Monday, October 31, 2016

Google Chrome Wide Fonts Fix
----------------------------------------------------------

Due to Google Chrome last update number 50, they added a user name on the top right of the screen that made a font crash. This happens when using same fonts in the whole browser. 

Nevertheless, Google fixed the crash by auto updating it. I only need to enable update again, if I disable it from reg-edit, or from the plugins extensions.

The reg-edit trick is not working anymore in update 50, so it is better to delete the worthless folder in reg-edit if I created it before.

Simon Hadid Lebanon 
Posted by at No comments:

Saturday, May 14, 2016

How to Remove Search Safefinder Virus 
Please Read Everything

The Virus is made up of 2 links:

 feed.helperbar.com 

 that is followed by this link:

 http://search.safefinder.com/?st=dn&q=

 The real name is feed.sonic-search and the real link that is created from this virus is:

 http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZu5IufYkFZ0jUvZJt1ZBBSlLPjDWpKc_jSymEiqdyN1eTyQfBaZW4va3oCquwUHgzrgs0MEHrFiT_CRALUw4LPMJEPTKlW9x4rIbNKSGPkwzs2ZyFcjVWUbJO6cyYmVwZS1GgyVK40F1qlTeLEEm5-4kef0_-fWL46LAO77BoU,

 The link mentioned above goes inside Set Pages of Google Chrome Settings

 How to remove it?

 First I need to enter Control Panel and remove all suspicious programs, and I enter also
Program files, and Program Files x86 looking for strange folders and delete them.

 It is also recommended to empty the Temp Folder in AppData/Local/Temp, and the temp folder is always hidden, so I need to unhide  all the hidden files to preview them from folder options.

How to Remove the Virus from Internet Explorer:

 01-Start Run
02-regedit
03-HKEY_CURRENT_USER
04-Software
05-Microsoft
06-Internet Explorer
07-Main
08-Then I search for these files by right clicking on each and I choose Modify on Start Page
                                                                                                                                   Search Bar
                                                                                                                                   Search Page
09-I Modify Search Page and change it to https://www.google.com
10- I Modify Search Bar and change it to  https://www.google.com
11-I Modify Start Page and change it to https://www.google.com
12- If I do not want the google link, I can write any other link or make it current:blank

How to Remove the Virus from Google Chrome:

 This Virus has many entries and no matter what I do in Google Chrome, it wont work even in Safe Mode, and using external Bootable Mac DVDs/CDs is useless. If it happens and I reset my Google Chrome deleting everything, even the AppData\Local\Google files, the reset may work only in the first opening page, but in the next tab, it remains.

 I need to use Adware Malware to remove this Virus that is called: "PUP.Optional.Linkury.ACMB1"

 Removing this virus will still have remains that cannot be deleted, even after using the antivirus, and this happens quickly when I am searching for a file in Google, or Bing, or any search engine. I will notice quickly that the search text still have some remaining of the virus search find text, but it will not be effective. 

Note: do not use HITMAN PRO antivirus, it us also useless
This virus enters Program Data with lot of names like:

 -ProgramData\xifss
-ProgramData\xifss\Ecotax.bin
-ProgramData\xifss\GoodTonair.dat
-ProgramData\xifss\Zerlax.bin
-ProgramData\xifss\Bluejob.dll
-ProgramData\xifss\temp
-ProgramData\xifss\uninstall.dat
-ProgramData\xifss\Config.xml
-ProgramData\xifss\Joylab.dat
-ProgramData\xifss\snp.sc
-ProgramData\xifs\Zamit.exe
- ProgramData\xifs\ff.HP
-ProgramData\xifs\xifs.d.dat
-ProgramData\xifs\conf.config 
-ProgramData\xifs\ZenDamtop.bin
-ProgramData\xifs\ff.NT
-ProgramData\xifs\ondemand
-ProgramData\xifs\Quad-Lax.exe.config
-ProgramData\xifss\Aphome.bin
-ProgramData\xifss\Mathtop.bin
-ProgramData\xifss\md.xml
-ProgramData\xifss\Jobit.bin
-ProgramData\xifss\RankIt.bin
-ProgramData\Saophases
-ProgramData\Saophases\Goodtech.bin
-ProgramData\Saophases\Saophases.exe
-ProgramData\Saophases\Saophases.exe.config
-ProgramData\Saophases\ondemand
-ProgramData\Saophases\Unalab.bin
-ProgramData\Saophases\Blueron.exe
-ProgramData\Saophases\Trestam.dll
-ProgramData\Saophases\PrxCfg.xml
-ProgramData\Saophases\Goldenhatlight.bin
-ProgramData\Saophases.dll
-ProgramData\Saophases\snp.sc
-ProgramData\Saophases\config.xml
-ProgramData\Saophases\Zaaming.bin
-ProgramData\Zaaming.bin
-ProgramData\Ronzaps
-ProgramData\Ronzaps\snp.sc
-ProgramData\Ronzaps\ff.NT
-ProgramData\Ronzaps\ff.FT
-ProgramData\ApperocovQs\snp.sc
-ProgramData\ApperocovQs\ff.NT
-ProgramData\CloudPrinter
-ProgramData\CloudPrinter\Config.xml

The Virus Enters App Data/Local & App Data/Roaming in these names:

 -AppData\Local\Roaming\LightGate
-AppData\Local\Faseway.exe.config
-AppData\Local\Ontoplanet.dat
-AppData\Local\Faseway.dat
-AppData\Roaming\lobby.dat
-AppData\Roaming\UPUpdata\webad.xml
-AppData\Roaming\InstallationConfiguration.xml
-AppData\Roaming\ApplicationHosting.dat
-AppData\Roaming\uninstall_temp.ico
-AppData\Roaming\LightGate
-AppData\Roaming\Config.xml
-AppData\Roaming\inst.lat
-AppData\Roaming\UPUpdata
-AppData\Roaming\noah.dat
-AppData\Roaming\md.xml

 The Virus Enters the Registry with these names:

 ...CURRENT\VERSION\SILENTPROCESSEXIT\RONZAP.exe
...RENTVERSION\POLICIES\EXPLORER\RUN\Defenders
...ODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS
...458-496055073-1479611835-1000\ENVIRONMENT|SNF
W6432NODE\MICROSOFT\TRACING|xifx_RASMANCS
...RENTVERSION\POLICIES\EXPLORER\RUN\Defenders
...\INTERNET EXPLORER\SEARCH|Default_Search_URL
...\INTERNET EXPLORER\SEARCHSCOPES\IELINKSRCH
...SOFT\WINDOWS|CURRENTVERSION\Run|Defenders
...ENTS\{KUH36873-MLM6-1837-47MY-6574I71SY43U}
...NT\CURRENT\VERSION\SILENTPROCESSEXIT\xifs.exe
...rnet Files\Content.IE5\1PTZOW2M\setup-1228[1].exe
...CONTROL\SERVICES|CLOUDPRINTER|ImagePath
...ME\EXTENSIONS\fcgnigmofekcllgbieijhmiggmgehkip
...58-496055073-1479611835-1000\SOFTWARE\mtxifs
HKLM\SOFTWARE\WOW6432NODE\mtRonzap
...ICES\EVENTLOG\APPLICATION\Application Hosting
HKLM\SOFTWARE\WOW6432NODE\mtxifs
...ODE\MICROSOFT\TRACING\Cloud Printer_RASAPI32
...\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL
...32NODE\MICROSOFT\TRACING\Ronzap_RASAPI32
...WS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs
...\INTERNET EXPLORER\SEARCHSCOPES\{IELINKSRCH}
...2NODE\MICROSOFT\TRACING|Ronzap_RASMANCS
...EM\CURRENTCONTROLSET\SERVICES\CloudPrinter
...EXPLORERS\SEARCHSCOPES\ielnksrch|DisplayName
...OFT\WINDOWS\CURRENTVERSION\RUN\Defenders
...WARE\MICROSOFT\TRACINGS\Faseway_RASMANCS
...OSOFT\INTERNET EXPLORER\SEARCHURL|Default
...96055073-1479611835-1000\SOFTWARE\mtRonzap
...ERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL
...W6432NODE\MICROSOFT\TRACING\xifs_RASAPI32
...TWARE\MICROSOFT\TRACING\Faseway_RASAPI32
...ENTVERSION\POLICIES|EXPLORER\RUN\Defenders
...XPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName
...8-496055073-1479611835-1000\ENVIRONMENT|SNP
In Conclusion, as you can see, most of the files are having repeated names, and they are spreading in different locations, beginning from the PC User's name, to Program Data (hidden folder), and inside the registry. 

                                                       Simon George Hadid
                                                          Tripoli - Lebanon
Posted by at No comments:

Thursday, April 7, 2016

ADOBE FLASH CRASH in GOOGLE CHROME & Facebook


When the Flash crashes in Google Chrome browser, I discovered the way to fix it, and I am the only one who discovered this error.

Go to C:\Users\You Name\AppData\Local\Google\Chrome\User Data

Then Delete PepperFlash folder

Moreover, this happens mostly when using Facebook games that needs Chrome browsers.

 In some cases, it is better to rename the file "pepflashplayer.dll" inside the folder 21.0.0.216, or any folder name that will appear on your PC to "pepflashplayerx.dll" without quotes.

That's it, and I hope Chrome and Facebook recognize this error and fix it.



                                                                        Simon Hadid 
                                                                     Tripoli Lebanon 
Posted by at No comments:

Wednesday, January 13, 2016

How to Remove Windows 10 System Tray icon from Windows 7



  1. Start/Control Panel
  2. Uninstall Programs
  3. Under Control Panel Home in the Contents Menu to the Left I click on View Installed Updates
  4. When View Installed Updates is opened, I scroll down where I have update for Microsoft and not the Security updates
  5. I search for Update for Microsoft Windows (KB3035583)
  6. I right click on it and I uninstall it, or I select it and from the menu bar on top I click on uninstall
  7. I also need to take care to disable windows updates from the tasks (flag icon)
  8. This flag appears when I setup windows, and will be marked with a red line in the bottom desktop toolbar telling about security/windows defender, and windows update, so I need to turn everything off and only keep my firewall on.
  9. I hope this will fix your problem and you understood easily.

                                                                                                   Simon G. Hadid
                                                                                                 Tripoli-Lebanon
Posted by at No comments:
Subscribe to: Comments (Atom)