMPORTANT

Uninstall through Control Panel, Add/Remove programs: GOOGLE CHROME
&
Any GOOGLE or BING Internet Explorer TOOLBARS

And delete any other TOOLBARS there too.
Usually Superantispyware and Malwarebytes
will have already removed them.

These toolbars slow your computer down by reporting bck to the originators your internet behaviors, sites visited, etc.
Install and run Malwarebytes which will check for viruses and spyware on a one time scan basis

A sample history of virus killer programs - run in this order:
From http://forums.malwarebytes.org/index.php?showtopic=73155
ccleaner
MalwareBytes
HiJackThis
SuperAntiwareSpyware
turn off System Restore
-----------------------------------------
Below is included for super advanced problems...I used it maybe once:
http://www.eset.com/onlinescan/
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

OTM by OldTimer
Save it to your desktop
Here is example. You found a file in the est scan that could not be removed:

C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTM

4) MAKE SURE YOUR WINDOWS SYSTEM RESTORE IS TURNED ON
ALWAYS
Start, Control Panel, System, System Restore, Uncheck - Turn Off System Restore

5) IE, TOOLS, INTERNET OPTIONS, GENERAL, TEMPORARY INTERNET FILES, SETTINGS:
Keep this setting low - to prevent hard disk searching. I use 100 MB!!

Older versions of Java Runtime Environment have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..

After you have installed the Java software on your computer, you must restart your browser.
You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on
the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

CLICK START, PROGRAMS, ACCESSORIES, SYSTEM TOOLS, DISK DEFRAGMENTER.

Just relax and follow the prompts -this will take about 30 minutes or so, depending on the size of your hard drive and the speed of your computer.

This Microsoft Windows program will kind of put all the memory bits on your hard-drive in order
so that your hard drive can read your files and fill your cache in one quick pass,
rather than search in different places throughout your hard drive.

Turn off all browser windows, and other programs during the test
Also, temporarily turn off your antivirus program (AVG) & firewall

HOW TO AVOID RUNNING VIRUSES & OTHER NASTY THINGS
You must follow this order

While surfing your antivirus program opens a popup
VIRUS DETECTED...
THIS IS THE WORST CASE
an executable .exe file tries to get through your defenses
TURN OFF THE INTERNET MODEM BUTTON NOW
(or the following cleaning is for naught)
NOTE THE FIRST FEW LETTERS
of the .exe FILE showing in the AVG popup
Send the VIRUS to AVG's VAULT or if you can DELETE IT.
Run CCLEANER
To double-check names & locations of all VIRUSES that got through your firewall,
GO to your firewall logs.
SEARCH for virus names on hard-drive or just look in C:\
(They did get through your defenses!)
DELETE THEM :)
If you cant delete the .exe files, then they are already running.
CTRL-ALT-DEL opens Windows Task Manager
Search the IMAGE NAME column for the stubborn .exe file that wont get deleted
and the any other files sent to the vault
HIGHLIGHT them and END PROCESS
Run a REGISTRY CLEANER
RE-BOOT
TURN ON THE INTERNET MODEM BUTTON
Do an online antivirus scan for your c:\ HERE
16. If you cleaned well - the antivirus scan will be clear.