Wednesday, August 5, 2015

Display Driver Uninstaller (DDU)

Display Driver Uninstaller is a driver removal utility that can help you completely uninstall AMD/NVIDIA graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, driver store).





The AMD/NVIDIA video drivers can normally be uninstalled from the Windows Control panel, this driver uninstaller program was designed to be used in cases where the standard driver uninstall fails, or anyway when you need to thoroughly delete NVIDIA and ATI video card drivers. This software is backed by Guru3D.com The current effect after you use this driver removal tool will be similar as if its the first time you install a new driver just like a fresh, clean install of Windows. As with any tool of this kind, we recommend creating a new system restore point before using it, so that you can revert your system at any time if you run into problems.

If you have problem installing older driver or newer one, give it a try as there are some reports that it fix thoses problems. DDU is an application that is programmed by Ghislain Harvey aka Wagnard, Guru3D.com is the official download partner for this handy application.

Download Link:  Display Driver Uninstaller ver15.4.0.0
 
Source:  http://www.guru3d.com/files-details/display-driver-uninstaller-download.html

 

To GOD be the glory!

Wednesday, July 22, 2015

How to Remove kiss.exe

Virustotal Scan

We'll be using System Explorer to remove the malware

First, create a System Restore Point

Terminate the malicious process:  Filename random?

How to Remove kiss.exe.  Terminate the malware process

Use File Directory Explore to locate the files

Delete all files in that folder, including the folder.

How to Remove kiss.exe.  Deleting the files.

Delete the Startup Entry

How to Remove kiss.exe.  Delete Startup entry.


Scan with an updated antivirus or antimalware.



To GOD be the glory!

All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.

The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014-2015 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.




Friday, June 12, 2015

SFWW Refill Glitch

This is how to do multiple refill request in Wizardry and Witchcraft.  Thank our developer for not fixing (or not having the skills to fix) this bug.  Credit goes to whomever discovered the bug.

1.  Open multiple tabs of Headmaster Horus Refill Shop

2.  Click and share a refill.


3.  Post link to any group.


4.  Repeat procedure on next tab.






Saturday, June 6, 2015

HyperAntivirus


HyperAntivirus








The best antivirus modernity!



    
We worked hard for many years to develop a unique anti-virus different from all others. An anti-virus which will protect your computer much better then anything available up to date.     

Download Link:


The best antivirus modernity!

We worked hard for many years to develop a unique anti-virus
different from all others! An anti-virus which will protect your
computer much better then anything currently available. We are so
confident in what we have created that we are willing to pay a reward of
 up to $10,000 to anyone who gets effected by computer viruses while
using our product! Learn more about how to get compensation here  

Not only is it FREE, but we give you money.


We know our anti-virus can be of huge benefit to many people.
Challenging prime AV software companies is a rat race so we have put a
different strategy in place to let people know about us. We are so
confident in our product that we are offering to pay you cash for
distributing our software to prove to you it's the best on the market.
Learn more about getting paid here.


A fundamentally new approach!

Our anti-virus was created on the basis of a huge distribution
of computer networks. It radiates with true intellect and mimics the
intelligence of leading robots and machines. At the heart of the
anti-virus is the technology of neural nanoanalysis, which is used in a
number of new technologies: "Technology vaccination" ®,  "Technology
VirusAntiterror " ®, "Technology nanobaiting" ®. 


      Our anti-virus is the only free anti-virus which gives you full
protection. 



Technology of a new era available today!

Old technologies that are used by anti-virus software making
companies have long outlived their usefulness. They do not work. These
days by buying anti-virus software made by popular brands you are paying
 for nothing. Even worse, you get cheated! You can read more about this
here. Only our free anti-virus will give you full protection. 




Download Link:




Friday, March 6, 2015

How to block porn sites using Adguard

This tutorial is one of many ways to block porn sites.  I'll be using Adguard.

First install Adguard

Configure it this way.  Just follow the screenshots.






That's it, you're done.

Let's test it by going to porn site.



Download Link:  Adguard

Please visit my blog on manual malware removal

All my tutorials are FREE.  If you find this tutorial useful, please comment or share.  You can also help fund my continued work by making a donation.  Thank you and GOD bless!



To GOD be the glory!

All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.

The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Sunday, February 22, 2015

How to block or prevent malware from running Part 2

II.  Registry Tweaks

Blocking program execution

This technique is similar to what gpedit.msc would do when you don't allow an application from executing.  We will be using two registry scripts to accomplish this.  One is for blocking and another for unblocking.

Copy/paste the following and save it as Block.reg.   Just like in How to block or prevent malware from running Part 1, we'll be using wscript.exe as our example. 

Windows Registry Editor Version 5.00

; Block an application
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="wscript.exe"


Running a VBS File with restrictions
Merge this to your registry to block wscript.exe. Log-out and log-in for the changes to take effect.  Once wscript.exe or any program or malware is blocked, you can now easily remove infections easily by doing a scan.

When you're done with scanning and your system is already clean from infections, you can unblock wscript.exe by using the next registry script.  Save the following as Unblock.reg.

Windows Registry Editor Version 5.00

; Unblock an application
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"=-


Note that this technique is not limited to VBS worms.  I used this method for removing malwares like Daprosy worms, or any unknown trojan that can't be deleted easily because it's locked by a running process.  Sometimes, only gpedit.msc, taskman, regedit and cmd are all you need to remove low to medium malware threats.

Making Notepad the default file handler for VBS files

Another way to prevent VBS worms from running is to use Notepad instead of WScript as VBE and VBS files default file handler.  This way the worm would open in Notepad instead of executing making it easier to remove.

Copy/paste the following and save it as "Open VBE VBS with Notepad.reg"

Windows Registry Editor Version 5.00

;Open VBE/VBS file with Notepad by WinXPert
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBEFile\Shell\Open\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,\
6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,\
00,31,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,\
6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,\
00,31,00,00,00



Opening a VBS File with Open VBE VBS with Notepad.reg merged to registry.

And here is the companion script to revert VBE/VBS handling back to it's default settings.  Save this one as "Open VBE VBS with WScript (Default).reg"

Windows Registry Editor Version 5.00

;Open VBE/VBS file with WScript.exe (default)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBEFile\Shell\Open\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,\
53,00,63,00,72,00,69,00,70,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,22,\
00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,\
53,00,63,00,72,00,69,00,70,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,22,\
00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00



Running a VBS File with default file handler


To be continued...

Please visit my blog on manual malware removal

All my tutorials are FREE.  If you find this tutorial useful, please comment or share.  You can also help fund my continued work by making a donation.  Thank you and GOD bless!


To GOD be the glory!

All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.

The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.

Saturday, February 21, 2015

Repost: How To Disable Autorun


Removable USB/thumb drives use the Autorun feature to load files when the drives are plugged into the USB port. Malware exploits the Autorun feature to spread from thumb drive to PC. Disable the autorun feature to prevent malware from spreading.

1. The easiest and most effective means to truly disable autorun can be done via this simple autorun registry hack:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

2. To use this method, Open Notepad and copy/paste the following into a text file:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Save the file as something.reg. (You have to be sure to change the "Save File as Type" to "All Files" before saving, or Windows will try to save it as a .txt even if you typed in .reg.

3. Locate the file you just saved and double-click the file to run it. You will receive a prompt asking if you want to add the data to the registry. Click yes to allow the modification.

4. The above method nulls any request for autorun.inf and works on XP Home or Pro, as well as Windows Vista. Credit for this tip goes to Nick Brown.

If you opt to disable autorun using any other method, you will first need to install an autorun patch from Microsoft that allegedly resolves issues that cause autorun to run even after it's been disabled (using methods other than the above recommended method).

5. XP Pro users who have installed the appropriate Microsoft patch for your system and wish to disable autorun using a method other than described above, follow steps 3 through 8 only. XP Home users begin at step 9.

6. Windows XP Pro users: Click Start and then click Run. Type gpedit.msc and click OK. The Group Policy window will open. In the left pane, double-click Administrative Templates

7. In the right pane, double-click System, scroll down the list and double-click Turn Off Autoplay

8. In the Turn Off Autoplay Properties window, select Enabled. From the dropdown next to Turn Off Autoplay on, select All drives and then click OK. Exit Group Policy by selecting File, then choosing Exit from the menu.

9. XP Home users will need to make the changes by editing the registry directly. To begin, click Start and then click Run

10. Type regedit and click OK. The Registry Editor window will open.

11. In the left pane, navigate to:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
.

12. With Explorer highlighted, in the right-pane right click the value NoDriveTypeAutoRun and select Modify from the drop down menu. The base value will be set to Hexadecimal. If not, select Hexadecimal.

13. Type 95 and click OK.
Note that this will stop Autorun on removable/USB drives, but still allow it on CD ROM drives. If you want to disable autorun on both, substitute b5 for the 95. (Thanks to Ian L. of Manitoba for the tip).

14. Exit Registry Editor by selecting File, then choosing Exit from the menu.

15. You will now need to reboot your computer for the changes to take effect.

Source: http://antivirus.about.com/od/securitytips/ht/autorun.htm

How to Disable Autorun in Vista

A bug in Microsoft Vista executes programs in the Autorun.inf file when the Autorun feature has been disabled via the NoDriveTypeAutoRun registry value. If you've set the value NoDriveTypeAutoRun in the Windows Vista registry, delete the value and follow the steps below to really disable autorun in Vista.

Note: the steps below involved editing the System Registry.

Here's How:

1. The easiest and most effective means to truly disable autorun can be done via this simple autorun registry hack:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

2. The above method nulls any request for autorun.inf and works on XP Home or Pro, as well as Windows Vista. Credit for this tip goes to Nick Brown.

If you opt to disable autorun using any other method, you will first need to install an autorun patch from Microsoft that allegedly resolves issues that cause autorun to run even after it's been disabled (using methods other than the above recommended method).

3. The following steps apply to Windows Vista users only. See: How to Disable Autorun (Posted below)

4. Open the Registry Editor (regedit.exe) and browse to the following key:

HKLM\SYSTEM\CurrentControlSet\Services\Cdrom

5. In the right pane, right-click Autorun and select Modify.

6. Enter 0 for the Value data. Click OK, then exit the Registry Editor

7. Click Start, type autoplay and press enter. If prompted by User Access Control (UAC), click Continue.

8. Remove the check from 'Use AutoPlay for all media and devices'

You may also wish to change each individual item to 'Take no action'

9. Click Save and the Autoplay window will close.

10. The following steps involve using the Group Policy Editor (gpedit.msc). This feature is not available in Windows Vista Home or Windows Vista Home Premium editions.

11. Click Start, type gpedit.msc and press enter. If prompted by User Access Control (UAC), click Continue. The Group Policy Object Editor will open.

12. In the left pane under Computer Configuration, double click Administrative Templates, then double click Windows Components.

13. In the right pane, double click AutoPlay Policies and select (double click) 'Default Behavior for AutoRun'.

14. In the Default Behavior for Autorun Properties dialog, select Enabled. In the Default Autorun Behavior field, select Do not execute any autorun commands

15. Click Apply, then click OK and close the Group Policy Object Editor.

Source: http://antivirus.about.com/od/securitytips/ht/vista_autorun.htm

How To Autorun Worms: How to Remove Autorun Malware

Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers. For a description of how Autorun malware works, see the Autorun FAQs. To remove an Autorn worm, follow the steps below.

Here's How:

1. Before attempting removal of an autorun worm, you must first disable Autorun. See: How to Disable Autorun or How to Disable Autorun in Vista posted below.

2. After you have disabled autorun, search the root of all drives (including all USB/thumb drives) for the presence of an autorun.inf file. When you have located the autorun.inf file, open it using a text editor such as Notepad and look for any lines that begin with Label=" and "shellexecute=". Note the name of the file designated by these lines.

3. Close the autorun.inf file and delete it from the drive. Now locate the file that was designated in Step 2 and delete that file as well.

4. Repeat these steps for all local, mapped, and removable drives.

5. Note that if an autorun worm is discovered, you should anticipate other infections have occurred and also that your antivirus/firewall/security software may have been disabled and/or tampered with. Ensure the antivirus is working properly by using an Eicar test file.

6. If you are unable to delete the malware files, or they reappear after deleting, use a bootable antivirus rescue CD to access the drive without allowing the malware to load first. You should then be able to delete the target files.

Source: http://antivirus.about.com/od/virusdescriptions/ht/autorunworms.htm


All my tutorials are FREE.  If you find this tutorial useful, please comment or share.  You can also help fund my continued work by making a donation.  Thank you and GOD bless!