Tips for protection against computer viruses

Antivirus     The first and necessary step is to install anti-virus protection and proper use of antivirus software. Without it, there is no protection and security of your computer. Do not wait when it will collapse under the pressure of a computer virus - especially if you use the internet. Installing antivirus software is simple in principle. Price is not an obstacle and can not be an excuse for his absence. Given that the majority of well-known manufacturers can find a few that provide antivirus software for home users for free.
     Antivirus software regularly scans files and computer memory. And as a rule, shows the appearance of the infected files, or computer viruses and worms. Followed by warning users and appropriate action taken in accordance with the configuration parameters that can, for example, delete the infected files. Ideally, the user will be warned in time, and prevent damage to the system. Just read the instructions carefully, and do not forget to regularly update anti-virus databases, which ensures the correct operation of antivirus software. To make this clearer, I will compare all the "medical" example.  

Some Tips Of Computer Virus

Precautionary measures 

     Will be essential, in addition to anti-virus, if in your daily work, you develop certain habits that will significantly reduce the chance of infecting your computer.
     Mass of computer worms distributed via e-mail. Therefore, under the mail Be careful. When you receive a new message from an unknown sender, do not rush to open files attached to the message! Similarly, care must be taken to messages from known senders. Especially if you get them unexpectedly. Often writers of malicious worms turn to curiosity users. So do not rush to open suspicious files attached to e-mail, even if the content promises interesting information.  

    Computer viruses and worms can be disguised in a file that supposedly contains movies, pictures, or humorous content, special attention should be paid to the file with a double extension (for example, .Exe, .Bat; .Com, .Vbs, .Doc, .Dot, .xls, .dll, .ppt, .mdb, .jpg), which clearly indicates that this could be a computer virus. When viewing an infected message your computer can not get infected because it takes to run the attached letter to the file. What compels you so akivno message.
    For file infection computer virus remains in memory as a Windows resident program and stored in Windows-files are executed. To send infected messages, computer virus to disassemble the internal format of the email databases and added to outgoing messages with an infected attachment (attach). Ie computer virus sends itself to the Internet. Similar precautions should also be saved when downloading and installing software from the Internet.  

How to protect your computer from malware and hacker attacks?

     You can protect your computer from malware and hacker attacks, if you follow these simple rules:

      *  Installed on your PC protection solution against information threats.

      *   Always install updates for your operating system and applications are designed to fill gaps in their security. If you are using Microsoft ® Windows ®, you do not need to manually download the updates every month, sufficient to establish the automatic mode - Start | Control Panel | Security Center, Windows ® (Start | Control Panel | Security Center). If you use a software package Microsoft ® Office, do not forget to install the update it regularly.
      *  If you received an e-mail message with an attached file (document Word, spreadsheet Excel, an executable file with a. EXE, etc.), do not open the attachment, if the sender of the letter you do not know. Do not open attachments unless you are expecting to get such a message. UNDER NO CIRCUMSTANCES do not open attachments sent in spam messages (spam). 

Computer virus Trojan.MSIL.Pakes.bo

Trojan. It is a Windows. NET (PE-EXE file).  
Size: 579,584 bytes.
 MD5: aac63d4ebb5e40428ae84f2addc617a2 
SHA1: e9348d3db8221f8ed118c5a0e7a3a2ebdfb3da9a
Destructive activities
When launched, the Trojan does the following:

• creates files:

    % AppData% \ DalxI.txt
    % AppData% \ chrome.exe
    % AppData% \ chrome

• creates the following registry keys:

[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \FirewallPolicy \ StandardProfile]

"DoNotAllowExceptions" = 0

[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \

FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
"% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe" =
"% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe: *: Enabled: Windows Messanger"
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \
FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
 "% AppData% \ chrome.exe" = "% AppData% \ chrome.exe: *: Enabled: Windows Messanger"
[HKCU \ Software \ VB and VBA Program Settings \ SrvID \ ID]
 "CBNCSPGZT2" = "chrome"
[HKCU \ Software \ VB and VBA Program Settings \ INSTALL \ DATE]
    "CBNCSPGZT2" = "<Date>"

Tools and techniques to protect information from viruses

     Computer viruses are called small-size program that can attach itself to other programs and perform unwanted actions to the user. The life cycle of a virus consists of: Introduction. Incubation period. Reproduction. Destruction. The signs of the emergence of the virus are: Slowing of the PC. You can not boot the OS. Freezes or crashes frequently the PC. Reducing the amount of free RAM. The destruction of the file structure.
     Classification of computer viruses on the principles of: Habitat. OS. Features of the algorithm. Destructive capabilities. Depending on the habitat viruses are divided into: boot, file, system, network, macro viruses, and their combination. Boot - the boot sector of the disk. File - embedded in file execution. System - occur in the module system. Networking - use network protocols and e-mail. Macro viruses infect documents, spreadsheets and presentations. OS - Affected OS.

"Doctor Web" and "Megaphone" epidemic Trojan.Winlock

     Russian developer of IT security "Doctor Web" and the company "MegaFon" announce the launch of a joint project of the epidemic Trojans extortionists family Trojan.Winlock, blocking Windows on users' computers. Now unlock your computer "MegaFon" is enough to send a free SMS to a special number. 
     Trojan.Winlock - the family of malicious programs, extortionists, blocking or impeding work with Windows and require the transfer of money to restore the attackers PC operation by sending an SMS message to a premium-billing. The spread of such viruses Trojan.Winlock and varied, but in most cases the infection occurs through vulnerabilities in web browsers when viewing the infected sites. Trojan.Winlock disables the Task Manager does not allow the boot not only in safe mode, and load another system from another hard drive of the computer. 
     Now, subscribers to the actions Trojan.Winlock unable to access the Internet from your computer, Windows will prompt to unlock your mobile phone. To get the unlock code to send to the number 5665 free SMS-message in the following format: "HHHH_YYYYYYYY" where XXXX - the number to which criminals are asked to send SMS, YYYYYY - text SMS. In response to subscribers free of charge receive the activation code unlocks Windows. When you have a phone with Internet access, you can also use the mobile site "Doctor Web" with free razblokirovschikom from Trojan.Winlock -

best Kaspersky programs to remove viruses

Kaspersky WindowsUnlocker - a special utility in the image Kaspersky Rescue Disk 10 to combat software-extortionists.                                   
   Download

______________________________________________________________

Kaspersky Virus Removal Tool - a program for treatment of an infected computer from viruses and other types of malicious programs.                                         
   Download
______________________________________________________________

TDSSKiller - treats Rootkit. Win32.TDSS; Rootkit.Win32.Stoned.d; Rootkit.Boot.Cidox.a; Rootkit.Boot.SST.a; Rootkit.Boot.Pihar.a, b; Rootkit.Boot.Bootkor.a ;
Rootkit.Boot.MyBios.b; Rootkit.Win32.TDSS.mbr; Rootkit.Boot.Wistler.a; Rootkit.Win32.ZAccess.aml, c, e, f, g, h, i, j, k; Rootkit. Boot.SST.b; Rootkit.Boot.Fisp.a; Rootkit.Boot.Nimnul.a; Rootkit.Boot.Batan.a; Rootkit.Boot.Lapka.a; Backdoor.Win32.Trup.a, b; Backdoor. Win32.Sinowal.knf, kmy; Backdoor.Win32.Phanta.a, b; Trojan-Clicker.Win32.Wistler.a, b, c; Virus.Win32.TDSS.a, b, c, d, e; Virus. Win32.Rloader.a; Virus.Win32.Cmoser.a; Virus.Win32.Zhaba.a, b, c; Trojan-Dropper.Boot.Niwa.a.                                  
   Download
______________________________________________________________

Removal recomndations for Backdoor.Win32.Banito.ayg

     A malicious program designed for remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.
     These malicious programs can do with the computer all that the author wants: send and receive files, launch and delete them, display messages, delete data, reboot the computer, etc.
     This type of malware is often used to connect computers to the victims of the so-called "botnets", centrally controlled by hackers for malicious purposes.
     Is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. Distinguishes such Backdoors worms is that they do not propagate through the network automatically (as worms), but only for a special "command" that controls the malicious program.
       Technical details 
     A malicious program that provides the user remote access to an infected machine. It is a Windows (PE-EXE file). Has a size of 221,184 bytes. It is written in C.
        Installation
     After starting the backdoor key looks in the following branches of the system registry:         
                      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] 

                      [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 

     In this backdoor attempt to overwrite the contents of the file, the path to which is specified as the values ​​enumerates key contents of your original file. In this case, to counter the anti-virus signature scanners in the copy modified 4 bytes: