Find us on Google+ Virus Removal 911 | Remote PC Virus Removal Service across America

Laptop display turns off and on when connecting, disconnecting charger

 laptop display turning on and off


This issue normally happens when you have a bought a new laptop of any brand. So it is not a brand specific issue and can happen to any brand of laptop. When you connect the laptop charger, the lcd display of the laptop will turn off and back on for a second or two. When you disconnect the laptop charger, the lcd will turn off and back on for a second or two.

There have been instances where some folks have thought that it is a problem with the lcd display and have actually contacted the manufaturer of the laptop to return it.

However, it is not an issue with the laptops lcd. It just needs a simple fix in changing the refresh rate of the respective laptops lcd.

How to fix it?

Go to the desktop screen of the laptop which has the issue of display turning on and off.

Right click on the desktop

Select Graphic properties

Depending on which graphics card your laptop has, it will go to the respective settings for the laptops display.

In the settings you will find a refresh rate option which in all likeliness would be set at 60hz.

To fix the issue change the refresh rate to either 50 hz or 40 hz depending on which option is available. Some laptop display settings will have options of 60 and 50 and some may have options of 60 and 40 hz. Just change it from 60 to 50 or 40 hz.

Then save the settings of the display properties.

Once done, you can try connecting and disconnecting the charger and the issue of laptop display turning on and off when connecting and disconnecting laptop charger will be fixed.

Latest Java version 7 update 71 - October 2014


Oracle has released the latest update to Java, titled Java version 7 update 71 in October 2014.

To update please go to www.Java.com

For steps on how to update read here



Zeus Trojan Virus

zeus trojan virus


Zeus Trojan virus was first discovered in 2010 and is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit. 

Zeus Trojan virus is also technically referred to as Trojan-Spy:W32/Zbot, PWS-Zbot, Trojan-Spy.Win32.Zbot, Win32/Zbot, Infostealer.Monstres, Infostealer.Banker.C, Trojan.Wsnpoem.Troj/Zbot-LG, Troj/Agent-MDL, Troj/Zbot-LM, Troj/TDSS-BY , Troj/Zbot-LO , Troj/Buzus-CE , Sinowal.WUR [Panda Software], Troj/QakBot-D , Troj/Agent-MIR , Troj/Qakbot-E , Troj/QakBot-G , Troj/QakBot-F , Troj/Agent-MJS , Troj/Agent-MKP , Troj/Zbot-ME , Troj/Dloadr-CYP , Win32/Zbot.WY Troj/DwnLdr-IBQ , Troj/Zbot-NG , W32/Zbot-NI , Troj/Zbot-NN , Troj/DwnLdr-ICV , Troj/DwnLdr-ICY , Troj/DwnLdr-IDB , Troj/Dldr-DM , Troj/Zbot-NR , Troj/Zbot-NS , Troj/Agent-MWK , Troj/FakeAV-BDB , Troj/Agent-MYL , Troj/Agent-NAX , Troj/Zbot-OD , Troj/Zbot-OE , Troj/Zbot-OT , Troj/FakeAV-BGJ , Troj/VB-EPV , Troj/VB-EQA , Troj/Zbot-PE , Troj/Zbot-OZ , Troj/Zbot-PA , Troj/Zbot-OY , Troj/FakeAV-BHP , Troj/Zbot-OX , Troj/Agent-NIV , Troj/Zbot-PM , Troj/Zbot-PQ , Troj/Agent-NKD , Troj/Zbot-PP , Troj/Zbot-PN , Troj/Zbot-PX , Troj/Zbot-PW , Troj/Zbot-PY , Troj/Zbot-PT , Troj/Zbot-PV , Troj/Zbot-QC , Troj/Zbot-QD , Troj/Zbot-QK , Troj/Zbot-QZ , Troj/VB-ERY , Troj/Zbot-RA , Troj/Zbot-RK , Troj/Dloadr-DAD , Troj/Zbot-RP , Troj/Zbot-RY , Troj/Zbot-SC , Troj/Zbot-SD , Troj/Zbot-SB , Troj/Zbot-SF , Troj/Zbot-SV , Troj/Agent-NUO , Troj/Zbot-SP , Troj/Meredrop-K , Troj/Zbot-SX , Troj/Zbot-SY , Troj/Zbot-SR , Troj/Zbot-TG , Troj/Zbot-TQ , Troj/Zbot-TY , Troj/ZBot-UL , Troj/Zbot-VN , Troj/Zbot-VM , Troj/Zbot-VQ , Troj/Zbot-WD , Troj/Zbot-WF , Troj/Zbot-XA , Troj/Agent-OLW , Troj/Zbot-XO , Troj/Zbot-XN , Troj/Zbot-YB , Troj/Zbot-YE , Troj/Zbot-YO , Troj/Zbot-YP , Troj/ZBot-ZJ , Troj/Zbot-AAN , Troj/Zbot-AAM , Troj/Zbot-ACI , Troj/Zbot-AGC , Troj/Zbot-AGJ , Troj/Zbot-AHE , Troj/Zbot-AHD , Troj/Zbot-AIR.

The Zeus Trojan virus Trojan.Zbot files that are used to compromise computers are generated using a toolkit that is available in marketplaces for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers. 

The 
Zeus Trojan virus itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. 

The computer is compromised if the user visits the link, if it is not protected. 
This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes. 

Confidential information is gathered through multiple methods. Upon execution the Trojan automatically gathers any Internet Explorer, FTP, or POP3 passwords that are contained within Protected Storage (PStore). However, its most effective method for gathering information is by monitoring Web sites included in the configuration file, sometimes intercepting the legitimate Web pages and inserting extra fields (e.g. adding a date of birth field to a banking Web page that originally only requested a user name and password). 

Additionally, 
Zeus Trojan virus contacts a command-and-control (C&C) server and makes itself available to perform additional functions. This allows a remote attacker to command the Trojan to download and execute further files, shutdown or reboot the computer, or even delete system files, rendering the computer unusable without reinstalling the operating system. 

PREVENTION AND AVOIDANCE 
The following actions can be taken to avoid or minimize the risk from this threat. 


User behavior and precautions
 
Zeus Trojan virus relies heavily on social engineering in order to infect computers. The spam email campaigns used by attackers attempt to trick the user by referencing the latest news stories, playing upon fears their sensitive information has been stolen, suggesting that compromising photos have been taken of them, or any number of other ruses. 

Users should use caution when clicking links in such emails. Basic checks such as hovering with the mouse pointer over each link will normally show where the link leads to. Users can also check online Web site rating services such as 
safeweb.norton.comto see if the site is deemed safe to visit. 

Patch operating system and software 
The attackers behind this threat have been known to utilize exploit packs in order to craft Web pages to exploit vulnerable computers and infect them with Trojan.Zbot. 

Users are advised to ensure that their operating systems and any installed software are fully patched, and that antivirus and firewall software is up to date and operational. Users should turn on automatic updates if available, so that their computers can receive the latest patches and updates when they are made available. 


INFECTION METHOD 
Zeus Trojan virus is known to infect computers through a number of methods. We will examine each of these methods in more detail. 

Spam emails 
The attackers behind 
Zeus Trojan virus have made a concerted effort to spread their threat using spam campaigns. The subject material varies from one campaign to the next, but often focuses on current events or attempt to trick the user with emails purported to come from well-known institutions such as FDIC, IRS, MySpace, Facebook, or Microsoft. 

Drive-by downloads 
The authors behind Trojan.Zbot have also been witnessed using exploit packs to spread the threat via drive-by download attacks. When an unsuspecting user visits one of these Web sites, a vulnerable computer will become infected with the threat. 

The particular exploits used to spread the threat vary, largely depending on the proliferation and ease-of-use of exploits available in the wild at the time the Trojan is distributed. 

FUNCTIONALITY 
The 
Zeus Trojan virus threat is actually comprised of three parts: a toolkit, the actual Trojan, and the command & control (C&C) server. The toolkit is used to create the threat, the Trojan modifies the compromised computer, and the C&C server is used to monitor and control the Trojan. 

This video describes these aspects of Zeus: 
Zeus: King of crimeware toolkits 

Toolkit 
Zeus Trojan virus is created using a toolkit that is readily available on underground marketplaces used by online criminals. There are different versions available, from free ones (often back doored themselves) to those an attacker must pay up to $700 USD for in order to use. These marketplaces also offer other Zeus-related services, from bulletproof hosting for C&C servers, to rental of already-established botnets. 

Regardless of the version, the toolkit is used for two things. First, the attacker can edit and then compile the configuration file into a .bin file. Secondly they can compile an executable, which is then sent to the potential victim through various means. This executable is what is commonly known as the Zeus Trojan or Trojan.Zbot. 

The ease of use of the toolkit user interface makes it very easy and quick for nontechnical, would- be criminals to get a piece of the action. Coupling this with the multitude of illicit copies of the toolkit circulating in the black market ensures that Trojan.Zbot continues to be one of the most popular and widely seen Trojans on the threat landscape.


System modifications
While unusual in today’s threat landscape, 
Zeus Trojan virus tends to use many of the same file names across variants. Given the way that the toolkit works, each revision tends to stick to the same file names when the executables are created. While the initial executable can be named whatever the attacker wants it to be, the files mentioned in the following subsections refer to the names used by the currently known toolkits.


User account privileges
The location that 
Zeus Trojan virus installs itself to is directly tied to the level of privileges the logged-in user account has at the time of infection. If the user is an administrator, the files are placed in the %System% folder. If not, they are copied to %UserProfile%\Application Data.


Trojan executable
Trojan.Zbot generally creates a copy of itself using one of the following file names:


  • ·         ntos.exe
  • ·         oembios.exe
  • ·         twext.exe
  • ·         sdra64.exe
  • ·         pdfupd.exe 


Configuration file
The threat creates a folder named “lowsec” in either the %System% or %UserProfile%\Application Data folder and then drops one of the following files into it:


  • ·         video.dll
  • ·         sysproc32.sys
  • ·         user.ds
  • ·         ldx.exe 

While the extensions vary here, these are all text-file versions of the configuration file previously created and then compiled into the Trojan using the Zeus toolkit. This file contains any Web pages to monitor, as well as a list of Web sites to block, such as those that belong to security companies. It can also be updated by the attacker using the threat’s back door capabilities.

Here is a portion of a sample configuration file:

Entry “DynamicConfig”
url_loader “http://[REMOVED].com/zeusbot/ZuesBotTrojan.exe”
url_server “http://[REMOVED].com/zeusbot/gate.php”
file_webinjects “webinjects.txt”
entry “AdvancedConfigs”
;
end
entry “WebFilters”
“!http://[REMOVED].com”
“https:// [REMOVED].com/*”
“!http://[REMOVED].ru/*”
end
entry “WebDataFilters”
; “!http://[REMOVED].ru/*” “passw;login”
end
entry “WebFakes”
; “http://[REMOVED].com” “http://[REMOVED].com” “GP” “” “”
end
entry “TANGrabber”
“https://[REMOVED].com/*/jba/mp#/SubmitRecap.do” “S3C6R2” “SYNC_TOKEN=*” “*”
end
entry “DnsMap”
;127.0.0.1
end
end


Stolen data file

A second file is dropped into the “lowsec” folder, with one of the following file names:


  • ·         audio.dll
  • ·         sysproc86.sys
  • ·         local.ds

This file serves as a storage text file for any the stolen information. When a password is obtained by the threat, it is saved in this file and later sent to the attacker.


Registry subkeys and entries created
In addition, the threat adds itself to the registry to start when Windows starts, using one of two subkeys:


·         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\sdra64.exe"
·         HKEY_CURRENT_USER\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\”userinit” = “%UserProfile%\Application Data\sdra64.exe”

If the logged-in account at the time of infection has administrative privileges, the first entry is created. If the account has limited privileges, the second is used.


Service injection 
Depending on the level of privileges, 
Zeus Trojan virus will inject itself into one of two services. If the account has administrative privileges, the threat injects itself into the winlogon.exe service. If not, it attempts to do the same with the explorer.exe service.

The threat also injects code into an svchost.exe service, which it later uses when stealing banking information.


Command and control server
When 
Zeus Trojan virus is installed, it reports back to the C&C server that is referenced in the configuration file when the executable was created using the toolkit. The first thing it checks for is an updated version of its configuration file.


Back door
The back door to the C&C server provides the attacker with a versatile set of options for how he or she can use the compromised computer. For example, attackers can perform any of the following actions, if they so wish:


  • ·         Restart or shut down the computer
  • ·         Delete system files, rendering the computer unusable
  • ·         Disable or restore access to a particular URL
  • ·         Inject rogue HTML content into pages that match a defined URL
  • ·         Download and execute a file
  • ·         Execute a local file
  • ·         Add or remove a file mask for local search (e.g. hide the threat’s files)
  • ·         Upload a file or folder
  • ·         Steal digital certificates
  • ·         Update the configuration file
  • ·         Rename the bot executable
  • ·         Upload or delete Flash cookies
  • ·         Change the Internet Explorer start page

The domains that the back door connects to vary, depending on what the attacker has included in the configuration file.


Server-side control panel
The C&C server not only allows the attacker to perform a number of functions on a compromised computer, but also gives them the ability to manage a botnet of Zeus-infected computers. An attacker can monitor statistics on the number of infected computers he or she controls, as well as generate reports on the stolen information the bots have gathered. 
Information gathering
Once installed 
Zeus Trojan virus will automatically gather a variety of information about the compromised computer, which it sends back to the C&C server. This information includes the following:


  • ·         A unique bot identification string
  • ·         Name of the botnet
  • ·         Version of the bot
  • ·         Operating system version
  • ·         Operating system language
  • ·         Local time of the compromised computer
  • ·         Uptime of the bot
  • ·         Last report time
  • ·         Country of the compromised computer
  • ·         IP address of the compromised computer
  • ·         Process names

Password stealing
The core purpose of 
Zeus Trojan virus is to steal passwords, which is evident by the different methods it goes about doing this.

Upon installation, 
Zeus Trojan virus will immediately check Protected Storage (PStore) for passwords. It specifically targets passwords used in Internet Explorer, along with those for FTP and POP3 accounts. It also deletes any cookies stored in Internet Explorer. That way, the user must log in again to any commonly visited Web sites, and the threat can record the login credentials at the time.

A more versatile method of password-stealing used by the threat is driven by the configuration file during Web browsing. When the attacker generates the configuration file, he or she can include any URLs they wish to monitor. When any of these URLs are visited, the threat gathers any user names and passwords typed into these pages. In order to do this, it hooks the functions of various DLLs, taking control of network functionality. The following is a list of DLLs and the APIs within them that are used by Trojan.Zbot: 
WININET.DLL


  • ·         HttpSendRequestW
  • ·         HttpSendRequestA
  • ·         HttpSendRequestExW
  • ·         HttpSendRequestExA
  • ·         InternetReadFile
  • ·         InternetReadFileExW
  • ·         InternetReadFileExA
  • ·         InternetQueryDataAvailable
  • ·         InternetCloseHandle

WS2_32.DLL and WSOCK32.DLL


  • ·         send
  • ·         sendto
  • ·         closesocket
  • ·         WSASend
  • ·         WSASendTo

USER32.DLL


  • ·         GetMessageW
  • ·         GetMessageA
  • ·         PeekMessageW
  • ·         PeekMessageA
  • ·         GetClipboardData

Zeus Trojan virus can also inject other fields into the Web pages it monitors. To do this, it intercepts the pages as they are returned to the compromised computer and adds extra fields. For example, if a user requests a page from their bank’s Web site, and the bank returns a page requiring a user name and password, the threat can be configured to inject a third field asking for the user’s Social Security Number. 

System Optimizer Pro Malware

System Optimizer Pro



System Optimizer Pro is a malware. A malware is a malicious software which will be installed on your computer, either via downloads that you have done, or through links on emails that you would have innocently clicked on. Most downloads nowadays, say they are free, and along with it comes a lot of unwanted and malicious software that one day or the other would start popping up. These pop-ups like System Optimizer Pro would appear to run scans on your computer and falsely indicate that your systems registry is corrupt. In most cases it is these very malwares that corrupt the operating systems registry.

These pop-ups like System Optimizer Pro can get very annoying, and they will keep coming up till you do not pay for the software. However, it is advised that you do not pay for these softwares, as that would just continue the process and your computer could get infected with other similar malwares like, Reg Clean Pro, Reg Cure Pro, to name a few of the malwares out there.

How to remove System Optimizer Pro

There are different ways to remove System Optimizer Pro off your computer, but it depends on a lot of factors, like if there are other malicious programs too, to what extent it has infected the computer, etc.

If you are technically confident you can try uninstalling it yourself, else we would advise getting it done by our professional service. We would remotely connect and do a complete diagnosis of the system at no cost, and then give you a no obligation quote to get the issue fixed remotely at your convenience.

If your computer is infected with System Optimizer Pro, Reg Clean Pro, Reg Cure Pro and you need it professionally removed for good, with your computer being secured and optimized thereafter, call Roy on 1-888-280-9696 or +1 (360) 244-4302 or email roy@serenityglobalsolutions.com or Skype on id: sof.tek

Reg Cure Pro Malware

reg cure pro malware


What is Reg Cure Pro

Reg Cure Pro is a malware. A malware is a malicious software which will be installed on your computer, either via downloads that you have done, or through links on emails that you would have innocently clicked on. Most downloads nowadays, say they are free, and along with it comes a lot of unwanted and malicious software that one day or the other would start popping up. These pop-ups like Reg Cure Pro would appear to run scans on your computer and falsely indicate that your systems registry is corrupt. In most cases it is these very malwares that corrupt the operating systems registry.

These pop-ups like Reg Cure Pro can get very annoying, and they will keep coming up till you do not pay for the software. However, it is advised that you do not pay for these softwares, as that would just continue the process and your computer could get infected with other similar malwares like Reg Clean Pro, System Optimizer Pro, to name a few of the malwares out there.

How to remove Reg Cure Pro

There are different ways to remove Reg Cure Pro off your computer, but it depends on a lot of factors, like if there are other malicious programs too, to what extent it has infected the computer, etc.

If you are technically confident you can try uninstalling it yourself, else we would advise getting it done by our professional service. We would remotely connect and do a complete diagnosis of the system at no cost, and then give you a no obligation quote to get the issue fixed remotely at your convenience.

If your computer is infected with Reg Cure Pro, Reg Clean Pro, System Optimizer Pro and you need it professionally removed for good, with your computer being secured and optimized thereafter, call Roy on 1-888-280-9696 or +1 (360) 244-4302 or email roy@serenityglobalsolutions.com or Skype on id: sof.tek

Reg Clean Pro Malware

reg clean pro malware

What is Reg Clean Pro

Reg Clean Pro is a malware. A malware is a malicious software which will be installed on your computer, either via downloads that you have done, or through links on emails that you would have innocently clicked on. Most downloads nowadays, say they are free, and along with it comes a lot of unwanted and malicious software that one day or the other would start popping up. These pop-ups like Reg Clean Pro would appear to run scans on your computer and falsely indicate that your systems registry is corrupt. In most cases it is these very malwares that corrupt the operating systems registry.

These pop-ups like Reg Clean Pro can get very annoying, and they will keep coming up till you do not pay for the software. However, it is advised that you do not pay for these softwares, as that would just continue the process and your computer could get infected with other similar malwares like Reg Cure Pro, System Optimizer Pro, to name a few of the malwares out there.

How to remove Reg Clean Pro

There are different ways to remove Reg Clean Pro off your computer, but it depends on a lot of factors, like if there are other malicious programs too, to what extent it has infected the computer, etc.

If you are technically confident you can try uninstalling it yourself, else we would advise getting it done by our professional service. We would remotely connect and do a complete diagnosis of the system at no cost, and then give you a no obligation quote to get the issue fixed remotely at your convenience.

If your computer is infected with Reg Clean Pro, Reg Cure Pro, System Optimizer Pro and you need it professionally removed for good, with your computer being secured and optimized thereafter, call Roy on 1-888-280-9696 or +1 (360) 244-4302 or email roy@serenityglobalsolutions.com or Skype on id: sof.tek