Saturday, August 28, 2010

AWM Antivirus Removal GuideAWM Antivirus Removal Guide

AWM Antivirus Removal Guide
AWM Antivirus is a fake antivirus program that is created by irresponsible people who just want to cheat the user to purchase the full version of AWM Antivirus which is just a malware and cannot protect the computer from any virus or trojan. AWM Antivirus installs itself into the computer and will start automatically when windows boot. Then, AWM Antivirus will scan the computer and scares the user that the computer is infected by malwares and urge the user to buy the full version of AWM Antivirus so that to remove the malware. In fact, AWM Antivirus cannot remove any malwares. Don't believe any warning come from AWM Antivirus.

AWM Antivirus provide fake features like "Security Status (Firewall protection, Antivirus protection, Spyware protection, Automatic updates, Scheduled scans and Email protection)", "System Scan", "Firewall" and "E-mail Protection". AWM Antivirus produces fake warning: "WARNING! Your system needs to be cleared. It's highly recommended you clear your PC from existing threats right now."

AWM Antivirus should be removed immediately!

AWM Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
AWM.exe

Delete Registry
HKEY_CURRENT_USER\Software\AWM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "awm"

Remove Folders and Files
%AppData%\AWM
%UserProfile%\Desktop\AWM Antivirus.lnk
Friday, August 27, 2010

AVDefender 2011 Removal GuideAVDefender 2011 Removal Guide

AVDefender 2011 Removal Guide
AVDefender 2011 is a fake antivirus program that is mainly used to cheat the user of the infected computer to purchase the full version of AVDefender 2011 which cannot remove any malware from the computer. AVDefender 2011 cannot detect any malware from the computer too. AVDefender 2011 will start itself automatically when windows boot. Then, AVDefender 2011 will scan the computer and produce fake result which state that "System Status is Critical". Don't believe the warning! All of them is a lie!

AVDefender 2011 produce fake features like System Monitor which will always show the computer is in critical state (Performance, Health and Security of system are in critical state) and scare the user that the computer has a lot of threats such as "5 threats are highly harmful and slowing down your PC performance." AVDefender 2011 will ask your to buy the full version of AVDefender 2011 by showing that "You are using a Trial Version of AVDefender 2011! Your PC isn't FULLY protected now! Purchase full version of AVDefender 2011 for complete protection!"

AVDefender 2011 should be removed immediately!

AVDefender 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\\.exe

Delete Registry
HKEY_CURRENT_USER\Software\AVDefender 2011

Modify Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe"

Remove Folders and Files
%AppData%\AVDefender2011
%AppData%\
%UserProfile%\Start Menu\AVDefender2011
Thursday, August 26, 2010

Pest Detector 4.1 Removal GuidePest Detector 4.1 Removal Guide

Pest Detector 4.1 Removal Guide
Pest Detector 4.1 is a fake antivirus program that is distributed by the Microsoft Security Essentials Alert which will state that the computer is infected by malwares and then direct the user to install one of the five fake antivirus program with Pest Detector 4.1 being one of them. Pest Detector 4.1 will configure itself to start automatically when windows boot. Then Pest Detector 4.1 will scan the computer and state again the computer is infected by malwares and urge the user to purchase the full version of Pest Detector 4.1 so that to remove the malwares. Don't believe it. All of them is a lie!

Pest Detector 4.1 provide fake feature like scanner and firewall. It always state there are many files are infected by malwares. The firewall feature does not really protect the computer.

Pest Detector 4.1 should be removed immediately!

Pest Detector 4.1 Removal Guide
Kill Process
(How to kill a process effectively?)
antispy.exe

Delete Registry
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

Remove Folders and Files
%UserProfile%\Application Data\PAV
%UserProfile%\Application Data\antispy.exe

Peak Protection 2010 Removal GuidePeak Protection 2010 Removal Guide

Peak Protection 2010 Removal Guide
Peak Protection 2010 is a fake antivirus program that is distributed by the Microsoft Security Essentials Alert which will state that the computer is infected by malwares and then direct the user to install one of the five fake antivirus program with Peak Protection 2010 being one of them. Peak Protection 2010 will configure itself to start automatically when windows boot. Then Peak Protection 2010 will scan the computer and state again the computer is infected by malwares and urge the user to purchase the full version of Peak Protection 2010 so that to remove the malwares. Don't believe it. All of them is a lie!

Peak Protection 2010 provide fake feature like scanner and firewall. It always state there are many files are infected by malwares. The firewall feature does not really protect the computer.

Peak Protection 2010 should be removed immediately!

Peak Protection 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
antispy.exe

Delete Registry
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

Remove Folders and Files
%UserProfile%\Application Data\PAV
%UserProfile%\Application Data\antispy.exe

Red Cross Antivirus Removal GuideRed Cross Antivirus Removal Guide

Red Cross Antivirus Removal Guide
Red Cross Antivirus is a fake antivirus program that is distributed by the Microsoft Security Essentials Alert which will state that the computer is infected by malwares and then direct the user to install one of the five fake antivirus program with Red Cross Antivirus being one of them. Red Cross Antivirus will configure itself to start automatically when windows boot. Then Red Cross Antivirus will scan the computer and state again the computer is infected by malwares and urge the user to purchase the full version of Red Cross Antivirus so that to remove the malwares. Don't believe it. All of them is a lie!

Red Cross Antivirus provide fake feature like scanner and firewall. It always state there are many files are infected by malwares. The firewall feature does not really protect the computer.

Red Cross Antivirus should be removed immediately!

Red Cross Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
antispy.exe

Delete Registry
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

Remove Folders and Files
%UserProfile%\Application Data\PAV
%UserProfile%\Application Data\antispy.exe

Major Defense Kit Removal GuideMajor Defense Kit Removal Guide

Major Defense Kit Removal Guide
Major Defense Kit is a fake antivirus program that is distributed by the Microsoft Security Essentials Alert which will state that the computer is infected by malwares and then direct the user to install one of the five fake antivirus program with Major Defense Kit being one of them. Major Defense Kit will configure itself to start automatically when windows boot. Then Major Defense Kit will scan the computer and state again the computer is infected by malwares and urge the user to purchase the full version of Major Defense Kit so that to remove the malwares. Don't believe it. All of them is a lie!

Major Defense Kit provide fake feature like scanner and firewall. It always state there are many files are infected by malwares. The firewall feature does not really protect the computer.

Major Defense Kit should be removed immediately!

Major Defense Kit Removal Guide
Kill Process
(How to kill a process effectively?)
antispy.exe

Delete Registry
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

Remove Folders and Files
%UserProfile%\Application Data\PAV
%UserProfile%\Application Data\antispy.exe
Monday, August 23, 2010

Microsoft Security Essentials Alert Removal GuideMicrosoft Security Essentials Alert Removal Guide

Microsoft Security Essentials Alert Removal Guide
Microsoft Security Essentials Alert is a virus which try to cheat the user to install a fake antivirus into the computer. After Microsoft Security Essentials Alert infects the computer, it will scare the user by showing "Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click 'Show Details' to learn more."

Microsoft Security Essentials Alert show that the computer is infected by "Unknown Win32/Trojan" with "Severe" alert level. When the user click to remove the detected trojan, it will tell the user that it can't remove the trojan and urge the user to perform online-scanning. If the user click "Scan Online", it will bring the user to a website which listed 35 different antivirus program where 5 of them are fake antivirus: "Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit, AntiSpySafeguard or AntiSpy Safeguard".

If the user use one of the 5 fake antivirus to scan the computer, it will ask the user to click "Free Install" so that to scan and remove the malwares from the computer. In fact, all of them is a lie. Don't believe it!


Microsoft Security Essentials Alert should be removed immediately.

Microsoft Security Essentials Alert Removal Guide
Kill Process
(How to kill a process effectively?)
antispy.exe
defender.exe
tmp.exe

Delete Registry
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

Remove Folders and Files
%UserProfile%\Application Data\PAV
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\defender.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Local Settings\Temp\kjkkklklj.bat
Saturday, August 21, 2010

Advanced Security Tool 2010 Removal GuideAdvanced Security Tool 2010 Removal Guide

Advanced Security Tool 2010 Removal Guide
Advanced Security Tool 2010 is a fake antivirus program designed mainly to cheat the user to buy the full version of Advanced Security Tool 2010 in order to remove the malwares detected in the computer. Advanced Security Tool 2010 infects the computer and will configure itself to start automatically when Windows boot. Then Advanced Security Tool 2010 will scan the computer and produce fake result and state that the computer is infected by malwares. Don't believe them as it is a lie.

Advanced Security Tool 2010 provide fake features like Full PC Scan, Privacy Keeper, and Firewall. It shows "It is highly recommended that you activate Advanced Security Tool to assure that your PC works correctly and has no crashes." It produces fake warning: "Your PC might be at risk. Activate the software to protect it." Don't believe all of them.

Advanced Security Tool 2010 should be removed immediately.

Advanced Security Tool 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
asectool.exe

Unregister DLL files
%UserProfile%\Application Data\scan.dll

Delete Registry
HKEY_CURRENT_USER\Software\Advanced Security
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CURRENT_USER\Software\Microsoft "adver_id" = "29"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AdvSecTool"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "rundll32" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\asectool.exe" /sn"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll32" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe C:\WINDOWS\system32\ntload.exe"

Remove Folders and Files
%UserProfile%\asr.dat
%UserProfile%\Application Data\1tmp.bat
%UserProfile%\Application Data\asectool.exe
%UserProfile%\Application Data\scan.dll
%UserProfile%\Application Data\secmof.tmp
%UserProfile%\Desktop\Advanced Security Tool 2010.LNK
%UserProfile%\Start Menu\Advanced Security Tool 2010.LNK
Friday, August 13, 2010

Security Suite Removal GuideSecurity Suite Removal Guide

Security Suite Removal Guide
Security Suite is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Security Suite infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Security Suite will start automatically when Windows boot. Then, Security Suite will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Security Suite in order to remove the detected malwares.

Security Suite claims itself as innovative protection for your PC. Security Suite provide fake features like "Perform Scan", "Adjust Setting", "Get Update", "Help & Support" and so on. Security Suite also has a fake malware database.

Security Suite should be removed immediately!

Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random]shdw.exe

Delete Registry
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"

Remove Folders and Files
search the drives for [random]shdw.exe and kill them.
Thursday, August 12, 2010

My Security Shield Removal GuideMy Security Shield Removal Guide

My Security Shield Removal Guide
My Security Shield is a fake antivirus program which intend to urge the user whose computer is infected by My Security Shield to purchase the full version of My Security Shield. My Security Shield produces fake alert in order to cheat the user. My Security Shield installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. My Security Shield will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of My Security Shield to remove all the malwares.

My Security Shield ask the user to activate My Security Shield to get ultimate protection against Identify Theft, Malware and other threats! My Security Shield create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

My Security Shield should be removed immediately!

My Security Shield Removal Guide
Kill Process
(How to kill a process effectively?)
MS345d_2129.exe
DBOLE.exe
kernel32.exe

Unregister DLL files
mozcrt19.dll
sqlite3.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Remove Folders and Files
%AllUserProfile%\Application Data\345d567
%AllUserProfile%\Application Data\MSHBXRCOBWS
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
%UserProfile%\Application Data\My Security Shield
%UserProfile%\Desktop\My Security Shield.lnk
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Shield.lnk
%UserProfile%\Start Menu\Programs\My Security Shield.lnk
Thursday, August 5, 2010

WireShark Antivirus Removal GuideWireShark Antivirus Removal Guide

WireShark Antivirus Removal Guide
WireShark Antivirus is a fake antivirus program same as Sysinternals Antivirus. WireShark Antivirus is not made by WireShark but by other people who try to confuse the user that the antivirus is legitimate and is able to remove malwares and even provide many antivirus features. WireShark Antivirus is created to earn a profit from the user who are cheated by them. WireShark Antivirus infect the computer and then scan the computer. WireShark Antivirus produce fake warnings that the computer is infected by many malwares and urge the user to purchase the full version of WireShark Antivirus in order to remove the malwares. Don't be cheated by the fake warnings.

WireShark Antivirus produce fake features like Firewall, System Scan, Update etc. It claims to help protect your PC and scares the user that "Windows is in danger". WireShark Antivirus also produce fake detection such as showing that the files are infected by Trojan.VBS.Qhost, Trojan-Downloader.JS.Remora and other malwares. It shows the computer status: "At Risk" and ask the user to Activate Protection by buying full version of WireShark Antivirus.

WireShark Antivirus should be removed immediately.

WireShark Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%Program Files%\Sysinternals Antivirus\Sysinternals Antivirus.exe
%Program Files%\scdata\dbsinit.exe
%Program Files%\svchost.exe
%Program Files%\alggui.exe
%Program Files%\Wireshark Antivirus\Wireshark Antivirus.exe
%Program Files%\wpp.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_CURRENT_USER\Software\Wireshark Antivirus
HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd

Remove Folders and Files
%Program Files%\adc_w32.dll
%Program Files%\alggui.exe
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\wpp.exe
%Program Files%\Wireshark Antivirus

NetworkControl Removal GuideNetworkControl Removal Guide

NetworkControl Removal Guide
NetworkControl is a small program designed by a group of people in order to force the user to purchase one of their useless programs. NetworkControl is not a virus, but just a very small program which try to pretend like a firewall and produce fake system restore alert and a lot of advertisement. NetworkControl infects the computer through websites which provide free online scanner. The scanner will scare the user that the computer is infected by malwares and ask the user to download a program and install it to kill the virus. When the user install the program, NetworkControl will automatically be installed into the computer. Thus, don't be cheated by the free online scanner unless it has been promoted by many people in the world.

NetworkControl will create a folder named NetworkControl in C: drive to store its files. NetworkControl will start automatically when windows boot. NetworkControl produce fake system restore alert ("Critical System Notification") and tell the user that the Remote Administrator Adam1 has changed some system files of Windows OS. Checking will take several minutes. Please do not turn off the computer - it can lead to system crash." Don't trust what it has stated. NetworkControl just want to scare the user. All is just a lie!

NetworkControl constantly ask the user if he wish to block or allow Adam1 to modify the system. NetworkControl should be removed immediately!

NetworkControl Removal Guide
Kill Process
(How to kill a process effectively?)
checker.exe
nc.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "NetworkControl"

Remove Folders and Files
c:\NetworkControl
%WINDOWS%\Fonts\segoeui.ttf
%UserProfile%\Local Settings\Temp\abc
%UserProfile%\Local Settings\Temp\i.bat