You can try next steps in order to fix the problem:

1. Close IE and open it again and test it before doing the next one.

2. Install all Windows updates.

3. Scan your computer for malware (worms, viruses and spyware).

4. Verify that IE is working on unsecure web sites. Refresh this page.

5. Open IE and click on Tools icon (or press Alt+X key combination on your keyboard), choose About Internet Explorer

and look at the Cipher Strength.

It should be 128 bit or more. If the Cipher Strength is anything less then 128-bit, download and install the Internet Explorer High Encryption Pack.

6. Open IE, go to Tools menu, choose Internet Options.

Navigate to Advanced tab and scroll to bottom of list. The SSL and TLS options (all versions) should be checked.

7. Check Delete Cookies, Delete Files and Clear History in Tools, Internet Options, General tab and press Delete button.

8. Uncheck the box for Enable Third Party Browser Extensions in the Advanced Section (all other settings in Advanced Section are set to Default).

Click Apply button and restart IE.

9. Configure Security settings for the Trusted sites zone in IE: open IE, Tools menu, choose Internet Options, navigate to Security tab, select Trusted sites, Default Level.

Click Sites button.

Type the address (URL) of the site in the Add this Web site to the zone: box, click Add button, then Close and Apply buttons.

10. Check Firewall/Network Configuration. Make sure that the SSL port (port 443) is open on your network/firewall (if you have any). There are many different Firewall/Network products, so it is impossible to give set-by-step instructions. Check the documentation or help file of the product you use. If you are behind a broadband router, you may not need a firewall on your PC. Check security settings on your router.

11. Clear the Secure Sockets Layer (SSL) state and AutoComplete history: open IE, open Tools menu, choose Internet Options, navigate to Content tab. Under Certificates, click Clear SSL State.

Click OK when you receive the message that the SSL cache was successfully cleared. Under Personal information, click AutoComplete. Under Clear AutoComplete history, click Clear Forms. Click OK when you are prompted to confirm the operation.

12. Verify that the Date and Time Settings on your computer are correct: because SSL certificates have an expiry date, if the date on your computer isn't correct, it may prevent you from connecting to secure sites.

Good luck!

Sometimes fighting with viruses can become very annoying, and one of the methods you can use when nothing else works is DrWeb LiveCD.

1. Go to http://www.freedrweb.com/livecd/?lng=en and download iso image.

2. Burn downloaded image to CD and put CD to problem PC. Restart problem PC and boot from CD.

Following screen should appear:

Select DrWeb LiveCD (Default) and press Enter

2. Wait until DrWeb loads

3. In the following window press settings:

4. Adjust settings as on the picture below and press Ok:

5. Select all entries and press Start

That is all. Wait until virus scan will be finished and delete all malicious software.

 I hope this article will help you to clean your PC from viruses.

CureIt is a free utility from DrWeb that do not require installation or any kind of registration and can quickly remove huge amount of viruses. It is easy to get and to use it. 

1. Go to http://www.freedrweb.com/cureit/?lng=en and click Free download. You will get executable file with unique name, that looks like this: sx3hq2ly.exe

2. Run CureIt  and press Cancel in the popup message.

3. Pess Start

And press Ok.

4. Following window will appear:

this is the main window of the program. CureIt will perform a quick scan and then you will be able to select action for every suspicious object.

That is it. It's free easy and effective.

When computer faced a major virus infestation, it might be necessary to boot computer into safe mode and perform some actions there. What is the difference between normal boot and Safe Mode? Only basic drivers and services are loaded when booting into safe mode, thus not allowing viruses to start themselves. Most of the viruses will not operate in Safe Mode, so you could try curing it. It is not a surprise that some viruses disable safe mode as soon as they take control of computer.

How can be Safe Mode disabled? In most cases viruses simply delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot. When you try booting into safe mode on the machine that has this key deleted, you will receive the following BSOD:

Solution:

In this case you will need to find computer with the same version of OS and Service Pack, get these settings from there and then import them into problematic computer. To export settings from working computer, you will need to do the following:

1. Open regedit
2. Navigate your way to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot and export its contents into a file

This will create a reg file that we will transfer to the machine without SafeBoot.

Alternatively, you could use registry files created on our test machines, but some settings are machine-specific, so these files are provided "as is".

WinXP_SafeBoot.reg (26,81 kb)

Win7_SafeBoot.reg (36,04 kb)

Now when when these reg files are on the computer that needs Safe Mode restored, merge them with the registry. You can do that either by double-clicking or by right-clicking on the reg file and selecting Merge option from the dropdown menu.

SafeBoot should work from now on if the problem was in deleted key.

Initial Problem:

User has installed rouge antivirus system on its computer called Cyber Security. Usually this program is been installed when promoted via the web, you will see a message stating that your computer is infected with viruses and you need to install antivirus system called Cyber Security. After installing the program it adds itself into start up items. After Windows is loading Cyber Security performs a scan of your system and then shows you a result. Usually result states that your system is in danger and you have a lot of viruses on you computer but the program cannot remove threads untill you buy it. This program cannot be removed in usuall way through "Add/Remove programs" option in comtrol panel.

Solution:

To completely remove Cyber Security from computer following steps must be performed:

1. Download the rkill.com utility to stop Cyber Security processes that cannot be stopped in usuall way.

2. When the black window shows successfull result close it.

3. When all processes are killed download Malwarebytes' Anti-Malware, or MBAM.

4. After downloading the above file double click on it, it will start instalation process. You don't need to make any changes to program settings during installation process.

5. When installation finished make sure that "Perform quick scan" option is selected, thne click on "Scan". When the scan is finished click "OK".

6. Program will find all threats on your computer. Just select all items and click on "Remove Selected".

7. After program removes all entries just click on "Exit".

1. Start TaskManager and go to Process tab. Look for  csrcs.exe (don't mix up whit csrss.exe) and kill it.

2. Press Start->Run and type cmd there. In command prompt execute following commans:

cd %systemroot%\system32

attrib -s -h csrcs.exe

del csrcs.exe

3. Press Start->Run and type regedit. In the following brunch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run delete "csrcs" parameter;

4. In the brunch HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon look for paramener "Shell", and change it value to "explorer.exe";

Malware

Indications of Malware

Adware

Spyware

Guidelines to Avoid Spyware

Follow internet safety guidelines including:

• Not opening emails or email attachments from unknown senders
• Block or don’t click on suspicious pop-up windows
• Don’t open files that are more prone to be associated with malware such as .bat, .com, .exe, .pif, .txt.vbs, .htm.exe or .vbs
• Don’t download or execute applications from untrusted sources.
• Avoid phishing scams.
• Use updated anti-virus and anti-spyware software regularly.

Windows Firewall blocks incoming network connections to your computer to help protect it from malicious programs trying to connect to your computer and steal your data. Note that it does not block outbound connections, so if spyware or malware does ever get installed on your computer, it can send out data without any restriction.

Overall, having the firewall turned on is good, but there are many occasions when Windows Firewall blocks incoming connections for legitimate programs. Most of the time, you’ll get a dialog box asking you whether or not to unblock a program, but sometimes you have to add an exception to the Firewall list manually.

In Windows Firewall, you can either unblock programs or unblock specific ports. When you unblock a program, any ports that the program uses are also unblocked just for that program. Most of the time you only need to unblock a program and not worry about the ports.

The only time you have to worry about opening ports is when you are doing something like running Remote Desktop with a non-standard port number like 3390 instead of 3389. In that case, you have to manually add an exception for port 3390.

Add Exceptions to Windows Firewall?

First open the Control Panel and click on Windows Firewall. Then click on the Exceptions tab. You should see a list of programs and services, some with check marks and some without.

Anything with a check mark means it’s not blocked by the firewall. You’ll also notice the option at the bottom “Display a notification when Windows Firewall blocks a program”. If you find that the unblock message is not longer appearing when you run it for the first time, make sure this box is checked, otherwise it will be blocked without any notification.

To add a program to the unblock list, click on Add Program and either select a program from the list or click Browse and locate the application manually.

Click OK and the program will be added into the main list of unblocked program and services. You can also click the Change scope button and specify which computers you would like the program unblocked for.

Click on Add Port to add a specific port to the firewall exception list.

Give the port that you want to unblock a name, i.e. FTP for port 21, HTTP for port 80, RDP for 3389, etc. The name can be anything you want. Type in the port number and choose whether you want to unblock the TCP or UDP port.

Remember that adding a port exception is more insecure than adding a program exception. Only add port exceptions if absolutely necessary because that port is now open to ALL programs.

Also be sure to name your open ports properly so that you know exactly what each entry refers to. It’s best to put the port number in the Name filed also, such as “FTP – 21”, etc.

You can also add exceptions in Windows Firewall for an entire connection. So let’s say you want to keep your Wireless connection protected by using the firewall since you mostly use the wireless at your home, but don’t really care about keeping the firewall on while at the office because it’s through a secure LAN connection. Well click on the Advanced tab and simply un-check which connections you do not want to protect with the firewall.

If you want to run your computer as a web server, FTP server, POP3 server, telnet server, or some other kind of server, you can click on the connection and then on the Settings button and add an exception for a particular service.

That’s about all the exceptions you can possibly add to the Windows Firewall. If you really just don’t want anything blocked, simply choose the Turn Off button on the main Windows Firewall dialog box.

Almost every person, that uses computer running Windows operating must have encountered it. All of a sudden, while you surf the internet, you get a pop-up window,  saying your computer is in danger, your browser is infected and tries to steal your credit card info, your computer is plagued by Trojans, et cetera. Actually, that is true. You've got one very annoying trojan, that claims to be an anti-virus and it may cost you hours of your time or even your files to get it off your PC.

Main window of such fraud antivirus program may look like this:

or like this:

(these two seem to be among the most popular, we've received quite a lot user questions regarding them in recent days).

Curing your computer

There are always good tools available to download. I'd recommend going for either Malwarebytes removal tool or SpyBot Search&Destroy

If you decided to remove the spyware manually, here are the steps:

1. Stop the processes.

     Bring up Task Manager (Ctrl-Alt-Del) and look for the process names that can be related to the program. For example, PC_Antispyware2010.exe or jugifyryve.exe. They may, of course, vary for different "antiviruses". If there are any suspicious processes, stop them.

2. Look for registry keys.

    For example : 
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PC Antispyware 2010"

Pay attention to the last entry. Any entries put in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run are going to be executed at startup. Delete the entry related to the fake antivirus, or (it would be even better) right-click it, select Modify, and delete the command that is there.

3.  Remove the files.

If you succeeded in completing the first two steps, the fake antivirus can now be removed. You should know where to look for the files. In case of Anti-Spyware2010, they are:

 <code>c:\Program Files\Common Files\aqamodero.dat
c:\Program Files\Common Files\hubeweqa.lib
c:\Program Files\Common Files\jatikysup._dl
c:\Program Files\Common Files\ofyxodaqa.dat
c:\Program Files\Common Files\sahaso.bat
c:\Program Files\Common Files\zotys.bin
c:\Program Files\PC_Antispyware2010
c:\Program Files\PC_Antispyware2010\AVEngn.dll
c:\Program Files\PC_Antispyware2010\htmlayout.dll
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\Program Files\PC_Antispyware2010\pthreadVC2.dll
c:\Program Files\PC_Antispyware2010\Uninstall.exe
c:\Program Files\PC_Antispyware2010\wscui.cpl
c:\Program Files\PC_Antispyware2010\data
c:\Program Files\PC_Antispyware2010\data\daily.cvd
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\WINDOWS\akudyta.lib
c:\WINDOWS\hoxigawax.inf
c:\WINDOWS\kyci.dl
c:\WINDOWS\nuxojih.scr
c:\WINDOWS\qynomikov.bin
c:\WINDOWS\seni.reg
c:\WINDOWS\yfoneby.db
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\cocefezyj.dl
c:\WINDOWS\system32\qebykiti.dl
c:\Documents and Settings\All Users\Application Data\pybisezyr.db
c:\Documents and Settings\All Users\Application Data\ulycozoho._dl
c:\Documents and Settings\All Users\Documents\ekenubes.com
c:\Documents and Settings\All Users\Documents\icosagula.reg
%UserProfile%\Application Data\jugifyryve.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
%UserProfile%\Cookies\ajeby.reg
%UserProfile%\Cookies\yqeqaranym.vbs
%UserProfile%\Cookies\zebav.pif
%UserProfile%\Desktop\_scui.cpl.txt
%UserProfile%\Desktop\PC_Antispyware2010.lnk
%UserProfile%\Local Settings\Application Data\xoqupuwytu._dl
%UserProfile%\Start Menu\Programs\PC_Antispyware2010
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk 
</code>