How To: Disable MacDefender and MacProtector

How To: Disable MacDefender and MacProtector

MacDefender and MacProtector are the latest in “anti-virus” protections that are actually malicious themselves. These are targeted towards Macs specifically, but are NOT virus. These are trojans, and can be picked up by visiting malicious sites.

To disable:
As an admin user (most are by default)
Open up Terminal and type: sudo killall MacDefender
Substitute MacProtector if that’s the version affecting your computer.

The password will be your login password.

Then type: sudo -u $username> defaults write com.apple.Safari AutoOpenSafeDownloads -bool false

Replace the word username with your login name; or if you don’t know it, look to the left in terminal.

Hit enter, it should not ask for a password for the second time. This will keep the application from downloading again.

Once that has happened, be sure to visit http://adobe.com/flash and update your Flash software to help block these.

The last step is to use Spotlight to search your computer for the bad app. Once you find it, be sure to throw it into the Trash, then Empty the Trash.

Digital Protection Malware virus

Digital Protection Malware virus

There is a new major malware virus going around right now. This one is “Digital Protection” and infects computers after the user gets one of those pop-ups that says “You have a virus!”

The odd thing about this one is that it’s also taking over the Windows Updater program, so it can’t be used to download new security patches and fixes from Microsoft.

It’s also loading itself multiple times into the Windows registry. Below are step by step instructions on how to remove it. http://www.geekstogo.com/forum/Removal-instructions-Digital-Protection-t274218.html

This is a nasty removal process so if you’re not familiar with editing the Windows registry, I highly suggest you take this somewhere professional.

How To: Clean “Your internet access is going to get suspended” Virus

How To: Clean “Your internet access is going to get suspended” Virus

I was recently sent a copy of the “Your internet access is going to get suspended” virus. Which is really annoying since my Bit Torrent and P2P use is limited to Magnatune and downloading ISOs of Linux/BSD systems.

So, seeing a lack of responses from the big companies on how to remove it, I sacrificed my one Windows machine to it in an attempt to figure out how to fix it. This is a down and dirty fix, but it worked.

Installing the Virus is easy, download the ZIP file, open it, then run the .EXE file inside.

The Virus installed a new winlogin.exe file. Unluckily this can’t just be removed. After pulling the network cable to keep the machine from reinfecting itself, boot into safe mode. At the command prompt, delete the Winlogin.exe file, along with krnlcab.sys, cabpck.dll, and k86.bin from the System folder.

At this point follow these directions to extract a new winlogin.exe from the original install CD. Remove tmp/msi_setup/* then reboot the computer and double check that the three files above are still gone, and the winlogin.exe has the new date.

Plugin the network cable and immediately do a software update. I found that SP3 had to be reinstalled, but it worked fine.

This is down and dirty, only worked on XP, and is potentially system breaking. If you are not confident in the directions above, wait for the Anti-Virus vendors to create an official fix.

MSMAPI32.DLL is missing, corrupted or broken

MSMAPI32.DLL is missing, corrupted or broken

Upon Launching Outlook in Windows, this error message comes up: Cannot start Microsoft Office Outlook. MAPI32.DLL is corrupt or the wrong version.

iTunes for Windows can give a similiar error message by the way. As can the MSN toolbar although both tend to say: The original 49 could not be located in the dynamic link library MAPI32.dll

The first problem seems to be caused by having Office 2007 installed, then retrograding back to Office 2003. Perhaps because of the costs or maybe because of compatibility issues.

Uninstalling Office 2007 does not remove or replace MSMAPI32.ddl. Instead you need to go to c:Program
FilesCommon FilesSystemMSMAPI1033MSMAPI32.DLL and delete or rename the file. Once that is done, launch Outlook . Reconfigure your mail settings and everything should be good to go.

The file may also be located in c:winntsystem32. There may be a backed up version of it that you can restore.

Do not under any circumstances download this file from the Internet, restore it from another machine or your original Windows Disks. This is most likely a virus.