Online Dangers

---

The following section is for online scams and rogue programs that can wreak havoc with your system from installing viruses to just plain ripping off the consumer. The fix for these can range from an expensive time consuming tech call to reloading your operating system and losing all your data, though this is a last resort and an extreme fix that we have never had to do.

Warning:

A few of the other programs that claim to remove spyware are themselves spyware. Never install "spyware-removal" software that you see advertised on pop-up windows without checking it out first.

If you have any stories you would like to add, feel free to contact our tech staff.

As always we can help with any computer repair needs you may have.

For No-obligation Computer Help call (775) 200-6171 or email your questions to us.

Disclaimer:

Tips, Tricks and other information on User Friendly PC contain a vast amount of information; with some appropriate for beginning users while other information is geared toward the more technically advanced individuals. Much of the information may involve modifying key system configuration files on a computer, either by the user or a recommended program. While User Friendly PC has examined the information displayed on the User Friendly PC site, we cannot be held responsible for any damage, accidental or otherwise, that results from the attempted or full utilization of any information shown.

---

Antivirus System PRO

---

Antivirus System PRO is a rogue anti-virus software program that attempts to scam individuals out of money. It tells you that your computer is infected with Trojans, adware or malware and that you should purchase Antivirus System Pro to remove these infections. These reported infections are all fake and don't actually exist on your computer. Even if you do not choose "yes" or "no" for the download, it's likely to sneak onto your pc and create problems such as pop-ups, slow performance, changes in settings, and for those who choose this service they charge money and offer no protection.

One of the first signs of infection is that it will hijack your browser launching pages upon pages of porn sites slowing your system to a crawl making your pc virtually unuseable. Upon loading these sites, more malware may be transfered to the computer. Another sign of infection is the following alert:

"Windows Security alert. Windows reports that your computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now."

This particular bug however is not as difficult as others to repair. I do recommend that before attemting to repair this, that you have at least a basic understanding of the registry as removing the wrong keys can damage the operating system preventing the computer from booting up.

1) The first thing to do is to boot to a LiveCD and launch a registry editor. Look for files that are told to run at startup, specifically anything that uses "SYSGUARD", "SYSTEM TOOL" or "Antivirus System PRO" as part of the file name as well as other files that were out of place or do not belong in the "Run" sections of the registry. This prevents the malware from starting back up on restart.

2) After restart you may find that your browser if you use Internet Explorer will not load any pages. This infection changes your Internet Explorer settings to use a proxy server that prevents you from browsing any pages on the Internet. Therefore, if you only have Internet Explorer installed, we will first need need to fix this problem so that we can download the utilities we need to remove this infection.

3) Start Internet Explorer, then when the program is open, click on the "Tools" menu and then select "Internet Options". Click on the "Connections" tab and then on the "Lan Settings" button. Under the "Proxy Server" section, uncheck the checkbox labeled "Use a proxy server for your LAN". Then press the "OK" button to close this screen. Press the "Apply" button and then the "OK" button to close the Internet Options screen. Now that the the proxy server is disabled, you will be able to browse the web again with Internet Explorer.

4) Then search for and remove the following files:

• C:\windows\system32\iehelper.dll
• ProgramFiles\Antivirus System PRO\conf.cfg
• ProgramFiles\Antivirus System PRO\mbase.vdb
• ProgramFiles\Antivirus System PRO\quarantine.vdb
• ProgramFiles\Antivirus System PRO\queue.vdb

You may have to search for each file individually. Look for the folder Antivirus System PRO and remove it.

5) We then recommend using spyware and antivirus programs, Malwarebytes Anti-Malware 1.41, Ad-Aware Free Anti-Malware 8.1.0, Spybot - Search & Destroy 1.6.2, and Avast anti-virus to scan the drive and registry for any more signs of malware. Several may be found and removed. Finally, scan and optimized the registry.

---

Osama Bin Laden Hanged / Captured (Originally Occurred 2004)

---

This is re-circulating the net once again.

Just verified this with Snopes and it is REAL.. ALSO WENT TO TRUTH OR FICTION, IT'S on their site also.

PLEASE INFORM EVERYONE you know! Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!

1.) If you get an e-mail along the lines of 'Osama Bin Laden Captured' or 'Osama Hanged', don't open the Attachment!!!! This e-mail is being distributed through countries around the globe, but mainly in the US and Israel Be considerate & send this warning to whomever you know. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS:

We'll start with this first part. NEVER EVER open any email attachment from people you don't know. Before you open an attachment, scan it with a good anti-virus scanner. If the files in the attachment don't match what they are suppose to be, don't open them. Delete them. For example, if the files are suppose to be images but the extension is an executable file such as .com, .dll, .exe, etc. These are not images and likely contain a virus. Also, the email says to inform everyone you know. It even gives a good argument for doing that. If you are going to notify several people, to not put their email addresses in the TO: field. Instead, use the BCC: (blind carbon copy) field. By doing this, you protect their email addresses from everyone else in your list and from being picked up from the net by spammers using programs called bots to harvest the addresses from the emails.

More information on this can be found on Snopes at www.snopes.com/computer/virus/osama.asp

Now for the second part of the email.

2.) You should be alert during the next few days: Do not open any message with an attached file called 'Invitation' regardless of who sent it. It is a virus that opens an Olympic Torch which 'burns' the whole hard disc C of your computer!!!! This virus will be received from someone who has your e-mail address in his/her contact list, which is why you should send this E-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it. If you receive e-mail called 'invitation', even though sent by a friend. Do not open it!!! Shut down your computer immediately!!!! This is the worst virus announced by CNN; it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind. This virus simply destroys the zero sector of the hard disc, where other vital information is kept.

This part of the email is a HOAX! No such (incurable) virus exists! Please see www.snopes.com/computer/virus/invitation.asp at Snopes.

Please visit other sections of this site for information on remaining safe online and some of the dangers that are lurking in our area.

---