Do you have VirusRay?

This “VirusRay Removal Guide” article will show you how to identify and remove VirusRay. This guide will be updated as more information is available.

VirusRay Description

VirusRay Method of Infection

• The Internet user surfs the Web and visits a questionable website. A large amount of spyware like VirusRay is mostly pushed through adult websites.

• The Internet user is infected with the rogue anti-spyware program VirusRay. VirusRay runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears with two buttons, one that says “Buy On-Line” and the other “Delete Spyware”. This deceptive tactic is an attempt to scare the Internet user into clicking the “Buy On-Line” button.

Fake warning message reads:

• “Warning! 20 threats found! VirusRay has detected malicious spyware on your PC. To buy VirusRay On-Line, click ‘Buy On-Line’.”
• The Internet user closes all the fake Windows error messages and warnings and is unaware that VirusRay is still running its malicious tasks in the background. VirusRay reloads itself on a timer so if the Internet user closes the program it will only take a few moments until it opens again. The average Internet user does not realize when spyware has infected his/her computer until it is too late and the spyware problem has already spread throughout the computer.

• Internet user opens web browser and is redirected to a rogue website called asecurevalue.com. The Internet user is bombard with websites that pop up messages that tries to push a product on him/her. Ignore such messages! We recommend closing these windows by clicking on the X instead of the OK button.

VirusRay Symptoms

The following VirusRay symptoms occur:

• VirusRay displays a fake system alert similar to a Windows notification message. A red or green flashing icon appears in your system tray. If you click on the icon, a fake system alert pops up and directs you to a rogue website called safetyuptodate.com. In some cases, even when you don’t click on the icon the fake system alert may still pop up. The fake system alert promises to give you a legitimate anti-spyware program that will help you fix spyware problems, but instead it really reports false information to try to trick you into purchasing the program. VirusRay’s false sytem alert message reads:
  • “System Alert: Trojan-Spy.Win32@mx Type: Spyware/Trojan Vulnerable: Windows 95/98/ME/NT/2003/Windows XP Description: Spyware program that sends confidential information to a remote attacker. Protection: Click this baloon to download official security software.”

• VirusRay hijacks or modifies your homepage and displays new desktop shortcuts. VirusRay changes your default homepage to a different homepage and creates new unnecessary shortcuts on your desktop. Sometimes VirusRay won’t even allow you to change it back to your original homepage. Websites that redirects you to is asecurevalue.com and malwareburn.com.

• VirusRay installs a rogue toolbar called Security Toolbar 7.1. Security toolbar 7.1 is a rogue toolbar that comes with two green bars, one that says “block adware” and the other “remove spyware”. If you click on either of them you’re directed to a rogue anti-spyware site such as Malwareburn.com which can install additional malware.

• VirusRay bombards your PC with fake Windows warnings messages. Even after you’ve closed all the VirusRay messages or your PC has been idle for awhile, you’ll still get constant alert popups appearing on your system tray or on your screen.

VirusRay Anatomy

As new VirusRay spyware components is reported by our customers and our Spyware Threat Research Labs, we will update this section. Name: VirusRay 3.8.exe File Size: 1794048 bytes MD5: 93f86d9a8208ef86d34db2c00b877d9c Symbolic Links: VirusRay 3.8 Website.lnk VirusRay 3.8.url Uninstall VirusRay 3.8.lnk VirusRay 3.8.lnk VirusRay.com WHOIS Information: Website IP Address: 64.28.186.68 Registration Service Provided By: ESTDOMAINS INC Contact: +1.3027224217 Website: http://www.estdomains.com Domain Name: VIRUSRAY.COM Registrant: PrivacyProtect.org Domain Admin (contact@privacyprotect.org) P.O. Box 97 All Postal Mails Rejected, visit Privacyprotect.org Moergestel null,5066 ZH NL Tel. +45.36946676 Creation Date: 17-Oct-2007 Expiration Date: 17-Oct-2008 Domain servers in listed order: ns4.sigmacode.biz ns3.sigmacode.biz ns2.sigmacode.biz ns1.sigmacode.biz

VirusRay Manual Removal Instructions

To learn the VirusRay manual removal process, read the step-by-step instructions provided on this section. Use Caution! Please read the instructions below carefully. Manual removal of VirusRay is a delicate procedure. Proceed at your own risk. Make sure you backup your system and close all open Internet Explorer windows before you manually remove VirusRay. To manually remove VirusRay, follow these removal steps: Step #1: How to Kill VirusRay files using Process Explorer.

• 1a. How to Kill VirusRay processes.

1. Download and install Process Explorer.

2. Open Process Explorer.

3. Locate the VirusRay processes listed below.

4. To kill an VirusRay process, right-click the VirusRay process and choose the option “Kill Process Tree”.

5. Kill the following VirusRay processes:
   VirusRay 3.8.EXE
• 1b. How to Kill VirusRay DLL files.

1. Right-click the Explorer.exe process and choose the option “Properties”.

2. Click on the “Threads” Tab, locate and highlight the VirusRay DLL files listed below.

3. To kill VirusRay DLL files, click the “Kill” button.

4. Kill the following VirusRay DLL files:
   dfrep.dll

• Step #2: How to Delete VirusRay Registry Keys and Values.

1. Right-click on your Desktop > select “New” option > select “Text Document” (.txt file) option.

2. Rename the .txt file as a .reg file and call it “Delete_Registry_ VirusRay_3.8_Entities.reg”. This renamed .reg file is a command that creates a shortcut to your Windows registry and allows you to easily delete registry values.

3. Right-click and select the “Edit” option.

4. Copy and paste the VirusRay keys listed below.

5. In the menu bar, go to “File” > select “Save” > then click the “X” button to close the file.

6. Double-click on the .reg file.

7. When the message box appears saying “Are you sure you want to add the information in C:DOCUME~1%username%DesktopDELETE~1.REG to the registry?”, click the “Yes” button.

8. When the message box appears saying “Information in C:DOCUME~1%username% DesktopDELETE~1.REG has been successfully entered into the registry.”, click the “OK” button.

9. The VirusRay registry keys have been deleted from your registry.

10. Copy and paste the following VirusRay keys:
    

        Windows Registry Editor Version 5.00    [-HKEY_LOCAL_MACHINESOFTWAREVirusRay 3.8]    

• Step #3: How to Delete VirusRay Directories.

1. To locate VirusRay directories, go to “Start” > “My Computer” > “Local Disk (C:)” > “Program Files” > “Show the contents of this folder”.

2. Search and delete the VirusRay directories listed below.

3. Right-click on the VirusRay folder and select “Delete”. option.

4. When the message box appears saying “Are you sure you want to remove the folder [FOLDERNAME] and move all its contents to the Recycle Bin?”, click the “Yes” button.

5. When the message box appears saying “Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?”, click the “Yes” button.

6. Search and delete the following VirusRay directories:
   VirusRay 3.8 Video ActiveX Access

• Step #4: How to Search and Delete C:WINDOWSSystem32dfrep.dll.

1. Go back to “Local Disk (C:)” > “Windows” > “System32″ > “Show the contents of this folder”.

2. Search for dfrep.dll.

3. Right-click on the dfrep.dll file and select the “Delete” option.

• Step #5: How to Restore Original Default Home Page.

1. Go to “Start” > “Control Panel” > “Internet Options”.

2. Click on the General Tab > click the Use Default button under Home Page.

3. Click “Apply” and then click the “OK” button.

4. Open a Web browser to verify that your default homepage has been restored.

Step #6: How to Remove the VirusRay Icons.
1. If the VirusRay icons still remain on your Desktop, you can drag and drop them to the “Recycle Bin”.

2. Reboot your computer to make sure all changes made for the removal of VirusRay are complete. If your computer still has issues, you should scan your computer for VirusRay with a spyware scanner.

Congratulations!! You’ve completed our VirusRay manual removal tutorial.

Submit VirusRay To Our Spyware Threat Research Labs

Since VirusRay spyware components change constantly, you may come across application issues that prevent you from removing VirusRay completely. You can report VirusRay spyware components by using SpyHunter’s Free Support Log System. Our Support Log System takes snapshots of all the points of execution on your operating system, allowing us to precisely identify each and any problem. We encourage you to post your Support Logs on this article so we can help you come up with a custom fix. Below are the instructions on how to generate Support Logs using SpyHunter. Open SpyHunter > click on the “Generate Support Log” button > click on the “Copy to Clipboard” button to save your Support Logs > Post your Support Logs to this article.

Disclaimer

Warning!! Enigma Software Group can not be held responsible for any problems that may occur by using the information contained within this VirusRay removal guide. By following any of these VirusRay removal instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these VirusRay removal instructions. We make no guarantees that these VirusRay removal instructions will completely remove VirusRay. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means. In order to effectively clean and secure your computer, we recommend you purchase our spyware remover SpyHunter or seek professional help from a computer expert.