Processor / System Bus : Intel Atom Processor N280 1.66GHz
Memory Total Slots: 1 (Single Channel)
Capacity: Maximum up to 2GB
Memory Type: DDR2 800
Memory Size: 1GB 2GB
HDD Bays: 2 x 3.5 inch 7200RPM
Configuration Option: 500GB, 1TB, 2TB
Networking LAN: 10/100/1000Mbps
On Board I/O:
2 x eSATA ports
1 x RJ-45 ports (Gigabit)
6 x USB2.0 ports
Operating Systems Support : Windows® Home Server
Power Supply: 90W Single Power Supply (Adapter)
Accessories:
1 x User's Guide
1 x Bag of Screws
1 x AC Power Cable
1 x RJ45 LAN Cable
1 x AC Adapter (90W)
1 x Quick Start Guide
1 x Software Installation CD
1 x Recovery DVD
1 x Restore CD
1 x Warranty Card
LED Indicator: System, HDD1, HDD2, Network status indicators
Button: Power on/off, Recovery button
Color: Black
This oracle error message could be due to no space in the hard disk. Check your hard disk whether space is available or not and try again.

ORA-19502: write error on file
ERROR at line 1:
ORA-19502: write error on file "/oradata/mydb/redo03a.log", blockno 986497 (blocksize=8192)
ORA-27072: skgfdisp: I/O error
Linux Error: 2: No such file or directory
Additional information: 986496
Trojan Backdoor.Sykipot opens a port on the infected computer, It allows a remote attacker to acceess and control the computer. This Trojan can End processes, Upload and Download data.
How to remove Trojan Backdoor.Sykipot?


1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry
** Use at your own risk

** How to edit windows registry ?


Remove these values from registry


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"notes" = "c:\documents and settings\administrator\local settings\temp\notes.exe -installkys"

Remove these files if exist

%Temp%\notes.exe
%Temp%\rsvm.exe
%Temp%\wshipnotes.dll
%Temp%\clipsvc.exe
%Temp%\wshipl.dll
Another Trojan horse program that uses Internet explorer's Remote Code Execution Vulnerability (iepeers.dll) BID 38615 .It is a java script file. When executed it downloads Backdoor.Sykipot on to the infected computer.

Trojan JS.Sykipot may create these files up on execution.
%UserProfile%\Local Settings\Temporary Internet Files\20100307.htm
%UserProfile%\Local Settings\Temporary Internet Files\20100307[1].htm

How to remove Trojan JS.Sykipot ?

1. Perform standard procedure for Virus removal.

** Standard procedure for Virus removal
This is a list of free Virus / Trojan / Worm removal tools from Symantec.

How to remove Trojan.Ramvicrype ?



How to remove Trojan.Ransomlock ?



How to remove Trojan.Initbar ?



How to remove Trojan.Xrupter ?



How to remove W32.Virut ?



How to remove Trojan.Bankpatch ?



How to remove W32.Downadup ?



How to remove Trojan.Brisv.A!inf ?



How to remove Backdoor.Haxdoor.S/Trojan.Schoeberl.E ?



How to remove W32.Spybot.ANDM ?



How to remove W32.Spybot.ACYR ?



How to remove W32.Rajump ?



How to remove W32.Pasobir ?



How to remove Support ActiveX Control Cleanup ?



How to remove Trojan.Linkoptimizer ?



How to remove W32.Bacalid ?



How to remove W32.Antinny ?



How to remove Trojan.Abwiz ?



How to remove Trojan.Exponny ?



How to remove Trojan.Sientok ?



How to remove W32.Davs ?



How to remove W32.Kiman ?



How to remove W32.Blackmal@mm ?



How to remove W32.Secefa ?



How to remove Backdoor.Ryknos ?



How to remove Mobile Threats ?



How to remove W32.Pexmor@mm ?



How to remove W32.Bobax@mm ?



How to remove W32.Esbot ?



How to remove W32.Zotob ?



How to remove W32.Reatle@mm ?



How to remove Trojan.Jasbom ?



How to remove Trojan.Vundo.B ?



How to remove W32.Mytob.AR@mm ?



How to remove W32.Kelvir ?



How to remove W32.Serflog.A ?



How to remove W32.Mytob@mm ?



How to remove W32.Bropia ?



How to remove W32.Envid@mm ?



How to remove Trojan.Vundo ?



How to remove W32.Bofra@mm ?



How to remove Adware.JustFindIt ?



How to remove Backdoor.Agent.B ?



How to remove W32.Evaman.C ?



How to remove W32.Erkez.B@mm ?



How to remove W32.Korgo ?



How to remove W32.Donk.Q ?



How to remove W32.Sasser ?



How to remove W32.Opasa@mm ?



How to remove W32.Erkez@mm ?



How to remove W32.Blackmal.B@mm ?



How to remove W32.Gaobot.UJ ?



How to remove W32.Beagle.MO@mm ?



How to remove W32.Netsky@mm ?



How to remove W32.HLLW.Anig ?



How to remove W32.Mydoom@mm ?



How to remove W32.Beagle@mm ?



How to remove W32.Gaobot ?



How to remove W32.Sober ?



How to remove Trojan.Qhosts ?



How to remove W32.Swen.A@mm ?



How to remove W32.Dumaru ?



How to remove W32.Welchia.Worm ?



How to remove W32.Blaster.Worm ?



How to remove Backdoor.Winshell.50 ?



How to remove W32.Mimail ?



How to remove W32.Mumu.B.Worm ?



How to remove W32.Sobig.E@mm ?



How to remove W32.ExploreZip.Worm ?



How to remove W32.Bugbear.B@mm ?



How to remove Bat.Mumu.A.Worm ?



How to remove W32.Sobig.C ?



How to remove W32.Sobig.B ?



How to remove W32.HLLW.Fizzer ?



How to remove W32.HLLW.Nebiwo ?



How to remove W32.HLLW.Lovgate ?



How to remove W32.SQLExp.Worm ?



How to remove W32.Sobig.A@mm ?



How to remove W32.Lirva ?



How to remove W32.HLLW.Winevar/W32.Funlove.4099 ?



How to remove W32.Brid.A@mm/W32.Funlove.4099 ?



How to remove W32.Bugbear@mm ?



How to remove W32.Opaserv.Worm ?



How to remove W32.Magistr ?



How to remove W32.Frethem ?



How to remove W32.Yaha ?



How to remove Backdoor.Autoupder ?



How to remove W32.Klez ?



How to remove W2k.Stream ?



How to remove Wscript.Kakworm ?



How to remove W32.Gibe@mm ?



How to remove W32.Mylife ?



How to remove W32.Goner.A@mm ?



How to remove W32.Badtrans.B@mm ?



How to remove W32.Nimda.E@mm ?



How to remove W32.Nimda.A@mm ?



How to remove VBS.Potok@mm ?



How to remove W32.Sircam.Worm@mm ?



How to remove VBS.Haptime ?



How to remove DOS FunLove.4099 ?



How to remove W32 HybrisF ?



How to remove W95.CIH ?



How to remove W95.HybrisF ?



How to remove VBS.Stages.A ?



How to remove VBS.LoveLetter ?



How to remove Happy99.Worm ?



How to remove W32.Navidad ?



How to remove W32.Kriz ?



How to remove Kak.Worm.B ?



How to remove W32.HLLW.QAZ.A ?



How to remove BuddyList ?



How to remove W95.MTX ?
W32/Renocide: Another computer worm that uses "AutoRun" to spread through removable storage devices. After infection it downloads more harmful programs from remote site.
It create these files after infection
%WinDir%\system32\csrcs.exe
%WinDir%\system32\autorun.inf


1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry
** Use at your own risk
** How to edit windows registry ?

Remove these values from registry
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty
HKEY_LOCAL_MACHINE\SOFTWARE\xcn
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings "exc"
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings "exc_num"
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings "media_network"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "dreg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "eggol"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "exp1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "fix"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "ilop"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty "regexp"
HKEY_LOCAL_MACHINE\SOFTWARE\xcn "reg"
HKEY_LOCAL_MACHINE\SOFTWARE\xcn "unreg"

Add these Values to the registry if required
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDriveTypeAutoRun"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum "{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "dontdisplaylastusername"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "legalnoticecaption"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "legalnoticetext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "shutdownwithoutlogon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "undockwithoutlogon"

Related :
Download Free Anti Rootkits, Anti Malware and Adware removal tools from Sophos

Top 10 Antivirus 2010 For Home Computers
Computer worm W32.Spybot.AVEO exploits and propagates through network shares with weak passwords. This worm creates "windowsupdate.exe" file under "System32" directory. Then it opens a back-door and connect to tracox.pwnz.org using port 4003.
This worm also attempts to infect through msql.
W32.Spybot.AVEO steals all information related to games like Battlefield, Black and White, chrome, Command and conquer, Fifa, NHL etc.

How to remove W32.Spybot.AVEO ?
1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry

** How to edit windows registry ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Windows Firewall Updater" = "windowsupdate.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\"Windows Firewall Updater" = "windowsupdate.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableRemoteConnect" = "N"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\"Enabled" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\"AutoShareWks" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\"AutoShareServer" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\"windowsupdate.exe" = "C:\WINDOWS\system32\windowsupdate.exe:*:Enabled:Windows Firewall Updater"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"AllowUnqualifiedQuery" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PrioritizeRecordData" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TCP1320Opts" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"KeepAliveTime" = "23280"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BcastQueryTimeout" = "2EE"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BcastNameQueryCount" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"CacheTimeout" = "EA60"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"Size/Small/Medium/Large" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"LargeBufferSize" = "1000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SynAckProtect" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PerformRouterDiscovery" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnablePMTUBHDetect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FastSendDatagramThreshold " = "400"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"StandardAddressLength " = "18"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultReceiveWindow " = "4000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultSendWindow" = "4000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BufferMultiplier" = "200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PriorityBoost" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"IrpStackSize" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"IgnorePushBitOnReceives" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableAddressSharing" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"AllowUserRawAccess" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableRawSecurity" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DynamicBacklogGrowthDelta" = "32"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FastCopyReceiveThreshold" = "400"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"LargeBufferListDepth" = "A"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxActiveTransmitFileCount" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFastTransmit" = "40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"OverheadChargeGranularity" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SmallBufferListDepth" = "20"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SmallerBufferSize" = "80"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TransmitWorker" = "20"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DNSQueryTimeouts" = "31 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 34 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultRegistrationTTL" = "14"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableReplaceAddressesInConflicts" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableReverseAddressRegistrations" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"UpdateSecurityLevel " = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisjointNameSpace" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"QueryIpMatching" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"NoNameReleaseOnDemand" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableDeadGWDetect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableFastRouteLookup" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFreeTcbs" = "7D0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxHashTableSize" = "800"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SackOpts" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"Tcp1323Opts" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxDupAcks" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpRecvSegmentSize" = "585"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpSendSegmentSize" = "585"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpWindowSize" = "7D200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultTTL" = "30"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxHalfOpen" = "4B"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxHalfOpenRetried" = "50"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpTimedWaitDelay" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxNormLookupMemory" = "30D40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FFPControlFlags" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FFPFastForwardingCacheSize" = "30D40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxForwardBufferMemory" = "19DF7"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFreeTWTcbs" = "7D0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"GlobalMaxTcpWindowSize" = "7D200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnablePMTUDiscovery" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"ForwardBufferMemory" = "19DF7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"MaxConnectionsPer1_0Server" = "50"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"MaxConnectionsPerServer" = "50"
HKEY_CURRENT_USER\Software\Microsoft\OLE\"Windows Firewall Updater" = "windowsupdate.exe"

Restore these registry values.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableDCOM" = "N"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"restrictanonymous" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\"TransportBindName" = ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\"Epoch" = "D22"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableICMPRedirect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableSecurityFilters" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\"Start" = "4"
Sophos logo

Free Security scanner, Anti rootkit, Anti malware and Adware removal tools from Sophos a leading Anit-Virus manufactures.

Sophos Threat Detection Test
A free tool from Sophos to access computer and network security, It can scan up to 200 computer for threats and vulnerabilities. This software will
detect malware, spyware, adware , devices like removable media , peer-to-peer software, games etc.
This tool have 30 days automatic updates.
Download Sophos Threat Detection Test


Sophos Anti-Rootkit
A free software from Sophos to scan, detect and remove root kits from your computer. Sophos Anti-Root kit uses advanced root kit detection technology. It has a very simple interface and it is very easy to use. Anti Viruses may not be able to remove root kits because it can remain undetected in the computer. But Anti root kits like his one can detect and remove the threat without any problems. Runs on all Windows systems. Required minimum of 128 MB RAM.
Download Sophos Anti-Rootkit

Aurora Malware Removal Tool
It is a free malware detection and removal tool. Mainly it removes Aurora-related malware that uses an Internet Explorer vulnerability. This tool is very effective to eliminate this threat.
Download Aurora Malware Removal Tool
Troj/Agent-MOD is a Trojan horse program that infects Windows systems.It may installs itself in the registry and configure the computer to run automatically.
After execution it may create this file "sioco.exe" under users home directory .

How to remove Trojan/Agent-MOD ?


1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry

** How to edit windows registry ?


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sioco\\sioco.exe

Remove this file if exist under this location.
\sioco.exe.

(For eg. in vista (my system): C:\Users\ebuggi)
Computer worm W32.Pykspa.F propagates through USB drives, removable drives , Skype and other mapped drives. It gatherers information from the infected system and sends it to a remote site.

How to remove Computer worm W32.Pykspa.F?



1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal

2. Remove the following entries from windows registry

** How to edit windows registry ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM]" = "[RANDOM].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe ."
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "[RANDOM].exe ."
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"[RANDOM]" = "%Temp%\[RANDOM FILE NAME].exe ."

Restore the following registry entries to their previous values, if required:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"AntiVirusDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"FirewallDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"UacDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\"UpdatesDisableNotify" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "91"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\"NoDriveTypeAutoRun" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\"NoFolderOptions" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ConsentPromptBehaviorAdmin" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableInstallerDetection" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableSecureUIAPaths" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableVirtualization" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"FilterAdministratorToken" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"PromptOnSecureDesktop" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"ValidateAdminCodeSignatures" = "0"

Remove these files if exist
%CurrentFolder%\[RANDOM FILE NAME].dll
%System%\[RANDOM FILE NAME].[RANDOM]
%System%\[RANDOM FILE NAME].exe
%Temp%\[RANDOM FILE NAME].[RANDOM]
%Temp%\[RANDOM FILE NAME].exe
%UserProfile%\Application Data\[RANDOM FILE NAME].[RANDOM]
Subscribe to: Posts (Atom)

About This Site

Ebugg-i help you to learn and discover new technology, news, reviews, Tutorials, how to, threat alerts and other security
information, Network Testing tools. - www.mydigg.in

Our sites
http://network-speed.com
http://imygs.com

Blog Archive