Porn banners. Treatment and prevention
Good time of day.In the current period increase in incidents of porn widgets , and vymogatelstva programs with which criminals shake with users a lot of money.
Here I will share with you all our knowledge about this problem.
So there you go. THE WIDGET ON THE DESKTOP:
Description. Usually after restarting the computer , when turn on the machine ,
then there is a banner on the desktop that can not be move or remove. Scammers offer you erotic videos , or convince you that your computer is infected with virus and when sending SMS messages , he will recover.
Many frequent users know this trick , and even if they send a text message , the response code will not come true. But skilled users very often maintained , and using them criminals filling their pockets with loot.
Program - a virus comes in through vulnerabilities in the browser , the sites with the questionable data and pop-up Windows( link), and the user voluntarily gives the nod for the virus through the popular social network "Vkontakte or Odnoklassniki"
It goes like this : a Friend writes to you that " urgent look , you are in this picture," and give a link , where one or more characters other. ( example: VkontakLe.ru) Not attentive reader comes to this site , and in that time, the computer is the malicious script.
This is one of the most common examples , although there are a lot , be careful friends :)
Ways of dealing with the virus.
There are many ways to remove the banner , as the saying goes each to taste.
There are banner ads which can be removed by themselves after 30 days or through the 999 clicks. There are settle for a long time , and harm , harm , harm. Block task Manager and registry.
In order to avoid reinstalling the OS , offer several ways.
Way of dealing 1.
One of the easiest ways is called "system restore"
Go to start – Programs – accessories – system tools – system Restore.
If you had it enabled and was created points every day , you can just roll back your system a day ago.(at that time when you were not manifestations of advertising)
ATTENTION if you value your programs which are installed today , to do better is not necessary , because the system will rollback one day ago and thus your proici horns.
Method 2 is undesirable or extreme.
This is a trivial formatting. Applies when your system has already affected thousands of hopeless viruses and the computer just choked them , then re installing the OS for you.
Method 3 – Utilities and programs .
If you have already installed the software I was advised in the application that it is not worth the effort to disable ads.
Picture : you got Porn as far left you can see the label of your life-saving program called AnVir Task Manager. Click it , program runs always on TOP and in particular of the banner , and immediately the program will let you know which apps have been added to the startup without your knowledge , and also clearly show the degree of risk in any process.
Once this window came out , you just remove everything from startup which will give you apps and processes with "high risk". Then just scan the computer with anti-virus , clean the hidden TEMP folder which is in the directory
C:Documents and Settings\Administrator\Local Settings
Similar programs there are , and most importantly for early care you about your system.
Method 4 – Cmedia.
There is a type of banner is very Intrusive , that is not easily removed. Because the process is exploler.exe and in startup it does not fit. Appears every 5 minutes , very nasty diseases. Anti-virus software often do not see and do not take.
But it was justice , the needle that Kashchei is the daddy
c:\Users\username \Application data\Roaming\CMedia ( though sometimes he changes his location , can score in the search the name of this folder)
All the poor man is exposed , may a pinch, delete the entire folder from your computer or
Find the file CMedia.dat. ( via Notepad will open ) change the settings of the counter of the remaining ad impressions on the scratch and everything. You can leave the rest to memory.
Method 5. x Bob seven
To carry the hard disk to a friend and check it fresh antivirus.
Method 6. – Generate code (performance 90%)
Code can be generated from the website of the antivirus vendors (again, run to the other with paper and pencil)
http://support.kaspersky.ru/viruses/deblocker
http://www.drweb.com/unlocker/index
http://virusinfo.info/deblocker/
People say that there is a universal code 3097 may help.*
Method 7 “eKav antivirus”
In malicious informer eKAV ( longanimity) , you can use the table:
In this table, all just. In the first column of the selected digit of the code message and is replaced by the appropriate number of any of the colored bars. For the same code numbers are used only one color of the column. If not the first column, proceed to the next, one of the nine columns should definitely help.
Method 8 - Manager.
Well, there are a lot of cases is not necessary , I think it is clear to all. If you you have a workable standard task Manager , or you use an alternative , then delete at random any suspicious processes that are created by the administrator but not system.
ATTENTION to porn banners CMedia (see above) and FieryAds is not covered , their Manager can not be removed.
9.Deleting files banner directly: program files when some of the banners appearing file plugin.EXE or the like , can be removed just as in safe mode and in regular. Use Unlocker if you cannot do it directly.
10. to start the computer in safe mode.
Useful applications:
AnVir Task Manager is a free system utility that allows you to control everything running on computer and provides convenient tools to configure your computer.
[screenshot]
AVZ is a small program , and so much useful. Will help you to restore normal operation. Unlocks , clean , patch. It also has the task Manager which you can use when the standard was executed executioner – virus.
Dr. Web CureIt – unfortunately when the banner has already started , then start the program it will be very difficult, as some banners cannot be moved or hidden. ( only through safe mode) But this program will replace you antivirus , how to hide a banner , then immediately scan the system to her. She copes fine. You can download it on the website of Doctor Web. www.freedrweb.com/cureit/
Malwarebytes' Anti-Malware – scanner , designed for such banners , program ads , modules, and other debris. If the infection got into the system but still not show , then this utility will pull the plug. Just scan your computer at least once a day , it takes no more than 5 minutes.
[screenshot]
Trojan Guarder Gold is a Program to search and destroy the computer viruses, Trojans, macro viruses and other malicious software.
Combofix is a free program to remove spyware, Trojans and viruses. Also for those who have problems running task Manager and registry editor.
Well guys we are smart , we will find where to download , search engines are able to use. If you have difficulty finding programs that write to the PM or email/ ICQ , I'll link.
Prevention:
Of course to install a good antivirus that you like. I have for example is Kaspersky 2010 , handles great.
-Be careful when sitting on the sites of dubious information , or in social networks
(Vkontakte , Odnoklassniki , mail) , do not click on suspicious links , it is better to recheck.
Periodically scan the system utilities , it will take about 5 minutes a day.
- Use The Firewall. At least he will warn you about getting into the system malware
- Enable "system restore" and periodically create "restore point"
-In case of a site with pop-UPS it is advisable to leave it in order to avoid infection .
If methods did not help you , describe:
the appearance of the banner, the number needed to send SMS , text messages , color of the banner and other information , how often vylaziet, etc.
Useful websites:
http://www.eavasi.ru/ - very useful site , all the banners and all this crap, from there I took the table to combat eKAV
Added :
1. Just try to translate the system time (clock) well, let's say for a month ago :)
2 If not work , press the Win (windows)+R and type TASKKILL /f /im explorer.exe
Thereby we destroy the process explorer.exe
The banner should disappear ( assuming that it is fixed to Explorer) , dalla restored back Explorer the command prompt (Win+R) explorer.exe
If the command line suddenly does not start , press ctrl+alt+del and type in new task C:\WINDOWS\explorer.exe
3.It is possible to try to delete files:
c:windows\system32\driver\ssfc.sys
c:windows\system32\sfcfiles.dll
Thank you for your attention.
_________
Banehallow
he caught pornobande and friend I have helped... only a recovery disc win7pe_uvs.iso (Google will find). No advertising they say it helps.
Opensource projects, eh,and loaded with Linux and to clean up not destiny? On porn sites have less to climb! Well, ways of restoration of the sea,the kosher it's Linux,and after a good AntiVir.
When got porn banner, sent(a) SMS. Just kidding, I booted(eh) with antivirus OS.
On my laptop running Windows 7 Starter SP1 32 bit. Stumbled on some nasty online, Windows locked, on the desktop only sloshnaya the black area and the window type: WINDOWS BLOCKED!. The virus was blocked and the mouse cursor is deprived of the ability to go beyond this window. Banner request:
To replenish the number of the MTS subscriber: +79137938708 in the amount of 1000 rubles.
I have taken the steps for removing the banner:
Launched Windows Safe with command prompt
In the line prescribed regedit.exe launched registry editor
A) According to the template in the HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows NT->CurrentVersion->Winlogon, parameter shell should be spelled out the path to this banner instead of the desired explorer.exe In my case, the shell parameter correct explorer.exe.
C) According to the template in the HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows NT->CurrentVersion->Winlogon, the Userinit after zapatos in userinit.exe should go for any characters or symbols - in my case, everything is clean.
C) Found the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, LoadAppInit_DLLs the option and deleted the value (not removing the LoadAppInit_DLLs parameter).
It did not help.
After a reboot nothing has changed.
Further: With other his computer went on the several famous search engines of the keys to unlock the Windows in such cases. No Kaspersky Deblock Or Deblock in VirusInfo Nor in search engines Dr.Web and ESET not found the activation code to this number. It did not help.
On: Launched Windows Safe, support network drivers in order to download Dr.Web CureIt or Combofix to scan the registry. Unfortunate banner snuck in here and there, not allowing anything to create one, also from in a simple and Safe mode.
Kaspersky Rescue CD I have, and there is no ERD Commander live CD. So I am deprived of a powerful means to get rid of the banner.
What do I do how to get rid of the banner?
As a variant, this crap is stupid may be prescribed in the startup, services, or even the boot files in the root of the drive with the OS. In the first and second case, is clean in safe mode (if it is not available then remotely edit the appropriate registry branches), in the third restored the original files from the installation image OS.
Joni Killer
Press WIN (Windows logo button)+U. Open utility Manager Tam run magnifier, a window will open, there click on the link Web host Microsoft will open a browser. There File-Open and choose the file C:\WINDOWS\system32\taskmgr.exe.
In General, such a problem. Somewhere I got a virus-extortionist. On the left websites are not walking, well, maybe accidentally on what is clicked, I have Adblock cheto passed out. The virus demand money, or virus writers will tell the police that I'm on the computer porn (on my computer it is not present). Googled, searched in all the guides to remove the virus you need to remove folders, which I do not. Everything is clean. Antivirusnik - Avast. What should I do? You hope the latter.
Such at you?Sam_Winchester
The screenshot will be later, I have a banner once a day popping up. In the banner says that I distribute porn, bestiality, bondage and other distortions.
Ghost Rider
You here http://support.drweb.com/show_faq?qid=46452743&lng=ru if you do not help describe the problem in more detail.
Or here https://www.drweb.com/xperf/unlocker/feedback/
Sorry for not answer, just today, the banner popped up. Dr. Web delivered yesterday. Hope that will help.
Okay, from the banner like get rid of, but there was another problem. In order not to produce a theme to write right here. In General, Avast swears on some cedrie.com (don't click) and so on each site.
Strange, I also have Avast is and such problems have not been recently a second time for a year registered...
Has anyone faced such a problem? Roam you're on the Internet and then BAM! There is such a thing (no screen, but something like a small (or large) rectangular (round) stuff with the text like Cheap auto, Your browser is outdated, update blah, blah or even Prostitute from ... to ....) in the center of the screen. if you click cancel, it appears like this:
No. 1
Then there is supposedly a virus scan and there's this:
No. 2
Of course it can be close, but I'm just BLT zadolbali! One banner ohranenie other just! The machine there, prostitutes, Boobs, and still there stuff. And every time trying to close it appears this virus scan. In this case, now refuse some functions of the sites. For example, you cannot click on links, do not open some tabs, Steam do not download almost anything:
No. 3
I tried to get rid of this stuff, but nothing helped. I checked the computer for viruses. Nothing. I pereustanovit all browsers. Nothing. I BLT Windu changed twice and still did not help!!! This hnya appears every time you only go for example to the search engine Yandex, well, or site. And on some sites this hnya just and the other isn't!
Okay too many letters.
Anyways What Do I Do!7 to this garbage I'm not bothered. Il me your phone number there to write? Help me!!! Please!
