Friday, March 19, 2010

Antivirus 7 Removal GuideAntivirus 7 Removal Guide

Antivirus 7 Removal Guide
Antivirus 7 is a rogue anti-virus program that reports false threats and displays fake security alerts on your PC. Antivirus 7 does this to convince you that your computer is infected with malware. This fake program is promoted and installed through the use of Trojans and often comes bundled with other malicious software. Antivirus 7 is part of a blatant scam used to con you into paying for removal of infections which don't exist.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
antivirus7.exe

Unregister DLL files
UpdateExplorer.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus 7"
HKEY_CURRENT_USERSoftwareEVA246
HKEY_CLASSES_ROOTCLSID{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "AV7"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform "WinNT-EVI 12.03.2010"

Remove Folders and Files
%Program Files%\AV7
%Documents and Settings%\All Users\Start Menu\AV7
antivirus7.exe
Antivirus7.lnk
Uninstall.lnk
tmp.edb
UpdateExplorer.dll

CleanUp Antivirus Removal GuideCleanUp Antivirus Removal Guide

CleanUp Antivirus Removal Guide
CleanUp Antivirus is a rogue antivirus program from the same family as Security Antivirus. CleanUp Antivirus enters the system stealthily and is often installed after you click to download an update for your PC, or use a corrupt online scanner. CleanUp Antivirus will try to convince you that your PC is in danger. The hackers behind this scam want your money and will urge you to purchase a useless copy of CleanUp Antivirus.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
CU345d.exe
grid.exe
PE.exe

Unregister DLL files
%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\FS.dll

Delete Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\CleanUp Antivirus

Remove Folders and Files
c:\Documents and Settings\All Users\Application Data\345d567
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\FS.dll

Security Central Removal GuideSecurity Central Removal Guide

Security Central Removal Guide
Security Central is a fake spyware remover representing the newest member of the rogue anti-spyware family comprising such malicious programs as Spyware Protect 2009, Antivirus System Pro and Barracuda Antivirus. Through the use of trojan infections, Security Central gains entry to your PC and from there, begins issuing dozens of annoying security alerts and bogus system scans that turn up nothing but fabricated infection results. These tactics are there to scare you into purchasing the rogue spyware remover Security Central.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
Security Central.exe
systemws.exe
systemdb.exe

Delete Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Security Central"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Central
HKEY_LOCAL_MACHINE\Software\Security Central

Remove Folders and Files
%Program Files%\Security Central
%Documents and Settings%\All Users\Start Menu\Programs\Security Central
%Documents and Settings%\Bleeping\Start Menu\Security Central

Security Antivirus Removal GuideSecurity Antivirus Removal Guide

Security Antivirus Removal Guide
Security Antivirus is a rogue anti-virus program, even though the name suggests that it is real. Security Antivirus gains access the compromised computer with the help of Trojans and corrupt video codecs. Once active, Security Antivirus installs itself and changes the system registry to start automatically each time Windows launches. Security Antivirus runs a fake system scan of your computer, which produces false results to scare you into purchasing a useless rogue spyware remover.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
SA83b.exe
SA345d.exe

Unregister DLL Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll

Delete Registry
HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"

Remove Folders and Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\436.mof
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
[System root]\Documents and Settings\All Users\Application Data\SAYSSSys
[System root]\Documents and Settings\All Users\Application Data\61a60

Total PC Defender 2010 Removal GuideTotal PC Defender 2010 Removal Guide

Total PC Defender 2010 Removal Guide
Total PC Defender 2010 (or Total PC Defender)is a rogue security program which spreads via the Internet by using Trojans and fake online security websites. Total PC Defender 2010 is installed on victim computers without the user's approval. It will secretly enter the system before modifying settings and registry entries to have itself run whenever Windows is operating. Once active, computer users may experience constant security alert pop-ups advertising Total PC Defender 2010. Total PC Defender 2010 runs its own virus scan which detects false threats on the computer to mislead users into getting the licensed version of this useless program. Total PC Defender 2010 poses a huge security threat to PC safety and should be removed immediately.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
Total PC Defender.exe

Delete Registry
HKEY_CURRENT_USER\Software\Total PC Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total PC Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Total PC Defender
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Total PC Defender.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Remove Folders and Files
%UserProfile%\Desktop\Total PC Defender.lnk
%UserProfile%\Start Menu\Total PC Defender
%Program Files%\Total PC Defender

Vista Antivirus Pro 2010 Removal GuideVista Antivirus Pro 2010 Removal Guide

Vista Antivirus Pro 2010 Removal Guide
Vista Antivirus Pro 2010 is a Vista based rogue anti-virus program from the same family of rogues as XP Guardian and Vista Antispyware 2010. Vista Antivirus Pro 2010 will produce fake system scan results to scare the Internet user into purchasing a licensed version of Vista Antivirus Pro 2010. This product is useless and will not remove any malware from the system.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\Local Settings\Application Data\av.exe