The UPS virus has caused some havoc recently. I understand it's delivered via email as a ups notification of delivery with a zip file attachment. Of course, UPS didn't send it. Don't open the zip file. The virus deploys braviax.exe and burito.exe and the removal procedure might lead to windows corruption.

"Agent.JEN connects to a Russian domain (already used by other banker Trojans) and uses it to send a request to a German domain to download a rootkit and an adware detected by PandaLabs as Rootkit/Agent.JEP and Adware/AntivirusXP2008. This increases the risk of infection even more." So there's Antivirus XP2008 which is the Joke Blue Virus aka 'blue joke virus', which I discuss how to remove also. See 'Remove Blue Joke Screen' (blue star virus removal.

I haven't worked on it, but this is the info I have garnered from other sites. Nasty files turning up are: buritos.exe, karina.exe, karina.dat, and braviax.exe. Karina Virus removal, Buritos Virus, Final Solution.

Please read through all comments in this UPS Computer Virus Module. See Forum SOURCE Final Solution. Note they substituted using F-Prot antivirus with NOD32. I have read through other PC Help forums, but liked their results. I have compiled this information from other PC Help forums, but prefer the results from the the Source's 'Final Solution' (see Red Module).

UPS virus removal:

Apparently ComboFix can remove it via a special script. Source
Also, F-Prot Antivirus trial can identify the UPS virus and quarantine it.
Download the 30 days fully functional trial from here and try it.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\buritos.exe
C:\WINDOWS\system32\karina.dat
C:\WINDOWS\karina.dat

Folder::
C:\WINDOWS\system32\wsnpoem

Driver::
Ppu54

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Ppu54.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\buritos]
------------------------------------------------------------------------

3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again. How to use ComboFix.

You can also read forum comments on this link to see what other people did to get rid of it.

or, try:

This looks like something you'll need a whole arsenal of programs to get rid of.

but first,

Start, run

Type msconfig

Go to Startup tab

Uncheck lphc35dj0e1an
Uncheck rhc75dj0e1an

in General tab, tick 'Selective Start-up', 'Apply', OK

and delete these specific files below if MalwareBytes, ComboFix, or another scanner you ran can't get rid of them:

C:\windows\system32\lphc35dj0e1an.exe
C:\program files\rhc75dj0e1an\rhc75dj0e1an.exe

and if they keep popping back then use Pocket KillBox.

Karina Virus, Buritos Virus Removal - the Source's Final Solution:

Make sure you have 'show all hidden files' enabled, and go into Safe Mode to do the scans.

TR (Trojan Remover)
MalwareBytes
NOD32 Antivirus

The solutions recommended in all "Virus Removal Modules" such as UPS Virus, Karina Virus, Burito Virus, Joke Blue Virus Modules are for the final removal of specified malware and does not preclude the recommended use of an:

anti-virus scanner
anti-spyware scanner
anti-adware scanner
anti-malware scanner

In other words do all standard scans! Please note that I also recommend restarting your PC after each scan that eliminated malware. Prior to any scanning, System Restore must be turned off and then turned back on after all infections are eliminated.

In all of virus removal jobs I've done recently, I've had to employ MalWareBytes. So an anti-malware scanner should now be included in the "Top Must Have's". I consider MalWareBytes to be the best. It's free to try for 30 days or buy. In fact, on my last job, MalWareBytes removed a Trojan.Vundo and I double checked with a clean scan with VundoFix. Here is a new revised version of VundoFix Version 7.

System Restore is a protected folder. These are the steps for virus removal in System Restore. If your Anti-virus Scanner has reported viruses in System Restore, but is unable to delete them, then these are the steps to take:

Depress 'Start', 'All Programs', 'Accessories', 'System tools', 'System Restore', tick "System Restore Settings" and tick "Turn Off System Restore in All Drives". Click Apply and Click OK.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Do another Virus Scan. Next turn off virus software protection and do your spyware and adware scans. Once scans have removed the problems, turn on Anti-virus protection and reset System Restore back on. If you still have problems removing stubborn code then try Pocket KillBox.

Malware can also damage Windows files. If you have your original Windows CD then run this scan. In some instances you will not be asked for the Windows CD.

Start, Run, sfc /scannow

(one space between sfc and /)

on some computers you will need to do:

Start, Run, sfc /scannow.exe

How to Use SFC.EXE to Repair System Files

Windows then checks to verify that all protected files are intact in their original versions. Be prepared to insert your Windows CD.

"The main reason for using this utility is when you suspect there may be a problem with a Windows XP system file.

Perhaps you get a dialog box appear informing you of a problem with a .dll file, or your program will just not load! It is therefore worth checking to see if there are any corrupt system files using scannow sfc."

Guide and procedures on sfc /scannow.

Well I was just checking out my Kijiji ads and lo and behold one of the Google sponsored ads was for, Antivirus XP 2008! So, I'm assuming when you click on this ad and go to the url, this is when the adware and malware is delivered onto your PC. This is the lovely Joke Blue Virus.

PC infected

Anytime you have a notification on your desktop that you have a virus, and to download such n such, then, you already have a virus or adware, and it's from them! So, why buy from someone who gave you the malicious code in the first place???

This is a rogue anti-spyware program that is advertised through Trojans and other Malware. If you mistakenly downloaded this program it will pop up fake security alerts and warnings. In some cases, this program is installed without any intervention at all from you.

joke blue screen virus removal - blue screen virus fix:

Joke Blue Virus is malicious code that MalwareBytes destroys.

I also had to use SDFix from BleepingComputer.com on one computer infected with Blue Joke Virus and it got rid of the remaining Trojan.

SDFix is for Windows 2000/XP ONLY.

How to use SDFix.

In most cases it requires a total of 3 scans for joke blue virus removal. If you still can't get it out, then contact me!

Instructions on how to remove Vista Antivirus 2008.

Computer Help - Virus Removal

I'm beta testing another remote control that is very fast which has a lot of great features. You can contact me by email at compusword@gmaildotcom if you need assistance.



Remote Control Software assists helpers to gain remote access to a PC to remove malware, while still freeing up the helpers PC to do research of the code found on the infected PC. It also allows for easy and quick transfers of executable programs from helpers PC to infected PC to aid in the elimination of malware.

Free computer virus scans on-line do not do a deep scan, so they might not remove your computer virus infection. However, here are 3 very good on-line scans from F-Secure, Avast, and Trend.

PC Tools: I recommend you download a free virus protection program - either AntiVir or Avast.

Another great antivirus program that is being mentioned as a good fix for the recent threats is one of the most thorough scanners on the market. The Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware other products miss! Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System. Their Dedicated Threat Research Team scours the web for new threats and provides daily definition updates. I'll be writting up more on what this SUPERAntiSpyware anti-virus program (free trial download) can do.

Download and open SuperAntiSpyware from icon and install and Update it.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Under no circumstances should you install more than one anti-virus software. This will compromise your system and leave your PC vulnerable to infection.

If you wish to try out a new anti-virus software, then download the .exe file, uninstall the old anti-virus software through Add/Remove in the Control Panel and then install the new anti-virus software.

Uninstall Malware from Windows Add/Remove Program Tab

Go to Start > Control Panel > Add / Remove Programs and uninstall any of the following malware/spyware/adware programs if you find them listed.

180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
ISTbar
ISTSvc
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update

These are Optional removals but we recommend you remove them as well.

Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent

Continue to this page:

Spywarewarrior list of Rogue spyware

BleepingComputer Uninstall List

8. Buy a Router. You absolutely must be using a router if you have broadband internet access (through cable, dsl, etc., anything access except dialup). This is the simplest and most effective security measure anyone can take. Routers are small boxes, can cost anywhere from $20 to $80 depending upon many factors, and can be found in any electronics or computer store. There are some simple steps everyone can take, some more advanced then others, but even doing the basics can make your security far better then most, and keep intruders out of your computer.

7. Modify your HOSTS file - by preventing malicious software from communicating outside your computer. This allows you to surf the Net anonymously. Blocking Unwanted Parasites with a Hosts File and Download and Install Instructions for the MVPS HOSTS File. This is a zip file and here is a free Open Source zip extractor 7-Zip.

6. disable 'File Sharing' = My Computer, Click Tools, Folder Options, Click the View tab. Under Advanced Settings, scroll to the bottom and uncheck the box next to - 'Use simple file sharing (recommended)'. Click Apply > OK.

5. upgrade your anti-virus program and have a whole suite of products besides an anti-virus program, such as anti-malware, anti-spyware, anti-adware, anti-trojan, and firewall.

4. update your Window's security patches and update for non-microsoft products such as Java, RealNetworks, etc.

3. automatically block access to malicious sites by using anti-phishing tools, and 3rd party tools. For networks get the free OpenDNS.

2. harden the browser - use Firefox instead of Internet Explorer. Run with as few privileges as you can i.e. preferrably browse the internet in a Non-administrator account, or get Drop My Rights (Windows Vista already has this).

Firefox is a much safer browser and you can download a plugin called WOT that rates every site. It rates each site by Trustworthiness, Vendor Reliability, Privacy and Child Safety.

1. Security Awareness Training - human element is the weakest link in internet security. Users need to be trained to use discretion and good judgement while on the Internet.

Note: Spyware Removers that are often advertised through Google Ads (hint - see top, side and bottom of this blog) most often have spyware on them!!!

Start the System Configuration Utility. Do 'Run', type 'msconfig', then go to 'Startup'. View the list of startup programs. Highlight on the far left the startup program name you do not recognize, copy and paste it into a google search and research it on the internet. If it is questionable or considered malicious then untick it. Do not untick necessary startup programs! Then click 'Apply'. Do not close yet. Go to the tab 'General' and tick 'Selective Startup' and then tick 'OK'.

You've run all your scans, but can't remove certain threatening files, then kill them with Pocket KillBox.

Pocket KillBox is a really usefull application that you can use to remove certain files from your pc that wont allow themselves to be deleted.

Killbox is extremely simple to use and never seems to fail. Overall it is a highly recommended download.

Download Pocket-Killbox, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Right click on your Desktop and select Properties.
Then click the Desktop tab
then click the Customize Desktop button.
Now in the next window that comes up click the Web tab.
Make sure at the bottom that Lock desktop items is unchecked.
Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too.
Then click OK.
Click Apply. And click OK.

Simple Help

Trojans Test

ZoneAlarm Firewall

FREE Spyware Removal and Antivirus Tools

There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out

Virus Bulletin
Trend's Virus Encyclopedia
ESET Threat Center
Web Security Guard
Threat Expert

If you have DSL or Cable Broadband Internet access, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.

Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your port's status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

Securing your home computer system with a Linux firewall
Disable NetBIOS and SMB to protect public Web servers
8 Steps to a Secure SOHO

This test will detect how vulnerable your computer is to exploits attacks. This test can be also used to test firewalls and routers for stability and reactions to unexpected packets. Most of the exploits are in fact denial-of-service attacks.

Note: Tick box 'Select All'; it won't show ticks in the other boxes, but if you tick each box the test won't work.

The most likely ways you will know of an attack will be in the form of some sort of control of your computer that you are not responsible for. A classic example of this is the mouse moving over the screen without your control, or messages being typed on the screen without you pressing the keyboard.

The most important thing to do in this situation is to remove the Internet connection. The best way to do this is remove the physical cable from the computer or router or wall socket. Removing the physical cable means there is no way anyone can attempt to establish a connection to your computer.

Once this has been done, run a full system scan. Trojans and Spyware are the main reason a connection between you and the hackers has been established. If any viruses were found and removed, the chances of you being hacked are slimmer.

If you have a firewall, open up the program and see if there any settings to increase the security level.

If you are on a large network, contact your superiors immediately, and then get in touch with the network administrators and they can tell you what to do next. In this situation, it is more likely a vulnerability in the network setup, in which case the firewall will be at a loss to help you.

Once you have run a full system scan with your Anti-Virus scanner the next stage is to run all windows updates to fix any security vulnerabilities that may allow hackers in through a back door. To run windows updates, visit - http://windowsupdate.microsoft.com If you have been hacked it is very hard to tell exactly what has been tampered with, so it may be an idea not to back up any files until they have been thoroughly checked, and if possible, not backed up at all. If you are having serious problems with hacking attacks it is advisable to fully format the disk, and reinstall Windows, which will eliminate any programs or files installed by the hackers. This is quite an extreme method, but does yield failsafe results.

Configure the program for automatic cleanup. To do this at startup, create a shortcut in the Start menu (or in the user's roaming profile) that invokes CCleaner with the /AUTO command-line switch. This performs all of the standard cleaning actions; the program closes automatically after it's done. Run the program once first, by hand, to select the appropriate cleaning options to use by selecting Cleaner from the left-hand menu and then checking or unchecking all the appropriate options in the Windows and Applications tabs.

Set the program to clean out Temp directories in User Profile folders. These directories -- usually found in \Documents and Settings\\Local Settings\Temp -- are a massive dumping ground of data used by various programs, especially installers, which routinely unpack files into them and leave them there. Many problems with a given user profile can be traced to a garbage-cluttered Temp folder.

One word of caution about Custom Folders: CCleaner uses a directory-tree interface to let the user select the directory to add to the Custom Folders list. It's not possible to type in a path by hand, and the tree will not show hidden files or folders if they are disabled in Explorer (i.e., it reflects Explorer's current behavior vis-a-vis those files).

If you're trying to add a Temp directory found in a user's Local Settings folder, you won't be able to see it unless you have Explorer set to show hidden files and folders. Once you do that, click Options | Custom Folders | Add Folder, and browse to the Temp folder in the appropriate user profile.



Be careful not to prune log files on servers. Under Cleaner | Windows | System, there's an option labeled Windows Log Files. Don't check this option on servers, since keeping log files is usually pretty critical! You may not want to check the Memory Dumps option either, depending on whether you habitually preserve memory dumps created by a crash.

INDEX.DAT files can only be cleaned after a reboot. Internet Explorer's INDEX.DAT files, which control which files are cached, can become corrupt and may need to be manually removed. In Cleaner | Windows | Internet Explorer, the Delete INDEX.DAT Files option only works after a reboot, which may not be practical on some systems.