SD PC Support Blog! September 26th, 2017

Welcome to the SD PC Support Blog!

The SD PC Support Blog is here to answer all of your computer repair questions, including virus removal and data recovery questions, for free! Please search through the blog to find previously asked questions, or leave a comment on an existing post to receive and answer to your specific question.

Below you will find all of our latest blog posts. On the right you will find a navigation bar that will help guide you through our blog. If you still have questions, please contact us by e-mail or phone.


Phone: (619) 839-0190

December 30 th


Government Warning in Browser -> FBI Virus

If you are receiving a “Government Warning” in your browser, especially if the warning asks you to pay money, you are likely a victim of the new “FBI Virus.” To this day the technicians at San Diego Virus Removal have never seen an official U.S. Government wanting like this, so you can be nearly positive this is in fact a virus.

In most instances we find the warning to ask users to pay money via “Moneypak”, a money-transfer system similar to pre-paid debit cards. Because the warning so commonly references Moneypak, the virus is sometimes called the Moneypak virus as well.

Warning: We highly suggest you do not pay this fine. If you do, you will lose your money and the virus will not be removed.

San Diego Virus Removal can remove the FBI virus, rid your laptop of the fake government warning, and restore your computer to working order. The service generally takes one hour, although this can vary significantly from computer to computer, depending on a variety of factors. If you have questions about these factors, please feel free to contact a San Diego Virus Removal technician here: Contact Us 

What does it look like?

Below are some images of the virus as we’ve seen it recently:

FBI Virus / Moneypak Virus, version 1

FBI Virus / Moneypak Virus, version 2

FBI Virus / Moneypak Virus, version 3

FBI Virus / Moneypak Virus, version 4

December 3 rd


How to Remove: VBS Autorun Worm (VBS/Autorun.worm.aadd!lnk)

In the first installment of our new series “How to Remove” we’ll be talking about one of the most common computer viruses in San Diego today; the VBS Autorun worm. This is a very interesting virus because it infects removal drives such as USB sticks, flash drives, and external (portable) hard drives.

The first important thing to understand about this virus is how it spreads. By infecting removable media, it spreads from computer to computer by you, the user. It does this by replacing one of your files with a shortcut file of the same name. The shortcut is actually a command which will run in the background, execute the actual virus, then open your file as you originally thought you were doing. By acting in this way, the user will almost never notice that they just infected the computer. Sound complicated? It’s not. Here’s an example that will help.

Let’s say you have a portable hard drive with a Word document on it named “MyResume.doc” and this drive gets infected by the VBS Autorun Worm. What the virus does is the following:

  1. Makes your actual doc “hidden” and a “system file”. This makes the file invisible to you.
  2. Creates a new file called “MyResume.lnk” which will be visible to you, and look very similar to your original one.
  3. Creates a hidden script file called “help.vbs”

Now, when you go to open your file, you will actually be double-clicking on the “MyResume.lnk file, which will perform the following task: C:\WINDOWS\system32\cmd.exe /c START help.vbs & start MyResume.doc & exit.

In plain english, it opens a command promp, opens the virus file (help.vbs), opens your document, then closes the command prompt window. It does this so quickly that you probably wont even notice the black command prompt box opening and closing.


So, how do we remove this nasty virus? Well, the easiest way to clean your removable media is to format the entire drive using a clean computer. This will permanently delete all of the files on the drive, and it requires a clean computer.  To clean the now-infected computer we have to take a few more steps.

How to remove VBS/Autorun.worm.aadd!lnk from your computer

  1. Delete all of your temporary files, looking specifically for the following:  %Temp%\Servieca.vbs
  2. Delete the following file: %AppData%\oguscovbpx.vbs
  3. Delete the viral file from your user’s startup folder: %UserProfile%\Start Menu\Programs\Startup\Servieca.vbs
  4. Repeat step 2 for all users on the computer
  5. Delete this registry key: HKEY_LOCAL_MACHINE\software\Filename
  6. Delete this registry key: HKEY_CURRENT_USER\S-1-[varies]\ njq8 = “n”
  7. Delete this registry key: HKEY_LOCAL_MACHINE \SOFTWARE\FileName\ = “false – Date of Execution”
  8. Clean your removable media, such as thumb drives, portable hard drives, flash drives, etc.


August 17 th


NRD Virus – How to remove

This is an article on how to remove the NRD virus.

August 17 th


Apple iPad Review

This is a review of the iPad and how it cannot get computer viruses, so never needs virus removal.

preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1
Real Time Analytics