We help IT Professionals succeed at work.


Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.

I have Malwarebytes Endpoint Security bundle, which includes Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit.   I understand some people run an antivirus program as well.   I have AVG Antivirus Business Edition on my server add I can install it on the workstation that has MWB, or is this overkill ?   Please advise.
I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
I have Vipre Internet Security and Malwarebytes Antimalware installed on my system.   Do I need additional protection from ransomware?
We use the free version of Microsoft Security Essentials.

Is it possible to set up a GPO (Windows Server 2003 R2) to schedule a weekly full scan?
Hello Experts,
This customer has an application developed in vb6 long ago...
it works fine but some of its modules... exe files with size less than 500 kb are being blocked by bit Defender...
although the modules are well known and widely used by the company...

Why is bit defender identifying those pretty small exes as a thread and what can I do ?
Besides Changing Antivirus... this customer is a loyal fan of Bit Defender and just paid for all his licenses
So changing antivirus is my last resource here.
Please your advice.
I have installed one of those free software which with one click and hard to see recommendation and agreements I ended up to a new start page (hijacked) of my browsers.
The unwanted page is http://www.seeklatin.com/ 
I blocked it in the host file, but the browsers still redirect for that page when I start them.
I have the problem with internet explorer, firefox, chrome and opera.
I have tried all kind of cleaners and after some cleaning nothing could be detected anymore. Still I have the same problem.
I have rested the web browsers and only chrome is now clean.
How do I get rid of www.seeklatin.com?
What cleaners and methods do you recommend?
Cleaners used: MalwareBytes, Hitman Pro, SpyHunter, SuperAntiSpyware, AdwCleaner, Lavasoft Ad-Aware and other...
Looking to tighten down security currently using AVG and happy with this product. I've never used a purchased version of Malwarebytes however find it's substantial removing malware.

Question, I'm thinking of using the business version of Malwarebytes and AVG at the same time, is this overkill, a good plan, or should I stick with one or the other?

Thanks in advance.
I have had a crash and need to uninstall the Antivirus Software

I cannot find an Uninstaller Tool anywhere....Please Help !!!!!

When I attempt to uninstall I get this message:

error 1721. There is a problem with the Windows Installer package. A program required for this install to complete could not be run.  Contact your support personnel or package Vendor.

Note: already ran:

Hello experts, my old IBM Thinkpad laptop has been acting rather slow for the last while - particularly while in Firefox. A couple of weeks ago my eBay account was hacked into and some bogus items were purchased on my credit card, so I'm fearing some sort of backdoor trojan has infiltrated my laptop. I ran ESET online scanner yesterday and it found and cleaned these viruses:

C:\Documents and Settings\All Users\Application Data\RoboSoft\dump\APP-00FA03289C1\SITE-00F811B52A1.htm	HTML/Iframe.B trojan	deleted
C:\Documents and Settings\JD\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\16bab12d-3a388b4c	multiple threats,a variant of Java/Exploit.Agent.RSM trojan,a variant of Java/Exploit.Agent.PNG trojan,a variant of Java/Exploit.Agent.PNF trojan	cleaned by deleting
C:\Documents and Settings\JD\My Documents\Downloads\190unlocker.exe	Win32/Adware.ADON potentially unwanted application	deleted
C:\PMAIL\MAIL\FOL06413.PMM	HTML/ScrInject.B trojan	deleted
C:\RECYCLER\S-1-5-21-1455450049-4218601970-2604882262-1005\HELP_DECRYPT.HTML	Win32/Filecoder.CryptoWall.CR trojan	deleted
C:\RECYCLER\S-1-5-21-1455450049-4218601970-2604882262-1005\HELP_DECRYPT.TXT	Win32/Filecoder.CryptoWall.CR trojan	deleted
C:\WINDOWS\uninstac.exe	a variant of Win32/PCCleaners.A potentially unwanted application	cleaned by deleting

Open in new window

... now I'm rather worried there might be more lurking. Regarding what you see above for "Win32/Filecoder.CryptoWall.CR" - I did have this trojan over a year ago... it encrypted a lot of my files but fortunately I had a good backup and restored and cleaned out the trojan at that time. I guess the ESET scan found an old "RECYCLER" folder with those two files as a remnant of my old cleaning.
   Anyway, would someone be able to give me some guidance on how to do a really good and thorough malware check just to make sure everything is clean now? I've run malwarebytes recently and it found nothing.

Hello and Good Afternoon Everyone,

          I am wondering if there are any online sites which will carry out complete anti-malware and anti-virus scans and remove detected threats for free.  

          Any suggested link or links in response to my question will be greatly appreciated.

          Thank you

I have customers that keep getting fake tech support pop up adds that hijack the browser.
These can be from Microsoft, Norton, Comcast, etc.
Is there a program that is effective at blocking these hijacks and not break
the bank?  Free ones are always good, but don't like the upgrades they try to get you to
do.  So if there is a good paid program, I think they would like it being add free.
  Most of the files (Word/Excel/Access/PDF) on my server is infected by ZEPTO virus. The backup device do not have the latest files.  So I am considering paying the ransom money, We don't have much option even if there is no grantee.
Having said that, did anyone try to pay these virus developer "bitcoin dollars" and successfully decry-pt infected files?
Any advise in terms of how to deal with these people?
 I have the screenshot of the message (where it shows the URL to receive my private key along with additional steps to try and it had "personal identification ID: xxxxx!!!". I can post it if you like to see it.
 Thanks in advance.
Hi, We found Virus in our shared folders following files.

If i didn't remove this file any harm?  i mean if i leave the file without delete.
client got the message below.

How can I be getting this issue with Sophos installed.

is there a fix for us



All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.51076 BTC (bitcoins).
Please follow this manual:

1. Create Bitcoin wallet here:


2. Buy 0.51076 BTC with cash, using search here:


3. Send 0.51076 BTC to this Bitcoin address:


4. Open one of the following links in your browser to download decryptor:


5. Run decryptor to restore your files.


      - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
      - Nobody can help you except us.
      - It`s useless to reinstall Windows, update antivirus software, etc.
      - Your files can be decrypted only after you make payment.
      - You can find this manual on your desktop …

for those that are using Trend Micro to protect their corporate file servers, I would like to know if the global setting above is generally used. The documentation says it increases cpu load and scanning times. Would love to know what other guys do in their systems. Is it safe to run ? Has it given you any problem ?

Our documents got infected with the systemdown@india.com.xtbl.  It encrypted thousands of files.  Fortunately I back up everything, so I was able to put backups in place.  But my question is why didn't our Virus protections, Spyware blockers, etc., catch this.  I understand from research that this normally comes in as ads or malware, but my Manager tends to think that even if this came in through email, that our protections should have stopped it at the source and not spread throughout our entire system.  It only affected files that everyone had write access to.  

I need to prevent this from happening.  Other than totally locking down the internet what else can I do.  I have anti-virus software in place, Barracuda Spyware device, as well as Malware software.  I know the rules of prevention but I need to know if there is anything that can stop it if it hits our systems again.
I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by FoolishIT.com

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

    My systems was effected with zepto ransomeware.
     After scanning with malware bytes ransomeware gone but I am unable decrypt zepto file back

Can any one have solution

Thanks in advance
We are looking for a way to Remotely, Silently Clean up our customers coputers with Malware from a LogMeIn Command prompt.  We have a script for running Malwarebytes (which is already installed) silently, but it is not getting everything.  We need to be able to run a registry sweeper as well.

Does anyone know of a PORTABLE utility like CCleaner that can be run from command line with parameters to run silently & clean up with no intervention?

Hi Experts,

I have been through my usual programs with this one....any suggestions

HP: All In One Desktop running Windows 10 Home

Flashing circles appearing on the desktop
A second mouse icon suddenly appears from nowhere & a Word document keeps trying to opening usually the last document that failed to open.
Along with some pictures opening the onscreen keyboard and bottom right of screen the calendar opens as well.

I downloaded and checked With Process explorer but that even opened a heap of dialogue boxes when I hovered over or clicked on one in particular.

The calendar and onscreen keyboard usually shut themselves down after a while.

Things I have tried:
Malwarebytes have now run three times twice in Chameleon mode all time and found nothing!!
Registry investigator (which showed nothing out of the ordinary)
TDSKiller (nothing found)
Hijackthis. (nothing bad found)
CCLeaner  - Cleaned up a bit but made no difference
HitmanPro  - nothing much
Junkwaretool (a couple of things)
ADWCleaner (found two things and removed)

Again nothing that is sticking out as major in terms of virus or malware...

Advise apart from a wipe and reload much appreciated.Southern


I am trying to work out what malware is infecting my machine. My antrivus software does not pick it
up. So maybee somebody else can give me some pointers.

The symptoms are that I got some foriegn text on my lock screen either korean or german (I think).

I did click on one of them once and it brings up something in the Microsoft store.

So I am looking for some pointers if possible.

Ultimately I would like to know the impact of this malware - if I can identify it.

I am running Windows 10 x64.



Recently I received a text from a person I recognized but who was not in my contacts.  Despite the fact they were not in my contacts, their full name was in the body of the text along with a blank avatar and the words "Follow locations" or "Follow local", I can't remember eactly.

Within an hour after receiving and deleting that text I received a text from the same person saying, "why are you tracking me?"

At this point I'm trying to figure out all the possiblities of what's going on.  Some of my questions are:

1)  Can such a text actually initiate tracking in either direction?
2)  Is it possible the text would give the sender the ability to track my phone rather than theirs?
3)  If tracking was actually initiated, how could the tracking be terminated in either direction?
4)  If I disabled the GPS functionality on my phone, would that prohibit tracking of my phone?
5)  If my phone was tracking the phone that texted me, how would that user be aware of such a thing?

In other words, if somebody installed an app on the sender's phone without them knowing, how would that ultimately manifest to the user of that phone?

I decided to wipe my phone and reinstall the factory image/settings just in case something was installed.  However, I'm wondering if by accepting the text to "follow" the sender's phone, my number is registered to follow regardless of what I do to my phone.

Thanks in advance.
Yes?  Why do you use it?

No?  Why don't you use it?
I'm trying to sieve out which of the signatures / malwares in F-Secure is ransomware.
Anyone can get me a list?
From our AV & antispam reports, it could not segregate out which ones are ransomware.
I'll need this for management report.

Anyone has a list of ransomware names to date?

Attached is a list which I'm seeing happening lately:
can help identify which ones are ransomware, thanks.


Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.