Configurando Network Bonding no Linux

Artigo em inglês

NIC teaming is nothing but combining or aggregating multiple network connections in parallel. This is done to increase throughput, and to provide redundancy in case one of the links fails or Ethernet card fails. The Linux kernel comes with the bounding driver for aggregating multiple network interfaces into a single logical interface called bond0. In this tutorial, I will explain how to setup bonding under Debian Linux server to aggregate multiple Ethernet devices into a single link, to get higher data rates and link failover.

The instructions were tested using the following setup:

2 x PCI-e Gig NIC with jumbo frames.
RAID 6 w/ 5 enterprise grade 15k SAS hard disks.
Debian Linux 6.0.2 amd64

Please note that the following instructions should also work on Ubuntu Linux server.
Required Software

You need to install the following tool:

ifenslave command: It is used to attach and detach slave network devices to a bonding device. A bonding device will act like a normal Ethernet network device to the kernel, but will send out the packets via the slave devices using a simple round-robin scheduler. This allows for simple load-balancing, identical to “channel bonding” or “trunking” techniques used in network switches.

Our Sample Setup

Internet
| 202.54.1.1 (eth0)
ISP Router/Firewall 192.168.1.254 (eth1)
\
\ +—— Server 1 (Debian file server w/ eth0 & eth1) 192.168.1.10
+——————+ |
| Gigabit Ethernet |———+—— Server 2 (MySQL) 192.168.1.11
| with Jumbo Frame | |
+——————+ +—— Server 3 (Apache) 192.168.1.12
|
+—– Server 4 (Proxy/SMTP/DHCP etc) 192.168.1.13
|
+—– Desktop PCs / Other network devices (etc)

Install ifenslave

Use the apt-get command to install ifenslave, enter:
# apt-get install ifenslave-2.6
Sample outputs:

Reading package lists… Done
Building dependency tree
Reading state information… Done
Note, selecting ‘ifenslave-2.6’ instead of ‘ifenslave’
The following NEW packages will be installed:
ifenslave-2.6
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 18.4 kB of archives.
After this operation, 143 kB of additional disk space will be used.
Get:1 http://mirror.anl.gov/debian/ squeeze/main ifenslave-2.6 amd64 1.1.0-17 [18.4 kB]
Fetched 18.4 kB in 1s (10.9 kB/s)
Selecting previously deselected package ifenslave-2.6.
(Reading database … 24191 files and directories currently installed.)
Unpacking ifenslave-2.6 (from …/ifenslave-2.6_1.1.0-17_amd64.deb) …
Processing triggers for man-db …
Setting up ifenslave-2.6 (1.1.0-17) …
update-alternatives: using /sbin/ifenslave-2.6 to provide /sbin/ifenslave (ifenslave) in auto mode.

Linux bounding Driver Configuration

Create a file called /etc/modprobe.d/bonding.conf, enter:
# vi /etc/modprobe.d/bonding.conf
Append the following

alias bond0 bonding
options bonding mode=0 arp_interval=100 arp_ip_target=192.168.1.254, 192.168.1.12

Save and close the file. This configuration file is used by the Linux kernel driver called bounding. The options are important here:

mode=0 : Set the bonding policies to balance-rr (round robin). This is default. This mode provides load balancing and fault tolerance.
arp_interval=100 : Set the ARP link monitoring frequency to 100 milliseconds. Without option you will get various warning when start bond0 via /etc/network/interfaces.
arp_ip_target=192.168.1.254, 192.168.1.12 : Use the 192.168.1.254 (router ip) and 192.168.1.2 IP addresses to use as ARP monitoring peers when arp_interval is > 0. This is used determine the health of the link to the targets. Multiple IP addresses must be separated by a comma. At least one IP address must be given (usually I set it to router IP) for ARP monitoring to function. The maximum number of targets that can be specified is 16.

How Do I Load the Driver?

Type the following command
# modprobe -v bonding mode=0 arp_interval=100 arp_ip_target=192.168.1.254, 192.168.1.12
# tail -f /var/log/messages
# ifconfig bond0
Interface Bonding (Teaming) Configuration

First, stop eth0 and eth1 (do not type this over an ssh session), enter:
# /etc/init.d/networking stop
You need to modify /etc/network/interfaces file, enter:
# cp /etc/network/interfaces /etc/network/interfaces.bak
# vi /etc/network/interfaces
Remove eth0 and eth1 static IP configuration and update the file as follows:

############ WARNING ####################
# You do not need an “iface eth0” nor an “iface eth1” stanza.
# Setup IP address / netmask / gateway as per your requirements.
#######################################
auto lo
iface lo inet loopback

# The primary network interface
auto bond0
iface bond0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
gateway 192.168.1.254
slaves eth0 eth1
# jumbo frame support
mtu 9000
# Load balancing and fault tolerance
bond-mode balance-rr
bond-miimon 100
bond-downdelay 200
bond-updelay 200
dns-nameservers 192.168.1.254
dns-search nixcraft.net.in

Save and close the file. Where,

address 192.168.1.10 : Dotted quad ip address for bond0.
netmask 255.255.255.0 : Dotted quad netnask for bond0.
network 192.168.1.0 : Dotted quad network address for bond0.
gateway 192.168.1.254 : Default gateway for bond0.
slaves eth0 eth1 : Setup a bonding device and enslave two real Ethernet devices (eth0 and eth1) to it.
mtu 9000 : Set MTU size to 9000. See Linux JumboFrames configuration for more information.
bond-mode balance-rr : Set bounding mode profiles to “Load balancing and fault tolerance”. See below for more information.
bond-miimon 100 : Set the MII link monitoring frequency to 100 milliseconds. This determines how often the link state of each slave is inspected for link failures.
bond-downdelay 200 : Set the time, t0 200 milliseconds, to wait before disabling a slave after a link failure has been detected. This option is only valid for the bond-miimon.
bond-updelay 200 : Set the time, to 200 milliseconds, to wait before enabling a slave after a link recovery has been detected. This option is only valid for the bond-miimon.
dns-nameservers 192.168.1.254 : Use 192.168.1.254 as dns server.
dns-search nixcraft.net.in : Use nixcraft.net.in as default host-name lookup (optional).

A Note About Various Bonding Policies

In the above example bounding policy (mode) is set to 0 or balance-rr. Other possible values are as follows:
The Linux bonding driver aggregating policiesBonding policies (mode) Description
balance-rr or 0 Round-robin policy to transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
active-backup or 1 Active-backup policy. Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. This mode provides fault tolerance.
balance-xor or 2 Transmit based on the selected transmit hash policy. The default policy is a simple [(source MAC address XOR’d with destination MAC address) modulo slave count]. This mode provides load balancing and fault tolerance.
broadcast or 3 Transmits everything on all slave interfaces. This mode provides fault tolerance.
802.3ad or 4 Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification. Most network switches will require some type of configuration to enable 802.3ad mode.
balance-tlb or 5 Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
balance-alb or 6 Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation.

[ Source: See Documentation/networking/bonding.txt for more information. ]
Start bond0 Interface

Now, all configuration files have been modified, and networking service must be started or restarted, enter:
# /etc/init.d/networking start
OR
# /etc/init.d/networking stop && /etc/init.d/networking start
Verify New Settings

Type the following commands:
# /sbin/ifconfig
Sample outputs:

bond0 Link encap:Ethernet HWaddr 00:xx:yy:zz:tt:31
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::208:9bff:fec4:3031/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:9000 Metric:1
RX packets:2414 errors:0 dropped:0 overruns:0 frame:0
TX packets:1559 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:206515 (201.6 KiB) TX bytes:480259 (469.0 KiB)
eth0 Link encap:Ethernet HWaddr 00:xx:yy:zz:tt:31
UP BROADCAST RUNNING SLAVE MULTICAST MTU:9000 Metric:1
RX packets:1214 errors:0 dropped:0 overruns:0 frame:0
TX packets:782 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:103318 (100.8 KiB) TX bytes:251419 (245.5 KiB)
Memory:fe9e0000-fea00000
eth1 Link encap:Ethernet HWaddr 00:xx:yy:zz:tt:31
UP BROADCAST RUNNING SLAVE MULTICAST MTU:9000 Metric:1
RX packets:1200 errors:0 dropped:0 overruns:0 frame:0
TX packets:777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:103197 (100.7 KiB) TX bytes:228840 (223.4 KiB)
Memory:feae0000-feb00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

How Do I Verify Current Link Status?

Use the cat command command to see current status of bounding driver and nic links:
# cat /proc/net/bonding/bond0
Sample outputs:

Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)
Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:xx:yy:zz:tt:31
Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:xx:yy:zz:tt:30

Example: Link Failure

The contents of /proc/net/bonding/bond0 after the link failure:
# cat /proc/net/bonding/bond0
Sample outputs:

Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)
Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:xx:yy:zz:tt:31
Slave Interface: eth1
MII Status: down
Link Failure Count: 1
Permanent HW addr: 00:xx:yy:zz:tt:30

You will also see the following information in your /var/log/messages file:

Sep 5 04:16:15 nas01 kernel: [ 6271.468218] e1000e: eth1 NIC Link is Down
Sep 5 04:16:15 nas01 kernel: [ 6271.548027] bonding: bond0: link status down for interface eth1, disabling it in 200 ms.
Sep 5 04:16:15 nas01 kernel: [ 6271.748018] bonding: bond0: link status definitely down for interface eth1, disabling it

However, your nas01 server should work without any problem as eth0 link is still up and running. Next, replace the faulty network card, connect the cable, and you will see the following message in your /var/log/messages file:

Sep 5 04:20:21 nas01 kernel: [ 6517.492974] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Sep 5 04:20:21 nas01 kernel: [ 6517.548029] bonding: bond0: link status up for interface eth1, enabling it in 200 ms.
Sep 5 04:20:21 nas01 kernel: [ 6517.748016] bonding: bond0: link status definitely up for interface eth1.

Desabilitando a interface gráfica do Ubuntu e habilitando o boot em modo texto

Se você quer o Unity mas prefere habilitar a inicialização via modo texto, siga as instruções abaixo

edite o arquivo /etc/default/grub e comente a seguinte linha abaixo

#GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”

adicione o seguinte comando abaixo

GRUB_CMDLINE_LINUX_DEFAULT=”text”

na sequência execute o comando abaixo

sudo update-grub2

Com isto seu sistema já estará iniciando em modo texto. Faça um texto reinicie sua máquina

Habilitando root no Galaxy S4 GT-I9500

Neste final de semana resolvi colocar em prática o root no Galaxy S4. Para habilitar o root precisaremos baixar alguns aplicativos como o ODIM e também os drivers do Samsung Galaxy para Windows.

Downloads
https://mega.co.nz/#F!mAQFwTbB!ENjzEFmdw0JazZ9vAi42Ng

* Todos os drivers Kernels e patchs estão neste link do Mega.
* Não me responsabilizo por qualquer dano causado a seu aparelho. Este tutorial têm apenas o intuito de documento o procedimento que usei para habilitar o root no meu. 

Caso você tenha comprado o seu Galaxy S4 depois de 05/2013 é possível que tenha o Kernel atualizado. O Kernel correto para habilitar o root é o 3.4.5-Adam-1.1 que também está disponível no link acima para download.

Siga os passos do vídeo abaixo com atenção

Recuperando logs de acesso com o comando LAST

O comando last utilizado para listar usuários logados no sistema é gerenciado pelos logs enviados ao arquivo /var/log/wtmp. Este arquivo por usa vez é versionado pelo sistema pelo gerenciador de logs logrotate.

Sendo assim é possível que seu sistema tenha versionado o arquivo WTMP e com isto geralmente ele zera o log de acesso do sistema em versões como

/var/log/wtmp.1
/var/log/wtmp.2
/var/log/wtmp.3
/var/log/wtmp.xxxx e dai por diante

Para recuperar estes arquivos você poderá utilizar o comando last assim como especificado na linha abaixo:

last -R -f /var/loca/wtmp.1

Isto irá mostrar a saída deste comando assim como a saída padrão do comando last 

 

Hacker palestino descobre vulnerabilidade no Facebook e publica na timeline do Mark Zuckerberg

Um hacker palestino denominado como Khalil encontrou uma vulnerabilidade no Facebook no qual possibilita que usuários publiquem em outros perfis utilizando um exploit desenvolvido para explorar a plataforma do Facebook.

Poucos minutos depois da publicação na timeline do Mark, engenheiros do Facebook pediram informações detalhadas de como o Khalil conseguiu explorar esta vulnerabilidade. Os engenheiros do Facebook admitiram a vulnerabilidade mas disseram que não iriam pagar para o Khalil pela descoberta da vulnerabilidade por não respeitar as regras de segurança da plataforma.

Vídeo de apresentação do exploit

 

Gridview e Listview usando Jquery

Uma solução para visualização de elementos utilizando os recursos de grid view e list view podem ser fácilmente aplicados com Jquery

Veja abaixo o exemplo

HTML

<div id=”container”>
<div class=”buttons”>
<button class=”grid”>Grid View</button>
<button class=”list”>List View</button>
</div>

<ul class=”list”>
<li>Item 1</li>
<li>Item 2</li>
<li>Item 3</li>
<li>Item 4</li>
<li>Item 5</li>
<li>Item 6</li>
<li>Item 7</li>
</ul>
</div>

Jquery

$(‘button’).on(‘click’,function(e) {
if ($(this).hasClass(‘grid’)) {
$(‘#container ul’).removeClass(‘list’).addClass(‘grid’);
}
else if($(this).hasClass(‘list’)) {
$(‘#container ul’).removeClass(‘grid’).addClass(‘list’);
}
});

CSS

#container ul { list-style: none; }
#container .buttons { margin-bottom: 20px; }

#container .list li { width: 100%; border-bottom: 1px dotted #CCC; margin-bottom: 10px; padding-bottom: 10px; }

#container .grid li { float: left; width: 20%; height: 50px; border-right: 1px dotted #CCC; border-bottom: 1px dotted #CCC; padding: 20px; }

Veja o exemplo em funcionamento:
http://jsfiddle.net/v57JF/

Utilizando o Festival Text-to-Speach no Linux

O recurso de Text-to-Speach pode ser utilizado com facilidade no Linux através do software Festival. A aplicação possibilita que você leia a saída de um arquivo com voz utilizando o recurso de TTS.

Post em inglês

Introduction

Using Festival Text-to-Speech in Ubuntu doesn’t work after the install. Here are some steps I took to fix it. Also, some changes to make it useful in everyday work.

Getting Festival to Work

Festival is the free text-to-speech engine that is extremely popular.

Here’s how to get it:

sudo apt-get install festival

Here’s how to test it:

echo "hello world"|festival --tts

You may see this error:

Linux: can't open /dev/dsp

If so, add the following lines to your .festivalrc file:

(Parameter.set 'Audio_Command "aplay -q -c 1 -t raw -f s16 -r $SR $FILE")
(Parameter.set 'Audio_Method 'Audio_Command)

Getting it to read the clipboard

Now, if you want it to read info from your clipboard, install this:

sudo apt-get install xclip

And type this:

xclip -o|festival --tts

Now, you can go a step further and create a shortcut key for reading text. Here’s a good one:

#!/bin/bash

#This script reads the information from the clipboard outloud.

#Look for festival being run.
running=$(pgrep festival)

if [ -z $running ]
then
    #read it
    xclip -o|festival --tts
else
    #kill it
    killall festival;killall aplay;sleep .1;killall aplay
fi

I call it talk.sh. Be sure to do a chmod +x talk.sh to it.

Assigning a Shortcut

Now, to assign to a shortcut key. I’m using Ubuntu which uses GNOME. if you use something else..you’re on your own. Otherwise, click System->Keyboard Shortcuts. Then add the path to the script and assign a shortcut.

I assigned it to the Windows-A keystroke. You can click it once to start and again to stop. Unfortunately, the script assumes you only have one instance of festival.

Adjusting the Playback Speed

If you want it to read faster, change the .festivalrc file:

(Parameter.set 'Audio_Command "aplay -q -c 1 -t raw -f s16 -r $(($SR*140/100)) $FILE")

The 140/100 means 140% of original speed which seems about right to me for most texts.

Improving Voices

The default voices in Festival do not sound great. Here’s a bash script to add new voices. These are the best I could find anywhere:

#Setup
cd
dir=nitech_us
mkdir $dir
cd $dir

#Download the voices
for voice in awb bdl clb rms slt jmk
do
  wget "http://hts.sp.nitech.ac.jp/archives/2.0.1/festvox_nitech_us_"$voice"_arctic_hts-2.0.1.tar.bz2" done   #Unpack tar xvf *.bz2   #Install sudo mkdir -p /usr/share/festival/voices/us sudo mv lib/voices/us/* /usr/share/festival/voices/us/ sudo mv lib/hts.scm /usr/share/festival/hts.scm

Setting a Default Voice

The default voice in Festival is configurable, but it doesn’t seem to work. It was necessary to change/usr/share/festival/voices.scm directly. Simply update the default-voice-priority-list. It should like something like this:

(defvar default-voice-priority-list
'(nitech_us_slt_arctic_hts
kal_diphone cmu_us_bdl_arctic_hts cmu_us_jmk_arctic_hts cmu_us_slt_arctic_hts cmu_us_awb_arctic_hts ; cstr_rpx_nina_multisyn ; restricted license (lexicon) ; cstr_rpx_jon_multisyn ; restricted license (lexicon) ; cstr_edi_awb_arctic_multisyn ; restricted license (lexicon) ; cstr_us_awb_arctic_multisyn ked_diphone don_diphone rab_diphone en1_mbrola us1_mbrola us2_mbrola us3_mbrola gsw_diphone ;; not publically distributed el_diphone ) "default-voice-priority-list List of voice names. The first of them available becomes the default voice.")

Notice how I put nitech_us_slt_arctic_hts at the top. This is my favorite voice.

Removendo malware System Care

Se você é usuário de Windows e está com dificuldades para removação do aplicativo System Care utilize a dica abaixo para remoção. O System Care não é um anti-vírus e sim um malware.

Abaixo você encontra a solução para este problema
http://malwaretips.com/blogs/system-care-antivirus-virus-removal/#malwarebytes

Artigo em inglês

System Care Antivirus Removal Guide

System Care Antivirus is a computer virus, which masquerades as genuine security software, while actually reporting non-existent malware threats in order to scare the user into paying for this rogue security software.
[Image: System Care Antivirus virus]

What is System Care Antivirus?

System Care Antivirus is a rogue anti-virus program from the Rogue.WinWebSec family of computer infections. This program is classified as a rogue because it pretends to be an anti-virus program, but will instead displays bogus scan results, report non-existing computer infections, and does not allow you to run your normal applications.
In this case, not only is System Care Antivirus going to disrupt your system, it’s going to try and trick you into making a purchase using your credit card.
System Care Antivirus appears in the form of a fake Windows warning on your computer system that reads you have a specific number of viruses on your computer (usually in the hundreds) and that this software has detected those viruses. To get rid of them you must purchase the full-version of System Care Antivirus. It’s important to remember that by purchasing the “claimed full version to remove the viruses” you will be submitting your personal information to unscrupulous persons and may also end up being a victim of credit card or identity fraud or theft.

How did System Care Antivirus got on my computer?

System Care Antivirus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this rogue antivirus without your permission.
Another method used to propagate System Care Antivirus is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the System Care Antivirus virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The System Care Antivirus infection is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Am I infected with System Care Antivirus virus?

Some examples of the interface, fake alerts, fake scanning results, and pop-ups displayed by System Care Antivirus are shown below:

[Image: System Care Antivirus]

[Image: System Care Antivirus Warning]

[Image: System Care Antivirus scam]

Activation codes for System Care Antivirus

As an optional step,you can use any of the following license keys to register System Care Antivirus and stop the fake alerts.
System Care Antivirus Activation code: AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove System Care Antivirus from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.


How to remove System Care Antivirus virus

This page is a comprehensive guide, which will remove the System Care Antivirus infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Start your computer in Safe Mode with Networking (OPTIONAL)
STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware Free
STEP 3:  Remove System Care Antivirus infection with HitmanPro

STEP 1 : Start your computer in Safe Mode with Networking (OPTIONAL)

Some variants of the System Care Antivirus virus will not allow you to start some of the below utilities while running Windows in its regular state.
If this happens, we recommend that you start your computer in Safe Mode with Networking, and try from there to perform the below scan.
To start your computer Start your computer in Safe Mode with Networking, you can follow the below steps:

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power,hold down Shift on your keyboard and click Restart, then click on Troubleshoot and selectAdvanced options. In the Advanced Options screen, select Startup Settings, then click onRestart.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]\
    If you are using Windows 8, press 5  on your keyboard to Enable Safe Mode with Networking.
    Windows will start in Safe Mode with Networking.

STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware FREE

The Malwarebytes Chameleon utility will allow us to install and run a scan with Malwarebytes Anti-Malware Free without being blocked by System Care Antivirus rootkit.

  1. Right click on your browser icon, and select Run As or Run as Administrator. This should allow your browser to open so that we can then download Malwarebytes Chameleon.
    [Image: Starting web browse on infected computer]
    If you’ll see a “Warning! The site you are trying visit may harm your computer!” message in your web browser window, you can safely click on the Ignore warnings and visit that site in the current state (not recommended) link, because this a bogus alert from System Care Antivirus.
  2. Download Malwarebytes Chameleon  from the below link, and extract it to a folder in a convenient location.
    MALWAREBYTES CHAMELEON DOWNLOAD LINK  (This link will open a new web page from where you can download Malwarebytes Chameleon)
    [Image: Extract Malwarebytes Chameleon utility]
  3. Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.
    [Image: Double click  on svchost.exe]
    IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
  4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
    Malwarebytes Chameleon press key
  5. Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
    Malwarebytes Chameleon updating its database
  6. Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with System Care Antivirus.Please keep in mind that this process can take up to 10 minutes, so please be patient.
    Malwarebytes Chameleon killing malware
  7. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for System Care Antivirus malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for System Care Antivirus]
  8. Upon completion of the scan, click on Show Result
    [Image: Malwarebytes Anti-Malware scan results]
  9. You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
    Make sure that everything is Checked (ticked),then click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  10. After your computer will start in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 3: Remove System Care Antivirus infection with HitmanPro

Some variants of the System Care Antivirus virus will install on victims computers a ZeroAccess rootkit. To remove this nasty piece of malware, we will perform a system scan with HitmanPro.
HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the System Care Antivirus infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) orHitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    If you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential programs are terminated, including the System Care Antivirus virus.

    When HitmanPro will start, click on the Next button, to install this program on your computer.
    HitmanPro scanner
  3. HitmanPro will now begin to scan your computer for System Care Antivirus trojan.
    HitmanPro detecting for System Care Antivirus virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove System Care Antivirus virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

Your computer should now be free of the System Care Antivirus infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version ofMalwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove System Care Antivirus from your machine, please start a new thread in our Malware Removal Assistance forum.