Home / Archived For 2011

Tuesday, May 10, 2011

OfferBox Removal Guide

OfferBox Removal Guide

OfferBox Removal Guide
OfferBox is a program that will surely takes the user to a website that show the user some discounts and coupons when surfing the Internet. OfferBox infected the computer through a malicious website or Trojan. OfferBox install many malicious files on the computer without the awareness of the user. OfferBox display many pop-up alerts to scare the user to purchase useless application so that they can cheat the money of the user. The users should remove OfferBox immediately so that the computer is free any attack of malware, trojan or virus.


OfferBox can be removed first by stopping its processes (OfferBox.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by OfferBox (Read the removal guide below to remove OfferBox successfully).

OfferBox should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
offerbox.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]" "offerbox.exe"

Remove Folders and Files
C:\Program Files\OfferBox

Sunday, May 8, 2011

Windows Supervision Center Removal Guide

Windows Supervision Center Removal Guide

Windows Supervision Center Removal Guide
Windows Supervision Center is an unwanted application which is a rogue computer security program. Windows Supervision Center can stop programs from running, take over the web browser or display fake alerts about infections that aren't on the computer. Windows Supervision Center is a fake optimization tool that cannot detect any kind of malware, trojan or viruses. Windows Supervision Center was created to cheat the money of the user by showing fake report to the user that there are serious errors found in the hard drive, memory and the system. Windows Supervision Center urge the user to purchase the full version of Windows Supervision Center to remove all the detected threats. Windows Supervision Center will even claim it can eliminate computer issues or errors. Do not believe anything shown by Windows Supervision Center, as it can do nothing.

Windows Supervision Center can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Windows Supervision Center should be removed immediately!

Windows Supervision Center Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]
find the files in autorun setting in registry editor and remove all of them which is related to Windows Supervision Center

Saturday, May 7, 2011

Essential Cleaner Removal Guide

Essential Cleaner Removal Guide

Essential Cleaner Removal Guide
Essential Cleaner is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Essential Cleaner can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Essential Cleaner. Essential Cleaner infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Essential Cleaner to remove them. Essential Cleaner will start automatically when Windows boot. Then Essential Cleaner will do a fake scan on the computer and then it will show the fake report. Do not purchase Essential Cleaner as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Essential Cleaner and remove Essential Cleaner with anti-malware applications that are designed to handle such threats.

Essential Cleaner can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Essential Cleaner. Finally, all the file related to Essential Cleaner must be deleted from the hard drive. All of them has been shown in the removal guide below.

Essential Cleaner should be removed immediately!

Essential Cleaner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = ‘http=127.0.0.1:18810'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\[random]

Remove Folders and Files
%Temp%\[random]
Windows Oversight Center Removal Guide

Windows Oversight Center Removal Guide

Windows Oversight Center Removal Guide
Windows Oversight Center is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Oversight Center is distributed through the same fake Microsoft Security Essentials Alert trojan that many other rogue anti-spyware programs are propagated through, allowing Windows Oversight Center a stealthy entry. Windows Oversight Center infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Oversight Center include browser hijacks, dysfunctional security applications and unauthorized changes to system settings. Windows Oversight Center will start automatically when Windows boot. Then, Windows Oversight Center will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Oversight Center in order to remove the detected malwares. Full version or unregistered version of Windows Oversight Center can do nothing.

Windows Oversight Center can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Oversight Center shown in the removal guide below. All files related to Windows Oversight Center must be deleted.

Windows Oversight Center should be removed immediately!

Windows Oversight Center Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
freevideopplugin.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
freevideopplugin.exe
%Temp%\[random]

Thursday, May 5, 2011

PC Security Guardian Removal Guide

PC Security Guardian Removal Guide

PC Security Guardian Removal Guide
PC Security Guardian is a fake antivirus program that try to trick the user to buy the full version of PC Security Guardian by using fake scan results. PC Security Guardian installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. PC Security Guardian start itself when the computer boot and scan the computer automatically and produce fake scan result and keep on warning the users to buy the full version of PC Security Guardian. PC Security Guardian is advertised mostly through the use of bogus online scanners and malicious websites. .

PC Security Guardian can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by PC Security Guardian shown in the removal guide below. All files related to PC Security Guardian must be deleted.

PC Security Guardian should be removed immediately.

PC Security Guardian Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
HKCR\PersonalSS.DocHostUIHandler
HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "PC Security Guardian"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"

Remove Folders and Files
%AppData%\PC Security Guardian\cookies.sqlite
%AppData%\PC Security Guardian\Instructions.ini
%AppData%\PC Security Guardian
%CommonAppData%\[random]

Tuesday, May 3, 2011

RealClean Removal Guide

RealClean Removal Guide

RealClean Removal Guide
RealClean is a fake disk defragmenter program. RealClean will start automatically when Windows boot once it is installed in the computer. RealClean will SURELY produce fake report on Windows Registry, system memory and hard drive in order to scare the user. RealClean will urge the user to buy the full version of RealClean so that to solve the problems stated. RealClean can be removed by stopping all the processes which filename is formed by random. After, the files should be deleted.

RealClean can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by RealClean shown in the removal guide below. All files related to RealClean must be deleted.

RealClean should be removed immediately!

RealClean Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%program files%\realclean

Saturday, April 30, 2011

Antivirus Center Removal Guide

Antivirus Center Removal Guide

Antivirus Center Removal Guide
Antivirus Center is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Antivirus Center infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Antivirus Center will start automatically when Windows boot. Then, Antivirus Center will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Antivirus Center in order to remove the detected malwares.

Antivirus Center can be removed by stopping and removing all the processes and files with random name in the hard drive and restoring the registry entries added and modified by Antivirus Center. All of them has been shown in the removal guide below.

Antivirus Center should be removed immediately!

Antivirus Center Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “C:\WINDOWS\system32\rundll32.exe” = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Antivirus Center'


Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Center.lnk
%UserProfile%\Desktop\Antivirus Center.lnk
%AllUsersProfile%\Application Data\[random].ico
%AllUsersProfile%\Application Data\[random].dat
%Temp%\wrk4.tmp
%Temp%\ins2.tmp
%Temp%\mv3.tmp

Tuesday, April 26, 2011

AntiSpy 2011 Removal Guide

AntiSpy 2011 Removal Guide

AntiSpy 2011 Removal Guide
AntiSpy 2011 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. AntiSpy 2011 CANNOT detect and remove any kind of malware, trojan and virus. AntiSpy 2011 can only cheat the user to purchase the full version of AntiSpy 2011 so that to removed the detected threats. Do not believe any pop ups or report shown by AntiSpy 2011. All of them is a lie.

AntiSpy 2011 can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by AntiSpy 2011 shown in the removal guide below. All files related to AntiSpy 2011 must be deleted.

AntiSpy 2011 should be removed immediately!

AntiSpy 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
securitytipps.exe
_antispy.exe
securitytipps.exe
_antispy.exe
AntiSpy2011Setup.exe
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "antispy"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "antispy"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%Windir%\AntiSpy2011Setup.exe

Monday, April 25, 2011

Safecare Removal Guide

Safecare Removal Guide

Safecare Removal Guide
Safecare is a fake antivirus program which provide antivirus feature such as detecting malwares. The user click the wrong links or images in the fake online security websites. Safecare is installed on computers without the confirmation of the user. It will secretly modify the system settings and registry entries so that it will run automatically when windows boot. Safecare will constantly show security alert so that to urge the user to buy full version of Safecare. Safecare is not an antivirus but it is a parasite!

Safecare can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Safecare shown in the removal guide below. All files related to Safecare must be deleted.

Safecare should be removed from the computer immediately!

Safecare Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
remove the files and folders stated in the autorun settings.

Wednesday, April 20, 2011

BitDefender 2011 Removal Guide

BitDefender 2011 Removal Guide

BitDefender 2011 Removal Guide
BitDefender 2011 is a fake antivirus program same as Antivir Solution Pro, Antivir Solution Plus, AVG Antivirus 2011 and E-Set Antivirus 2011. BitDefender 2011 is not the real BitDefender which is a legitimate security application. BitDefender 2011 is made by other people who try to confuse the user that the antivirus is legitimate and is able to remove malwares and even provide many antivirus features. BitDefender 2011 is created to earn a profit from the user who are cheated by them. BitDefender 2011 infect the computer and then scan the computer. BitDefender 2011 produce fake warnings that the computer is infected by many malwares and urge the user to purchase the full version of BitDefender 2011 in order to remove the malwares. Don't be cheated by the fake warnings.

BitDefender 2011 can be removed first by stopping its processes (OQ4C92F6.exe, BitDefender 2011.exe, iesafemode.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by BitDefender 2011 (Read the removal guide below to remove BitDefender 2011 successfully).

BitDefender 2011 should be removed immediately.

BitDefender 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
bitdefender.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 21.04.2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "BitDefender 2011" = 'C:\Program Files\BitDefender 2011\bitdefender.exe'
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '0'
HKEY_CURRENT_USER\Software\EVAEC2
HKEY_CURRENT_USER\Software\MonEC2

Remove Folders and Files
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011
c:\Program Files\BitDefender 2011
%AllUsersProfile%\Start Menu\BitDefender 2011
%UserProfile%\Desktop\BitDefender 2011.lnk
%Temp%\srvED4.tmp
%Temp%\srvED4.ini

Tuesday, April 19, 2011

Total Virus Scanner Removal Guide

Total Virus Scanner Removal Guide
Total Virus Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Total Virus Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Total Virus Scanner will display this types of fake alert to urge the user to purchase the full version of Total Virus Scanner which cannot detect and remove any kind malware, trojan or virus.

Total Virus Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Total Virus Scanner should be removed immediately!

Total Virus Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Total Virus Scanner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Total Virus Scanner"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%%PROGRAM_FILES%\Total Virus Scanner
c:\Documents and Settings\All Users\Total Virus Scanner\
c:\Documents and Settings\All Users\Start Menu\Total Virus Scanner\
c:\Documents and Settings\All Users\[random]
remove the file stated in the autorun setting
Registry Virus Scanner Removal Guide

Registry Virus Scanner Removal Guide

Registry Virus Scanner Removal Guide
Registry Virus Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Registry Virus Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Registry Virus Scanner will display this types of fake alert to urge the user to purchase the full version of Registry Virus Scanner which cannot detect and remove any kind malware, trojan or virus.

Registry Virus Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Registry Virus Scanner should be removed immediately!

Registry Virus Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Registry Virus Scanner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Registry Virus Scanner"

Remove Folders and Files
%%PROGRAM_FILES%\Registry Virus Scanner
c:\Documents and Settings\All Users\Registry Virus Scanner\
c:\Documents and Settings\All Users\Start Menu\Registry Virus Scanner\

Friday, April 15, 2011

Malware Protection Removal Guide

Malware Protection Removal Guide

Malware Protection Removal Guide
Malware Protection is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Malware Protection does not kill any malware from any computer. Malware Protection infects the computer by installing KB1883574.exe into the computer which will try to disguise itself like a Windows update entitled System Security Pack Update. After installation complete, Malware Protection will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Malware Protection.

Malware Protection can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Malware Protection shown in the removal guide below. All files related to Malware Protection must be deleted.

Malware Protection should be removed immediately!

Malware Protection Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%Programs%\Malware Protection\Malware Protection.lnk
%Programs%\Malware Protection
%TempDir%\[random].exe
%TempDir%\[random]

Thursday, April 14, 2011

Windows Fix Disk Removal Guide

Windows Fix Disk Removal Guide

Windows Fix Disk Removal Guide
Windows Fix Disk is a fake optimization tool which claims that it can optimize the performance of the hard drive, memory and the system of computer. However, the fact is that Windows Fix Disk cannot optimize the performance of computer, but will definitely scare the user with a lot of fake warning by showing pop ups which states that the hard drive, memory and system have a lot of errors. Do not believe any report given by Windows Fix Disk as it can do nothing but just try to urge the user to buy the full version of Windows Fix Disk to remove all the detected errors. Full version or unregistered version of Windows Fix Disk can do nothing.

Windows Fix Disk can be removed by stopping and removing all the processes and files with random name in the hard drive and restoring the registry entries added and modified by Windows Fix Disk. All of them has been shown in the removal guide below.

Windows Fix Disk should be removed immediately!

Windows Fix Disk Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Windows Fix Disk\Windows Fix Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Fix Disk\Uninstall Windows Fix Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Fix Disk\
%UserProfile%\Desktop\Windows Fix Disk.lnk
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random].dll
%AllUsersProfile%\~[random]r
%AllUsersProfile%\~[random]

Wednesday, April 13, 2011

Fake System Restore Removal Guide

Fake System Restore Removal Guide

Fake System Restore Removal Guide
Fake System Restore is a program that is used to cheat the money of people by showing error message in the computer hard drive, memory and system. Fake System Restore adds a registry entries to make itself to start automatically when Windows boot. After that, Fake System Restore will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the hard drive, memory and system have serious errors which can only be solved by using the full version of Fake System Restore. Thus, the user is urged to purchase it. Do not believe any report given by Fake System Restore even the warning look so real. In fact, Fake System Restore cannot detect and remove any error of computer.

Fake System Restore can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Fake System Restore must be cleared by using Windows Registry Editor.

Fake System Restore should be removed immediately!

Fake System Restore Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%TempDir%\[random].exe
%TempDir%\[random]
%Programs%\System Restore
%Programs%\System Restore\System Restore.lnk
%Desktop%\System Restore.lnk
%TempDir%\dfrg
%TempDir%\dfrgr

Tuesday, April 12, 2011

Antivirus Clean 2011 Removal Guide

Antivirus Clean 2011 Removal Guide

Antivirus Clean 2011 Removal Guide
Antivirus Clean 2011 is another type of fake antivirus program which provide fake features to scan the computer and will surely report that the computer has been infected by malwares, trojans and viruses. Do not believe any report given by Antivirus Clean 2011 as it will show that report to any computer (no matter is free of virus or infected by virus) which have installed Antivirus Clean 2011. Antivirus Clean 2011 will run automatically when Windows boot. Then Antivirus Clean 2011 will do a fake scan on the computer and then it definitely show pop ups to scare the user that the computer has been infected. Antivirus Clean 2011 will urge the user to purchase the full version of Antivirus Clean 2011 to remove all the detected threats. However, Antivirus Clean 2011 cannot detect and remove any kind of virus, malware and trojan.

Antivirus Clean 2011 can be removed first by stopping its processes (CVMon.exe, Antivirus Clean 2011.exe, CVAutoUpdate.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Antivirus Clean 2011 (Read the removal guide below to remove Antivirus Clean 2011 successfully).

Antivirus Clean 2011 should be removed immediately!

Antivirus Clean 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
avservice.exe
avc2011.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus Clean 2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%ProgramFiles%\Antivirus Clean 2011
Internet Protection Removal Guide

Internet Protection Removal Guide

Internet Protection Removal Guide
Internet Protection is a fake antivirus program which intend to urge the user whose computer is infected by Internet Protection to purchase the full version of Internet Protection. Internet Protection produces fake alert in order to cheat the user. Internet Protection installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Internet Protection will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Internet Protection to remove all the malwares.

Internet Protection ask the user to activate Internet Protection to get ultimate protection against Identify Theft, Malware and other threats! Internet Protection create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

Internet Protection should be removed immediately!

Internet Protection Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
C:\Program Files\Internet Protection
C:\Program Files\Internet Protection\Internet Protection.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM].lnk
C:\Documents and Settings\All Users\Application Data\[RANDOM].avi
C:\Documents and Settings\All Users\Application Data\[RANDOM].ico
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Protection.lnk
%UserProfile%\Desktop\Internet Protection.lnk
%UserProfile%\Start Menu\Programs\Startup\[RANDOM].lnk

Monday, April 11, 2011

Internet Protection Firewall Alert Removal Guide

Internet Protection Firewall Alert Removal Guide

Internet Protection Firewall Alert Removal Guide
Internet Protection Firewall Alert is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of other fake antivirus. Internet Protection Firewall Alert is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Internet Protection Firewall Alert which cannot detect and remove any malware. Internet Protection Firewall Alert installs into the computer and will scan the computer when Windows boot. Then Internet Protection Firewall Alert will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Internet Protection Firewall Alert can be removed by stopping the processes with random name. Then the user should remove all the autorun settings and the related stated in the removal guide below.

Internet Protection Firewall Alert should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].EXE

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Desktop\Internet Protection.lnk
c:\Program Files\Internet Protection
%UserProfile%\Local Settings\Temp\ins1.tmp
%UserProfile%\Local Settings\Temp\mv2.tmp

Sunday, April 10, 2011

Critical Hard Disk Drive Error Removal Guide

Critical Hard Disk Drive Error Removal Guide

Critical Hard Disk Drive Error Removal Guide
Critical Hard Disk Drive Error is a fake warning message which try to cheat the user to install the full version of a fake antivirus into the computer such as Windows Repair, Windows Restore and Windows Diagnostic. Critical Hard Disk Drive Error is a fake warning message that you may see when the fake antivirus such as Windows Repair, Windows Restore and Windows Diagnostic are installed on your computer. Do not give your credit card information because it could be sold to other third parties.

Critical Hard Disk Drive Error can be removed first by stopping its processes and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Critical Hard Disk Drive Error (Read the removal guide below to remove Critical Hard Disk Drive Error successfully).

Critical Hard Disk Drive Error Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWAE\Microsoft\Windows\CurrentVersion\Run "[random]"
search for the registry key "HKEY_LOCAL_MACHINE\Software\"Critical Hard Disk Drive Error" ." Right-click this registry key and select "Delete."

Remove Folders and Files
remove the files stated in the autorun setting.
remove other "Critical Hard Disk Drive Error" files. These "Critical Hard Disk Drive Error" files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, "Critical Hard Disk Drive Error" might create a file like
%PROGRAM_FILES%\"Critical Hard Disk Drive Error" \"Critical Hard Disk Drive Error" .exe. Locate and remove these files.
Internet Protection 2011 Removal Guide

Internet Protection 2011 Removal Guide

Internet Protection 2011 Removal Guide
Internet Protection 2011 is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Internet Protection 2011. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Internet Protection 2011 is installed on the computer, it will start automatically when Windows boot. Then Internet Protection 2011 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Internet Protection 2011 will repeatedly shows the pop ups to urge the user to purchase the full version of Internet Protection 2011 so that to remove all the threats. However, Internet Protection 2011 cannot detect and remove any kind of virus, malware and trojan.

Internet Protection 2011 can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Protection 2011 shown in the removal guide below. Internet Protection 2011 DLL Files should be unregistered too (see removal guide). All files related to Internet Protection 2011 must be deleted.

 Internet Protection 2011 should be removed immediately!

Internet Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

Remove Folders and Files
%CommonAppData%\[random]
c:\Documents and Settings\All Users\Application Data\[random]
MS Recovery Tool Removal Guide

MS Recovery Tool Removal Guide

MS Recovery Tool Removal Guide
MS Recovery Tool is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, MS Recovery Tool. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once MS Recovery Tool is installed on the computer, it will start automatically when Windows boot. Then MS Recovery Tool will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. MS Recovery Tool will repeatedly shows the pop ups to urge the user to purchase the full version of MS Recovery Tool so that to remove all the threats. However, MS Recovery Tool cannot detect and remove any kind of virus, malware and trojan.

MS Recovery Tool can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by MS Recovery Tool shown in the removal guide below. MS Recovery Tool DLL Files should be unregistered too (see removal guide). All files related to MS Recovery Tool must be deleted.

 MS Recovery Tool should be removed immediately!

MS Recovery Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%CommonAppData%\[random]
c:\Documents and Settings\All Users\Application Data\[random]

Saturday, April 9, 2011

Win 7 Anti-Spyware 2011 Removal Guide

Win 7 Anti-Spyware 2011 Removal Guide

Win 7 Anti-Spyware 2011 Removal Guide
Win 7 Anti-Spyware 2011 is a fake antivirus program created to urge the user to buy the full version of Win 7 Anti-Spyware 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Anti-Spyware 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Anti-Spyware 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Anti-Spyware 2011 is nothing more than a scam and plagiarized antispyware program

Win 7 Anti-Spyware 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Anti-Spyware 2011. Finally, all the file related to Win 7 Anti-Spyware 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Anti-Spyware 2011 should be removed immediately!

Win 7 Anti-Spyware 2011 Removal Guide
Kill Process
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
XP Smart Security 2010 Removal Guide

XP Smart Security 2010 Removal Guide

XP Smart Security 2010 Removal Guide
XP Smart Security 2010 is a fake antivirus program created to urge the user to buy the full version of XP Smart Security 2010 in order to earn some profit. Don't ever buy it as it is a cheat! XP Smart Security 2010 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Smart Security 2010 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Smart Security 2010 is nothing more than a scam and plagiarized antispyware program

XP Smart Security 2010 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Smart Security 2010. Finally, all the file related to XP Smart Security 2010 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Smart Security 2010 should be removed immediately!

XP Smart Security 2010 Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe

Delete Registry
HHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\ave.exe
XP Security Removal Guide

XP Security Removal Guide

XP Security Removal Guide
XP Security is a fake antivirus program created to urge the user to buy the full version of XP Security in order to earn some profit. Don't ever buy it as it is a cheat! XP Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Security is nothing more than a scam and plagiarized antispyware program

XP Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Security. Finally, all the file related to XP Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Security should be removed immediately!

XP Security Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Security"

Remove Folders and Files
C:\Documents and Settings\All Users\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Temp\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Templates\y7V11
C:\WINDOWS\Prefetch\AVE.EXE-3098ECAE.pf
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
%Documents and Settings%\[AllUsers]\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[AllUsers]\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS]
%Temp%\[RANDOM CHARACTERS]
%AppData%\ave.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%Temp%\pw.exe
%UserProfile%\Start Menu\Programs\XP Security
XP Security 2011 Removal Guide

XP Security 2011 Removal Guide

XP Security 2011 Removal Guide
XP Security 2011 is a fake antivirus program created to urge the user to buy the full version of XP Security 2011 in order to earn some profit. Don't ever buy it as it is a cheat! XP Security 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Security 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Security 2011 is nothing more than a scam and plagiarized antispyware program

XP Security 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Security 2011. Finally, all the file related to XP Security 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Security 2011 should be removed immediately!

XP Security 2011 Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Security 2011"

Remove Folders and Files
C:\Documents and Settings\All Users\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Temp\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Templates\y7V11
C:\WINDOWS\Prefetch\AVE.EXE-3098ECAE.pf
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
%Documents and Settings%\[AllUsers]\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[AllUsers]\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS]
%Temp%\[RANDOM CHARACTERS]
%AppData%\ave.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%Temp%\pw.exe
%UserProfile%\Start Menu\Programs\XP Security 2011
XP Anti-Spyware 2011 Removal Guide

XP Anti-Spyware 2011 Removal Guide

XP Anti-Spyware 2011 Removal Guide
XP Anti-Spyware 2011 is a fake antivirus program created to urge the user to buy the full version of XP Anti-Spyware 2011 in order to earn some profit. Don't ever buy it as it is a cheat! XP Anti-Spyware 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Anti-Spyware 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Anti-Spyware 2011 is nothing more than a scam and plagiarized antispyware program

XP Anti-Spyware 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Anti-Spyware 2011. Finally, all the file related to XP Anti-Spyware 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Anti-Spyware 2011 should be removed immediately!

XP Anti-Spyware 2011 Removal Guide
Kill Process
pw.exe


Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Antispyware 2011"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\XP Antispyware 2011
pw.exe
XP Anti-Spyware Removal Guide

XP Anti-Spyware Removal Guide

XP Anti-Spyware Removal Guide
XP Anti-Spyware is a fake antivirus program created to urge the user to buy the full version of XP Anti-Spyware in order to earn some profit. Don't ever buy it as it is a cheat! XP Anti-Spyware install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Anti-Spyware produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Anti-Spyware is nothing more than a scam and plagiarized antispyware program

XP Anti-Spyware can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Anti-Spyware. Finally, all the file related to XP Anti-Spyware must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Anti-Spyware should be removed immediately!

XP Anti-Spyware Removal Guide
Kill Process
[random].exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile

Remove Folders and Files
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK

Friday, April 8, 2011

Windows 7 Total Security Removal Guide

Windows 7 Total Security Removal Guide

Windows 7 Total Security Removal Guide
Windows 7 Total Security is a fake antivirus program created to urge the user to buy the full version of Windows 7 Total Security in order to earn some profit. Don't ever buy it as it is a cheat! Windows 7 Total Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows 7 Total Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows 7 Total Security is nothing more than a scam and plagiarized antispyware program

Windows 7 Total Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows 7 Total Security. Finally, all the file related to Windows 7 Total Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows 7 Total Security should be removed immediately!

Windows 7 Total Security Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\Software\Windows 7 Total Security

Remove Folders and Files
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AllUsersProfile%
%AppData%
%AppData%\Local\[random].exe (look for 3-letter names)
\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Desktop\Windows 7 Total Security.lnk
%UserProfile%\Start Menu\Programs\Windows 7 Total Security.lnk
Fast Windows Antivirus 2011 Removal Guide

Fast Windows Antivirus 2011 Removal Guide

Fast Windows Antivirus 2011 Removal Guide
Fast Windows Antivirus 2011 is a fake antivirus program that just cheat the user that the computer is infected by malwares and urge the user to purchase the full version of Fast Windows Antivirus 2011. When Fast Windows Antivirus 2011 is installed in the computer accidentally, it will start automatically when Windows boot. Then Fast Windows Antivirus 2011 will scan the computer and WILL SURELY show shat the computer had been infected by malwares. However, the user can only remove the malwares by activating the program by purchasing the full version of Fast Windows Antivirus 2011. In fact, the full version of Fast Windows Antivirus 2011 cannot detect and remove any malware. Fast Windows Antivirus 2011 cannot detect any malware. Do not be cheated by Fast Windows Antivirus 2011.

Fast Windows Antivirus 2011 can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Fast Windows Antivirus 2011 should be removed immediately!

Fast Windows Antivirus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\Fast Windows Antivirus 2011.lnk
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\Uninstall Fast Windows Antivirus 2011.lnk
%UserProfile%\Desktop\Fast Windows Antivirus 2011.lnk
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\

Thursday, April 7, 2011

Alfa Defender Removal Guide

Alfa Defender Removal Guide

Alfa Defender Removal Guide
Alfa Defender is a fake antivirus program that looks like a legitimate antivirus. In fact, Alfa Defender cannot help protect your PC. Alfa Defender is created to cheat the user to buy the full version of Alfa Defender. When Alfa Defender is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as Alfa Defender cannot detect and remove any malware.

Alfa Defender can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Alfa Defender should be removed immediately!

Alfa Defender Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Alfa Defender"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%temp%\[random]
%temp%\[random].exe
BoanSupport Removal Guide

BoanSupport Removal Guide

BoanSupport Removal Guide
BoanSupport is a fake antivirus which use fake features to disguise itself that it can detect and remove malware, trojan and viruses. In fact, BoanSupport cannot do anything. BoanSupport can only do a fake scan on the computer and then show pop ups to tell the user that there are many malwares, trojans and viruses in the computer. BoanSupport run automatically when Windows boot. BoanSupport will urge the user to purchase the full version of BoanSupport in order to remove all the detected threats. Do not believe any report given by BoanSupport. BoanSupport cannot detect and remove any trojan, malware or virus.

BoanSupport can be uninstalled by first stopping the processes and then kill all the related files. Finally, restore the registry entries added and modified by BoanSupport.

BoanSupport should be removed immediately!

BoanSupport Removal Guide
Kill Process
(How to kill a process effectively?)
supportcfg.exe
boansupport_setup.exe
boansupportmon.exe
boansupport.exe
uninst.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BoanSupport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\BoanSupportPartner

Remove Folders and Files
c:\program files\boansupport\boansupportcfg.exe
c:\documents and settings\{username}\Desktop\boansupport_setup.exe
c:\program files\boansupport\uninst.exe
c:\program files\boansupport\boansupportmon.exe
c:\program files\boansupport
c:\program files\boansupport\boansupport.exe

Wednesday, April 6, 2011

Windows Spyware Protection Removal Guide

Windows Spyware Protection Removal Guide

Windows Spyware Protection Removal Guide
Windows Spyware Protection is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows Spyware Protection does not kill any malware from any computer. Windows Spyware Protection infects the computer by installing malware into the computer which will try to disguise itself like a real antivirus which can detect and remove malwares and viruses. After installation complete, Windows Spyware Protection will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows Spyware Protection. In fact, full version of Windows Spyware Protection cannot detect and remove any trojan, malware or virus.

Windows Spyware Protection can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Spyware Protection. Finally, all the file related to Windows Spyware Protection must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows Spyware Protection should be removed immediately!

Windows Spyware Protection Removal Guide
Kill Process
(How to kill a process effectively?)
CB130_287.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun ""1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Spyware Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"

Remove Folders and Files
%UserProfile%\Application Data\Windows Spyware Protection\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Programs\Windows Spyware Protection.lnk
%UserProfile%\Desktop\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Windows Spyware Protection.lnk
%UserProfile%\Application Data\Windows Spyware Protection
%UserProfile%\Application Data\Windows Spyware Protection\cookies.sqlite
C:\Documents and Settings\All Users\Application Data\23077d\CB130_287.exe
Windows Security 2011 Removal Guide

Windows Security 2011 Removal Guide

Windows Security 2011 Removal Guide
Windows Security 2011 is a fake antivirus program that try to trick the user to buy the full version of Windows Security 2011 by using fake scan results. Windows Security 2011 installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. Windows Security 2011 start itself when the computer boot and scan the computer automatically and produce fake scan result and keep on warning the users to buy the full version of Windows Security 2011. Windows Security 2011 is delivered via criminal websites and trojan infections. Windows Security 2011 cannot detect and remove any malware, trojan or virus..

Windows Security 2011 can be removed by using Emsisoft HiJackFree by stopping the process (Windows Security 2011.exe) and delete the files at the same time. Then, remove the autorun setting set by Windows Security 2011.

Windows Security 2011 should be removed immediately.

Windows Security 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
Uninstall.exe
Windows Security 2011.exe

Delete Registry
HKEY_CURRENT_USER\Software\Windows Security 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Security 2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Windows Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Security 2011

Remove Folders and Files
locate the files from the autorun settings and delete all of them
Uninstall.exe
Windows Security 2011.exe
%UserProfile%\Desktop\Windows Security 2011.lnk
%UserProfile%\Start Menu\Programs\Windows Security 2011.lnk
Vista Protection 2011 Removal Guide

Vista Protection 2011 Removal Guide

Vista Protection 2011 Removal Guide
Vista Protection 2011 is a fake antivirus program that WILL SURELY warning the user that the computer has been used as spamming machine. In fact, the computer is clean, is not used as spamming machine, however, Vista Protection 2011 try to convince the user by displaying the alert so that the user will purchase the full version of Vista Protection 2011. Vista Protection 2011 cannot detect any malware and remove any malwares. Vista Protection 2011 will start automatically when Windows boot. The user has to terminate the process, delete the registry settings and remove the folders and files of Vista Protection 2011 to remove it completely.

Vista Protection 2011 can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Vista Protection 2011 should be removed immediately!

Vista Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Template\st3e0ilfioi3684m2nt3ps2b6lru
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Tuesday, April 5, 2011

Antivirus Protection Trial Removal Guide

Antivirus Protection Trial Removal Guide

Antivirus Protection Trial Removal Guide
Antivirus Protection Trial is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Antivirus Protection Trial does not kill any malware from any computer. Antivirus Protection Trial infects the computer by installing malware into the computer which will try to disguise itself like a real antivirus which can detect and remove malware, trojan and virus. After installation complete, Antivirus Protection Trial will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Antivirus Protection Trial.

Antivirus Protection Trial can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antivirus Protection Trial shown in the removal guide below. Antivirus Protection Trial DLL Files should be unregistered too (see removal guide). All files related to Antivirus Protection Trial must be deleted.

Antivirus Protection Trial should be removed immediately!

Antivirus Protection Trial Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures"'1'

Remove Folders and Files
%Temp%\[random]\[random].exe
%Temp%\[random]\
Subscribe to: Comments (Atom)