Tuesday, December 15, 2009

Additional Guard Removal GuideAdditional Guard Removal Guide

Additional Guard Removal Guide
Additional Guard is a fake anti-spyware application. Additional Guard is known to use several extortion methods to basically take money from an unsuspecting computer user in return for a bogus security program. Additional Guard can perform system scans only to return falsified parasite results. Additional Guard is not able to detect actual computer parasites but instead, displays several misleading alert messages attempting to warn a computer user of detected threats. Additional Guard does all of these actions in hopes that the user will eventually break down to purchase a full version of Additional Guard. Additional Guard is not and effective security program in the free or full version. It is recommended that Additional Guard be deleted to prevent further confusion.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
FS.exe
eb.exe
WI339.exe
ppal.exe
exec.exe
cb.exe
AG345d.exe

Unregister DLL files
cid.dll
FS.dll
energy.dll
ddv.dll
sqlite3.dll
mozcrt19.dll

Delete Registry
HKCR "xp_7a9be.DocHostUIHandler"
HKCR "CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Additional Guard"

Remove Folders and Files
$APPDATA\Additional Guard
$APPDATA\2565da61
$RECENT\PE.sys
$RECENT\kernel32.drv
$RECENT\FS.exe
$RECENT\FS.drv
$RECENT\exec.tmp
$RECENT\eb.exe
$RECENT\eb.drv
$RECENT\cid.dll
$RECENT\ANTIGEN.tmp
$RECENT\ANTIGEN.drv
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$STARTMENU\Programs\Additional Guard.lnk
$STARTMENU\Additional Guard.lnk
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk
$APPDATA\WINAGSys
$APPDATA\117fc
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk

IGuardPc or I Guard PC Removal GuideIGuardPc or I Guard PC Removal Guide

IGuardPc or I Guard PC Removal Guide
IGuardPc or I Guard PC, is a fake anti-spyware application which comes from the malicious group of hackers that created other fake security programs. IGuardPc, just like its predecessors, does not have the ability to detect and remove parasites from a PC. IGuardPc may claim to have the ability to clean your system of spyware but do not trust that.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
IGuardPc.exe
uninstall.exe

Delete Registry
HKLM "SOFTWARE\IGuardPc"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGuardPc"
HKCU "Software\IGuardPc"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "IGuardPc.exe"

Remove Folders and Files
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk
Thursday, December 10, 2009

Security Tool Removal GuideSecurity Tool Removal Guide

Security Tool Removal Guide
Security Tool is a rogue anti-spyware program that uses fake security alerts and system scan results to make computer users believe that they must purchase the Security Tool program to remove the found threats. Security Tool comes from the same group of attackers that made the fake security programs System Security and Total Security 2009.

Removal Tool 1: Security Tool Removal Tool. (Download it here.)
Removal Tool 2: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
SecurityTool.exe
4946550101.exe
[random>=8digits].exe (95750127.exe, 14507623.exe, 9048246710.exe etc)

Delete Registry
HKLM "SOFTWARE\SecurityTool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool"
HKCU "Software\Vista Antivirus 2010"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run " "SecurityTool"
HKCU "Software\Security Tool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "4946550101"

Remove Folders and Files
$PROGRAMFILES\SecurityTool
$APPDATA\4946550101
$DESKTOP\Security Tool.lnk
$STARTMENU\Programs\Security Tool.lnk
Wednesday, December 9, 2009

Antivirus Live Removal GuideAntivirus Live Removal Guide

Antivirus Live Removal Guide
Antivirus Live (also known as AntivirusLive) is the latest Rogue Anti-Spyware creation from the notorious Magic Software stable. Antivirus Live uses malicious cutting-edge techniques, including the use of backdoor Trojans. Once active, Antivirus Live disables the computer's security options, making it extremely difficult to uninstall through the Control Panel or via Safe Mode. Antivirus Live then starts spewing annoying popup ads and runs a security scan which reports the fake detection of numerous viruses and threats. Antivirus Live will recommend buying its licensed copy to solve the alleged spyware problems. Do not fall for Antivirus Live's trickery. This hazardous parasite should be terminated from the system immediately

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
[random]sysguard.exe

Unregister DLL files
iehelper.dll

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\AvScan"
HKCR "CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\Microsoft\Internet Explorer\Download" "RunInvalidSignatures"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyOverride"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyServer"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Associations" "LowRiskFileTypes"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" "SaveZoneInformation"

Remove Folders and Files
$WINDIR\[random]sysguard.exe
$SYSDIR\iehelper.dll

Read more:
Constants in manual removal guide
Tuesday, December 8, 2009

Personal Security Removal GuidePersonal Security Removal Guide

Personal Security Removal Guide
Personal Security is a clone of the rogue security software, Cyber Security. Personal Security also known as PersonalSecurity, typically spreads via sneaky Trojans or false advertisements. Personal Security will conduct a fake system scan once it has entered a system, and then produce alarming results of several parasite infections on the system. This is done to scare the user into purchasing the full version of Personal Security in order to remove all the purportedly detected parasites. Personal Security may also display numerous pop-ups and warning messages to scare the user even more. Personal Security is not a legitimate security program and should be removed immediately.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
psecurity.exe
Inst_2013[1].exe

Unregister DLL files
win32extension.dll

Delete Registry
HKLM "SOFTWARE\Personal Security"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "PSecurity"
HKCR "CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}"
HKLM "SOFTWARE\5FFB10D58FFCF482208906E6A889FD56"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform" "WinTSI 01.12.2009"

Remove Folders and Files
$SMPROGRAMS\Personal Security
$SMPROGRAMS\PSecurity
$PROGRAMFILES\Personal Security
$PROGRAMFILES\PSecurity
$APPDATA\Personal Security
$APPDATA\PSecurity
$PROGRAMFILES\Common Files\PSecurityUninstall
$APPDATA\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
$SYSDIR\win32extension.dll

Read more:
Constants in manual removal guide
Sunday, November 22, 2009

Control Center Removal GuideControl Center Removal Guide

Control Center Removal Guide
Control Center is a Rogue Anti-Virus application that has the same characteristics as the notorious Privacy Center malware program. To avoid Control Center, Internet users must be aware of websites they visit and the files downloaded onto the computer. Control Center spreads via the Internet so browsing must be exercised with extreme caution. The Control Center virus can also come from a fake security website or fake multi-media websites that ask users to download a fake code needed to view a video online. If detected, Control Center must immediately be terminated.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Control Center Removal Guide
Kill Process
(How to kill a process effectively?)
agent.exe
cc.exe
uninstall.exe

Delete Registry
HKEY_CURRENT_USER\Software\Control Center
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Control Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Control Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Control Center

Remove Folders and Files
%Documents and Settings%\All Users\Start Menu\Programs\Control Center
%Program Files%\Control Center
%Documents and Settings%\All Users\Application Data\Control Center

Security Center Removal GuideSecurity Center Removal Guide

Security Center Removal Guide
Security Center is a replica of Privacy Components and Secret Service, which are dangerous rogue anti-spyware applications. Security Center, through a Trojan infection such as Vundo, is able to be installed without permission from the computer user or system administrator. After installed, Security Center is able to display fake system alerts in the form of an annoying popup and conduct system scans that return falsified results.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Security Center Removal Guide
Kill Process
(How to kill a process effectively?)
SecurityCenter.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SecurityCenter"

Remove Folders and Files
%UserProfile%\Start Menu\SecurityCenter.lnk
%UserProfile%\Start Menu\Programs\SecurityCenter
C:\Program Files\SecurityCenter

Windows Enterprise Suite Removal GuideWindows Enterprise Suite Removal Guide

Windows Enterprise Suite Removal Guide
Windows Enterprise Suite is a rogue anti-spyware program. It is considered to be part of the family of rogues which goes together with Volcano Security Suite. Research has proven how each of the above mentioned rogue program tends to make use of similar confusing ways so as to entice trustful computer users to purchase the full version of this deceitful security program.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows Enterprise Suite Removal Guide
Kill Process
(How to kill a process effectively?)
uninstall.exe
Windows Enterprise Suite.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Suite"

Remove Folders and Files
%UserProfile%\Desktop\Windows Enterprise Suite.lnk
%UserProfile%\Application Data\Windows Enterprise Suite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Suite.lnk
Monday, October 19, 2009

AntivirusPro_2010.exeAntivirusPro_2010.exe

AntivirusPro_2010.exeAntivirusPro_2010.exe is the virus file of Antivirus Pro 2010 which is a type of fake antivirus which can be removed by Remove Fake Antivirus.

Antivirus Pro 2010 is a fake spyware remover taking over from the rogue spyware remover PC Antispyware 2010. It is also known as AntivirusPro 2010, Anti Virus Pro 2010 or XP Antivirus Pro 2010. Antivirus Pro 2010 reports fabricated infection results following fake system scans, as well as displaying fake security alerts. These help to scare you into purchasing and downloading the rogue anti-spyware program Antivirus Pro 2010.

csc.execsc.exe

csc.execsc.exe is the virus file of Cyber Security which is a type of fake antivirus which can be removed by Remove Fake Antivirus.

However, the file csc.exe can also be a legitimate component of Microsoft Visual Studio. The file size is 45056 with the MD5 signature of 5D19ED0579A8DF9220DEFD77D5967DD9. Microsoft Visual Studio is an integrated development environment (IDE) produced by Microsoft. Using this software you are able to: Get more done with handy editors and debugging tools, Be more creative and live up to your development potential, Design next-gen, connected apps for the Web etc

Remove WGA (Windows Genuine Advantage) Notifications effectivelyRemove WGA (Windows Genuine Advantage) Notifications effectively

Remove WGA (Windows Genuine Advantage) Notifications effectively
How to Remove WGA (Windows Genuine Advantage) Notifications effectively? I have found a program named RemoveWGA which can effectively remove the warning.

RemoveWGA will enable you to easily remove the Microsoft "Windows Genuine Advantage Notifications" tool, which is calling home and connect to MS servers every time you boot. Futures updates of this notification tool will (officialy) setup the connection rate to once every two weeks.

Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot.

Moreover, connecting to Microsoft brings security issue for corporate networks, and privacy issues for everyone. It is also unclear which information are transmitted (Microsoft published an official answer, but an individual study brought some questions).

All of that, along the fact that Microsoft used deceptive ways to make you install this tool (it was told you it was an urgent security update, whereas it is a new installation giving you no extra security) makes me calling this tool a spyware.

Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part.



If you really want to Remove WGA (Windows Genuine Advantage) Notifications forever, you are recommended to:
Sunday, October 18, 2009

csrcs.execsrcs.exe

csrcs.execsrcs.exe, also known to be created under: autolfb.exe, wscrt.exe, systemchk.exe. By default it is located in the System (95/98/ME) / System32 (NT/2000/XP/Vista) folder under the Windows installation folder, C:\Windows or C:\WinNT. The process is not visible and loads during the Windows boot process and when started, it connects to a remote IRC server waiting for instructions to be executed. csrcs.exe is known to be associated with a number of other threats.

Known file sizes on Windows XP are 49,152 bytes (41% of all occurrence), 503,426 bytes, 453,788 bytes, 510,270 bytes, 419,942 bytes, 453,648 bytes, 41,936 bytes, 454,656 bytes, 496,756 bytes, 484,420 bytes.

Program has no file description. The file is not a Windows system file. The application is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce). The program is not visible.

It is an unknown file in the Windows folder. Program listens for or sends data on open ports to LAN or Internet. csrcs.exe is able to monitor applications, hide itself, record inputs, manipulate other programs. Therefore the technical security rating is 86% dangerous, however also read the users reviews.
Saturday, October 10, 2009

Cyber Security Removal GuideCyber Security Removal Guide

Cyber Security Removal Guide
Cyber Security is a rogue anti-spyware application that uses misleading notifications and fabricated system scans to scare users into purchasing a full version of Cyber Security. Cyber Security was found to come from the same makers of other rogues such as Total Security 2009 and System Security 2009.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Cyber Security Removal Guide
Kill Process
(How to kill a process effectively?)
tsc.exe
cs.exe
csc.exe

Unregister DLL files
winsource.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "1FD92E3F7C34799BFB075C41DA05D1FE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Cyber Security

Remove Files
Cyber Security.lnk
Registration.lnk
Help.lnk
winsource.dll
csc.exe

Alpha Antivirus Removal GuideAlpha Antivirus Removal Guide

Alpha Antivirus
Alpha Antivirus is a rogue anti-spyware application that uses deceptive plagiaristic messages and bogus system scans to entice computer users to purchase a full version of the Alpha Antivirus program. Alpha Antivirus appearance is somewhat similar to other popular rogue applications such as Personal Antivirus. Alpha Antivirus, once installed, is able to load at startup of Windows into memory making it difficult to manually remove. Alpha Antivirus is not capable of detecting and removing legitimate spyware parasites.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Alpha Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
AlphaAV.exe
Alpha Antivirus.exe

Unregister DLL files
msnaoladdon.dll

Delete Registry
Environment\AVUNINST
Environment\AVAPP
HKEY_LOCAL_MACHINE\SOFTWARE\Alpha Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alpha Antivirus
HKEY_CURRENT_USER\Software\Alpha Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Alpha Antivirus"

Remove Folders and Files
msnaoladdon.dll
Alpha Antivirus.lnk
AlphaAV.exe
Alpha Antivirus.exe
AlphaAV
%Documents and Settings%\All Users\Application Data\Alpha Antivirus
%Documents and Settings%\All Users\Start Menu\Programs\Alpha Antivirus
%Program Files%\Alpha Antivirus
Thursday, September 24, 2009

Antivirus Pro 2010 Removal GuideAntivirus Pro 2010 Removal Guide

Antivirus Pro 2010 Removal Guide
Antivirus Pro 2010 is a fake spyware remover taking over from the rogue spyware remover PC Antispyware 2010. It is also known as AntivirusPro 2010, Anti Virus Pro 2010 or XP Antivirus Pro 2010. Antivirus Pro 2010 reports fabricated infection results following fake system scans, as well as displaying fake security alerts. These help to scare you into purchasing and downloading the rogue anti-spyware program Antivirus Pro 2010.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
AntivirusPro_2010.exe

Delete Registry
AntivirusPro_2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus Pro 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Pro 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Pro 2010

Remove Folders and Files
AntivirusPro_2010.lnk
AntivirusPro_2010.exe
Antivirus Pro 2010
%UserProfile%\Start Menu\Programs\Antivirus Pro 2010\
%UserProfile%\Desktop\Antivirus Pro 2010.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Pro 2010.lnk
%Program Files%\Antivirus Pro 2010\

PC Antispyware 2010 Removal GuidePC Antispyware 2010 Removal Guide

PC Antispyware 2010 Removal Guide
PC Antispyware 2010 is a fake spyware remover that has been known to install itself onto your computer by way of Braviax infections. PC Antispyware 2010 typically displays fake security alerts and issues false system scans that report fabricated infection results all in order to trick you into purchasing the commercial version of PC Antispyware 2010.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
PCAntispyware2010.exe

Delete Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PC Antispyware 2010
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl

Unregister DLL files
ciqudehyri.dll
vivifabyx.dll
htmlayout.dll

Remove Folders and Files
%WINDOWS%\system32\_scui.cpl
%Documents and Settings%\All Users\Application Data\ciqudehyri.dll
%Program Files%\Common Files\vivifabyx.dll
%Program Files%\Common Files\ywukynota.com
%WINDOWS%\syromeni.bat
%WINDOWS%\system32\cepapyx.com
%Program Files%\PCAntispyware2010

FraudTool.MalwareProtector.d Removal GuideFraudTool.MalwareProtector.d Removal Guide

FraudTool.MalwareProtector.d Removal Guide
FraudTool.MalwareProtector.d is a rogue application that uses misleading popup notifications and fake system scans to trick computer users into believing that they need to purchase a full security app in order to remove spyware threats. FraudTool.MalwareProtector.d is not capable of removing parasites. Once installed, FraudTool.MalwareProtector.d is apt to cause destruction. Manual removal of FraudTool.MalwareProtector.d can be difficult to perform.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
shcl7cj0ea59.exe
pphcj7cj0ea59.exe

Delete Registry
RUNNING PROGRAM\pphcj7cj0ea59.exe
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN SMshcl7cj0ea59

Remove Files
shcl7cj0ea59.exe
pphcj7cj0ea59.exe

Winshield2009.com Removal GuideWinshield2009.com Removal Guide

Winshield2009.com Removal Guide
Winshield2009.com is a malicious website and browser hijacker. Winshield2009.com has the capability of changing settings on your web browser application in addition to displaying misleading notifications leading to the installation of the rogue application Antivirus System PRO. Winshield2009.com is usually followed by a fake system scan that displays bogus results to further mislead computer users into downloading and installing fake security software.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
sysguard.exe

Unregister DLL files
iehelper.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\Software\AvScan

Remove Files
%WINDOWS%\system32\iehelper.dll
%WINDOWS%\sysguard.exe

Green AV Removal GuideGreen AV Removal Guide

Green AV Removal Guide
Green AV is a fake spyware remover that utilizes slightly different tactics to most other rogue spyware removers. Green AV claims that for every product sold, they will donate $2 towards the protection of the environment. Do not be fooled, though. Green AV cannot protect your computer, let alone natural ecosystems. Green AV typically displays fake security alerts in order to fool you into believing your PC is infected, and then prompting you to purchase and download Green AV in order to combat these imaginary threats.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Green AV Removal Guide
Kill Process
(How to kill a process effectively?)
Install[1].exe
greenav2009.exe
mgrdll.exe
gav.exe

Remove Files
Install[1].exe
greenav2009.exe
mgrdll.exe
gav.exe
Tuesday, September 22, 2009

Windows Police PRO Removal GuideWindows Police PRO Removal Guide

Windows Police PRO Removal Guide
Windows Police PRO is a malicious program whose main goal is to trick people into purchasing its licensed version. Using affiliated trojans to infiltrate a computer without your knowledge or permission, and when installed and active, Windows Police PRO displays annoying popup system warnings and system tray alerts reporting viruses that can allegedly damage your confidential data and deteriorate the system performance. Windows Police PRO also runs fabricated security scanners that return scan results full of spyware applications, trojans, worms and other malware. All the above alerts and scans attempt to mislead you into thinking you have serious PC risks and need to handle them using Windows Police PRO commercial version. Thus, it is suggested you purchase and install the licensed version of Windows Police PRO.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows Protection Suite Removal Guide
Kill Process
(How to kill a process effectively?)
windows Police Pro.exe

Remove Files
windows Police Pro.exe
Windows Police Pro.lnk

Braviax Removal GuideBraviax Removal Guide

Braviax Removal Guide
Braviax, also known as Cru629 or Braviax.exe, is a file name that appears on the fake warning message found on the system tray that is either generated by the creators of the rogue System Defender program or by hackers that are promoting System Defender and other rogue anti-spyware programs. The alert with Braviax is intended to trick you into buying a commercial version of System Defender.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Braviax Removal Guide
Kill Process
(How to kill a process effectively?)
braviax.exe

Remove Files
cru629.dat
braviax.exe
Friday, August 28, 2009

Windows Protection Suite Removal GuideWindows Protection Suite Removal Guide

Windows Protection Suite Removal Guide
Windows Protection Suite is a fake antivirus which act as spyware remover that displays fake system scanners and malware detection reports that claim your computer is infected. Windows Protection Suite uses this scare tactic to persuade you to purchase the fully licensed version of Windows Protection Suite in order to protect your system from harm. Do not be fooled, and remove Windows Protection Suite as soon as possible.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows Protection Suite Removal Guide
Kill Process
(How to kill a process effectively?)
WI345d.exe
WindowsProtectionSuite.exe
std.exe
snl2w.exe
CLSV.exe
ppal.exe

Unregister DLL files
sqlite3.dll
mozcrt19.dll
SM.dll
runddl.dll
PE.dll
tempdoc.dll
kernel32.dll
grid.dll
energy.dll

Delete Registry
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsProtectionSuite"

Remove Folders and Files
$APPDATA\345d567
$APPDATA\WINSSSys
$APPDATA\Windows Protection Suite 2009
$STARTMENU\Programs\WindowsProtectionSuite
$PROGRAMFILES\WindowsProtectionSuite
$APPDATA\Windows Protection Suite
$STARTMENU\Programs\Windows Protection Suite.lnk
$DESKTOP\Windows Protection Suite 2009.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk
$STARTMENU\Programs\Windows Protection Suite 2009.lnk
$STARTMENU\Windows Protection Suite 2009.lnk
$DESKTOP\WindowsProtectionSuite.exe
$STARTMENU\WindowsProtectionSuite.lnk
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$RECENT\std.exe
$RECENT\snl2w.exe
$RECENT\SM.dll
$RECENT\runddl.dll
$RECENT\PE.tmp
$RECENT\PE.dll
$RECENT\tempdoc.dll
$RECENT\kernel32.dll
$RECENT\grid.sys
$RECENT\grid.dll
$RECENT\energy.dll
$RECENT\dudl.sys
$RECENT\DBOLE.drv
$RECENT\CLSV.exe
$RECENT\ANTIGEN.drv
$DESKTOP\Windows Protection Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk

Read more:
Constants in manual removal guide
Tuesday, August 25, 2009

Total Security 2009 Removal GuideTotal Security 2009 Removal Guide

Total Security 2009 Removal Guide
Total Security 2009 is a fake antivirus. It is an updated version of the fake spyware removers called Total Security and System Security. Total Security 2009 injects affiliated trojans into your PC that, once active, begin displaying misleading security alerts and launching fake system scanners that state your computer is infected. You are then prompted to purchase and download the commercial version of Total Security 2009 in order to combat these fictitious threats.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
Sc2C21UvvM.exe
tsc.exe

Unregister DLL files
winsource.dll

Delete Registry
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}"
HKCU "Software\1FD92E3F7C34799BFB075C41DA05D1FE"
HKCR "CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}"
HKLM "SOFTWARE\Microsoft\Security Center" "FirewallOverride"
HKLM "SOFTWARE\Microsoft\Security Center" "AntiVirusOverride"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "1FD92E3F7C34799BFB075C41DA05D1FE"

Remove Folders and Files
$STARTMENU\TSC
$PROGRAMFILES\TSC
$PROGRAMFILES\Common Files\System\Uninstall
$PROGRAMFILES\Common Files\System\Uninstall\Uninstall TSC.lnk
$DESKTOP\TSC.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\TSC.lnk
$SYSDIR\winsource.dll

Read more:
Constants in manual removal guide

Windows System Suite Removal GuideWindows System Suite Removal Guide

Windows System Suite Removal Guide
Windows System Suite is a fake antivirus and is a clone of Windows Security Suite and Antivirus System Pro. Windows System Suite uses many deceiving methods for persuading purchase of the full licensed version of Windows System Suite. Once installed, Windows System Suite display many false Windows security center alerts and performs system scans that displays fake results.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
WI345d.exe
WindowsSystemSuite.exe
std.exe
snl2w.exe
CLSV.exe
WS83b.exe
ppal.exe
cb.exe
eb.exe

Unregister DLL files
sqlite3.dll
mozcrt19.dll
energy.dll
PE.dll
SM.dll
runddl.dll
grid.dll
tempdoc.dll
kernel32.dll
cid.dll
ddv.dll

Delete Registry
HKCR "ReleaseXP.DocHostUIHandler"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsSystemSuite"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform " "986707143803"

Remove Folders and Files
$APPDATA\345d567
$APPDATA\WINSSSys
$PROGRAMFILES\WindowsSystemSuite
$APPDATA\Windows System Suite
$APPDATA\Windows System Suite 2009
$STARTMENU\Programs\WindowsSystemSuite
$DESKTOP\Windows System Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows System Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows System Suite 2009.lnk
$DESKTOP\WindowsSystemSuite.exe
$DESKTOP\Windows System Suite 2009.lnk
$STARTMENU\Windows System Suite 2009.lnk
$STARTMENU\Windows System Suite.lnk
$STARTMENU\Programs\Windows System Suite.lnk
$STARTMENU\Programs\Windows System Suite 2009.lnk
$RECENT\std.exe
$RECENT\snl2w.exe
$RECENT\energy.dll
$RECENT\PE.tmp
$RECENT\PE.dll
$RECENT\SM.dll
$RECENT\runddl.dll
$RECENT\grid.dll
$RECENT\dudl.sys
$RECENT\DBOLE.drv
$RECENT\CLSV.exe
$RECENT\tempdoc.dll
$RECENT\kernel32.dll
$RECENT\grid.sys
$RECENT\ANTIGEN.drv

Read more:
Constants in manual removal guide
Wednesday, July 22, 2009

Turn off or disable Security Center Warning in Windows XPTurn off or disable Security Center Warning in Windows XP

Turn off or disable Security Center Warning in Windows XP
How to Turn off or disable Security Center Warning in Windows XP?
  1. Press Win+R or Click Start and then click Run.
  2. Type services.msc and press Enter.
  3. At the right pane, scroll down until you see Security Center. Right click it and click Stop.
  4. Right click it again and click Properties.
  5. Choose Disabled at Startup Type listbox.
  6. Click OK button.

Turn automatic updating on or offTurn automatic updating on or off

Turn automatic updating on or off
How to turn automatic updating on or off?

Vista or Windows 7
  1. Press Win Key
  2. Type Turn automatic updating on or off and press Enter.
  3. Select Never check for updates (not recommended) under Important Updates listbox.
  4. Press OK button.
Windows XP
  1. Press Win+Break or right click My Computer and click Properties.
  2. Click Automatic Updates tab.
  3. Check Turn off Automatic Updates checkbox.
  4. Press OK button.
  5. You are recommended to Disable Security Center Warning too.
Wednesday, July 8, 2009

WinPC Defender Removal GuideWinPC Defender Removal Guide

WinPC Defender Removal Guide
WinPC Defender is a rogue anti-spyware program. Once executed, WinPC Defender will generate false messages stating that your computer is infected with spyware. The makers of WinPC Defender seek to goad into purchasing their promoted full version of WinPC Defender. WinPC Defender is reported to be a clone of XP Police Antivirus, WinDefender 2009, Total Secure 2009, and IE-Security. WinPC Defender will also display notifications of imaginary security risks in its attempts to get the user to purchase the full version. WinPC Defender may be difficult to remove manually, and may continue to try to recreate itself.

Removal Tool: Remove Fake Antivirus. (Download it here.)

WinPC Defender Removal Guide
Kill Process
(How to kill a process effectively?)
defender.exe
pcdef[1].exe
%USERPROFILE%\AppData\Roaming\pcdefender.exe
pcdefender.exe
WinPC Defender.exe
Ta1HnnaIasEcfgF.exe
install[1].exe

Delete Registry
HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WinPC Defender"
HKEY_CURRENT_USER\Software\WinPC Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Content"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPC Defender

Remove Folders and Files
%Program Files%\WinPC Defender
%USERPROFILE%\AppData\Roaming\pcdefender.exe
defender.exe
pcdef[1].exe
pcdefender.exe-removed_skip
pcdefender.exe
ieocx.dll

Antivirus System Pro Removal GuideAntivirus System Pro Removal Guide

Antivirus System Pro Removal Guide
Antivirus System Pro is a rogue anti-spyware program that comes from the same group of hackers that created other fake security applications such as System Guard 2009 and Spyware Protect 2009. Antivirus System Pro comes from either a hoax website or a Trojan horse infection. If infected with this Trojan, you will get bogus popup messages and security alerts that display notices stating that your PC is infected with parasites. The messages are part of a scam to get you to purchase the full Antivirus System Pro application.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Antivirus System Pro Removal Guide
Kill Process
(How to kill a process effectively?)
sysguard.exe
uninstall.exe
Antivirussystempro.exe

Delete Registry
029D18CB-8632-463c-93B7-C210AE50C722
8567EDFA-408C-43e9-B929-4C25C04F5003
BAD4551D-9B24-42cb-9BCD-818CA2DA7B63
E85C18E7-C293-4424-9DD0-B31D8DB27013
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus System PRO"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "ieModule"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO

Remove Folders and Files
%SYSTEMROOT%\system32\iehelper.dll
%ProgramFiles%\Antivirus System PRO
%SYSTEMROOT%\sysguard.exe
Tuesday, July 7, 2009

System Security 2009 Removal GuideSystem Security 2009 Removal Guide

System Security 2009 Removal Guide
System Security 2009, a clone of System Security, is a rogue anti-spyware program that displays notifications of imaginary security risks in an attempts to get you to purchase the full version. Once you click on the fake message, it will take you to the System Security 2009's website where you will be prompted to purchase its full version. In reality, System Security 2009 program is not going to clean your computer from spyware but might actually expose you to more security threats.

Removal Tool: Remove Fake Antivirus. (Download it here.)

System Security 2009 Removal Guide
Kill Process
(How to kill a process effectively?)
00308937.exe
05643921.exe
install.exe

Delete Registry
HKEY_LOCAL_MACHINE\Software\00308937
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "00308937"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009

Remove Folders and Files
%UserProfile%\Start Menu\Programs\System Security
%All Users%\Application Data\00308937
%UserProfile%\Desktop\System Security 2009.lnk
%programs%\system security
00308937.exe
05643921.exe
install.exe
Friday, July 3, 2009

AntivirusBEST, Antivirus BEST Removal GuideAntivirusBEST, Antivirus BEST Removal Guide

AntivirusBEST, Antivirus BEST Removal Guide
AntivirusBEST, also known as Antivirus BEST, is a rogue anti-spyware program that installs in your computer system with the help of a Trojan, possibly the popular Trojan Zlob. You may have also downloaded AntivirusBEST from a rogue website, such as Antivirus-Best.com, thinking it would remove your infections.

Removal Tool: Remove Fake Antivirus. (Download it here.)

AntivirusBEST, Antivirus BEST Removal Guide
Kill Process
(How to kill a process effectively?)
abest.exe
svchost.exe
installer.exe

Unregister DLL
qwprotect.dll


Delete Registry
296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
44B2C9F5-608D-46de-82E1-26C5BCB85193
684A7904-2593-4BBE-A90E-CDAF2AC606AE
AppID\296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD
HKEY_CLASSES_ROOT\AppID\{296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD}
HKEY_CLASSES_ROOT\AppID\{296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD}
HKEY_CLASSES_ROOT\AppID\QWProtect.dll
HKEY_CLASSES_ROOT\CLSID\{44B2C9F5-608D-46de-82E1-26C5BCB85193}
HKEY_CLASSES_ROOT\Interface\{296A8A7F-B5AC-4789-9B33-F32C2F9A6ABD}
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1
HKEY_CLASSES_ROOT\TypeLib\{684A7904-2593-4BBE-A90E-CDAF2AC606AE}
HKEY_CURRENT_USER\Software\ABEST\ABEST
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44B2C9F5-608D-46de-82E1-26C5BCB85193}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntivirusBEST"

Remove Folders
%AllUsersProfile%\Start Menu\Programs\AntivirusBEST
C:\Documents and Settings\All Users\Application Data\AB
c:\Documents and Settings\All Users\Desktop\AntivirusBEST.lnk
Friday, June 19, 2009

Remove Malware Doctor, Malware Doc, MalwareDocRemove Malware Doctor, Malware Doc, MalwareDoc

Remove Malware Doctor
Malware Doctor, also known as Malware Doc or MalwareDoc, is a rogue system optimization program usually promoted as an online scanner. It is known to trick you into believing your computer is infested with spyware and then lure you into purchasing MalwareDoctor full version to remove the imaginary threats. It may run its fake system scanner every time you boot your computer and generate a list of spyware infections as a result.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Malware Doctor manual removal guide
Kill Process
(How to kill a process effectively?)
Malware Doctor.exe
MDsetup.exe
[randomnumbers].exe

Unregister DLL
Validation.dll
htmlayout.dll

Delete Registry
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor
HKEY_USERS\Software\Microsoft\Windows\Explorer\MenuOrder\Start Menu2\Programs\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor\AntiSpy Knight
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Alcmtr"

Remove Folders
$PROGRAMFILES\Malware Doctor
$SMPROGRAMS\Malware Doctor

Read more:
Constants in manual removal guide

Read also:
Friday, May 22, 2009

How to patch without running WGA validationHow to patch without running WGA validation

How to patch without running WGA validation
How to patch without running WGA validation? Follow the following steps:
  • Step 1: Install and activate XP. For XP SP2 only (not XP SP3), you must also download and install the patch described in KB article 898461, which updates the installer program and ensures that your system will receive future updates.

  • Step 2: In either version of XP, click Start, Control Panel, Security Center, Automatic Updates. Choose Download updates for me, but let me choose when to install them.

  • Step 3: Whenever you see a yellow-shield icon in the notification area (previously known as the system tray), click the icon and then choose Custom install.

  • Step 4: Scroll to the bottom of the patch window and uncheck Windows Genuine Advantage Notification (KB905474), as shown in Figure 1. (For more info, see Microsoft KB article 905474 to read the company's description of WGA Notification.)

    Uncheck KB 90474
    Figure 1. Uncheck KB905474 to prevent WGA from being installed on the system.

  • Step 5: After you click Install, check Don't notify me about these updates again in the resulting dialog to prevent WGA from being included in future Windows updates (see Figure 2). Click OK.

    Don't be offered WGA in the future
    Figure 2. Check this option to avoid being offered WGA Notifications as part of future updates.
From this point forward, every time you update your system, review the patches being offered to you and deselect those you don't want before proceeding with the installation.

Read also:
Sunday, April 26, 2009

U.S. Military was Hacked!U.S. Military was Hacked!

Data on New U.S. Military Fighter Jet was hacked
Data on New U.S. Military Fighter Jet was hacked! The data of the U.S. military’s newest and most technologically advanced fighter aircraft, the F-35 Lightning II was stolen!

Hackers seek out to find vulnerable systems that they can gain access. In this case of hackers stealing data from the systems used by contractors of the Pentagon, it could be the situation where the operators may have not proven that they were using the proper level of computer security. Companies that contract with the Department of Defense now have to prove that they are implementing certain security measures even before they are authorized to work on a project. This policy was put into place last year because of the increase of cyber intrusions.

The U.S. government has not, and probably will not, go into detail about the recent breach. Many officials have assured those who speculate certain scenarios of this data breach that no classified information was compromised. In addition, the files compromised only focused on the design, performance statistics of the aircraft and a system used to conduct self-diagnostics during flight, which pretty much limits the possibility of sensitive data being stolen.

The U.S. military’s newest fighter aircraft is designed to become the aircraft used by all branches of service. Several international partners are assisting in the build of the new aircraft. It will be sold to U.S. allied countries which could raise the concern of security levels and practices of other countries involved.

As of now, offices have said that a number of safeguards have been implemented to protect the system that was hacked into. Hackers will not stop at anything until they are caught and put in jail.
Thursday, April 16, 2009

Download Windows Patch avoid WGA (Windows Genuine Advantage)Download Windows Patch avoid WGA (Windows Genuine Advantage)

Download Windows Patch avoid WGA (Windows Genuine Advantage)
How to download Microsoft Windows update without going through WGA (Windows Genuine Advantage)? WGA have created many problems. Where can we download the updates?

You can do without Automatic Updates and Windows Update/Microsoft Update, which can be hamstrung by WGA, by using The Software Patch. This is a free Web service that WS contributing editor Scott Dunn reviewed — along with a handful of other alternative update services.

Examples of patches can be downloaded:

Windows updates - March 2009 Latest updates Read also:

Personal Antivirus Removal ToolPersonal Antivirus Removal Tool

Personal Antivirus Removal Tool









License: Freeware
File size: 58 KB
Personal Antivirus is a rogue anti-spyware program come out from the company called Innovagest 2000. It is installed by a trojan called Zlob, which trys to trick you into buying the alleged rogue anti-spyware program. Once you're infected with Zlob, a fake security message similar to a Windows notification pops up saying your PC is infected with malware. This Personal Antivirus message is used to lure you into purchasing, downloading and installing their program to remove the imaginary spyware. Remove Personal Antivirus is used to remove this fake antivirus from your computer.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Personal Antivirus 1.0 at Softpedia
Download Source code of Remove Personal Antivirus 1.0

Personal Antivirus manual removal guide
Kill Process
(How to kill a process effectively?)
PersonalAntivirus[1].exe
iv.exe
winlogon.exe
services.exe
unins000.exe
PerAvir.exe

Delete Registry
HKLM "SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE"
HKLM "SYSTEM\CurrentControlSet\Services\ITGrdEngine"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "Personal Antivirus"
HKCU "Software\Microsoft\Internet Explorer" "PrS"

Remove Folders

$APPDATA\Personal Antivirus
$PROGRAMFILES\Personal Antivirus
$APPDATA\AV1

Remove Files
$WINDIR\system32\log.txt
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
$LOCALAPPDATA\Microsoft\Windows\services.exe
$LOCALAPPDATA\Microsoft\Windows\pguard.ini
$LOCALAPPDATA\Microsoft\Windows\log.txt
$LOCALAPPDATA\Microsoft\Internet Explorer\iPSh.png
$LOCALAPPDATA\Microsoft\Internet Explorer\iMSh.png
$LOCALAPPDATA\Microsoft\Internet Explorer\iGSh.png
$APPDATA\Microsoft\Windows\winlogon.exe
$LOCALAPPDATA\Microsoft\Internet Explorer\iv.exe
$DESKTOP\Personal Antivirus.lnk
$SMPROGRAMS\Personal Antivirus

Read more:
Constants in manual removal guide

Read also:
Tuesday, March 31, 2009

How to update your PC and remove ConfickerHow to update your PC and remove Conficker

How to update your PC and remove Conficker
The following steps should prevent infection by Conficker and eliminate the worm, if your PC has it. One positive side effect is that you'll enjoy a computer with up-to-date patches:
  • Step 1. Attempt to run Microsoft Update. The Conficker worm can infect vulnerable computers merely by connecting to them remotely via the Internet. For this reason, you should first try to patch Windows before removing Conficker, lest your machine quickly become infected again. It's particularly important to install Microsoft patch 958644 (security bulletin MS08-067). This patch closes a hole in Windows' Remote Procedure Call, which Conficker exploits.

    If you can't find Microsoft Update (or the more limited Windows Update) on your PC's Start menu, visit the Microsoft Update page on the Web. Internet Explorer is required.

    Microsoft Update might complete successfully, or you might not be able to access Microsoft.com at all. In either case, do Step 2.

  • Step 2. Attempt to update your third-party security software. Having the latest antivirus signatures will help eradicate Conficker and other malware that may be lurking on your PC. Use your security software's menu to manually update to the latest defenses.

    Have no security software? Read the WS Security Baseline, which summarizes the products that are currently rated the highest by respected reviewers.

    • If your updated security software deems your PC to be cleaned up, but you couldn't previously access Microsoft.com, go back to Step 1 and run Microsoft Update.

    • If you couldn't access your security vendor's site at all, do Step 3.

    • If you finished both Steps 1 and 2 successfully, you should be able to skip Step 3 and do Step 4.

  • Step 3 (optional). Run a standalone Conficker removal tool, if need be. The Conficker Working Group — a coalition of Microsoft, Cisco, SRI, F-Secure, Kaspersky, and many other security vendors — maintains a list of certified detection and repair tools, any of which should remove Conficker. (My thanks to Susan Bradley for her help with this tip.)

    Unfortunately, most the links in the Working Group's list are inaccessible on a Conficker-infected PC. A victim can't even reach the Working Group's site, because it has in its URL the string conficker, which triggers the worm's blocking behavior.

    As I mentioned earlier, security firm BitDefender has set up a new domain from which users can download free Conficker disinfectant utilities. This site, BDTools.net, is not currently blocked by the worm, to the best of my knowledge. The site offers three options: (a) a free online scan; (b) a free, downloadable Single PC Removal Tool for individual users; and (c) a free Network Removal Tool, an .exe file that IT admins can use to disinfect an entire LAN.

    BDTools.net: Visit BitDefender's download site.

    If you can't access BDTools.net or any other security site from your PC, find a machine that isn't infected (such as a public-access workstation at a library). Don't use a search engine to look for removal tools, some of which are bogus. Instead, download a removal tool from the Working Group's certified list onto a USB drive, and then use that drive to run the software on the infected PC.

    • After removing Conficker, if you couldn't previously complete Steps 1 and 2 successfully, go back now and finish those steps to update Windows and your security software.

    • Once you've completed Steps 1 and 2, do Step 4.

  • Step 4. Run Secunia's Software Inspector to catch missing application patches. Third-party applications, especially media players, are more likely to suffer from security holes than Windows itself is. The security firm Secunia.com offers a free scan, informing you when your PC is running an insecure version of an application that has a security patch available.

    Like BDTools.net, the Secunia Software Inspector offers three options: (a) a free online scan; (b) a free download for individual users; and (c) a LAN utility for IT admins. Unlike BDTools' network tool, which is free, Secunia's LAN product costs €5,000 (U.S. $6,500) per year and up, depending on the size of your company.

    To run Software Inspector, see Secunia's vulnerability scanning page.

    In my opinion, everyone should use Software Inspector at least once a month, right after installing Microsoft's patches the week of Patch Tuesday.

  • Step 5 (optional). Advanced users — use OpenDNS to restrict infected PCs. OpenDNS, a San Francisco–based company, provides a free, real-time service that prevents PCs from accessing phishing and hacker sites, among others. Admins of small and large LANs can use OpenDNS as a Domain Name System server.

    The firm introduced on Feb. 9 a new, Conficker-specific feature. If an infected PC on a LAN somehow evaded detection, OpenDNS will prevent it from contacting Conficker's control servers. Best of all, admins can read a report showing which PC tried to connect to a Conficker server.

    For details, read Dan Gookin's Register article and OpenDNS's announcement.

New instructions from the worm's author will probably make the bots disable a PC's access to BDTools, Secunia, and many other sites that were not on Conficker's original block list. Some security researchers have speculated that an update to Conficker will even prevent infected PCs from installing MS08-067.

It's best to strengthen your defenses before April 1 rather than waiting to see what bad things might happen.

(Forward from Windows Secrets Newsletter.)


Tuesday, March 24, 2009

Tools used in removing virus manuallyTools used in removing virus manually

Tools used in removing virus manually
These are the tools used in removing virus manually:
  1. Process Explorer
    The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

  2. a-squared HiJackFree
    a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.

  3. Trend Micro HijackThis
    HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.

  4. Unlocker
    It is used to delete any file including access-denied files.

  5. Security Task Manager
    Security Task Manager shows comprehensible information about programs and processes running on the computer. For each Windows process, it improves on Windows Task Manager, providing unique security risk rating, comments from our experts and user community, free online scan with all known Antivirus engines, full directory path and file name, process description, CPU usage graph, embedded hidden functions and process type.
Thursday, March 19, 2009

Warning! Download Adobe Flash Player only at Adobe.com!Warning! Download Adobe Flash Player only at Adobe.com!

Warning! Download Adobe Flash Player only at Adobe.com!
Warning! Download Adobe Flash Player only at Adobe.com!

All computer users should be aware of this warning and never download an Adobe Flash Player through any source other than the Adobe.com website.

If you are ever uncertain of a Flash Player Update it may be best to cancel the operation and navigate to http://www.adobe.com and download the update.


Why? As virus spread through fake Adobe Flash Player such as Adobe_Player11.exe downloaded from other website.

Monday, March 9, 2009

Remove all viruses in pendriveRemove all viruses in pendrive

Remove all viruses in pendrive
How to remove all viruses in pendrive? These are the ways:
  1. Use any anti-virus with latest updated virus definitions to scan the pendrive and remove the detected viruses.

  2. Goto command prompt.

  3. Type X: and press enter. You should change the X letter to the drive of the pendrive. Usually, the drive of the pendrive is E, F, G, H or I.

  4. Type dir /AS /S *.* and press enter.

  5. Wait for a little while until it lists all file with system attributes.

  6. Delete the listed file if the file you are sure are not belong to your pendrive. To delete the file, type del /F /A [path of the file] and press enter.
    (Example: del /F /A "X:\abc\debug_32.exe")

  7. If you are sure your pendrive just contain files which are not hidden or system only, you can try this method in command prompt to delete other suspicious virus files.
    Type del /F /AS /S *.* and press enter.
    Type del /F /AH /S *.* and press enter.

  8. Type Exit and press enter.

  9. Done!
Read also:

Why use Firefox rather than IE?Why use Firefox rather than IE?

Why use Firefox rather than IE
Why use Firefox rather than IE?
  1. Internet Explorer (IE) become one of the major targets of the hackers around the world. They like to hack IE. They feel so delighted after successufully hacking in it. They make lots of trojans and worms to attack IE.

  2. The speed for Firefox in loading a page is much faster than IE. You can try yourself. Download Firefox here.

  3. There are a lot of add-ons provided in Firefox but IE does not have such good features.

  4. We can update Firefox easily compared to IE.

  5. Firefox is free, but IE is integrated in original Windows which cost hundred of dollars.

  6. Firefox can be made portable but IE can't. Portable Firefox can be brought to anywhere by using a pen drive or removable drive.

  7. Firefox provide us a very good download manager add-on (DownThemAll) which increase the download speed for about 400% but IE does not have such features. The download manager provided is not good as the download speed is very slow.


Read also:
Friday, March 6, 2009

new_folder.exe removal guidenew_folder.exe removal guide

new_folder.exe is a virus which infects computer through autorun.inf (to disable autorun.inf, click here) in removable drive. It will disable your task manager, folder option, command prompt and even your anti-virus. When you start any program which contain the words related to antivirus, it will terminate the programs. Thus, antivirus or any famous anti-spyware also cannot remove it completely. However, we can clean it manually by following the procedures:
  1. Download a-squared HiJackFree , install it and rename its executable file (a2HiJackFree.exe) to other name which is not related to antivirus, such as dfskjhfds743 so that it will not be terminated immediately after running.

  2. Run the renamed executable file. It may be terminated by the virus. Thus, you should rerun it a few times until you can kill the virus's process.

  3. Use it to kill the following processes:
    compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe
    (how? click here.)

  4. Repeat step 2 and step 3 until you successfully kill the processes.

  5. Enable your command prompt, task manager, folder options, registry editor etc with RRT or download the tool created by me here. You may need to enable them a few times as the worm will disable them automatically.

  6. Delete compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe in command prompt. (How to enter command prompt? click here.) In command prompt, type:
    cd\ and press enter
    del /A /F /S dmadmin_1.exe and press enter
    del /A /F /S compmgmt.exe and press enter
    del /A /F /S system.exe and press enter
    del /A /F /S debug_32.exe and press enter
    exit and press enter

  7. Goto registry editor, remove all keys and values related to compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe

  8. Done!
Read also:
Wednesday, March 4, 2009

Anti-Virus-1 Removal ToolAnti-Virus-1 Removal Tool

Anti-Virus-1 Removal Tool










License: Freeware
File size: 58 KB
Anti-Virus-1 is a rogue anti-spyware program similar to Antivirus2010. Anti-Virus-1 was created to trick you into believing your computer is infected with spyware to then offer Anti-Virus-1's full version to remove the supposed threats. Anti-Virus-1 may enter your computer system with the help of Trojans (such as Zlob or Vundo). Once the Trojan is installed, you'll receive numerous popups and fake system alert notifications informing you about imaginary infections. In addition, Anti-Virus-1 is able to perform a fake system scan and generate a list of spyware as a result. Anti-Virus-1 will use all its fraudulent mechanisms to finally redirect you to a malicious website that sells Anti-Virus-1 as a legitimate spyware remover.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Anti-Virus-1 1.0 at Softpedia
Download source code of Anti-Virus-1 Removal Tool

Anti-Virus-1 manual removal guide
Kill Process
(How to kill a process effectively?)
AV1i.exe
av1.exe
wingamma.exe

Delete Registry
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "AV1"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV1"
HKCU "Software\AV1"

Remove Folders
$APPDATA\AV1

Read more:
Constants in manual removal guide
Monday, March 2, 2009

Correct way of using Browser to surf internetCorrect way of using Browser to surf internet

Correct way of using Browser to surf internet
Correct way of using Browser to surf internet is as below:
  1. Use Mozilla Firefox rather than Internet Explorer. Why? Click here.

  2. Don't use browser to download things from website which provide pirated software or music.

  3. Run your browser in Sandbox. How? Why? Click here.

  4. Update your browser to the latest version.

  5. Don't use browser to browser pornography site, your computer will be infected by virus!


Read also:

Repair Windows System FilesRepair Windows System Files

Repair Windows System Files
How to repair Windows System Files if they are corrupted? Windows has provided us a simple tool, SFC, to repair the system files.
  1. Enter Command Prompt. (How? Click here. Vista user should enter command prompt as Administrator)

  2. type sfc /SCANNOW and press enter to scans integrity of all protected system files and repairs files with problems when possible.

  3. type sfc /VERIFYFILE=c:\windows\system32\kernel32.dll and press enter to verify the integrity of the file with full path . No repair operation is performed. Replace the path of the file to verify the file you like.

  4. type sfc /VERIFYONLY and press enter to scan integrity of all protected system files. No repair operation is performed.
Read also: