Never install Quickheal Cleaner, it is an Adware…


Today I got introduced to an adware – Quickheal Cleaner, the way it was installed on the PC was quite intresting…

I was going to watch a movie today, which I had downloaded yesterday from P2P netwroking sites (torrents). When I opened the movie with Windows Media Player (as it was in .wmv format), it said that the codec required to play the movie has to be downloaded. I downloaded it and installed it, then what I noticed was that the file “Quickheal” wasn’t a codec it was a program. Then it ran automatically, started some sort of scanning (like Windows Defender does) & started giving out warnings & alerts again & again, that the PC is having a lot of threats + internet attacks + Trojans + whatever malicious you could think of… (LOL)

This behaviour itself proved to me that this Quickheal Cleaner was an Adware, (I had had such coincidences before) I googled for Quickheal Cleaner & found that what I had thought is true, it is an Adware…

Now, how do I get the PC back to normal? I googled that and found some softwares called “Quickheal Cleaner Removal Tool“. But I couldn’t trust those softwares either. I got other ways of manually removing it, but they seemed time-consuming…At this point of time, running Windows Restore? & restoring the PC to an earlier time seemed most probable thing to do, and the most easiest also.

Thank God, that the adware hadn’t deleted the System Restore points (deleting the restore points is common for trojans). After the System Restore, the PC was normal again. Then to convince myself, I opened that movie file with GOM Media Player & I learned that it was a fake video file binded with an Adware as GOM Player just showed some green & white horizontal lines moving over the screen for 5 seconds :P

So if you ever come across anything called Quickheal Cleaner, don’t even think to install it, unless you want your PC dumped with fake alerts (they are really irritating) & ads :D

Password Viewers

Saving Passwords on IE, Firefox, Yahoo Messenger, etc helps you to easily access your account next time, without inserting your password, but this idea is no-good. Why? Read further to know the reason.

If someone has physical access to your computer, he can easily see your passwords using the softwares mentioned below, and there are other ways of password-theft online.

What these softwares basically does is it finds the file in which the passwords are saved, decrypts them and makes them visible to the user. You can carry these softwares in your Flash Drive and use them on your victims.

Some good password viewers:

  1. MSPass: Displays saved passwords of Messengers. Works for Yahoo Messenger, Google Talk, Windows Live/MSN, Skype and many others.
  2. IE PassViewer: Displays saved passwords of Internet Explorer.
  3. Password Fox: Displays saved passwords of Mozilla Firefox.

Top 10 Trojans of All Time

1. NetBus

It was created in Delphi by? Carl-Fredrik Neikter, in 1998. It is a software for remotely controlling a system which runs Microsoft Windows. Not only remote control, it can also be used as a backdoor. Like any other trojan, NetBus also has 2 components: the client and server. The server infects the host computer and the client is used to control it.

2. Back Orifice

Back Orifice’s main purpose is to remotely control a Microsoft Windows Powered system. It has the potential of being used as a RAT (Remote Administration Trojan). It is widely used by “Script Kiddies” due to its easy installation and GUI features. The name “Back Orifice” derives from “Microsoft BackOffice Server“. According to the group, its purpose was to demonstrate the lack of security in Microsoft’s operating system Windows 98. BO was created in Delphi.

3. Sub7

Sub7 or SubSeven is a popular backdoor program and RAT. It is mainly used for causing mischief, but it can also be used to steal credit card information and other such confidential data. Its name “Subseven” is derived by spelling “Netbus” backwards as “SubTen” and replacing “ten” with “seven“. Sub7 is less stable than Netbus, but has more features than it.


It is a Windows-based backdoor trojan program (RAT). It is capable of infecting all Windows OSs. Like most of the trojans, it is also written in Delphi, by Tataye, in 2002. Beast has many unique features, it was one of the first trojans to use the “Reverse Connection” and it used “Injection Method” for its DLL. Its unique features made it popular.

5. ProRat

It is a Turkish-made, Windows-based RAT, made by the PRO Group. It comes in two versions: free and paid version. The free version cannot perform operations on computers present on the WAN, but only on LAN. Its server is known for being almost impossible to remove without up-to-date antivirus. It has many features & it can perform many malicious operations on the victim’s computer. It also has a server creator which enables users to create servers which are undetectable and provides other advanced features.

6. Zlob Trojan

Also known as Trojan.Zlob is a trojan horse which masquerades as a needed video codec in the form of ActiveX. After a victim installs it, it displays popup-ads with a similiar appearance to that of the Microsoft Windows warning pop-ups, informing the user that their computer is infected with a spyware, clicking on these pop-ups starts the download of fake anti-spyware programs.

7. SpySheriff

As the name suggests, it claims to be an anti-spyware program, but it is actually a malware. It gives the infected computers, fake spyware and threat alerts and prompts the user of the infected PC to buy the program. SpySheriff is sometimes not even detected by actual spywares. It is very difficult to remove SpySheriff from the computer which it has infected. It causes many problems, including the Blue Screen of Death!


Also known as Vundo Trojan, Virtumonde, Virtumondo or MS Juan, is a trojan horse that causes pop-ups & advertisements for Rogue Security softwares and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. Vundu causes your browser to show pop-ups from time-to-time.


Turkojan is a RAT and spying tool for Microsoft Windows. It is not detectable by many AVs and only up-to-date antivirus programs can detect it. It is very much similar to ProRat in features, but has some plus and minus.

10. Trojan-Downloader.Win32.Kido.a

It is a Windows DLL file, it copies its executable file with random names to “Program Files“, “Temp“, “Special Folder” & “System“. It also registers its executable file to the registry to ensure that it is launched automatically at system start-up. It also modifies registry keys to make it impossible to boot into “Safe Mode“.
Its removal is not so easy if you don’t have an up-to-date Antivirus Software. The removal procedure includes some binary editing in registry.

WLAN Security

Wireless Security is very important for WLANs. Further, if your WLAN is insecured, then someone can easily destroy your PC, play with your Privacy and/or Get confidential info that is stored on your PC.

The first step in the process of securing of WLAN is password Protecting it. The main options for password protection are:

  • WEP
  • WPA
  • WPA2

I recommend you to use the WPA2 as it uses the latest encryption technology and is more secure than the others. WEP and WPA passwords can be cracked by using certain cracking tools such as Aircrack-ng, Airsnort, etc.

Then you need to choose a safe password. After doing that there are some other steps you need to follow to make your WLAN hackproof.

They are:

  1. Turn off? “File & Printer Sharing” if you don’t require it. If you require it then make sure to password-protect the shared drives/folders/files (Read my post for further info: ‘File & Printer Sharing ‘ Exploit-Protection or if you want to know the harms of ‘File & Printer Sharing’ Exploit then Click Here.)
  2. If your WLAN is not a hotspot & is used for Private Purposes then restrict users using MAC Addresses. You can specify which MAC Addresses can connect to the WLAN in your router settings.
  3. The best way to secure your network ( not WLAN) is by securing your IP. You can use softwares such as Anonymizer to hide your IP. This step will ensure that you are 75% protected from HacKeRs.
  4. You can further securify your WLAN by disabling the SSID (service set identifier) broadast.
  5. Download tools such as Airmagnet and spoofers to check you own network for vulnerabilities.