"I Want This!" Adware

"I Want This!" is ad-supported software that may display targeted advertisements within the web pages you are viewing. It adds a button called "I Want This!" to Amazon and some other popular shopping websites. Note that Amazon offers its own Universal Wish List button, so it basically duplicates the official Amazon service. Clicking the button adds items you want to your wishlist and automatically posts them to your wall on your Facebook page. After some time browsing around in our favorite shopping sites, this adware started to display ads from third party companies and affiliates. For instance, if you're looking an iPad, there's a great chance you'll start receiving ads offering the discounts on the newest iPad or other popular tablet computers.



I Want This! adware collects various web usage information and some demographic information as well. First of all, it collects information about the websites you visit and the searches you perform using your favorite web search engines. In addition, I Want This! collects your IP address, zip code, and country you live in. It then share this information with partners and affiliates. Here's probably the most worrying clause from their privacy policy:

Examples of the information we may collect and analyze when you use our website include the IP address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform; the full Uniform Resource Locator (URL) clickstream to, through, and from the Site, including date and time; cookie; web pages you viewed or searched for; and the phone number you used to call us.

We don't know about you guys, but we think that the price is to high for a program that collects all this information and duplicates already exiting services.

Most of the time, I Want This! adware comes bundled with freeware and shareware. The one we tested came bundled with VLC player. We got it from a download websites that offers freeware software for Windows.



We've said this many times before, if you want to download a clean installer, download it from official website only. Otherwise, you may end up with adware, spyware or even malware. As for the I Want This! adware, we didn't find any silent installers. It means users can always decline the installation. At least we hope so :) We didn't have any problems uninstalling I Want This! from your computer either. You can simply uninstall it via Add/Remove Programs as shown below. Good luck and be safe online!

http://deletemalware.blogspot.com

---

I Want This! removal instructions:

1. Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.



2. Search for I Want This! in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.



3. Click Uninstall. Then restart your computer. I Want This! adware should be gone.

Tell your friends:

Read more

Norman Giveaways And Deals

20% Discount for All Norman Products in March, 2012

Visit Norman webshop and choose the product that is right for you. Use coupon code MAR12 in shopping cart to receive the discount. You can use the promotion code to either purchase a new product or extend your existing license.

Norman webshop: http://www.norman.com/personal/en

Tell your friends:

Read more

How to Remove Best Virus Protection (Uninstall Guide)

Best Virus Protection is a rogue anti-virus program that attempts to lure you into purchasing bogus security solution that will allegedly remove the malicious software from your computer. This rogue antivirus program might perform many malicious activities. It might install additional spyware modules, steal your credit card numbers, passwords and user names, add your computer to a botnet, etc. One of the interesting things about Best Virus Protection is the way it modifies Windows hosts file and downloads backdoor Trojans onto the compromised computer making it wide open to cyber criminals. Thankful that it doesn't happen very often.

Best Virus Protection GUI. Looks pretty much the same as Microsoft Security Essentials.



Aside from rather sophisticated spyware modules, this rogue anti-virus is a very common scam. Scams are appearing via fake online virus scanners, spam, infected websites and social networks. I'm sure you are familiar with very aggressive pop-up messages urging you to install certain malware removal tools to remove non-existent infections from your computer. Very often they appear to be real but unfortunately leads to malware infection. Beware of pop-ups that are offering something you've never heard before. Malware authors use botnets and crimeware kits to distribute scareware too. As a result, Best Virus Protection can get installed on your computer without any interaction by you. I know it doesn't sound good but the truth is that your computer could be compromised just by you visiting infected websites. Please note that cyber criminals might compromised trusted websites as well. You should take precautions to ensure your operating system is updated and (security) software is current.

Warning! Virus detected
SpamTool.Win32.Delf.h



Fake software update notification. No network activity.



Fake security alert claiming that your machine is infected with potentially harmful software.

System Alert
Best Virus Protection has detected pontentially harmful software in your system. It is strongly recommended that you register Best Virus Protection to remove all found threats immediately.

As you may already know, cyber criminals use catchy names and associate them with known security programs. In this particular case "Best Virus Protection" is associated with Microsoft Security Essentials. I don't know about you guys but this name is too catchy for me. I could tell it's was fake right away. Best Virus Protection sounds more like award to me than the actual name of the antivirus product. But maybe it's just me. I know there are many unaware users that unfortunately might fall victim to this scam.

When running, Best Virus Protection blocks access to valid security sites. You might not be able to download and install certain malware removal apps. The rogue program modifies system files and registry entries to ensure that malware stayed on the system and could be easily restored in case you managed to remove some of the files manually. Sluggish system performance is another sign of malware infection. However, probably the most dangerous aspect of Best Virus Protection malware infection is the false sense of security you may have. You think that your computer is protected for malware but actually it's wide open to new infections. It may lead to identity theft and financial loss due to computer repair. In other words, this malware can cause you a lot of problems.

How to remove Best Virus Protection? There's no easy on-click fix. Hopefully, you can remove it using legit anti-malware software recommended in the removal guide below. Follow the steps in the removal guide very carefully. If you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!

---

Best Virus Protection removal guide:

1. Click on Help and select Activate Now.



2. Enter one the following debugged registration keys and click Activate to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB



2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Source: http://deletemalware.blogspot.com

---

Associated AV Security Essentials files and registry values:

Files:

• %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
• %AppData%\AV Security Essentials\
• %AppData%\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
• %UserProfile%\Desktop\AV Security Essentials
• %UserProfile%\Start Menu\AV Security Essentials
• %UserProfile%\Start Menu\Programs\AV Security Essentials.lnk

Registry values:

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\AV Security Essentials = "%AllUsersProfile%\Application Data\78b634\AV83d_9025.exe" /s /d
• HKEY_CURRENT_USER\software\3
• HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]

Tell your friends:

Read more

Remove Windows Secure Kit 2012 (Uninstall Guide)

Windows Secure Kit 2012 is a fake online virus scanning website. If you received such misleading warnings (see images below) on a website telling you that your computer is infected with spyware, worms and many other viruses, you should close your web browser immediately. Do not click on "Remove all" or "Cancel" because the JavaScript code triggers malware download even if you click Cancel (deceiving action). Windows Secure Kit 2012 is a good example of a social engineering attack when cyber criminals prey upon user's fears to install malware. The source of Windows Secure Kit 2012 attack may vary but what I've learned over the past few years - there is no such a thing as a safe website. Cyber criminals can compromised popular websites as well, so malware source can be websites all over the internet even the trusted ones. Recent variants of Windows Secure Kit 2012 have spread mainly through compromised ads. Cyber criminals usually use free domain services such as uni.me to redirect traffic to rogue security programs.

Below is an example of a fake online virus scanner message.

Windows Secure Kit 2012 has found critical process activity on your PC and will perform fast scan of system files!

Windows Security Alert
To help protect your computer, Windows Web Secure Kit have detected Trojans and ready to remove them.
Trojan-Downloader.Win32.Lipler.bkue
XF.Lugunay!dam
Win32/Sality
Banker.MGB
Win32/Conficker.Ae
....

If Windows Secure Kit 2012 scanner is constantly popping up then your computer is probably infected by a Trojan horse that pushes rogue security products. If you received it once and you didn't downloaded anything, I think you're ok. Otherwise, your PC would be severely messed up. Anyway, if you suspect that your computer got infected with some sort of malware that displays fake security alerts or redirects your search results, you should run a full system scan with recommended anti-malware software (Spyware Doctor). Make sure your anti-malware is up-to-date.

To avoid Windows Secure Kit 2012 and similar malware, don't click on pop-ups, don't download software from unknown sources and back-up your files. If you need help removing Windows Secure Kit 2012 and associated malware from your computer, please leave a comment. Good luck and be safe online!

Tell your friends:

Read more

How to Remove Smart Fortress 2012 (Uninstall Guide)

Smart Fortress 2012 is a scam that you should really be aware of. Such malicious software is usually referred to as rogue anti-virus program that pretends to scan your computer for viruses and malware. As you may guess it reports a bunch of non-existent infections and urges you to take necessary steps to remove your allegedly infected computer. In other words, Smart Fortress 2012 attempts to lure you into participating in fraudulent transactions. Needless to say, you shouldn't purchase this rogue anti-virus program.

The graphical user interface of Smart Fortress 2012 GUI when it's not registered (trial).



Smart Fortress 2012 GUI when the rogue program is registered (full version).



Color is the only difference. It seems that malware authors know color meanings very well. Pink color means danger, infected. Something that requires your attention. Blue means everything is OK. Calm down. Color psychology is a science and it's true that colors effect human behavior.

There are basically two concerns related to rogue anti-virus programs: false sense of security when you think that your computer is bullet proof and protected against the latest malicious code but it's not and identity theft. If you fall victim to a rogue anti-virus program or fraudulent security alert, you should contact your credit card company and dispute the charges. Whoever distributes this malicious program has to keep the number of charge backs as low as possible to be able to stay in the game. Otherwise, they will be banned from the network. Identity thieves may use gathered information for their further malicious activities or simply sell the information on illegal credit card marketplaces. One way or another, it's a huge risk.

Smart Fortress 2012 Version 3.1 is distributed in a numbers of ways, including via infected websites, fake online malware scanners, spam and social engineering. Keep in mind that rogue security programs can get installed on your computer without any interaction from your side. Your computer could be infected simply by visiting an infected website. It's called a 'drive-by download'. This method is very popular among cyber criminals who use exploit kits, mostly BlackHole, to distribute malware. The scheme is very simply - join a rogue AV affiliate network, choose a rogue anti-virus product Smart Fortress 2012 and generate your unique software build. Then you need to buy targeted traffic and you are ready to push some scareware. Thankfully, it's rather difficult to join fake AV affiliate networks nowadays.

Smart Fortress 2012 is probably the most aggressive scareware we've ever seen. It blocks pretty much everything on the compromised computer and constantly displays fake security alerts. It doesn't even allow you to rename its main executable file. You can't open any .exe, .com or .pif file. What is more, the rogue antivirus program stays active in Safe Mode. It basically takes over the whole user account.

Warning! Your computer is infected - fake balloon notification claiming that your computer is infected with spyware.



Another fake security alert claiming that your machine is infected by a Trojan horse TrojanSPM/LX.



Such fake security alerts may look completely official. It may be very convincing to the unsuspecting users, and the prospect of being infected by Trojans and spyware can be very scary, which is why they may fall victim to this scam.

Smart Fortress 2012 might perform many other activities. It may install additional modules and files to monitor your computer use, install backdoor Trojans and hijack your web browser.

If your computer is infected by Smart Fortress 2012, stop work immediately as this may provide identity thieves with more information about you. To remove Smart Fortress 2012 and associated malware from your computer, please follow the steps in the removal guide below. Some other sites on the internet will probably show you how to remove this virus manually. However, this isn't a good idea. This malware modifies Windows registry and makes some serious changes to your machine that you may not be able to handle properly. If you need extra help removing this virus from your computer, please leave a comment. Good luck and be safe online!

---

Quick Smart Fortress 2012 removal instructions:

1. Open Smart Fortress 2012 scanner. Click the "Registration" button (top right corner). Enter the following debugged registration key and click "Activate" to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

AA39754E-715219CE




Once this is done, you are free to install recommended anti-malware software and remove Smart Fortress 2012 virus from your computer properly.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer. That's it! Your computer should be virus free.

Tips for avoiding rogue security software:

• Turn on automatic updates. Install all Windows and software updates.
• Install a reliable antivirus program and firewall. Make sure your antivirus program is up to date.
• Use caution when following links on social networks and websites that visit for the first time.
• Use a standard user account instead of an administrator account, especially when visiting suspicious websites or opening potentially harmful files.
• Don't download software from unknown sources.
• Back up your critical files.

---

Associated Smart Fortress 2012 files and registry values:

Files:

Windows XP:

• C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].exe

Windows Vista/7:

• C:\ProgramData\[SET OF RANDOM CHARACTERS].exe

Registry values:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"

Tell your friends:

Read more

How to Remove Windows Basic Antivirus (Uninstall Guide)

Windows Basic Antivirus is a phony anti-virus product that pretends to scan your computer for viruses. It supposedly fights spyware, Trojans and other malicious software. Malware authors and identity thieves use rogue security products to scare users into paying for completely bogus security products. It's very convenient for identity thieves because they don't have to install additional spyware modules on compromised computers in order to steal credit card numbers, passwords and any other personally identifiable information. Unsuspecting users enter all the required information and basically give away their sensitive information to malware authors. Therefor, DO NOT purchase Windows Basic Antivirus and do not follow on screen instructions. Ignore false scan results and fake security alerts claiming that your computer is infected with some very sophisticated malware. It is a false claim meant to extort money out of you.

Rogue antivirus programs have plagued computer users for months. Windows Basic Antivirus is a fresh variant but we have had three occurrences of it already this day. We believe it will spread for two or three days more. It won't last for a week. That's for sure. Malware authors would rather release a re-branded version of the same malware instead of pushing the old one. Malware authors use 'human engineering' to trick users into installing malicious software, Windows Basic Antivirus. We should also mention drive-by download and spam campaigns. These are the most popular infection vectors.

To remove Windows Basic Antivirus, please follow this removal guide (don't worry, it's the same malware but with a different name).

How to protect yourself from becoming a scareware victim again.

• Update your operating system and software immediately.
• Install reliable antivirus software and keep it up to date. You may also consider installing application that provides proactive protection.
• Scan every file before opening it.
• Don't click on suspicious web links.

Windows Basic Antivirus splash screen:



Windows Basic Antivirus GUI:



Windows Basic Antivirus payment form. Rogue program loads information from online-secure-pay.info where the actual order form is located.



Tell your friends:

Read more

Windows Secure Kit 2011 Browser Hijack

Windows Secure Kit 2011 is a fake online virus scanner which claims that your computer is infected with malicious software. It attempts to scare you into downloading rogue security products to remove non-existent viruses. While these fake pop-ups are not malicious they may still lead many unsuspecting users to malware (simply visiting such fake scanners is not enough to infect the system, user interaction is required). If you experience fake Windows Secure Kit 2011 pop-ups, you should scan your computer with legit anti-malware software. Be careful with your mouse because simply clicking on the fake malware scanner can actually start the rogueware download. If you think you have accidentally installed a rogue anti-virus program, please let us know. Good luck and be safe online!

Windows Secure Kit 2011 has found critical process activity on your PC and will perform fast scan of system files!

Fast scan results, assumed malware infections. Pay attention to the fact how Windows Secure Kit 2011 impersonates Windows GUI. Do not follow on screen instructions and close your web browser. If this browser hijacker does not allow you to close your web browser, simply use Alt-F4 keyboard shortcut.



Tell your friends:

Read more

SysWatch Giveaways And Deals

SysWatch Personal - Free 1 Year License

SysWatch Personal proactive protection for Microsoft Security Essentials. Add some extra protection on your computer and prevent system changes made by malicious software. Especially useful when using MSE as only virus protection software. This program uses behavioral-based detection, so it shouldn't conflict with other security products, anti-spwyare, etc.

For more details, please visit http://www.safensoft.com/home/free/personal/

Tell your friends:

Read more

Remove Antivirus Protection 2012 (Uninstall Guide)

Antivirus Protection 2012 is rogue (low quality) anti-virus program which claims that your computer has been infected by Trojan horses, keyloggers, rootkits and other sophisticated malware without any specific evidence. The moment Antivirus Protection is installed on your computer, it will begin to scan your system for malicious software. Malware scan takes just few seconds, whereas a legit antivirus program may take a few hours to complete the scan. Once the scan is finished, the rogue anti-virus program will report finding dozens of infections on your computer to scare you into compliance. Furthermore, it will display fake security alerts. These alerts (see images below) often look very realistic. Masked as anti-virus program, Antivirus Protection 2012 will claim that you need to pay money to register the software in order to remove found threats. It's very important to research any software before purchasing it. Especially, if it suddenly pops up on your computer and tells you that you are infected.



It's not a new family of malicious software. Early versions first surfaced three years ago under various names such as Security Monitor 2012, AntiVirus System 2011, etc. The graphical user interface hasn't changed much since then. High conversation rates is perhaps the most likely reason why they've used the same GUI over the years. We have to admit that Antivirus Protection 2012 and fake security alerts often mimic and look very much like the actual Windows Security Center and Windows system warnings. Thus they may look quite legitimate to unsuspecting users.

How does rogue security software get on my computer? Simply visiting a website is enough for an attacker to infect your computer with Antivirus Protection 2012 malware. This is known as a "drive-by download". Malware authors use commercial crimeware kits, BalckHole is probably the most popular, to exploit software vulnerabilities and install malicious code. So, basically, you don't even need to click or download anything. Malware is getting more serious, not less. Cyber crooks get better at repacking and avoiding detection by anti-virus software. You MUST update Windows and the software installed on your computer. This is very true for Adobe, Java and some other software. A significant percentage of successful malware attacks comes through social engineering techniques as well. Needless to say, we shouldn't forget spam even thought the global spam volume dropped significantly since last summer.

Fake Security Center Alert claiming that your computer has been infected by Sft.dez.Wien virus. Never heard of it. Must be a new one ;)



Another fake security alert claiming that your computer is sending out an enormous volume of spam.



System critical warning!
You have been infected by a proxy-relay trojan server with new and danger "SpamBots".

Antivirus Protection 2012 payment page "Secure transaction browser".



Let's proceed to the most important part of this article: Antivirus Protection 2012 removal. This rogue anti-virus has payloads worse than fake security alerts. It blocks certain Windows utilities and legit anti-malware software rendering your computer pretty much useless. You may not be able to run your favorite malware removal tool in Normal Mode. If so, please reboot your computer in Safe Mode with Networking. Fake AVs usually stay inactive while working in Safe Mode. To remove Antivirus Protection 2012 and associated malware from your computer, please follow the steps in the removal guide below. Users needing further assistance with this malware, please let us know. Simply leave a comment below. Good luck and be safe online!

Source: http://deletemalware.blogspot.com

---

Quick Antivirus Protection 2012 removal guide:

1. Use this debugged serial key LIC-00A5-3F5G-BHA5-KJB8-579F-CVH9-M935-QW45-89M5-19AB to register the fake antivirus in order to stop the fake security alerts. Just click the Activate button and enter the reg key manually. Don't worry, this is completely legal.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove Antivirus Protection 2012 virus from your computer.

---

Alternate Antivirus Protection 2012 removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: Tools → Internet Options → Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download recommended anti-malware software (direct download) and run a full system scan to remove Antivirus Protection 2012 virus from your computer.

Tell your friends:

Read more

How to Bypass Surveys? Online Surveys and Your Privacy

Several times a day, most days of the week, we receive email from our readers asking the same question: how to bypass surveys? (mostly sharecash, CPALead and file ice). We love getting email, however, it's not always possible for us to reply individually and we are starting to get a little bored.

We think surveys is pretty much always a sign of a scam, so probably no one's going to like this answer. Here's how it works. CPA (cost per action) ad networks pay only when the desired action has occurred; for example, an online survey has been successfully completed. Affiliate marketers make commission based off your submission of information to a company database. It can be email address, phone number or any other information about you. This information can and probably will be used in future marketing campaigns.



Let's say you want to watch your favorite TV show online. You found a website which looks legit and has your favorite TV show. You're about to watch it but the website brings you to a survey that you have to fill out to get to the content. Usually, you can choose from several offers. My all time 'favorite' is the Love Thermometer. Basically, you need to sign up for the Love Thermometer by entering your phone number. It costs $10 per week to send your 'scores'. Bonus: they will send ads to your phone. Isn't that great? Honestly, it doesn't worth the risk. The truth be told, there are literally hundreds of fake internet survey websites. So, I wouldn't fill out paid surveys if I were you. After all, you may not get the requested file or video simply because it doesn't exist. There are many free and safe websites that offer file downloads and video streaming without annoying pop-up surveys.

Recently we stumbled upon another potentially harmful online survey which encourages users to install free 'Coupon Printer'. Everyone wants to save money, so Coupon Printer isn't such a bad idea after all. However, you need to read every single line very carefully before installing 'printers' and other software recommend in surveys. In our case, the 'Coupon Printer' offer came with an extra 'ingredient' -- MyWebSearch adware. We couldn't even finish the survey because our antivirus software blocked it.

Unfortunately, there's no easy way to bypass surveys on websites. Let's take Share Cash surveys for instance. You can't really bypass their extremely annoying surveys and it's not because we haven't tried, it's because the way they laid it out. Disabling JavaScript in your web browser won't help. Using XJZ survey remover and NoScript add-on won't help you either. None of these tools can actually fill out or skip surveys for you. They are designed to reveal premium (protected) content in a slightly different way. Please note, surveys ≠ 'premium' content lockers. However, you might get lucky with other survey websites.

Bypassing surveys:

1. Survey-remover.com, formerly known as XJZ Survey Remover. This bookmarklet was designed to reveal protected areas on websites. Removes surveys most of the time but it doesn't work if the survey leads to a download (sharecash). Works on Mozilla Firefox and Google Chrome. For more details, please visit this website: http://survey-remover.com/bookmarklet/

2. Use NoScript. A great web browser add-on trusted by many PC users. It was designed to block malicious JavaScript files but in some cases it may help you to bypass pop-up surveys too.

3. Disable JavaScript. This method is the most easiest one. However, we have to admit it rarely works. Most likely, you will get an error message followed by step-by-step instructions on how to enable JavaScript in your web browser.

We hope this helps. If you have any questions that aren't answered here, please feel free to contact us. Simply leave a comment below. Also, if you know how to bypass specific surveys sites, please share the information with our readers. Good luck and be safe online!

Tell your friends:

Read more