Windows 10 Technical Preview

Windows 10 Technical Preview

Today Microsoft launched their Windows Insider Program that allows you to sign up and download the Windows 10 Technical Preview. The program also allows you to take discuss Windows 10 with Microsoft staff and your peers in the Technical Preview forum. Once you join the program you will be able to download an executable that can upgrade your existing Windows installation. If you wish to install the Windows 10 Technical Preview in a virtual machine or in a clean setup, you can download the Windows 10 TP ISO instead. The technical preview is based off of Windows 10 build 9841 and will expire on April 15, 2015.

As this is a very early release of Windows, it is not suggested that you upgrade your normal computer to the Windows 10 TP. Instead you should use a spare computer or even better a virtual machine like VirtualBox. If you decide to go the VirtualBox route, download the ISO and create a Windows 8.1 guest in VirtualBox. Then go into the settings of the guest and mount the ISO as a DVD. When you are ready to install, double-click on the guest to start the installation from the mounted ISO. It will install perfectly, but unfortunately at this time the Guest Additions will not work. I expect a VirtualBox update will be released soon that will allow the guest additions to work.

Posted in Partners | Tagged | Leave a comment

Vista Protection 2014 and Vista Antivirus 2014

Vista Protection 2014 & Vista Antivirus 2014

Vista Protection 2014 & Vista Antivirus 2014 are rogue anti-spyware programs from the Rogue.FakeRean-Braviax family of computer infections. This infection is considered a rogue anti-spyware program because it purposely displays fake scan results, false security warnings, hijacks your web browser, and does not allow you to run your legitimate Windows applications. This scareware is promoted through web sites that have been hacked with scripts that try to install the software by exploiting vulnerabilities on your computer. It is also promoted through Trojans that pretend to be legitimate programs that are required to view an online video, but instead install the infection.

When installed, Vista Protection 2014 will be configured to start every time you try to launch a program on your computer. Once started it will pretend to scan your computer and then display numerous infected files. If you attempt to remove these infections, though, it will prompt you to first purchase the program. As the scan results are fake, please ignore them. Vista Protection 2014 also attempts to protect itself from being removed by terminating any program that you try to run. When it terminates a program it will then state that the file is infected with the Trojan-BNK.Win32.Keylogger.gen infection. As your files are not infected, please ignore this message.

While the infection is started it will also show a variety of security warnings that are worded to think that your computer has a serious security issue. These alerts include:

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Vista Protection 2014 has blocked a program from accessing the internet
This program is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Just like the scan results, these security alerts are fake and should be ignored. Finally, Vista Protection 2014 will hijack your web browser so that you cannot visit web sites. When you attempt to visit a web site, you will instead be shown a page that states that the page you are visiting may be a security risk.

As you can see, this infection was created to scare you into thinking your computer has a security problem due to your computer being infected. Please do not purchase this program , and if you already have, please contact your credit card company and dispute the charges stating that the program is a computer infection and a scam.

Posted in Antivirus | Tagged , | Leave a comment

What is CTB Locker or Critroni

What is CTB Locker or Critroni


CTB Locker (Curve-Tor-Bitcoin Locker)otherwise known as Critroni, is a file-encrypting ransomware infection that was released in the middle of July 2014 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. Just like other file encrypting malware, the media continues to affiliate this infection with CryptoLocker when in fact this appears to have been developed by a different group using new technologies such as elliptical curve cryptography and the malware communicating with the Command and Control server over TOR. As discovered by Kafeine, this malware also appears to be part of a kit being sold online for $3,000 USD, which includes support in getting it up and running. With that said, expect to see other ransomware released using this kit, but possibly with different interfaces. More information on how this malware is being sold can be found in Kafeine’s article “Crypto Ransomware” CTB-Locker (Critroni.A) on the rise.

When you are first infected with CTB Locker it will scan your computer for data files and encrypt them so they are no longer accessible. Any file that is encrypted will have its file extension changed to CTB if it’s the older version and CTB2 if it’s a newer variant.. The infection will then open a ransom screen that states that your data was encrypted and prompts you to follow the instructions on the screen to learn how to purchase and pay the ransom of .2 BTC. This ransom amount is equivalent to approximately $120.00 USD.

When you become infected with the CTB Locker infection, the malware will store itself in the %Temp% folder as a random named executable. It will then create a hidden random named job in Task Schedule that launches the malware executable every time you login. Once infected the CTB Locker will scan your computer’s drives for data files and encrypt them. When the infection is scanning your computer it will scan all drive letters on your computer including mapped drives, removable drives, and mapped network shares. In summary, if there is a drive letter on your computer it will be scanned for data files by CTB Locker.

When CTB Locker detects a supported data file it will encrypt it using elliptical curve cryptography, which is unique to this ransomware infection. When the malware has finished scanning your drives for data files and encrypting them it will display a ransom screen that includes instructions on how to pay the ransom. It will also change your wallpaper to be the%MyDocuments%\AllFilesAreLocked <userid>.bmp file, which contains further instructiosn on how to pay the ransom. Finally it will also create the files %MyDocuments%\DecryptAllFiles <user_id>.txt and%MyDocuments%\<random>.html that also contain instructions on how to access the malware’s site in order to pay the ransom. More information about the ransom site will be discussed later in this guide.

Another uncommon characteristic of this infection is that it will communicate with its Command & Control Server directly via TOR rather than going over the Internet. This technique makes it more difficult, but not impossible, for law enforcement to track down the location of the C2 servers.

Last, but not least, each time you reboot your computer, the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. Therefore, it will not be unusual to find numerous copies of the same executable under different names located in the %Temp% folder.

Posted in Antivirus | Tagged | Leave a comment

Remove the PastaLeads and PastaQuotes Adware…

Remove the PastaLeads and PastaQuotes Adware
PastaLeads and PastaQuotes are adware programs that are commonly bundled with other free programs that you download off of the Internet. PastaLeads is an adware program that generates leads for companies under various search phrases. For example, if you search for health insurance it will display a form where you enter your information and then the program will send that lead to health insurance sales companies who will contact you. It will also deliver leads for other search terms that include tech support, car insurance, life insurance, lawn care, etc. Though this may sound like a useful service, the program can be intrusive and will display ads whether you want them to or not. Furthermore, any information you enter will be given to various 3rd party companies that may use that information for marketing purposes.

When installed, PastaLeads will create a Windows service that constantly runs in the background and also configures your web browser to use a proxy server. For the most part this adware is not difficult to remove, but there are cases where it doesn’t properly uninstall. This is especially the case if the program is uninstalled, but the proxy settings are not removed, which will cause your web browser to not be able to reach any sites. This guide will walk you through removing PastaLeads from your computer and web browsers using only free tools.

It is important to note that PastaLeads is not a computer infection that is installed through exploits or infections, but rather it is bundled along with free software that you download off the Internet. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed and allow you to opt out of them. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Posted in Antivirus | Tagged , | Leave a comment

Pandemiya: Entirely new trojan quietly wheeled into black hat forums, ATM “Hacked” by 14-year School Children and Gameover for CryptoLocker

Pandemiya: Entirely new trojan quietly wheeled into black hat forums
Pandemiya is nasty: it can steal data from forms, create fake web pages and take screen shots to send back to the botmasters who deploy it.

The software is modular and pervasive, and unique thanks to its ability to inject itself into all new processes via the Windows security registry function CreateProcess API… Like other trojans, Pandemiya is foisted on machines through exploit kits and drive-by infections that target vulnerabilities in buggy wares such as Java, Silverlight and Flash.


ATM “Hacked” by 14-year School Children
Two fourteen year old boys were able to access an ATM’s administrator mode using nothing but the default password they found in an online manual.

Although they were not able to access personal details (such as individual account details) or withdraw money, the boys were able to see how much cash was in the machine, how many transactions the machine had handled and other “off-limit” information. As a warning, or a prank, they were also able to change the ATM’s welcome message from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

After finding the weakness in the ATM’s security, the boys reported their findings to the Bank of Montreal’s local branch. After initial scepticism, the branch manager acted on the information and reported the flaw to the bank’s security department. He even gave the kids a letter to explain why they would be late returning to class.

Although fortunately, in this case, the kids were not malicious and no information or cash was stolen; it is an important reminder to us all to never leave those default passwords unchanged.


Gameover for CryptoLocker
Today the U.S Justice Department announced the successful takedown of the Gameover Zeus Botnet, which is a malware that steals bank credentials as well as acts as a distribution method for other malware. One of most well-known malware infections distributed by the Zeus Botnet, or ZBOT, malware was the ransomware called CryptoLocker. Through the combined efforts of the FBI, international law enforcement counterparts, and various private sector companies, the Gameover Zeus Botnet was successfully shutdown, servers seized, and the identity of one of its leaders, Evgeniy Mikhailovich Bogachev, was disclosed.

As was discovered back in September 2013, the main distribution method for CryptoLocker were ZBOT executables disguised as PDF files being mass emailed to company email addresses. These emails pretended to be from tax companies, Fedex, UPS, Xerox, and other business related organizations. Once a ZBOT attachment was opened, ZBOT would be installed and would eventually download and install CryptoLocker on the infected machine.

All in all, there is no doubt that this was a hugely successful operation and one that benefits everyone who uses a computer, but is it really the end of CryptoLocker? Furthermore, are the creators of the Zeus Botnet and CryptoLocker one and the same? What we do know is that McAfee, one of the companies involved with the takedown, prematurely posted a blog post about Operation Tovar before it was officially announced. This blog post was only public for a brief period before it was taken down. Unfortunately, it may have been enough time to let the Gameover or CryptoLocker developers know what was going on as the CryptoLocker Decryption Service page was replaced with a simple message. “stupid mcafee “. Unfortunately, this page is no longer accessible and showing a “Bad Gateway” message.

For now, more information about Operation Tovar can be found in the official United States Department of Justice complaint, their press release, and other court documents regarding Operation Tovar.

Posted in Antivirus | Tagged , , | Leave a comment

Avast Forum Taken Offline, Watch Dogs Launch Plagued and eBay Breach Affecting ~145MM and more..

Avast Forum Taken Offline
Today Avast posted a blog post detailing how their Avast Forum was hacked over the weekend and that it was taken offline as it is being rebuilt. According to the blog post less “than 0.2% of our 200 million users were affected.”, which means that hacker had access to approximately 400,000 user credentials. These credentials include nicknames, names, email addresses, and hashed (one-way encrypted) passwords. As it was only the forums that were hacked, no license or financial information was compromised.

Though the passwords were encrypted, it may still be possible for a hacker to crack the passwords. With that said, if you used the same password at the Avast Forums as other sites, please change the password immediately.


Watch Dogs Launch Plagued
The anticipated action-adventure game Watch Dogs launched today, but many people are not able to play due to problems with Ubisoft’s Uplay service. In order to play Watch Dogs, you need to login and connect to Uplay, which acts as the Digital Rights Management (DRM) for the game. Unfortunately, the Uplay service has been having issues for the past 2-3 hours leaving thousands without the ability to play their newly purchased game. Ubisoft has admitted to being aware of the issue, but has provided no details as to what the problem is or when the issues will be resolved.

When people are trying to login to Uplay they are instead being greeted with a message that states:

“A Ubisoft service is not available at the moment. You can Try again later or switch to Offline Mode”

When users attempt to switch to Offline Mode, some people are reporting success while others are unable to find Watch Dogs in their list of games. As you can imagine users are becoming frustrated with Ubisoft’s DRM that requires “always online” play for their titles.


eBay Breach Affecting ~145MM
eBay breach Affecting ~145 MM Cyber-attack, security breach, or a bug? They may all be essentially the same thing, however, the outcome is always the same. Change your password.

eBay has been hacked, and it will affect anywhere from 12 to 145 million users. PayPal, a subsidiary of eBay, has announced it was unaffected by the breach.

According to several sources on the Internet today, eBay will be issuing notices to ask people to change passwords. eBays stock plummeted this morning to 50.30 (the 52-week low was 48.06) before starting to rise.

At the time of this writing, many portions of the Investor Relations corporate website for eBay were not available. After attempting to access the In The News section of the site, it was not available most of the day (many times that is fed by Bloomberg to the IR portion of publically-traded companies). It appeared analysts were most likely updating the buy, sell or hold recommendations, and Bloomberg had difficulty keeping up with the traffic.

Posted in Antivirus | Tagged , , | Leave a comment

Windows Internet Guard, Key-Finder.com Browser Hijacker and WebsSearches.com Browser Hijacker Removal Guide

Windows Internet Guard Removal Guide
Windows Internet Guard is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Internet Guard is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Internet Guard is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Internet Guard will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Key-Finder.com Browser Hijacker Removal Guide
The Key-find.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Key-find.com without your permission. Furthermore, this adware will append the argument http://www.key-find.com/?type=hp&ts=<timestamp>&from=<affiliate_id>&uid=<disk_id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Key-find.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Key-Find from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the Key-Find website without giving you the option to remove it and revert back to your original browser settings.


WebsSearches.com Browser Hijacker Removal Guide
The WebsSearches.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to WebsSearches.com without your permission. Furthermore, this adware will append the argument http://istart.webssearches.com/?type=sc&ts=<timestamp>&from=<affiliate_id>&uid=<disk_id> to various web browser shortcuts and sometimes non-internet related programs. This causes the WebsSearches.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls WebsSearches from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the WebsSearches website without giving you the option to remove it and revert back to your original browser settings

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus.

Posted in Antivirus | Tagged , | Leave a comment

Windows Web Watchdog, Windows AntiBreach Patrol and Windows Antivirus Patrol Removal Guide

Windows Web Watchdog Removal Guide
Windows Web Watchdog is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Web Watchdog is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Web Watchdog is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Web Watchdog will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Windows AntiBreach Patrol Removal Guide
Windows AntiBreach Patrol is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiBreach Patrol is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiBreach Patrol is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows AntiBreach Patrol will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Windows Antivirus Patrol Removal Guide
Windows Antivirus Patrol is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Antivirus Patrol is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Antivirus Patrol is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Antivirus Patrol will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.

Contact ResolutionsMSP for help resolving any computers that have been infected from these virus.

Posted in Antivirus | Tagged , | Leave a comment

Windows Antivirus Helper, Sweet-page.com Browser Hijacker and Windows AntiVirus Tool Removal Guides

Windows Antivirus Helper Removal Guide
Windows Antivirus Helper is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Antivirus Helper is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Antivirus Helper is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.


Sweet-page.com Browser Hijacker Removal Guide
The Sweet-page.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Sweet-page.com without your permission. Furthermore, this adware will append the argument http://www.sweet-page.com/?type=hp&ts=<timestamp>&from=tugs&uid =<hard-disk-id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Sweet-page.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Sweet-page from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the Sweet-page website without giving you the option to remove it and revert back to your original browser settings. To remove this browser hijacker and clean the affected shortcuts, please use the removal guide below.


Windows AntiVirus Tool Removal Guide
Windows AntiVirus Tool is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiVirus Tool is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiVirus Tool is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus.

Posted in Antivirus | Tagged , | Leave a comment

Awesomehp.com Browser Hijacker, LiveSupport and Windows Ultimate Booster Removal Guides

Awesomehp.com Browser Hijacker Removal Guide
The Awesomehp.com is a program that is part of the Adware.LinkHijacker family of adware. This program is bundled with various software that you can download for free and when installed will hijack your web browser and search engine so that it is set to Awesomehp.com. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Awesomehp.com without your permission. Furthermore, this adware will append the argument http://www.awesomehp.com/?type=hp&ts=<timestamp>&from=air&uid=<hard drive id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Awesomehp.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Awesome from your computer and instead you need to use the specialized tools found in this guide to clean your shortcuts so your programs start normally.


LiveSupport Removal Guide
The LiveSupport program is a small program that displays contact information for a remote support company and suggests that you download a variety of security programs to protect your computer. This program is commonly bundled with free programs that you can download off of the Internet. These free programs bundle adware programs like LiveSupport in order to generate revenue even though the program you wanted is free. Once installed, Live Support will automatically start when you login to Windows and display an icon of a remote-support person’s head on the title bar of the active Window. When you click on this head icon, you will be shown a screen that offers a remote support number, which is currently 1-855-544-6024, as well as a tab that pretends to perform a system check and recommends two of four programs. The programs it promotes are Driver Pro, Optimizer Pro, Driver Updater, and System Performance Optimizer.


Windows Ultimate Booster Removal Guide
Windows Ultimate Booster is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays fake scan results, fake security warnings, and does not allow you to run programs on your computer. Windows Ultimate Booster is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

When Windows Ultimate Booster is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus

Posted in Antivirus | Tagged , | Leave a comment