Tuesday, December 15, 2009

Additional Guard Removal GuideAdditional Guard Removal Guide

Additional Guard Removal Guide
Additional Guard is a fake anti-spyware application. Additional Guard is known to use several extortion methods to basically take money from an unsuspecting computer user in return for a bogus security program. Additional Guard can perform system scans only to return falsified parasite results. Additional Guard is not able to detect actual computer parasites but instead, displays several misleading alert messages attempting to warn a computer user of detected threats. Additional Guard does all of these actions in hopes that the user will eventually break down to purchase a full version of Additional Guard. Additional Guard is not and effective security program in the free or full version. It is recommended that Additional Guard be deleted to prevent further confusion.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
FS.exe
eb.exe
WI339.exe
ppal.exe
exec.exe
cb.exe
AG345d.exe

Unregister DLL files
cid.dll
FS.dll
energy.dll
ddv.dll
sqlite3.dll
mozcrt19.dll

Delete Registry
HKCR "xp_7a9be.DocHostUIHandler"
HKCR "CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Additional Guard"

Remove Folders and Files
$APPDATA\Additional Guard
$APPDATA\2565da61
$RECENT\PE.sys
$RECENT\kernel32.drv
$RECENT\FS.exe
$RECENT\FS.drv
$RECENT\exec.tmp
$RECENT\eb.exe
$RECENT\eb.drv
$RECENT\cid.dll
$RECENT\ANTIGEN.tmp
$RECENT\ANTIGEN.drv
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$STARTMENU\Programs\Additional Guard.lnk
$STARTMENU\Additional Guard.lnk
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk
$APPDATA\WINAGSys
$APPDATA\117fc
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk

IGuardPc or I Guard PC Removal GuideIGuardPc or I Guard PC Removal Guide

IGuardPc or I Guard PC Removal Guide
IGuardPc or I Guard PC, is a fake anti-spyware application which comes from the malicious group of hackers that created other fake security programs. IGuardPc, just like its predecessors, does not have the ability to detect and remove parasites from a PC. IGuardPc may claim to have the ability to clean your system of spyware but do not trust that.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
IGuardPc.exe
uninstall.exe

Delete Registry
HKLM "SOFTWARE\IGuardPc"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGuardPc"
HKCU "Software\IGuardPc"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "IGuardPc.exe"

Remove Folders and Files
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk
Thursday, December 10, 2009

Security Tool Removal GuideSecurity Tool Removal Guide

Security Tool Removal Guide
Security Tool is a rogue anti-spyware program that uses fake security alerts and system scan results to make computer users believe that they must purchase the Security Tool program to remove the found threats. Security Tool comes from the same group of attackers that made the fake security programs System Security and Total Security 2009.

Removal Tool 1: Security Tool Removal Tool. (Download it here.)
Removal Tool 2: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
SecurityTool.exe
4946550101.exe
[random>=8digits].exe (95750127.exe, 14507623.exe, 9048246710.exe etc)

Delete Registry
HKLM "SOFTWARE\SecurityTool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool"
HKCU "Software\Vista Antivirus 2010"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run " "SecurityTool"
HKCU "Software\Security Tool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "4946550101"

Remove Folders and Files
$PROGRAMFILES\SecurityTool
$APPDATA\4946550101
$DESKTOP\Security Tool.lnk
$STARTMENU\Programs\Security Tool.lnk
Wednesday, December 9, 2009

Antivirus Live Removal GuideAntivirus Live Removal Guide

Antivirus Live Removal Guide
Antivirus Live (also known as AntivirusLive) is the latest Rogue Anti-Spyware creation from the notorious Magic Software stable. Antivirus Live uses malicious cutting-edge techniques, including the use of backdoor Trojans. Once active, Antivirus Live disables the computer's security options, making it extremely difficult to uninstall through the Control Panel or via Safe Mode. Antivirus Live then starts spewing annoying popup ads and runs a security scan which reports the fake detection of numerous viruses and threats. Antivirus Live will recommend buying its licensed copy to solve the alleged spyware problems. Do not fall for Antivirus Live's trickery. This hazardous parasite should be terminated from the system immediately

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
[random]sysguard.exe

Unregister DLL files
iehelper.dll

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\AvScan"
HKCR "CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\Microsoft\Internet Explorer\Download" "RunInvalidSignatures"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyOverride"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyServer"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Associations" "LowRiskFileTypes"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" "SaveZoneInformation"

Remove Folders and Files
$WINDIR\[random]sysguard.exe
$SYSDIR\iehelper.dll

Read more:
Constants in manual removal guide
Tuesday, December 8, 2009

Personal Security Removal GuidePersonal Security Removal Guide

Personal Security Removal Guide
Personal Security is a clone of the rogue security software, Cyber Security. Personal Security also known as PersonalSecurity, typically spreads via sneaky Trojans or false advertisements. Personal Security will conduct a fake system scan once it has entered a system, and then produce alarming results of several parasite infections on the system. This is done to scare the user into purchasing the full version of Personal Security in order to remove all the purportedly detected parasites. Personal Security may also display numerous pop-ups and warning messages to scare the user even more. Personal Security is not a legitimate security program and should be removed immediately.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
psecurity.exe
Inst_2013[1].exe

Unregister DLL files
win32extension.dll

Delete Registry
HKLM "SOFTWARE\Personal Security"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "PSecurity"
HKCR "CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}"
HKLM "SOFTWARE\5FFB10D58FFCF482208906E6A889FD56"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform" "WinTSI 01.12.2009"

Remove Folders and Files
$SMPROGRAMS\Personal Security
$SMPROGRAMS\PSecurity
$PROGRAMFILES\Personal Security
$PROGRAMFILES\PSecurity
$APPDATA\Personal Security
$APPDATA\PSecurity
$PROGRAMFILES\Common Files\PSecurityUninstall
$APPDATA\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
$SYSDIR\win32extension.dll

Read more:
Constants in manual removal guide