Saturday, July 28, 2012

Remove Windows Ultra-AntivirusRemove Windows Ultra-Antivirus

Remove Windows Ultra-Antivirus
Windows Ultra-Antivirus is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Ultra-Antivirus cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Ultra-Antivirus is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Ultra-Antivirus. Windows Ultra-Antivirus will recommend the user to purchase the full version of Windows Ultra-Antivirus in order to remove all the detected threats. Do not buy Windows Ultra-Antivirus as it can do nothing.

Windows Ultra-Antivirus provide fake features such as Protection, Scan, Update, License and Support. It claims that "Your computer is not protected!" and asks the user to activate "Antivirus and antispyware protection", "Proactive Threat Protection" and "Network Threat Protection".

Windows Ultra-Antivirus can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Ultra-Antivirus. These can be done by using Emsisoft HiJackFree.

Windows Ultra-Antivirus should be removed immediately!

Windows Ultra-Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\Windows Ultra-Antivirus\ScanDisk_.exe
%CommonAppData%\79b35\BAa76.exe
%UserProfile%\Recent\kernel32.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%System%\[random].exe
%System%\drivers\[random].sys
Friday, July 27, 2012

Remove Quick Heal Antivirus Plus 2009Remove Quick Heal Antivirus Plus 2009

Remove Quick Heal Antivirus Plus 2009
Quick Heal Antivirus Plus 2009 is a fake antivirus program created to urge the user to buy the full version of Quick Heal Antivirus Plus 2009 in order to earn some profit. Don't ever buy it as it is a cheat! Quick Heal Antivirus Plus 2009 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Quick Heal Antivirus Plus 2009 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Quick Heal Antivirus Plus 2009 is nothing more than a scam and plagiarized antispyware program

Quick Heal Antivirus Plus 2009 provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.


Quick Heal Antivirus Plus 2009 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Quick Heal Antivirus Plus 2009. Finally, all the file related to Quick Heal Antivirus Plus 2009 must be deleted from the hard drive. All of them has been shown in the removal guide below.


Quick Heal Antivirus Plus 2009 should be removed immediately!
Quick Heal Antivirus Plus 2009 Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-18_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "qfsbuqlsme"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll%AppData%\[random].exe%AppData%\result.db%CommonStartMenu%\Programs\Quick Heal Antivirus Plus 2009.lnk%Desktop%\Quick Heal Antivirus Plus 2009.lnk
Monday, July 23, 2012

Remove Windows Active GuardRemove Windows Active Guard

Remove Windows Active Guard
Windows Active Guard is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Active Guard WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Active Guard will display this types of fake alert to urge the user to purchase the full version of Windows Active Guard which cannot detect and remove any kind malware, trojan or virus.

Windows Active Guard can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Active Guard provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Active Guard should be removed immediately!

Windows Active Guard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-23_3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "odfjjflrtb"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe
... and many more Image File Execution Options entries.
Remove Folders and Files
%StartMenu%\Programs\Windows Active Guard.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Active Guard.lnk
Friday, July 20, 2012

Remove Windows Security SystemRemove Windows Security System

Remove Windows Security System
Windows Security System is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Security System cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Security System is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Security System. Windows Security System will recommend the user to purchase the full version of Windows Security System in order to remove all the detected threats. Do not buy Windows Security System as it can do nothing.

Windows Security System provide fake features such as Real-time protection, Firewall, Antivirus Protection, Autoupdate virus database, Anti-phishing protection and so on. None of them can help to protect the computer from any kind of malware. It recommend the user to activate Windows Security System to get Full protection against malicious, virus, spyware and unwanted software.

Windows Security System can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Security System. These can be done by using Emsisoft HiJackFree.

Windows Security System should be removed immediately!

Windows Security System Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Security System"
HKEY_CURRENT_USER\Software\[random characters]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Security System"
Remove Folders and Files
%appdata%\windows security system.lnk
%appdata%\microsoft\internet explorer\quick launch\windows security system.lnk
%desktopdir%\windows security system.lnk
%programs%\windows security system.lnk
%programs%\windows security system
Thursday, July 19, 2012

Remove Windows Security RenewalRemove Windows Security Renewal

Remove Windows Security Renewal
Windows Security Renewal is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Security Renewal WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Security Renewal will display this types of fake alert to urge the user to purchase the full version of Windows Security Renewal which cannot detect and remove any kind malware, trojan or virus.

Windows Security Renewal can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Security Renewal provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Security Renewal should be removed immediately!

Windows Security Renewal Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-9_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "qvnpoksgjc"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Security Renewal.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Security Renewal.lnk
%AppData%\1st$0l3th1s.cnf

Remove Windows Home PatronRemove Windows Home Patron

Remove Windows Home Patron
Windows Home Patron is an unwanted application which is a rogue computer security program. Windows Home Patron is a fake optimization tool that cannot optimize the performance of the hard drive, memory and the system of the computer. Windows Home Patron was created to cheat the money of the user by showing fake report to the user that there are serious errors found in the hard drive, memory and the system. Windows Home Patron urge the user to purchase the full version of Windows Home Patron to remove all the detected threats. Windows Home Patron will even claim it can eliminate computer issues or errors. Do not believe anything shown by Windows Home Patron, as it can do nothing.

Windows Home Patron can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Windows Home Patron should be removed immediately!


Windows Home Patron Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-18_3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "iixoxoyvtx"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 chars].exe
%AppData%\Protector-[random 4 chars].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf
Tuesday, July 17, 2012

Remove Windows Virtual FirewallRemove Windows Virtual Firewall

Remove Windows Virtual Firewall
Windows Virtual Firewall is a fake antivirus program that tricks the user to purchase the full version of Windows Virtual Firewall by showing fake detection of the computer. When Windows Virtual Firewall is installed in the computer, it will start automatically when Windows boot. Then, Windows Virtual Firewall will scan the computer and will surely state that there are many files in the computer are infected by malwares. Windows Virtual Firewall will urge the user to purchase the full version of Windows Virtual Firewall in order to remove all the malwares. However, Windows Virtual Firewall cannot detect and remove any malware from the computer. All the detection is a lie. Windows Virtual Firewall pretends to be affiliated with Microsoft by using the Windows icon and a comprehensive and user-friendly interface.

Windows Virtual Firewall provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.


Windows Virtual Firewall can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified must be cleared by using Windows Registry Editor.

Windows Virtual Firewall should be removed immediately!


Windows Virtual Firewall Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-16_5"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "jwnjktsfsl"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Virtual Firewall.lnk
%Desktop%\Windows Virtual Firewall.lnk
Saturday, July 14, 2012

Remove Windows Premium DefenderRemove Windows Premium Defender

Remove Windows Premium Defender
Windows Premium Defender is a fake antivirus program created to urge the user to buy the full version of Windows Premium Defender in order to earn some profit. Don't ever buy it as it is a cheat! Windows Premium Defender install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Premium Defender produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows Premium Defender is nothing more than a scam and plagiarized antispyware program

Windows Premium Defender provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Premium Defender can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Premium Defender. Finally, all the file related to Windows Premium Defender must be deleted from the hard drive. All of them has been shown in the removal guide below.


Windows Premium Defender should be removed immediately!
Windows Premium Defender Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-13_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "cwhstknlsh"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Premium Defender.lnk
%Desktop%\Windows Premium Defender.lnk

Friday, July 13, 2012

Remove Windows Web CombatRemove Windows Web Combat

Remove Windows Web Combat
Windows Web Combat is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Web Combat can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Web Combat. Windows Web Combat infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Web Combat to remove them. Windows Web Combat will start automatically when Windows boot. Then Windows Web Combat will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Web Combat as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Web Combat and remove Windows Web Combat with anti-malware applications that are designed to handle such threats.

Windows Web Combat provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Web Combat can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Web Combat. Finally, all the file related to Windows Web Combat must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Web Combat on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Web Combat should be removed immediately!


Windows Web Combat Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-12_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "gbtxhnktnq"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
... and many more Image File Execution Options entries.


Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf


Thursday, July 12, 2012

Remove Windows Virtual AngelRemove Windows Virtual Angel

Remove Windows Virtual Angel
Windows Virtual Angel is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Virtual Angel cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Virtual Angel is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Virtual Angel. Windows Virtual Angel will recommend the user to purchase the full version of Windows Virtual Angel in order to remove all the detected threats. Do not buy Windows Virtual Angel as it can do nothing.

Windows Virtual Angel provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Virtual Angel can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Virtual Angel. These can be done by using Emsisoft HiJackFree.

Windows Virtual Angel should be removed immediately!

Windows Virtual Angel Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-18_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "qfsbuqlsme"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Virtual Angel.lnk
%Desktop%\Windows Virtual Angel.lnk
Tuesday, July 10, 2012

Remove Windows Profound SecurityRemove Windows Profound Security

Remove Windows Profound Security
Windows Profound Security is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Profound Security WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Profound Security will display this types of fake alert to urge the user to purchase the full version of Windows Profound Security which cannot detect and remove any kind malware, trojan or virus.

Windows Profound Security can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Profound Security provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Profound Security should be removed immediately!

Windows Profound Security Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-9_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "qvnpoksgjc"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Profound Security.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Profound Security.lnk
%AppData%\1st$0l3th1s.cnf
Friday, July 6, 2012

Remove Windows Expert SeriesRemove Windows Expert Series

Remove Windows Expert Series
Windows Expert Series is a fake antivirus program which try to make money from the users of infected computers. Windows Expert Series display fake warnings and scans the computers that return false results only to urge the users to buy the full version of Windows Expert Series. Windows Expert Series claims that it can remove computer viruses, spyware or other types of malware if the users buy the full version of Windows Expert Series. Don't be cheated by what it has claimed as all of them is a lie! Windows Expert Series blocks the running of other programs to intimidate targeted computer users into thinking that their systems are corrupted with malware.

Windows Expert Series provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Expert Series can be removed first by stopping its processes and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Windows Expert Series (Read the removal guide below to remove Windows Expert Series successfully).

Windows Expert Series should be removed immediately!


Windows Expert Series Removal Guide
Read How to remove virus effectively before following the guide below.

Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Expert Series.lnk
%Desktop%\Windows Expert Series.lnk
Thursday, July 5, 2012

Remove Windows Virus HunterRemove Windows Virus Hunter

Remove Windows Virus Hunter
Windows Virus Hunter is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Virus Hunter cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Virus Hunter is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Virus Hunter. Windows Virus Hunter will recommend the user to purchase the full version of Windows Virus Hunter in order to remove all the detected threats. Do not buy Windows Virus Hunter as it can do nothing.

Windows Virus Hunter provide fake features such as Real-time protection, Firewall, Antivirus Protection, Autoupdate virus database, Anti-phishing protection and so on. None of them can help to protect the computer from any kind of malware. It recommend the user to activate Windows Virus Hunter to get Full protection against malicious, virus, spyware and unwanted software.

Windows Virus Hunter can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Virus Hunter. These can be done by using Emsisoft HiJackFree.

Windows Virus Hunter should be removed immediately!

Windows Virus Hunter Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-4_8"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ocwkwxqtpf"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf
Wednesday, July 4, 2012

Remove Windows Web CommanderRemove Windows Web Commander

Remove Windows Web Commander
Windows Web Commander is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Web Commander can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Web Commander. Windows Web Commander infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Web Commander to remove them. Windows Web Commander will start automatically when Windows boot. Then Windows Web Commander will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Web Commander as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Web Commander and remove Windows Web Commander with anti-malware applications that are designed to handle such threats.

Windows Web Commander provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Web Commander can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Web Commander. Finally, all the file related to Windows Web Commander must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Web Commander on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Web Commander should be removed immediately!


Windows Web Commander Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-3_8"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hycdnkxijp"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf


Monday, July 2, 2012

Remove Windows Interactive SecurityRemove Windows Interactive Security

Remove Windows Interactive Security
Windows Interactive Security is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Interactive Security WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Interactive Security will display this types of fake alert to urge the user to purchase the full version of Windows Interactive Security which cannot detect and remove any kind malware, trojan or virus.

Windows Interactive Security can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Interactive Security provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Interactive Security should be removed immediately!

Windows Interactive Security Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-1_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "pnfjxmkmgd"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Interactive Security.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Interactive Security.lnk