2-viruses.com - detect and remove viruses, spyware and other malware http://www.2-viruses.com Fri, 04 Jul 2008 10:12:50 +0000 en WinReanimator threat: information and removal http://www.2-viruses.com/remove-winreanimator http://www.2-viruses.com/remove-winreanimator#comments Fri, 15 Feb 2008 19:44:51 +0000 http://www.2-viruses.com/remove-winreanimator Comment on this Bookmark ]]> VirusHeat threat: information and removal http://www.2-viruses.com/remove-virusheat http://www.2-viruses.com/remove-virusheat#comments Fri, 08 Feb 2008 20:26:42 +0000 http://www.2-viruses.com/remove-virusheat VirusHeal, since not only is the name different by just one letter, but its features aren’t much better either. The alerts claim that your PC is infected with various trojans, including smithfraud.G, which is a hoax used by malware vendors. VirusHeat is most commonly installed with the help of Zlob or by downloading it from virusheat.com (85.225.120.53). Their website does not look like anything original, and is full of false claims. According to the content, the "company" is based in Riga, Latvia and was created in 2000. However, they fail even the basic security tests. 1. Domain bought only a month ago - internet security companies buy out their name earlier.
2. They are hosted not in the USA or Latvia, but in Ukraine together with many other rogues
3. Their payments are processed by www.segpay.com - a carding site, its unsafe to provide your credit card details there
4. They push other rogue products like Total Cleaner.
You should therefore avoid this scam and not download Virusheat. This scamware should be removed as soon as possible, and if you have paid for it, contact your credit card company to avoid further money loss.
Smithfraudfix provides half automated removal, manual removal instructions are as follows:
Comment on this Bookmark
]]> TrustedAntivirus threat: information and removal http://www.2-viruses.com/remove-trustedantivirus http://www.2-viruses.com/remove-trustedantivirus#comments Tue, 22 Jan 2008 14:29:21 +0000 http://www.2-viruses.com/remove-trustedantivirus Comment on this Bookmark ]]> MalwareCrush threat: information and removal http://www.2-viruses.com/remove-malwarecrush http://www.2-viruses.com/remove-malwarecrush#comments Thu, 10 Jan 2008 12:04:29 +0000 http://www.2-viruses.com/remove-malwarecrush VirusBurst, SpywareQuake, SpyAxe etc. It even shares the same shortcut icon with its predecessors. You should remove MalwareCrush as soon as possible.

As the slogan of MalwareCrush goes "MalwareCrush Leaves The Malware Absolutely No Chance!". Of course it does not, as it brings all the so-called "threats" along to the installation already. After the installation you will be presented with a fake report of threats and offered to buy a full version of the application in order to remove them. That is, business as usual - do not fall for this scam. If you find MalwareCrush in your system, it is recommended to remove it as soon as possible.

The payments for Malware Crusher are processed on domain fantazybill.com - a domain without any frontpage which is VERY strange for legitimate payment business, so obviously its part of the scam isoftpay.com was. Your credit card info might get recorded in the process and more money will be stolen from you than the cost of this fake tool. One more reason not to trust them!

Do not ever download or buy Malware Crush, and to ensure your security, you should block malwarecrush.com (207.226.175.54) using your HOSTS file.

Comment on this Bookmark
]]> Awola threat: information and removal http://www.2-viruses.com/remove-awola http://www.2-viruses.com/remove-awola#comments Tue, 25 Sep 2007 12:11:26 +0000 http://www.2-viruses.com/remove-awola Comment on this Bookmark ]]> VirusProtect Pro threat: information and removal http://www.2-viruses.com/remove-virusprotect-pro http://www.2-viruses.com/remove-virusprotect-pro#comments Wed, 04 Jul 2007 08:20:30 +0000 http://www.2-viruses.com/remove-virusprotect-pro Spylocked and Spydawn. A new name was used to trick users into spending money for a thing, harmful for their PC. We have got some of our users complaining about popups asking to purchase full version of this crap without ever installing it in first place. Although the origin of software is not clear, Zlob is the culprit or such problems usually. To avoid problems, stay away from this software! We provide instructions on how to remove it from your PC. The domains related to this parasite are virusprotectpro.com (85.255.117.205) and virusprotectpro.biz. Be sure to block these domains using your HOSTS file for maximum security. Also, avoid installing "free" codecs from low reputation sites. Last removal instructions update: August 28th, 2007
Comment on this Bookmark
]]> SpyCrush threat: information and removal http://www.2-viruses.com/remove-spycrush http://www.2-viruses.com/remove-spycrush#comments Wed, 23 May 2007 11:36:07 +0000 http://www.2-viruses.com/remove-spycrush SpyLocked and VirusBurst. After infection by this parasite, you will receive fake security warnings, which state that your system is damaged by spyware and you need to buy SpyCrush or SpyCrusher in order to heal the infected system. These warnings will be exaggerated and false, as SpyCrush has neither any spyware detection nor removal capabilities. Stay away from SpyCrusher and remove it immediately after infection.
SpyCrush is closely related to VirusProtectPro, as it is hosted not only in the same data center in Kharkiv, but even at the same C class range (85.255.117.206), so it is highly probable that it belongs to the same person.
Comment on this Bookmark
]]> WistaAntivirus threat: information and removal http://www.2-viruses.com/remove-wistaantivirus http://www.2-viruses.com/remove-wistaantivirus#comments Fri, 04 Jul 2008 10:12:50 +0000 http://www.2-viruses.com/remove-wistaantivirus Comment on this Bookmark ]]> PCCleanPro threat: information and removal http://www.2-viruses.com/remove-pccleanpro http://www.2-viruses.com/remove-pccleanpro#comments Thu, 03 Jul 2008 14:46:07 +0000 http://www.2-viruses.com/remove-pccleanpro Comment on this Bookmark ]]> Gxvpsafm Toolbar threat: information and removal http://www.2-viruses.com/remove-gxvpsafm-toolbar http://www.2-viruses.com/remove-gxvpsafm-toolbar#comments Thu, 03 Jul 2008 14:31:27 +0000 http://www.2-viruses.com/remove-gxvpsafm-toolbar Comment on this Bookmark ]]> Real Antispyware 5.2 threat: information and removal http://www.2-viruses.com/remove-real-antispyware-52 http://www.2-viruses.com/remove-real-antispyware-52#comments Thu, 03 Jul 2008 14:24:23 +0000 http://www.2-viruses.com/remove-real-antispyware-52 Comment on this Bookmark ]]> Worm.Win32.Runfer.kz threat: information and removal http://www.2-viruses.com/remove-wormwin32runferkz http://www.2-viruses.com/remove-wormwin32runferkz#comments Wed, 02 Jul 2008 12:40:26 +0000 http://www.2-viruses.com/remove-wormwin32runferkz Centod Anti-Spyware 2008’s falsified system scan reports. This is done in order to mislead the user into thinking he is infected and therefore in need of an anti-spyware program (Centod in particular, since these fake reports link to the rogue spyware remover’s website). Worm.Win32.Runfer.kz is not real. It is an indication that you have been infected by Centod and are being scammed. Do NOT download or buy the program and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan-PSW.Win32.Nilage.cln threat: information and removal http://www.2-viruses.com/remove-trojan-pswwin32nilagecln http://www.2-viruses.com/remove-trojan-pswwin32nilagecln#comments Wed, 02 Jul 2008 12:39:23 +0000 http://www.2-viruses.com/remove-trojan-pswwin32nilagecln Centod Anti-Spyware 2008 (a clone of Zynaps) in it’s falsified security scan reports. This is done in order to mislead the user into thinking he is infected, in hopes of getting him to buy the corrupt spyware remover’s fake "licensed version". Trojan-PSW.Win32.Nilage.cln is not a threat, whereas Centod surely is. It is a scam and should be treated as such: do NOT download or buy it and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan.Win32.Slefdel.pj threat: information and removal http://www.2-viruses.com/remove-trojanwin32slefdelpj http://www.2-viruses.com/remove-trojanwin32slefdelpj#comments Wed, 02 Jul 2008 12:38:31 +0000 http://www.2-viruses.com/remove-trojanwin32slefdelpj Centod Anti-Spyware 2008 - a rogue anti-spyware program, which uses falsified scan reports full of fake threats as means of intimidating the user, in hopes that he will buy Centod’s "licensed version". Trojan.Win32.Slefdel.pj is not a genuine threat, but rather an indication that you have been infected by the corrupt anti-spyware Centod. It is a scam and should be treated as such: do NOT download or buy it and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan-Spy.Win32.Pophot.axb threat: information and removal http://www.2-viruses.com/remove-trojan-spywin32pophotaxb http://www.2-viruses.com/remove-trojan-spywin32pophotaxb#comments Wed, 02 Jul 2008 12:37:25 +0000 http://www.2-viruses.com/remove-trojan-spywin32pophotaxb Centod Anti-Spyware 2008. This is in no way an indication that you have been infected by the "trojan", but rather an attempt by Centod to mislead you into purchasing it’s "licensed version". Trojan-Spy.Win32.Pophot.axb does not exist. It is a scam and should be treated as such: do NOT download or buy Centod and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan-Clicker.Win32.Agent.ahi threat: information and removal http://www.2-viruses.com/remove-trojan-clickerwin32agentahi http://www.2-viruses.com/remove-trojan-clickerwin32agentahi#comments Wed, 02 Jul 2008 12:36:30 +0000 http://www.2-viruses.com/remove-trojan-clickerwin32agentahi Centod Anti-Spyware 2008. This is not a real threat and is just a means of intimidating the user so that hopefully he would buy the "licensed version" of the parasite. Trojan-Clicker.Win32.Agent.ahi is merely an indication that you have been infected by Centod. It is a scam and should be treated su such: do NOT download or buy the corrupt software and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan.Win32.Dialer.bdo threat: information and removal http://www.2-viruses.com/remove-trojanwin32dialerbdo http://www.2-viruses.com/remove-trojanwin32dialerbdo#comments Wed, 02 Jul 2008 12:34:22 +0000 http://www.2-viruses.com/remove-trojanwin32dialerbdo Centod Anti-Spyware 2008’s falsified system scan reports. This is done in order to mislead the user into thinking he is infected and therefore in need of an anti-spyware program (Centod in particular, since these fake reports link to the rogue spyware remover’s website). Trojan.Win32.Dialer.bdo is not real. It is an indication that you have been infected by Centod and are being scammed. Do NOT download or buy the program and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan-Spy.Win32.Agent.cka threat: information and removal http://www.2-viruses.com/remove-trojan-spywin32agentcka http://www.2-viruses.com/remove-trojan-spywin32agentcka#comments Wed, 02 Jul 2008 11:32:53 +0000 http://www.2-viruses.com/remove-trojan-spywin32agentcka Centod Anti-Spyware 2008 (a clone of Zynaps) in it’s falsified security scan reports. This is done in order to mislead the user into thinking he is infected, in hopes of getting him to buy the corrupt spyware remover’s fake "licensed version". Trojan-Spy.Win32.Agent.cka is not a threat, whereas Centod surely is. It is a scam and should be treated as such: do NOT download or buy it and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Backdoor.Win32.Small.dsp threat: information and removal http://www.2-viruses.com/remove-backdoorwin32smalldsp http://www.2-viruses.com/remove-backdoorwin32smalldsp#comments Wed, 02 Jul 2008 11:17:42 +0000 http://www.2-viruses.com/remove-backdoorwin32smalldsp Centod Anti-Spyware 2008 - a rogue anti-spyware program, which uses falsified scan reports full of fake threats as means of intimidating the user, in hopes that he will buy Centod’s "licensed version". Backdoor.Win32.Small.dsp is not a genuine threat, but rather an indication that you have been infected by the corrupt anti-spyware Centod. It is a scam and should be treated as such: do NOT download or buy it and block centod.com using your HOSTS file.
Comment on this Bookmark
]]> Trojan.Win32.Agent.mjz threat: information and removal http://www.2-viruses.com/remove-trojanwin32agentmjz http://www.2-viruses.com/remove-trojanwin32agentmjz#comments Wed, 02 Jul 2008 11:09:45 +0000 http://www.2-viruses.com/remove-trojanwin32agentmjz Centod Anti-Spyware 2008. This is in no way an indication that you have been infected by the "trojan", but rather an attempt by Centod to mislead you into purchasing it’s "licensed version". Trojan.Win32.Agent.mjz does not exist. It is a scam and should be treated as such: do NOT download or buy Centod and block centod.com using your HOSTS file.
Comment on this Bookmark
]]>