Wednesday, February 17, 2010

Your PC Protector Removal GuideYour PC Protector Removal Guide

Your PC Protector Removal Guide
Your PC Protector is a rogue anti-spyware program which uses Trojans and security exploits to enter a computer system. Once active, Your PC Protector will generate hundreds of popups and fake security alerts to convince hapless computer users that the compromised PC is infected with malware. These scare tactics are used to get the user to purchase a "licensed version" of Your PC Protector, which is in fact useless. Your PC Protector will promise to rid the computer of all threats. Do not fall for this trickery and have Your PC Protector removed using reliable anti-spyware software.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
Your PC Protector.exe

Delete Registry
77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Your PC Protector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your PC Protector
HKEY_CURRENT_USER\Software\Your PC Protector

Remove Folders and Files
Your PC Protector.lnk
Your PC Protector.exe
%Documents and Settings%\All Users\Start Menu\Programs\Your PC Protector
%Documents and Settings%\All Users\Desktop\Your PC Protector.lnk

Vista Internet Security 2010 Removal GuideVista Internet Security 2010 Removal Guide

Vista Internet Security 2010 Removal Guide
Vista Internet Security 2010 is a clone from the malicous rogue anti-spyware family that changes their names according to the Operating System they find running on the compromised computer. Vista Internet Security 2010 is no different from Vista Antispyware 2010 or Win 7 Antispyware 2010, and employs the same misleading tactics. Vista Internet Security 2010 produces fake system scan results to scare the Internet user into purchasing a licensed version. Vista Internet Security 2010 is a useless product and will not remove any malware from the system. Remove Vista Internet Security 2010 using a reliable anti-spyware product and do not become another hapless victim of cyber-crime.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell

Remove Folders and Files
av.exe

XP Guardian Removal GuideXP Guardian Removal Guide

XP Guardian Removal Guide
XP Guardian is a rogue Anti-Spyware program from the same malicious family of rogues as Antivirus Pro 2010, PC Antispyware 2010 and Home Antivirus 2010. XP Guardian makes its way into the system via a hole created by a Trojan infection. Once active, XP Guardian will deliver a fake system scan result to scare users into believing the system is riddled with malware. These scare tactics are just a ploy to get unwary to spend money on useless software. Do not become a victim of cybercrime and have XP Guardian and all related threats removed from the system immediately.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P

Vista Guardian 2010 Removal GuideVista Guardian 2010 Removal Guide

Vista Guardian 2010 Removal Guide
Vista Guardian 2010 is a clone from the malicious rogue anti-spyware family that changes its names according to the Operating System they find running on the compromised computer. Vista Guardian 2010 is no different from its dangerous relatives Vista Antispyware 2010 or Win 7 Antispyware 2010, and employs the same misleading tactics to attain its corrupt goals. After using Trojans to enter systems, Vista Guardian 2010 will produce fake system scans results to scare the Internet users into purchasing the licensed version of Vista Guardian 2010. This product is useless and will not remove any malware from the system. Remove Vista Guardian 2010 using a reliable anti-spyware product and do not become another hapless victim of cyber-crime.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command-safe-mode\open\command/START

Remove Folders and Files
av.exe

Antivirus Soft Removal GuideAntivirus Soft Removal Guide

Antivirus Soft Removal Guide
Antivirus Soft is a rogue anti-virus program designed to redirect Internet users to scam security websites. Antivirus Soft also causes malfunctions on the Windows platform, especially tools such as folder options, task manager and control panel. Antivirus Soft uses scare tactics to scam users into purchasing a paid version of this useless program. Antivirus Soft will not resolve the issues it has brought to the compromised computer. Use reliable anti-spyware to have Antivirus Soft removed before it wreaks havoc on the affected computer system.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
[random]sysguard.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run "Antivirus Soft"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run "Antivirus Soft"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Associations "Files" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\AvScan

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\[random]
%Program Files%\Antivirus Soft

XP Internet Security 2010 Removal GuideXP Internet Security 2010 Removal Guide

XP Internet Security 2010 Removal Guide
XP Internet Security 2010 is a rogue Anti-Spyware Program that robs people of their savings. As the name suggests, XP Internet Security 2010 is installed on Windows XP. The counterpart of XP Internet Security 2010 which attacks Windows 7 system is Win 7 Antispyware 2010. XP Internet Security 2010 will produce fake system scan results to try and convince unwary computer users that the system has been infected. Then XP Internet Security 2010 will urge the user to purchase a license to get rid of the alleged malware. Do not fall for this trickery and have XP Internet Security 2010 removed using a genuine anti-spyware program.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
HKEY_CLASSES_ROOT\secfile\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command

Remove Folders and Files
%Documents and Settings%\[UserName]\Application Data\WRblt8464P
%Documents and Settings%\[UserName]\Application Data\av.exe

Antivir 2010 Removal GuideAntivir 2010 Removal Guide

Antivir 2010 Removal Guide
Antivir 2010 is a rogue anti-virus program which has proven to be extremely intricate and dangerous to computer systems. The Antivir 2010 application emanates from the same family of rogues as Alpha Antivirus and Antivir. Once Antivir 2010 infects a computer, it displays an icon with a message, which says the computer is infected with spyware and asks the user to download the Antivir 2010 program. Antivir 2010 can also change the desktop settings, hijack the web browser, and display an icon in the system tray. Remove Antivir 2010 before it starts creating chaos on the system.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
antivir2010.exe

Unregister DLL files
%WINDOWS%\system32\UpdateCheck.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antivir 2010
HKEY_CURRENT_USER\Software\EVAACD

Remove Folders and Files
%UserProfile%\Desktop\Antivir 2010.lnk
%WINDOWS%\system32\UpdateCheck.dll
%Program Files%\Common Files\Uninstall\AV\Uninstall.lnk
%Program Files%\Common Files\Uninstall\AV
%Program Files%\Common Files\Uninstall
%Program Files%\AV\antivir2010.exe
%Program Files%\AV
%Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk
%Documents and Settings%\All Users\Start Menu\AV\Antivir 2010.lnk
%Documents and Settings%\All Users\Start Menu\AV

Live PC Care Removal GuideLive PC Care Removal Guide

Live PC Care Removal Guide
Live PC Care is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When Live PC Care is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Live PC Care when it scans your computer. Do not hesitate, have Live PC Care removed from your PC before it starts causing havoc on the system.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
DBOLE.exe
fan.exe

Unregister DLL files
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\FW.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_5ea56.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:117fc3395e69e29f71abba93a68c4181_7]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Live PC Care"

Remove Folders and Files
Live PC Care.lnk
Live PC Care
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\SM.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\hymt.drv
%UserProfile%\Recent\FW.dll
%UserProfile%\Recent\fan.exe