Windows Security - Virus, Trojan, Spyware and Adware

http://www.herongyang.com/Windows-Security

Copyright © 2009 by Dr. Herong Yang. All rights reserved.

This free book is a collection of tutorial notes written by the author while he was dealing with security issues with Microsoft Windows systems. Key topics include anti-virus tools, virus and trojan removal techniques, security issues with browser add-on applications.

Table of Contents

About This Windows Security Book

Spyware Adware Detection and Removal

What Is Spyware?

"HijackThis" - Spyware and Browser Hijacker Detector

"HijackThis" Report Entry Types

Spyware: WebBar - htwtb.bin and bar.dll

Spyware: SurfBuddy - sbuddy.dll

Spyware: WebSpecials - webspec.dll

Spyware: DSSAgent - DSSAgent.exe

Transponder: Best Offer - farmmext.exe

Spyware: dinst.exe - dsr.dll

IE Addon Program Listing and Removal

What Is an IE Addon?

Removing deSrcAs.dll - MyWay Search Assistant

Removing Google Desktop Icon - GoogleDesktop.exe

Removing IE Default Search Settings

Removing Google Toolbar

Removing SunJavaUpdateSched - jusched.exe

WinAntiVirusPRO 2006 Faked Security Popup

WinFixer 2006 Faked Security Popup

Disabling IE Addons to Stop WinFixer Faked Security Popups

Removing Yahoo! IE Services Button - yiesrvc.dll

Removing MySearch Toolbar - S4BAR.DLL

Removing NetZero Toolbar - Toolbar.dll

Removing Windows Messenger Extra Button

Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

What Is Trojan Vundo?

Partial Removal of Trojan Vundo

Detecting Trojan Vundo with McAfee VirusScan

McAfee VirusScan and On-Demand Scan

Instructions on Full Removal of Trojan Vundo

Removing xxxxxxxx.dll Files Generated by Vundo

What Is Vundo Related vtsts.dll?

Finding and Removing vtsts.dll Manually

Removing Trojan Vundo with FixVundo.exe from Symantec

Removing Trojan Vundo with VundoFix.exe from Atribune.org

Trojan and Malware "Puper" Description and Removal

What Is Trojan Puper?

Trojan and Malware "Puper" Removal

VSToolbar (VSAdd-in.dll) - Description and Removal

What Is VSToolbar (VSAdd-in.dll)?

Removing VSToolbar (VSAdd-in.dll)

Anti-Virus Tool - McAfee VirusScan Enterprise

What Is McAfee VirusScan Enterprise?

VirusScan Enterprise 8.5.0i Services

VirusScan Enterprise Startup Programs

VirusScan Enterprise 8.5.0i Log Files

OnAccessScanLog.txt Log File

EngQQ2005Formal.exe and Adware Trojan

Running VirusScan On-Demand Scan

Spybot - Spyware Blocker, Detection and Removal

Downloading and Installing Spybot 1.4

On-Demand Scanning of SpyWare Infections

What Is AdRevolver Tracking Cookie

Removing Reported Tracking Cookies

Deleting Cookies Stored in Firefox

Deleting Cookies Stored in IE

Deleting MyWay MySearch Registry Key

Enabling IE Browser Helper SDHelper.dll

Downloading and Installing Spybot 1.6

PWS (Password Stealer) Trojan Infection Removal

What Is PWS (Password Stealer) Trojan?

JS/Downloader.gen - JavaScript Downloader Malware

PWS-Mmorpg.gen - A Password Stealer Trojan

heb.exe - The Trojan Installer Program

.exe and .dll Files Installed by the Trojan

my.exe - A Second PWS Trojan Infection

.exe and .dll Files of the Second Trojan

Explorer.EXE Trying to Install a Trojan

AccessProtectionLog.txt Log File Records

ATF-Cleaner.exe - Temporary File Remover

Trajon Files Left in the System Folder

Removing PWS Trojan Files

Removing PWS Trojan Startup Entries

Command Processor AutoRun - Registry Value

UserInit - Winlogon Registry Key

js.users.51.la - hosts File Entries

Image File Execution Options - Registry Key

regedit.exe Not Working

MS08-001 Vulnerability on Windows Systems

MS08-001 - Vulnerability in TCP/IP

IP Multicast and IP Address Range

"netsh" Commands for Interface IP

224.0.0.1 - The All Hosts Multicast Group

MulticastListener.java - A Simple Multicast Listener Program

All Hosts Multicast Group, 224.0.0.1, on Vista Systems

MS08-001 Vulnerability Explanation by Microsoft

Antivirus System PRO

Antivirus System PRO - Fake Security Alert

Antivirus System PRO - Task Bar Icon Message

Malicious Progarm - WinSpywareProtect sysguard.exe

Malicious Programs - pp10.exe and ld12.exe

IE BHO - iehelper.dll

Faked Host Name - 209.44.111.62

Malicious System Service - drv.dll and drv.sys

Glossary of Terms

References

Keywords: Windows, Security, Virus, Trojan, Spyware, Adware