Saturday, June 5, 2010

Sysinternals Antivirus Removal GuideSysinternals Antivirus Removal Guide

Sysinternals Antivirus Removal Guide
Sysinternals Antivirus is a fake antivirus which is a fake security application. Sysinternals Antivirus install into computer through malwares without any permission of the user unless UAC is set to the highest level (for Windows 7 users). Sysinternals Antivirus will automatically run when windows boot. Sysinternals Antivirus produce false scan result and urge the user to activate the protection by purchasing the full version of Sysinternals Antivirus.

Sysinternals Antivirus once is installed in the computer, it will tell the user that the Windows is in danger! It will scan the computer and show that there are n Infection Found. It even state the malwares that infect the files such as Email-Worm.Win32.Meronda and in fact, it is a fake result. It provide fake features like System Scan, Firewall, Update etc.

Sysinternals Antivirus should be removed immediately!


Sysinternals Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
alggui.exe
%Program Files%\svchost.exe
dbsinit.exe
Sysinternals Antivirus.exe
ccsmn.exe
ccsrr.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_CURRENT_USER\Software\Sysinternals Antivirus
HKEY_USERS\.DEFAULT\Software\Sysinternals Antivirus
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CLASSES_ROOT\CLSID\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavapp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavappr"

Remove Folders and Files
%Program Files%\adc_w32.dll
%Program Files%\alggui.exe
%Program Files%\extra1.dat
%Program Files%\extra2.dat
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\scdata
%Program Files%\Sysinternals Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus

No comments:

Post a Comment