Tuesday, November 30, 2010

Cwdrive32.exe Removal GuideCwdrive32.exe Removal Guide

Cwdrive32.exe Removal Guide
Cwdrive32.exe is a Trojan which download malwares into the computer so that to access a server from the web and a backdoor to the computer to let more malware to enter the system. Cwdrive32.exe will start automatically when Windows boot. Then it will use the internet connection to download other malware into the computers. It is not so hard to remove Cwdrive32.exe. However, as Cwdrive32.exe will download other malwares, the user should also remove the malwares too.

Cwdrive32.exe can be removed by stopping all the processes of Cwdrive32.exe (the name can be random and contain the word "Cwdrive32.exe"). Then, find all files which have the contain "Cwdrive32" in the hard disk and remove all of them. Then, run Registry Editor, find all related key which has "Cwdrive32" and remove all of them.

Cwdrive32.exe should be removed immediately!

Win Defrag Removal GuideWin Defrag Removal Guide

Win Defrag Removal Guide
Win Defrag is a fake optimization tool that disguises itself to cheat the user that it can optimize the performance of hard disk, memory, registry and so on. In fact, Win Defrag WILL SURELY state that the hard disk is unreadable (if it is really unreadable, how can Win Defrag run in the hard disk?), ram is in danger and registry is under threat. All of them are lies! Win Defrag will display this types of fake alert to urge the user to purchase the full version of Win Defrag which cannot optimize the performance of Windows, hard disk, memory or registry.

Win Defrag can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Win Defrag should be removed immediately!

Win Defrag Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
dfrg.exe
dfrgr.exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CLASSES_ROOT\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Win Defrag\
%UserProfile%\Desktop\HDD Control.lnk
%Temp%\[random].dll
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].exe
%Temp%\[random]
Monday, November 29, 2010

ShopperReports Removal GuideShopperReports Removal Guide

ShopperReports Removal Guide
ShopperReports is a fake toolbar that WILL SURELY shows something that will make us angry such as popup advertisement. ShopperReports installed into the computer when the user accidentally click a link in a website. ShopperReports will start automatically when Windows start. ShopperReports modify the registry settings so that it can redirect the homepage and search pages of browser especially Internet Explorer to corrupt sites. It can be removed from the computer by removing the related registry keys and its files.

ShopperReports is really a threat to a computer. It is a useless toolbar that cannot benefits us.

ShopperReports should be removed immediately!

ShopperReports Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
ShopperReports.exe
SearchSettingsProtection.exe

Delete Registry
HKEY_LOCAL_MACHINE\software\shopperreports\shopperreports\postinstaller
HKEY_LOCAL_MACHINE\software\shopperreports
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\shopper reports by hotbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hotbar shopperreports
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {946b3e9e-e21a-49c8-9f63-900533fafe14}
HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}
HKEY_CLASSES_ROOT\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\1.0
HKEY_CLASSES_ROOT\shprrprts.smrtshprctl.1
HKEY_CLASSES_ROOT\shprrprts.smrtshprctl
HKEY_CLASSES_ROOT\shprrprts.iebuttona.1
HKEY_CLASSES_ROOT\shprrprts.iebuttona
HKEY_CLASSES_ROOT\shprrprts.iebutton.1
HKEY_CLASSES_ROOT\shprrprts.iebutton
HKEY_CLASSES_ROOT\shprrprts.hbinfoband.1
HKEY_CLASSES_ROOT\shprrprts.hbinfoband
HKEY_CLASSES_ROOT\shprrprts.hbcommband.1
HKEY_CLASSES_ROOT\shprrprts.hbcommband
HKEY_CLASSES_ROOT\shprrprts.hbax.1
HKEY_CLASSES_ROOT\shprrprts.hbax
HKEY_CLASSES_ROOT\rprtspsclient.psexecuter.1
HKEY_CLASSES_ROOT\rprtspsclient.psexecuter
HKEY_CLASSES_ROOT\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}
HKEY_CLASSES_ROOT\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}
HKEY_CLASSES_ROOT\interface\{3f6da8bb-3e45-44e2-b494-c55beaf3b41e}
HKEY_CLASSES_ROOT\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}
HKEY_CLASSES_ROOT\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}
HKEY_CLASSES_ROOT\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}
HKEY_CLASSES_ROOT\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
HKEY_CLASSES_ROOT\clsid\{454b4812-e572-4703-a1bb-63490809eac0}
HKEY_CLASSES_ROOT\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}
HKEY_CLASSES_ROOT\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}
HKEY_CLASSES_ROOT\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}
HKEY_CLASSES_ROOT\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}

Remove Folders and Files
%ProgramFiles%\shopperreport
%UserProfile%\application data\shopperreports
%UserProfile%\application data\hbtools
ShopperReports.dll
tbFre1.dll
Sunday, November 28, 2010

Win HDD Removal GuideWin HDD Removal Guide

Win HDD Removal Guide
Win HDD is a fake disk defragmenter program. Win HDD will start automatically when Windows boot once it is installed in the computer. Win HDD will SURELY produce fake report on Windows Registry, system memory and hard drive in order to scare the user. Win HDD will urge the user to buy the full version of Win HDD so that to solve the problems stated. Win HDD can be removed by stopping all the processes which filename is formed by random characters. After, the files should be deleted.

Win HDD will display fake "critical error" message stating that the hard drive is unreadable or damaged. In fact, if the hard drive is unreadable, how can the program run (as the program is in the hard drive too)? Win HDD also prevent the user from running other Windows programs or downloading any software from internet!

Win HDD should be removed immediately!

Win HDD Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM CHARACTERS].exe

Unregister DLL files
%Temp%\[RANDOM CHARACTERS].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Win HDD
%UserProfile%\Desktop\HDD Control.lnk
%Temp%\[RANDOM CHARACTERS].dll
%Temp%\[RANDOM CHARACTERS].exe
%Temp%\[RANDOM CHARACTERS]
%Temp%\dfrgr
%Temp%\dfrg
Saturday, November 20, 2010

Prevent USB pen drive virusPrevent USB pen drive virus

Most of the time our computer are infected by virus through pendrive. They are plugged in by our friends or other people. Antivirus cannot detect every virus in the pendrive. How can we prevent the virus from infecting our computer when our friends or other people plug in their pendrive into our computer?
  1. Disable the autorun feature completely is the best way! or follow the step below:
  2. In my computer / windows explorer, you must not double click the removable disk .
  3. If you double click the removable disk, your computer will be infected by virus if your USB pen drive has been already infected by virus.
  4. Instead, in my computer, click the folders button:
    Prevent USB pen drive virus
  5. The folder pane will be shown:

  6. From the pane, click the Removable Disk.
  7. Done!
Some people suggest that scan the pen drive first with latest updated antivirus, but the fact is that most of the time the antivirus fail to detect the virus in the pen drive. So, the best policy is to disable the autorun feature completely
Sunday, November 14, 2010

ThinkSmart Removal GuideThinkSmart Removal Guide

ThinkSmart Removal Guide
ThinkSmart is a fake antivirus program which is much similar to ThinkPoint. ThinkSmart will start automatically when Windows boot after install in the computer. Then it will scan the computer and WILL SURELY states that the computer are infected by malwares. ThinkSmart will force the user to purchase the full version of ThinkSmart so that to cheat the money from the user. ThinkSmart cannot detect and remove any malware. The user the can follow the removal guide stated below to remove ThinkSmart completely from the computer.

ThinkSmart provide some fake features such as Scanner, Heuristic and Firewall. All of them cannot protect our computer from any kind of virus. They are SCAMS!

ThinkSmart should be removed immediately!

ThinkSmart Removal Guide
Kill Process
(How to kill a process effectively?)
defender.exe
hotfix.exe
tmp.exe
antispy.exe
thinkpoint.exe

Delete Registry
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%LocAppData%\antispy.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "tmp"
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"
HKCU\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%Documents and Settings%\[UserName]\Application Data\hotfix.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "thinksmart"
HKEY_CURRENT_USER\Software\PAV

Remove Folders and Files
%LocAppData%\antispy.exe
%LocAppData%\defender.exe
%LocAppData%\hotfix.exe
%LocAppData%\tmp.exe
%TempDir%\kjkkklklj.bat
%UserProfile%\Application Data\completescan
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\install
Tuesday, November 9, 2010

Quick Defragmenter Removal GuideQuick Defragmenter Removal Guide

Quick Defragmenter Removal Guide
Quick Defragmenter is a fake optimization program that WILL SURELY displays fake warning to urge the user to purchase the full version of Quick Defragmenter to remove all the detected errors. In fact, it cannot detect any error and remove any errors. Quick Defragmenter will start automatically when Windows boot. The user must terminate the process of Quick Defragmenter before deleting the folder and files of Quick Defragmenter. Then, the user must remove the related registry settings so that Quick Defragmenter will not start automatically. (see the Removal Guide below).

Quick Defragmenter provide fake feature to optimize the hard drive of the computer. In fact, it does not optimize the hard drive, it can do nothing. It also provide other fake features such as Performance Services, System Health, Proactive Data Protection and Diagnostics.

Quick Defragmenter should be removed immediately!

Quick Defragmenter Removal Guide
Kill Process
(How to kill a process effectively?)
[random characters].exe
winsp2up.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winsp2up.exe"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Quick Defragmenter
%Temp%\[random].bmp
%Temp%\[random].exe
%Temp%\winsp2up.exe
%Temp%\winsp2upd.dll

Security Inspector 2010 Removal GuideSecurity Inspector 2010 Removal Guide

Security Inspector 2010 Removal Guide
Security Inspector 2010 is a fake antivirus program that WILL SURELY warning the user that the computer has been used as spamming machine. In fact, the computer is clean, is not used as spamming machine, however, Security Inspector 2010 try to convince the user by displaying the alert so that the user will purchase the full version of Security Inspector 2010. Security Inspector 2010 cannot detect any malware and remove any malwares. Security Inspector 2010 will start automatically when Windows boot. The user has to terminate the process, delete the registry settings and remove the folders and files of Security Inspector 2010 to remove it completely.

Security Inspector 2010 provide fake features such as System scan and Firewall. It displays many fake alert such as "Your computer WILL BE DISCONNECTED FORM INTERNET BECAUSE SPAMMING OTHER PCs".

Security Inspector 2010 should be removed immediately!

Security Inspector 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
Security_Inspector_2010.exe
securitycenter.exe
securityhelper.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Inspector 2010
HKEY_CURRENT_USER\Software\Security Inspector 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "2kowmeuswvw3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Inspector 2010"

Remove Folders and Files
%Temp%\_2.tmp
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Inspector 2010.lnk
%UserProfile%\Start Menu\Programs\Security Inspector 2010.lnk
%UserProfile%\Application Data\Security Inspector 2010
%UserProfile%\Start Menu\Programs\Security Inspector 2010
Friday, November 5, 2010

Security Essentials 2011 Removal GuideSecurity Essentials 2011 Removal Guide

Security Essentials 2011 Removal Guide
Security Essentials 2011 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Security Essentials 2011 is installed. Security Essentials 2011 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Security Essentials 2011 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Security Essentials 2011 is to urge the user to register Security Essentials 2011 by purchasing the full version of Security Essentials 2011 so that to earn some money from the user. Security Essentials 2011 cannot detect and remove any malware / virus / trojan.

Security Essentials 2011 provide some fake antivirus features such as System Scan, Firewall, and Email protection. None of them can really protect the computer from virus / trojan / malwares.

Security Essentials 2011 should be removed immediately!

Security Essentials 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
SE2010.exe
[random_characters].exe

Delete Registry
HKEY_CURRENT_USER\Software\SE2010
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SE2010.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "updatesst"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\Security Essentials 2011\SE2010.exe" /hide"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updatesst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Essentials 2011.lnk
%UserProfile%\Application Data\Security Essentials 2011
%UserProfile%\Desktop\Security Essentials 2011.lnk
%UserProfile%\Start Menu\Security Essentials 2011.lnk
%ProgramFiles%\Securityessentials2010
%Temp%\[random_characters].exe
%Temp%\[random_characters].dll
Thursday, November 4, 2010

Antivirus Suite 2010 Removal GuideAntivirus Suite 2010 Removal Guide

Antivirus Suite 2010 Removal Guide
Antivirus Suite 2010 is a fake antivirus program that cannot detect and remove any malware. Antivirus Suite 2010 installs into the computer and then will start automatically when Windows boot. Then Antivirus Suite 2010 will scan the computer and WILL SURELY scare the user with fake scan report that there are many files infected by malwares / trojans / viruses. Antivirus Suite 2010 will urge the user to buy the full version of Antivirus Suite 2010 in order to remove all the detected malwares. In fact, the full version of Antivirus Suite 2010 cannot remove any malware. It is just a SCAM.

Antivirus Suite 2010 provide basic fake antivirus feature to scan the file in the computer.

Antivirus Suite 2010 should be removed immediately!

Antivirus Suite 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
[random]tssd.exe

Delete Registry
HKEY_CURRENT_USER\Software\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation"
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\[random]
all [random]tssd.exe in hard disk.