"Tracking software found!" is a fake warning from the rogue anti-virus software called Vista Guardian, but it may show up when your computer is infected with other rogue software too. It’s one of the many fake notifications displayed by bogus software. The fake notification claims:

"Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan."

If you see this fake warning then your computer is infected either with Vista Guardian virus or Trojan virus that promotes fake software. Read here how to remove Vista Guardian and related malicious software from your computer for free using legitimate and reliable anti-spyware software.

Paladin Antivirus is one of many fake (rogue) anti-virus programs. If you’ve got a computer infected by this virus then you probably know how irritating it can be. There can be a bunch of different ways how Paladin Antivirus gets into a computer. However, most of the time, this virus is promoted through the use of Trojans and other malicious software. Usually, Trojans come from rogue websites and misleading online ads. Fake pop-ups may also come up on well know and trusted websites like Facebook and MySpace. That’s why you should always check twice before accepting, downloading and installing files from the Internet.



Paladin Antivirus video: (thanks to rogueamp)


Once installed, Paladin Antivirus will be configured to scan your computer automatically each time Windows starts. Of course, it only imitates a system scan and then reports predetermined system threats just to scare you into thinking that your computer is infected with Trojans, worms and other viruses. Then it will prompt you to pay for a full version of the program to remove the infections which don’t even exist.



Simply ignore those false reports and remove Paladin Antivirus from your computer as soon as possible. Remember, don’t remove any of the reported threats because they may actually be a legitimate Windows files. Read the Paladin Antivirus removal instructions below.

This fake security program is from the same family as Malware Defense. It’s not an exact copy of Malware Defense, but it uses the same misleading methods to protect itself from being removed. When running, Paladin Antivirus will claim that that you must remove currently installed antivirus software in order to avoid conflicts. The rogue program will attempt to remove the following anti-virus software:

• Malwarebytes Anti-Malware
• F-Secure
• AVG8
• ESET NOD32
• Norton Internet Security
• Avira AntiVir
• Avast!

Furthermore, it will display numerous fake alerts and pop-ups claiming that your computer is compromised or is being attacked from a remote PC.



"Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now."

Just like the false scan results, these fake warnings were designed to make you think that your computer is infected when in reality it’s not. If you find that your computer is infected with this virus, please don’t delay and get rid of Paladin Antivirus immediately.

---

Paladin Antivirus removal instructions:

1. Download the file TDSSKiller.zip and extract it into a folder
2. Execute the file TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to explorer.com yourself or download already renamed explorer.com file in order to run it)
3. Wait for the scan and disinfection process to be over. Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684
4. Download one of the following anti-malware software and run a full system scan:

• SUPERAntispyware 
• Spybot S&D 
• MalwareBytes Anti-malware 
• Spyware Doctor (free version) 

---

Paladin Antivirus associated files and registry values:

Files:

• %UserProfile%\Start Menu\Programs\Paladin Antivirus
• C:\Program Files\Paladin Antivirus
• C:\Program Files\Paladin Antivirus\help.ico
• C:\Program Files\Paladin Antivirus\pav.db
• C:\Program Files\Paladin Antivirus\pav.exe
• C:\Program Files\Paladin Antivirus\pavext.dll
• C:\Program Files\Paladin Antivirus\phook.dll
• C:\Program Files\Paladin Antivirus\uninstall.exe

Registry:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus
• HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus

Please share this information with other people:

‘Schiller claimed 90%of rejectionswere for technical reasons such as bugs or functions that didn’twork as intended’

Faced with the exodus of some high-profile developers of iPhone apps, Apple senior vice-president for worldwide product marketing Phil Schiller granted a rare interview to explain the company’s App Store approval process, which has been variously condemned as confusing, arbitrary and controlling. Schiller spoke to BusinessWeek days after Joe Hewitt, who created the Facebook iPhone app, announced he would no longer develop for the iPhone. Hewitt, who also helped develop the Firefox browser, said his decision ‘had everything to do with Apple’s policies’, which he alleged were ‘setting a horrible precedent for other software platforms’. Another Mac and iPhone developer, Rogue Amoeba, also announced it wouldn’t develop any more iPhone apps after its Airfoil Speakers Touch app was blocked by Apple over alleged trademark infringement.
While Schiller promised Apple would be more flexible, he dedicated most of his interview to defending the company’s approach, and pointed out that Apple approves the vast majority of apps submitted to it by developers. Schiller claimed 90% of rejections were for technical reasons such as bugs or functions that didn’t work as intended. He said that when these problems were fixed Apple approved the apps. Schiller said the remaining 10% of rejections were rejected as ‘inappropriate’. ‘There have been applications submitted for approval that will steal personal data, or which are intended to help the user break the law, or which contain inappropriate content,’ said Schiller. ‘We’ve built a store for the most part that people can trust. You and your family and friends can download applications from the store, and for the most part they do what you’d expect, and they get onto your phone, and you get billed appropriately, and it all just works.’ Schiller pointed out that developers send Apple around

Source of Information : MacUser.January 2010

Ok let’s take a crack at this feature in Powershell V2 called Modules.

Modules really aren’t all that difficult when you get down to it.   It’s very much like taking a script and loading it into memory. 

Well maybe not exactly like that but the cool part is when you turn that script into a module (as long as it’s loaded) you don’t have to keep specifying the path to the script, and you could even pop it into your Profile file (since it’s just text) and add functions that make YOUR admin life better without trying.

So how hard is it?

Would you like the fact that the Powershell team GIVES you a simple sample module in the Help file?

In Example 3 (I like this one the best) under the “New-Module” help they give you this example

------------------ Sample from Microsoft Powershell ISE Help System – Example 3 – New-Module -------------------------------

C:\PS>New-Module -scriptblock {$SayHelloHelp="Type 'SayHello', a space, and a name."; function SayHello ($name) { "Hello, $name" }; Export-ModuleMember -function SayHello -Variable SayHelloHelp}

C:\PS> $SayHelloHelp Type 'SayHello', a space, and a name.

C:\PS> SayHello Jeffrey Hello, Jeffrey

Description
-----------

This command uses the Export-ModuleMember cmdlet to export a variable into the current session. Without the Export-ModuleMember command, only the function is exported. The output shows that both the variable and the function were exported into the session.

------------------ Sample from Microsoft Powershell ISE Help System – Example 3 – New-Module -------------------------------

The nice thing about this example is I can EASILY break it down so it looks like a script and you can VERY easily see how to reverse the process.

The same module can also look like this and is the EXACT same code.  I just haven’t left it as one line. Remember, a Semicolon ‘;’ is used to TIE the lines together.  You DON’T have to have all the code on ONE line just to make the module work.  And Honestly, If I’m writing it, I like it broken up.  It makes more sense to my eyes and SOMEBODY ELSES eyes too!

--------------------------------------------------------------------------------

# BEFORE
#
# New-Module -scriptblock {$SayHelloHelp="Type 'SayHello', a space, and a name."; function SayHello ($name) { "Hello, $name" }; Export-ModuleMember -function SayHello -Variable SayHelloHelp}
#

# AFTER
#

New-Module -scriptblock {

$SayHelloHelp="Type 'SayHello', a space, and a name."

function SayHello ($name)

{
"Hello, $name"
}

Export-ModuleMember -function SayHello -Variable SayHelloHelp

}

---------------------------------

And this module if it was just a script would look like THIS

---------------------------------

# This is a function

function SayHello ($name)

{
"Hello, $name"
}

# this is the script part that will use the function

$somename=’EnergizedTech’

SayHello $somename

SayHello ‘EnergizedTech’

-----------------------------------

So really all you’re doing is taking a script and where you want to send variables on a regular basis, instead of assigning them IN the script or typing in literals, you’re just typing them on the command line.

We’ll take a slightly deeper look at how you can take this and customize this to your own needs next time.

Don’t bother about scanning as scanners cant fully fix your problem and will end up corrupting your applications.

Boot in safe mode. The reason for this is that in safe mode there is not much processes running. You need this setup in step 9 below as this virus is a nasty one.
Open up windows explorer and go to Tools -> Folder options .
a. Make sure the following are TICKED -> Show hidden files and folders
b. Make sure the following are UNticked -> Hide Extensions for known file types
Go to the following directories (this is for vista home premium):
C:\Program Files\Internet Explorer
C:\Users\user\AppData\Local\Temp
And you will see there a file called wmpscfgs.exe. Delete them.
Open up your task manager, make sure the ’show all processes’ is ticked and look for the same process. If it is running. Kill it.
Starting this part, steps needs more technical experience. If you are not comfortable in doing the below steps, look for someone that can help you.

Open up regedit and go to: HKLM->Software -> Microsoft -> Windows -> CurrentVersion –> Run
Look for Adobe_reader entry with data: “%ProgramFiles%\Internet Explorer\wmpscfgs.exe“. Delete it. For me from this point almost all of the things written in the NET currently don’t have the steps below. And its the reason why this virus keeps coming back.
Hopefully you dont have much applications under “HKLM->Software -> Microsoft -> Windows -> CurrentVersion -> Run”. Because you have to visit each one of them literally because this virus hijacks almost every application in the RUN list above.
Basically it renames the old exe file from say “mcagent.exe” to “mcagent .exe”. With a space between the filename and the “.exe” or extension. It will then create a copy of itself with the same filename as your executable file so that when someone executes your file, the virus will be executed first then your file. It will do this for every apps you have in your Run list.
Thus if you go to the location of say of McAfee mcagent.exe application you will see two to three files with almost the same filename:

mcagent.exe -> which is a 39 KB file, and very recently created and which is the virus that keeps adding back that wmpscfgs.exe file.
mcagent .exe -> the original mcagent file, renamed.
mcagent.exe.delme -> delete this one as well. I don’t see this occurring every time, but i have seen some apps with this file in them and very recently created.
You first need to kill the corresponding process of the infected file if they are running in task manager, manually remove the existing .exe file which is around 39KB only and rename back your old executable file to its former filename. Repeat this for every application you have in your Run list above. The only thing that i saw this virus didn’t infect was the windows defender application. The rest in my Run list were screwed. Uninstalling and reinstalling them doesn’t help as well as the former Trojan exe file will be retained in the application directory.
This is the reason why Microsoft Security Essentials was complaining that your startup executable files are viruses.

Once you have verified that each application in your run list has been restored. To be fully sure that you don’t have any such files lingering in your system, do a drive search for any file that has 39KB size and has just been recently created and examine each one carefully if they are just copies of your original executable file. Follow step 7 for each occurrence of it. So far, i only saw this virus attach itself into executable files.
If you want to be 100% sure, next thing you need to do is double check every process running in your task manager if they are legit. Some process specially those started by system wont be able to take you to its process file, its ok, but most of them if you do a right click in them, you should see an option there called “Open File Location”. Then follow steps 7 above.
Reboot and that’s it!