3 New Notifications

New Badge Earned
Get 1K upvotes on your post
Life choices of my cat
Earned 210

Drag Images here or Browse from your computer.

Trending Posts
Sorted by Newest First
B
Banehallow 15.03.20 02:23 pm

Porn banners. Treatment and prevention

Good time of day.
In the current period increase in incidents of porn widgets , and vymogatelstva programs with which criminals shake with users a lot of money.
Here I will share with you all our knowledge about this problem.

So there you go. THE WIDGET ON THE DESKTOP:

Description. Usually after restarting the computer , when turn on the machine ,
then there is a banner on the desktop that can not be move or remove. Scammers offer you erotic videos , or convince you that your computer is infected with virus and when sending SMS messages , he will recover.
Many frequent users know this trick , and even if they send a text message , the response code will not come true. But skilled users very often maintained , and using them criminals filling their pockets with loot.
Program - a virus comes in through vulnerabilities in the browser , the sites with the questionable data and pop-up Windows( link), and the user voluntarily gives the nod for the virus through the popular social network "Vkontakte or Odnoklassniki"
It goes like this : a Friend writes to you that " urgent look , you are in this picture," and give a link , where one or more characters other. ( example: VkontakLe.ru) Not attentive reader comes to this site , and in that time, the computer is the malicious script.
This is one of the most common examples , although there are a lot , be careful friends :)

Ways of dealing with the virus.
There are many ways to remove the banner , as the saying goes each to taste.
There are banner ads which can be removed by themselves after 30 days or through the 999 clicks. There are settle for a long time , and harm , harm , harm. Block task Manager and registry.

In order to avoid reinstalling the OS , offer several ways.

Way of dealing 1.
One of the easiest ways is called "system restore"
Go to start – Programs – accessories – system tools – system Restore.
If you had it enabled and was created points every day , you can just roll back your system a day ago.(at that time when you were not manifestations of advertising)
ATTENTION if you value your programs which are installed today , to do better is not necessary , because the system will rollback one day ago and thus your proici horns.

Method 2 is undesirable or extreme.
This is a trivial formatting. Applies when your system has already affected thousands of hopeless viruses and the computer just choked them , then re installing the OS for you.


Method 3 – Utilities and programs .
If you have already installed the software I was advised in the application that it is not worth the effort to disable ads.
Picture : you got Porn as far left you can see the label of your life-saving program called AnVir Task Manager. Click it , program runs always on TOP and in particular of the banner , and immediately the program will let you know which apps have been added to the startup without your knowledge , and also clearly show the degree of risk in any process.
Once this window came out , you just remove everything from startup which will give you apps and processes with "high risk". Then just scan the computer with anti-virus , clean the hidden TEMP folder which is in the directory
C:Documents and Settings\Administrator\Local Settings
Similar programs there are , and most importantly for early care you about your system.

Method 4 – Cmedia.
There is a type of banner is very Intrusive , that is not easily removed. Because the process is exploler.exe and in startup it does not fit. Appears every 5 minutes , very nasty diseases. Anti-virus software often do not see and do not take.
But it was justice , the needle that Kashchei is the daddy
c:\Users\username \Application data\Roaming\CMedia ( though sometimes he changes his location , can score in the search the name of this folder)

All the poor man is exposed , may a pinch, delete the entire folder from your computer or
Find the file CMedia.dat. ( via Notepad will open ) change the settings of the counter of the remaining ad impressions on the scratch and everything. You can leave the rest to memory.




Method 5. x Bob seven
To carry the hard disk to a friend and check it fresh antivirus.

Method 6. – Generate code (performance 90%)
Code can be generated from the website of the antivirus vendors (again, run to the other with paper and pencil)
http://support.kaspersky.ru/viruses/deblocker
http://www.drweb.com/unlocker/index
http://virusinfo.info/deblocker/

People say that there is a universal code 3097 may help.*

Method 7 “eKav antivirus”


In malicious informer eKAV ( longanimity) , you can use the table:

In this table, all just. In the first column of the selected digit of the code message and is replaced by the appropriate number of any of the colored bars. For the same code numbers are used only one color of the column. If not the first column, proceed to the next, one of the nine columns should definitely help.

Method 8 - Manager.
Well, there are a lot of cases is not necessary , I think it is clear to all. If you you have a workable standard task Manager , or you use an alternative , then delete at random any suspicious processes that are created by the administrator but not system.
ATTENTION to porn banners CMedia (see above) and FieryAds is not covered , their Manager can not be removed.

9.Deleting files banner directly: program files when some of the banners appearing file plugin.EXE or the like , can be removed just as in safe mode and in regular. Use Unlocker if you cannot do it directly.

10. to start the computer in safe mode.

Useful applications:

AnVir Task Manager is a free system utility that allows you to control everything running on computer and provides convenient tools to configure your computer.
[screenshot]

AVZ is a small program , and so much useful. Will help you to restore normal operation. Unlocks , clean , patch. It also has the task Manager which you can use when the standard was executed executioner – virus.

Dr. Web CureIt – unfortunately when the banner has already started , then start the program it will be very difficult, as some banners cannot be moved or hidden. ( only through safe mode) But this program will replace you antivirus , how to hide a banner , then immediately scan the system to her. She copes fine. You can download it on the website of Doctor Web. www.freedrweb.com/cureit/

Malwarebytes' Anti-Malware – scanner , designed for such banners , program ads , modules, and other debris. If the infection got into the system but still not show , then this utility will pull the plug. Just scan your computer at least once a day , it takes no more than 5 minutes.
[screenshot]

Trojan Guarder Gold is a Program to search and destroy the computer viruses, Trojans, macro viruses and other malicious software.

Combofix is a free program to remove spyware, Trojans and viruses. Also for those who have problems running task Manager and registry editor.

Well guys we are smart , we will find where to download , search engines are able to use. If you have difficulty finding programs that write to the PM or email/ ICQ , I'll link.

Prevention:
Of course to install a good antivirus that you like. I have for example is Kaspersky 2010 , handles great.
-Be careful when sitting on the sites of dubious information , or in social networks
(Vkontakte , Odnoklassniki , mail) , do not click on suspicious links , it is better to recheck.
Periodically scan the system utilities , it will take about 5 minutes a day.
- Use The Firewall. At least he will warn you about getting into the system malware
- Enable "system restore" and periodically create "restore point"
-In case of a site with pop-UPS it is advisable to leave it in order to avoid infection .





If methods did not help you , describe:
the appearance of the banner, the number needed to send SMS , text messages , color of the banner and other information , how often vylaziet, etc.

Useful websites:
http://www.eavasi.ru/ - very useful site , all the banners and all this crap, from there I took the table to combat eKAV

Added :

1. Just try to translate the system time (clock) well, let's say for a month ago :)

2 If not work , press the Win (windows)+R and type TASKKILL /f /im explorer.exe

Thereby we destroy the process explorer.exe
The banner should disappear ( assuming that it is fixed to Explorer) , dalla restored back Explorer the command prompt (Win+R) explorer.exe

If the command line suddenly does not start , press ctrl+alt+del and type in new task C:\WINDOWS\explorer.exe

3.It is possible to try to delete files:

c:windows\system32\driver\ssfc.sys
c:windows\system32\sfcfiles.dll


Thank you for your attention.
_________
Banehallow
161 Comments
Sort by:
L
Lary Cross aka nick hande 15.03.20

zxuc_regor
+1. And in General, all viruses coming in through plugins. Can not install antivirus software, the main thing is not to install plugins mansions for reading pdf files. They are vulnerable and that through them you get viruses. More often on sites there for the full content display site you will need to install the plugin. Don't download it. The plugin should place the flash player from the official site and all. And can not buy antivirus because the useful work he does in times less than the same Anvir Task Manager. Download task mananger, don't install unnecessary plug-ins, not to download questionable files will not have a virus 99% of porn banners. Tested on their own experience (there is free Kaspersky 11 antivirus with cracked key, but I do not use it, it is turned off in startup are not added. Sometimes once a month run the critical areas scan only). OVER several years of use in a similar mode, never jumped, no viruses, no ad blockers, no banners. Sitting for 2 years on NG off antivirus - never jumped anything.

C
Conjel 15.03.20

my Casper is and there are not any banners))

r
rofa 15.03.20

he has never been caught, and had to be treated twice:) Oh how useful would this article then))) less hemorrhoids would be))))) +1

a
atmaROZ 15.03.20

Internet Security - Virus banner
The emergence of one attack,from contact virusni. Brother helped to overcome (on the phone).
The network login was not possible,the recovery is not help full .....
---------------------------------------------------------------------------------------
Looked this infection so:
pix.PlayGround.ru + pix.PlayGround.ru
--------------------------------------------
The way of deliverance,(helped immediately),though it looked like the seams...
Method: regedit
1.Start button/Run/enter the word: regedit / click OK.
2.In the opened registry Editor ,on the left(folders only five here,if you close the sub-sections,next to each of the five folders will be + ) .Open the folder HKEY_CURRENT_USER (click on the plus sign near the folder or a couple of clicks on itself).
3.Find where the Software folder.
4.It Microsoft folder.
5.Microsoft in the Windows folder.
6.In Windows find the folder CurrentVersion.(should be below)
7.In the CurrentVersion we need latest folder, Internet Settings,click on that ,already looking contents in the right window,under Name,Type,Value...
8.In the first of three columns,under the Name,need to find a pair
label: ProxyServer and ProxyOverride
==================================
9.And the last step: erase everything outright,they have written there in the third column,under the Importance.

PS are you Going to open the browser...
Yes,spam of course, neither a fiction,it is a regular divorce and viral,
and it was called Internet Security

r
rofa 15.03.20

after reading the threads installed AnVir Task Manager during the week, problems banner XDD though not very serious, but still! so I started AnVir Task Manager, drove the car cleaning the registry and everything fell into place, and the EP@tsya did not have =))) +1

n
nikgul 15.03.20

AnVir Task Manager conflicts with e set nod 32?

r
roman.lyadoff 15.03.20

Is NIS 2011 and no problems

T
Tuchcka 15.03.20

This virus is called winlocker. The keys do not help! Now all these viruses simply are not designed to remove the lock after entering the key. The best way to remove winlocker - livecd and reinstall. The only way!

T
Tuchcka 15.03.20

blah creature dirtied PG!!!

T
Tuchcka 15.03.20

hackers (dog feminine)!!!

R
RoboPC 15.03.20

Hi!I was massacrated porn banner has Bakirova all...and safe mode did not pomogal and system restore have gone by...I put in a new system.....and could not perestanavlivat OS?Picture flood..

m
mr.kit 15.03.20

The people,advise
looking for a single file,downloaded the archive,it is not a virus,now every 20 minutes suddenly open the link with advertising
the registry and cache cleaned,computer rebooted
what to do?

S
Subrezon 15.03.20

People, I received and cured corny restart via the socket and blew through the combined Forces Aviram, Casper and Dr. Web (I have them sort of there, but only active Avira)

B
Brando9 15.03.20

Spacebank Eugene N. it is Possible to do without reinstalling the OS.

Caught free virus of its kind, will describe the solution to this problem, can someone come in handy.
In General the desktop, no shortcuts, and in the middle of this sinister banner. System rollback is impossible because was not included booting in safe mode is useless, multiboot disc and other things there.
Killed the infection so:
1. - 5 times press shift, nothing happens except beep from the system unit
- Alt+spacebar (flashes a window and immediately disappear)
- Enter
- Hold the up arrow and banner suggests a window sticky keys. Now you can use the mouse to move the window.
- Click on settings
- RMB (right mouse button) on any of the descriptions and click What is
- Then in the pop-up description PTP and Print partition (do all this in order to somehow get to the file system, it may be easier, but I did so).
Now in the window titled Print click double click on add printer
- Press next until will not see the button have disk. Click on it => browse, and then for any PCM folder => Explorer.
Well, we got to the folders and files.

2. - The next thing we do is go to C:\Documents and Settings\All Users\Application Data and delete the file called 22CC6C32.exe
- Going to the registry C:\WINDOWS\regedit.exe. Here go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and the value of the Shell parameter correct for explorer.exe
- The value of Userinit to the correct value C:\WINDOWS\system32\userinit.exe, (comma not forget)
- In the registry search through to find a mention of a file called 22CC6C32.exe - remove these lines.
- Go to C:\WINDOWS\system32 find userinit.exe and rename to any other name, it doesn't matter what, just don't forget about the extension, it remains the same.
- We find in this same folder 03014D3F.exe and renamed userinit.exe
- Restart your computer

After the restart, the banner remained in the middle, but the desktop has loaded. Checked out just in case all that is described in paragraph 2, then shooed Casper system disk C, of course found a bunch of Trojans. Rebooted. All cured, it is removed, everything works!

This way when something I read somewhere, so the link will not give.

j
joker.2 15.03.20

Also got PG a month ago, the banner to full screen, the message type you are accused of pedophilia etc. the case is reviewed in court or pay a fine in the amount of 400 rubles for MTS ... here's the number I do not remember (have been recorded). Although I wanted to download only the first ENB for the TDU, came from the search mail

B
Banehallow 15.03.20

Recently after a lull , a new wave of pornomania that disable all functions , even the mouse cursor disappeared. Scammers do not need to send SMS and need to replenish your account in the amount of 500 PE on the Beeline , as a consequence, none of universal codes is not appropriate.

Well, this banner has a weak spot , it is very easily bypassed using safe mode. Is removed very easily - disable it in the startup and stupidly throw in the trash. To find on the computer, it is also the case of three moments , just to hammer in search of all the changed files for the time when you have this banner. I don't remember exactly , but he kind of is in programs files or on the disk TS.

A
Ars_Strelok 15.03.20

Now the new banners which replace the system files and all of the above-described methods do not work!!!

B
Banehallow 15.03.20

The reinstallation of the Axis always works =)

N
Nick Heidfeld 15.03.20

very easily bypassed using safe mode. Is removed very easily - disable it in the startup and stupidly throw in the dumpster is the fastest way

A
Ancik 15.03.20

Using safe mode is a little removed these parasites. Use full article for step-by-step unlocking the computer by different methods, from simple to complex.
Here is the article Locked computer