[Method] Make Money with Virus/Worm/etc Removal Sites + CPA Content Locker


Senior Member
Mar 16, 2011
Reaction score
If you are a tl;dr guy, skip this thread

As you well know, not all anti-virus softwares can do their job; some people doesn't even have one installed, and the list of why their computer was infested, can be unlimited; not to mention that not everybody who owns a computer, knows the difference between a virus, worm, trojan, spyware etc (click here for difference) and how he got him exactly. Thing is, at one point, everyone will get a "virus", noobie or pro.

(Example Story - Method)


Little Timmy got a new computer on his birthday. The performance of his computer, was astonishing, so he started to install all sorts of programs, games, visiting all sorts of sites and so on. One day, his computer starts to act quite strange (random diagnostics). He calls his mom and dad, they take a look, they observe that their computer is infested with a worm, and that their current antivirus which was installed after the infestation, can't handle it. (Don't think cold on this, there are thousands of thousands of viruses, worms, trojans, all act differently, can bypass some anti-virus softwares, can create backdoors and so on)

So the journey begins. They start to read dozens of sites on Google, about the worm that infested their computer. As you well know Google, they will discover a lot of fake anti-whatever software sites, where they download it, scan the PC and find the problems, just that they need to pay in order to remove, and that's not even sure at all. Others, will get lost in numerous forums and sites, where people complains about this, just that rarely they will find a solution, or if they will, it will seem quite comlicated. On the other hand, some people will find those exact match [virus_name] removal, which will clean their computer. But not everybody finds that place. So, it's a complete mess, especially when you have your computer knocked up and acts crazy all the time, when you desperately try to fix it as soon as possible.

Method: Concept

What you have to do, is to find out a database of viruses, worms, spywares, trojans etc (example sites: source 1, source 2, source 3 and DO search for other sources, these are just some examples), chose one 'infection', and do your homework on that. Be sure that that is quite spread and the manual fix of it can be quite nasty. Usually worms are pretty much a fuckerty, but with a straight removal tool, they can get killed fast.

So let's say you selected this one: W32.Brontok. Some nasty worm that create .exe folders, and often, unexpectedly and repetitive restarts your windows like crazy. But it does more than that. Antiviruses won't remove it completely and the worm can 'heal' himself and attack again right away.

People will often read articles about the removal, like this: [DO NOT READ THE ENTIRE COPY/PASTE thing, just take a look & scroll]

Manual removal steps:

  1. Disconnect your computer from the network
    and disable file sharings, if any.
  2. Disable System Restore (for Windows
    XP/Windows Me only).
    For Windows XP:
    For Windows Me:
    1. Click Start.
    2. Right-click My Computer, and then click Properties.
    3. Click the System Restore tab.
    4. Select ?Turn off System Restore? or ?Turn off System
      Restore on all drives? check box.
    5. Click Start, point to Settings, and then click Control
    6. Double-click the System icon. The System Properties
      dialog box appears.
    7. Click the Performance tab, and then click File System.
      The File System Properties dialog box appears.
    8. Click the Troubleshooting tab, and then check Disable
      System Restore.
    9. Click OK. Click Yes, when you are prompted to restart
  3. Start your machine in Safe mode.
    Update your Anti-virus software with the latest signature
    files and scan your computer withthe Anti-virus to detect the
    worm and delete any files detected as the worm by clicking the
    DELETE button.
  4. Delete the value from the registry.
    You need to back up the registry before
    making any changes to it. In correct changes to the registry
    can result in permanent data loss or corrupted files. Modify
    the specified subkeys only.
    If you are still unable to open your registry, you may try
    the following steps.
    1. Click Start > Run.
    2. Type regedit
    3. Click OK.Note: If the registry editor fails to open
      the threat may have modified the registry to prevent access
      to the registry editor. You can used a tool to resolve this
      Download this
      Navigate to the subkey that was detected by the anti-virus
      and delete the value.
    4. Exit the Registry Editor.
    5. Boot up the infected computer, but do not
      login to the server, leave it at the login prompt.
    6. Start up another clean computer, worm-free
      computer which has an updated anti-virus software running and
      an active firewall running preventing all inbound
    7. From the clean computer, start REGEDIT.EXE
      and click on File -> File -> Connect Network Registry.
      Connect to the infected computer.
    8. Modify the following values in
      to the following values:
    9. ?Userinit? = ?C:WINNTsystem32userinit.exe,? ?Shell? = ?Explorer.exe?(make sure that you enter the correct path to where
      Windows is installed. For example on NT4.0 it is WINNT)
    10. After completing the above steps, reboot
      the infected computer.
    11. Using the clean computer, map the C$ share
      and scan it using the up to date anti-virus to remove any
      infected files on the infected computer. Then, you should be
      able to boot to the computer and then follow Steps 6 ? Steps
  5. Run a full system scan using an updated
    version of Anti-virus software and delete any files detected as
  6. Download and run a process management tool
    or process viewer to kill all worm processes running on the
    infected machine. The process management tool or the process
    viewer is available according to the machine?s platform and can
    be downloaded free from the Internet. For example users can
    download and use the following process viewer:
  7. Delete the scheduled tasks added by the
    worm. Click Start, and then click Control Panel. (In Windows
    XP, switch to Classic View.) In the Control Panel window,
    double click Scheduled Tasks. Right click the task icon and
    select Properties from pop-up menu. The properties of the task
    is displayed. Delete the task if the contents of the Run text
    box in the task pane matches the worm.
  8. Enable the System Restore (for Windows
    XP/Windows Me only).
  9. Re-scan your computer with an updated
    version of Anti-virus to confirm the computer is clean.
  10. Re-connect your computer to the network once
    confirmed clean.

So as you can see, this is the MANUAL REMOVAL of the worm. Well, maybe most of you down here, knows how to handle this one, given the instructions, but most of the people will get lost in the reading. Proof? Read the comments of the above article, click here.

Everyone wants the fast and easy way. Something that will fix everything by a single push of the button. Well, that exists too in this case, but they need to do a lot of searches, and avoid the tricky sites.

The tool who will fix this, is located here, provided by Bitdefender. What does it do?
The removal tool will:

  • Find any Brontok-infected files on your computer
  • Kill the worm's processes
  • Restore acess to Regedit
  • Restore access to Folder Options
  • Restore the default values for those entries that the worm changes.
  • Delete (or fix) the startup entries related to the worm.

So it basically does what it was said in the MANUAL process, just that everything is automated.

Method: Action

Do your research well. Find a worm/virus etc that it's pretty nasty and where the manual removal instructions are quite long and not so user-friendly. Also, be sure to find a removal tool for that 'infection' as well; you are a IM-er, you know how to use Google if you really need something.

Now, build a site with the exact name match, such as brontokremoval.com (which is available at the moment when I'm writing this post) or win32brontokaremoval.com or win32brontokbrremoval.com (a and br are some extensions of this worm). In some cases, you WILL or NOT need any serious SEO for it, but it depends what you choose. You can't go for alltrojansremoval.com (free as well) if you don't want to do some heavy SEO on it. But doing an exact match domain name of the "infection's" name + the word "removal" or "remover" + optionally the word "tool", will help you a lot in ranking your site. Remember, you target only one "infection", not all in one site, so be sure that the one you are choosing, is quite spread, not necessarily popular.

Make your site with 2 button options.

1) MANUAL REMOVAL [FREE] - you will rewrite some articles into one, talking about the worm, and how to remove it, with difficult fuzz (like in this page). Make everything nice, clean, but be sure to make it look pretty hard to actually remove it. Do NOT put any fake information regarding that; remember, there are many people who barely knows at all what is the 'cmd' command, just to say.

2) AUTOMATIC REMOVAL TOOL - Guarantee 100% [FREE*]
Here is where you will talk about how your removal tool, your brontok removal tool (not some Special_Extreme_Trolls_Removers.exe) can do all that what you mentioned in the Manual Removal instructions page, that it can be done in a few minutes by running this tool. Be sure to tell them that that tool will not only kill the worm and infected files, but will also [real EXAMPLE for brontok] Restore access to Regedit, Restore access to Folder Options, Restore the default values for those entries that the worm changes , Delete (or fix) the startup entries related to the worm. This will convince them that this tool is really the complete and ultimate solution for their problem.
So, after you'll make that smart description, add them the link to download the tool, which you already found somewhere else, by some hard search. Be sure to show them a virustotal scan in there about your tool, so that they can feel safe as well.

Content Lock the page where your Tool Removal is stored, and start banking $. Optionally, it would be a good idea to tell them that they need to complete a quick survey, in order to access the file, and also optionally, teach them how. You can tell them that tool is content locked, in order to prevent the "hackers" to not steal it, alter and infect it, and then distribute it again on the "netz". You can think of various reasons, or even to none. It's up to you.

That way, Jimmy's mom and dad completes a survey from your content locker, they get what they want, you get what they want. Jimmy gets his computer clean again, ready just to fuck it up once more, so that the parents can come again to one of your other sites (joking, because it's quite impossible considering the amount of viruses, worms and so on ;] )

*Really, don't go for the brontok worm, I gave this example so that you can understand the concept. You really have plenty of where to chose from. If you will however go for it, you will realize later why I advised you not to go.

This is an autopilot method, that can last and bank for many years, once it's done properly.

How to promote your site aside the SEO coming from the exact match domain? Well, many of you should know this already, but it never ruins to know that this can be done exactly like in the Reputation Method. You don't need to fix the other problems, just be sure to make new positive ones, to outcome the bad ones. When we talk about this method, be sure to make a lot of talking about your chosen 'infection', which will elad to your site. Try to use Y! Answers, Squidoo lens or post on forums about your problem, where you make an additional user and tell them how you fixed your computer by using the tool you found on your site. The methods of promoting it aside the organic traffic, are really vast.

If you didn't read all this post, don't bother to tell me tl'dr. Nobody cares. As for the others, remember that the key is to do your research well profound. What you'll make, will be on autopilot. And I'll leave it up to you to see what goes better, new 'infections vs old 'infections'. Don't go by a cold logic, it will kill you from the start.

Good Luck!
Interesting, and appears to be very scalable. I just wonder is CPA really the best way to make money from this?

If someone is confident enough with a PC to go and Google the virus etc. to remove it themselves, then they should sense an oddness about a site offering a tool to remove the undesirables asking them to fill in a survey...

I'm thinking either a "cakesliced" email submit offer hidden as a "Human Verification" gate could do better as it would look more legit, or perhaps building an email list, and using the method of creating your own .exe which asks to fill in a survey first, and then will give them access to the tool... plus building an email list at the same time.

Got a few other ideas on this, but definitely a very interesting post. I'm planning on starting a new IM project soon, this (twisted in some ways) could be it!

Great share ;)
@QuietZorg I know what you mean, but you know that saying, someone gives you a finger, but not his whole arm, unless you take it. By that, I mean that I only presented the concept of this method, I myself don't do it only with CPA Content Lockers, I do have loads of twists as well. But that doesn't mean what I presented above doesn't work, it does and it's the basic and simplest way to start, as I tried to cover the field for both noobies and experienced users of this forum. I can't talk about all my dark and bright twists that I do apply, as I'm not sure if I would be allowed to, but the method as I wrote it, does work too!

If someone is confident enough with a PC to go and Google the virus etc. to remove it themselves, then they should sense an oddness about a site offering a tool to remove the undesirables asking them to fill in a survey...

Don't think too much on logical cold. For you, that 'someone', is made out of the combinations of people you know around you and about what you know for yourself, but not everyone is really that good with computers.

My first little twist was to implement the CPA Locker in the tool, such as when someone was downloading it and accessing it, he was explained clear what to do. But again, there are really a lots of twists to improve this.

A CPA survey is viable as monetization for this, because when most people are hit by a strong virus or malware, they become entirely focused on cleaning it out of their PC, or at least finding a way to restore their system long enough to access their files. The time spent filling out the survey might have otherwise been wasted in web-searching for a safe site from which to remove the crap, which has already cost them downtime anyway. I don't see them minding taking the time too much, in a computer crisis situation.
I will try to think of some more twists, perhaps my mind isn't as dark as yours :cool:

What's the lifespan on these Trojans etc. ? A few months? I just wonder if one was to scrap lists of virus's, filter them somehow, and build say 100 sites, would there be a lot of fallout, or could you expect the same virus's to be around in 2 years time..?
@zebrahat Exactly my point, that's what I rely on as well when talking about content locking.

@QuietZorg Well, to answer to your question with an example, I am choosing viruses~ who are 2-3 years old. Brontok is 7 years old, and it still finds its way in some computers, but that was just an example. Usually, few months - 3 years old viruses~(general term) are good to go. But DO your research about it!

@healzer awwww you xD
Last edited:
I haven't tried this method out, but I'm sure this will work out. Some months back my PC got infected by some virus or something and it used to redirect my google searches randomly. Malwarebytes, ESET and everything else failed. I don't exactly know the name, it was TDSS or some shit. At last I resolved it using a Kaspersky tool called TDSS Killer. I swear I would have done anything to download it!
This method is just gold, Rep + Thanks added.

Would this be a good twist? Edit a specific manual removal step to say in brackets something like

(Caution: There is a chance of your motherboard overheating when completing this step, This will cause smoke to come out of your computer)

This way they will be hesitant to try the manual way and go for the quick safe fix.
Just wondering, what is the potential earnings to come out of this? Has anybody tried it or scaled it up and seen results?
Nice method Man! You need add more info about how to do fast Seo
this is very nice method .. solid if monetize well .. thanks given :D
This method is super solid.. Most of the people get frustrated when trying to fix the problem manually so ultimately they buy the application..
You shouldn't have post this OP.

These are real people with real problems.

Now lazy, unethical retards is going to abuse this and create fake virus removal tool.

I got scammed like this before, the tool fucked up my hard drive and I have to reformat the disk.

Mod, please close this thread or JR VIP it.
Last edited:
lostpassword shut a fuck up ! ok .this is a great method .
Last edited:
Hi , i want to say this is a great method rep added , for example i search a virus after i go to google adwords keyword tools and i search how many searches have that keywoord . How many searches does the keywoord need to have to be a good keyword ? 1000 searches / month ?

EDIT: i Found a keyword that have :
Global Monthly Searches 2.400 and Local Monthly Searches 880
i set Match Type to Exact and country to USA
Last edited:
Have just implemented your method. Let's see what happens!!
Last edited:
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock