Thursday, April 29, 2010

XP Smart Security 2010 Removal GuideXP Smart Security 2010 Removal Guide

XP Smart Security 2010 Removal Guide
XP Smart Security 2010 is a fake security program that uses a very convincing interface that may trick computer users into purchasing a licensed version of the rouge XP Smart Security 2010 application. XP Smart Security 2010, once installed, may save malicious files into certain directories in addition to add unwanted registry entries that can cause XP Smart Security 2010 to load at startup.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
ave.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\ave.exe

Security Toolbar Removal GuideSecurity Toolbar Removal Guide

Security Toolbar Removal Guide
Security Toolbar is a toolbar program that claims to remove spyware. Security Toolbar reports the presence of spyware to convince the user into buying the full version even though the machine is clean.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
securitytoolbar.exe

Remove Folders and Files
securitytoolbar.exe

Vista Security Tool 2010 Removal GuideVista Security Tool 2010 Removal Guide

Vista Security Tool 2010 Removal Guide
Vista Security Tool 2010 is a rogue antispyware program designed to cheat money from computer users. Vista Security Tool 2010 gets into your computer after malicious Trojans open a backdoor to grant the rogue entry to the compromised system. It may also gain entry via video codecs or corrupt updates downloaded on your PC. Symptoms of a Vista Security Tool 2010 infection include the home page of your PC changing; a system scan running on your machine everytime you boot up Windows. Vista Security Tool 2010 will also urge you to purchase the full version of the rogueware.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
ave.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vista Security Tool 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Vista Security Tool 2010
HKEY_CURRENT_USER\Software\Vista Security Tool 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes.exe
HKEY_CURRENT_USER\Software\Classes.exe\shell
HKEY_CURRENT_USER\Software\Classes.exe\shell\open
HKEY_CURRENT_USER\Software\Classes.exe\shell\opencommand
HKEY_CURRENT_USER\Software\Classes.exe\shell\start
HKEY_CURRENT_USER\Software\Classes.exe\shell\startcommand
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes.exe\shell\open\command | @ = “”%AppData%ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\ave.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P

Total XP Security Removal GuideTotal XP Security Removal Guide

Total XP Security Removal Guide
Total XP Security is a rogue antispyware program which use Trojans to find security holes to enter the targeted Operating System. Once active, Total XP Security will add corrupt files and create registry keys for those files to be launched every time the PC is rebooted. Soon the unwary user will receive annoying popup messages about malware on the computer. Those are fake warnings to redirect users to one of Total XP Security rogue websites which distribute the paid licensed version of the useless software. Do not click on anything which seems related to this blatant scam and have Total XP Security removed as soon as it has been detected.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe /START "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P
Wednesday, April 28, 2010

AP Manager Removal GuideAP Manager Removal Guide

AP Manager Removal Guide
AP Manager is a is a rogue anti-spyware program designed to pilfer money from computer users. AP Managaer has the Trojan masquerading as a download manager for copyrighted games, movies, and music. If you visit certain sites that are affiliated with this malware and attempt to download copyrighted media, it will be added to the AP Manager download list and it will pretend to download the file to your computer. When downloading, The AP Manager will show information such as how much time is left, the speed of the download, the amount of KB transferred etc, but in reality this information is all fake as nothing is actually being downloaded to your computer.

Removal Guide
Kill Process
(How to kill a process effectively?)
apmanager.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "apmanager.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\APManager\apmanager.exe"

Remove Folders and Files
%UserProfile%\Application Data\APManager
%UserProfile%\Desktop\AP Manager.lnk
Monday, April 26, 2010

Antispyware Soft Removal GuideAntispyware Soft Removal Guide

Antispyware Soft Removal Guide
AntiSpyware Soft is a counterfeit security program that uses several illicit tactics to get unsuspecting computer users to download, install and purchase the full AntiSpyware Soft application. Antispyware Soft is a rogue from the same family as Antivirus Soft and Antivirus Suite. AntiSpyware Soft is able to perform these actions through many deceiving tactics such as displaying of misleading popup alerts and flooding bogus scan results with fake parasites.

Removal Guide
Kill Process
(How to kill a process effectively?)
[random string].exe
[random]tssd.exe

Delete Registry
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "[local]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\[random]
Saturday, April 24, 2010

My Security Engine Removal GuideMy Security Engine Removal Guide

My Security Engine Removal Guide
My Security Engine or MySecurityEngine is a rogue anti-spyware program that displays fake security notifications to trick you into purchasing their full version. My Security Engine may change your desktop settings to issue fake warning messages, and hijack the web browser to redirect you to unwanted websites. My Security Engine installs malicious files and automatically downloads itself onto your computer, which makes My Security Engine difficult to remove.

Removal Guide
Kill Process
(How to kill a process effectively?)
PE.exe
MS345d.exe

Unregister DLL files
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\gid.dll
%ALLUSERSPROFILE%\Application Data\345d567\sqlite3.dll
%ALLUSERSPROFILE%\Application Data\345d567\mozcrt19.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler

Remove Folders and Files
%ProgramFiles%\Mozilla Firefox\searchplugins\search.xml
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\gid.dll
%UserProfile%\Application Data\My Security Engine
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%ALLUSERSPROFILE%\Application Data\MSHOLE
%ALLUSERSPROFILE%\Application Data\345d567

TrustDoctor Removal GuideTrustDoctor Removal Guide

TrustDoctor Removal Guide
TrustDoctor or Trust Doctor is a rogue antivirus which is rapidly spreading through blackhat SEO and some deceptive methods including the use of bogus video codecs. This program is promoted through fake porn sites that pretend to show free pornographic videos. If you click on one of these videos it will fail to show and an alert will be displayed stating that you need to download a video codec in order to properly view the video. This supposed video codec, though, is actually a Trojan that will then install TrustDoctor on to your computer.

Removal Guide
Kill Process
(How to kill a process effectively?)
TrustDoctor.exe
uninstall.exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\TrustDoctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustDoctor
HKEY_LOCAL_MACHINE\SOFTWARE\TrustDoctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "TrustDoctor"

Remove Folders and Files
%ALLUSERSPROFILE%\Desktop\TrustDoctor.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\TrustDoctor
%ProgramFiles%\TrustDoctor Software
%windir%\101213zo9m49d5.cpl
%windir%\10566wormz5e.dll
%windir%\system32\2325viruz9.dll
%windir%\system32\15274hzcktool3d59.bin
%windir%\system32\77481tzoj56fc.bin
%windir%\system32\[random].exe
%Temp%\[random].exe
Thursday, April 15, 2010

Virus Protector Removal GuideVirus Protector Removal Guide

Virus Protector Removal Guide
Virus Protector is a dangerous program that is designed to trick computer users out of money. Virus Protector, after installed, uses aggressive techniques to make users believe that they need to purchase a full version of Virus Protector to remove detected threats. Not only does Virus Protector not have the ability to detect threats, it cannot remove them either. VirusProtector should never be used for the removal of computer parasites. It is recommended that Virus Protector be removed with a reputable spyware detection tool.

Removal Guide
Kill Process
(How to kill a process effectively?)
anpf56mn5.exe
setup.exe (MD5: 28a8737b03cc2f14723755ea8f4d6941)
[random].exe

Unregister DLL files
[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Virus Protector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "LoadAppInit_DLLs" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs" = ".dll"

Remove Folders and Files
%UserProfile%\Application Data\[random].exe
%UserProfile%\Application Data\[random].dll
%UserProfile%\Local Settings\Temp\[random].exe
%UserProfile%\Local Settings\Temp\[random].dll
%Program Files%\Internet Explorer\[random].exe
%Program Files%\Internet Explorer\[random].dll
%windir%\[random].exe %windir%\[random].dll
%windir%\system32\[random].exe
%windir%\system32\[random].dll
%windir%\system32\drivers\[random].exe
%windir%\system32\drivers\[random].dll

Dr. Guard Removal GuideDr. Guard Removal Guide

Dr. Guard Removal Guide
Dr. Guard is a rogue antispyware program which is actually the updated version of Paladin Antivirus. The bogus program is installed by Trojans. When the Trojan is set up, it will download and install Dr. Guard onto a victim's computer without the user's authorization and awareness. Dr. Guard will set itself to run automatically when Windows loads and it will ask the targeted user to uninstall legitimate antispyware tools in order to protect itself from removal. Dr. Guard will start an imitation of a system scan and find a number of threats that cannot be fixed, unless the victim first purchases the full version of the software. However, Dr. Guard is not able to detect or remove any computer malware so do not purchase it.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
asr64_ldm.exe
uninstall.exe
drguard.exe

Unregister DLL files
%Program Files%\Dr. Guard\drghook.dll
%Program Files%\Dr. Guard\drgext.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asr64_ldm.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dr. Guard
HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Remove Folders and Files
%UserProfile%\local settings\Temp\asr64_ldm.exe
%UserProfile%\Desktop\Dr. Guard.lnk
%UserProfile%\Desktop\Dr. Guard Support.lnk
%Program Files%\Dr. Guard
%UserProfile%\Start Menu\Programs\Dr. Guard

Antimalware Doctor Removal GuideAntimalware Doctor Removal Guide

Antimalware Doctor Removal Guide
Antimalware Doctor is a rogue anti-virus program designed to pilfer money from unwary computer users. It reports false system security threats and displays fake warnings to scare you into thinking that your computer is infected with malware. The only infection on your PC is most likely AntimalwareDoctor. This rogue uses a trojan virus to infiltrate the PC and then pretends to be legitimate anti-malware software. Antimalware Doctor will use a fake online scanner and misleading video/warez websites as part of its scare tactics. AntimalwareDoctor is also distributed on Facebook and other social sites so be very careful when opening unknown links. After being warned about the infection you will be urged to purchase a licensed version of Antimalware Doctor, which is in fact useless. Use a reliable anti-malware program to detect amd remove AntimalwareDoctor before it tries to scam you out of money.

Removal Guide
Kill Process
(How to kill a process effectively?)
Antimalware Doctor.exe

Delete Registry
Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
Antimalware Doctor Inc
[-HKEY_CLASSES_ROOT\secfile]
"Content Type"="application/x-msdownload"
@="exefile"
[HKEY_CLASSES_ROOT\.exe]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

Remove Folders and Files
Antimalware Doctor.exe
%windir%\System32\enemies-names.txt

Smart Security Removal GuideSmart Security Removal Guide

Smart Security Removal Guide
Smart Security is a rogue anti-spyware program from the same family as Security Tool. It pretends to be a legitimate security program, but in reality it's just another scam. The rogue program is promoted and installed through the use of Trojans that usually come from fake online scanners or malicious PDF files, bogus video sites or any other misleading websites. Once installed, Smart Security will run a system scan and display numerous serious infections on your computer. But don't worry about that, because the scan results are absolutely false. It just tries to make scare you into thinking that your computer is infected when it's not. Then it will prompt you to buy the full version of the program to remove the infections which don't even exist. Don't do that. Otherwise you will simply lose your money and probably won't get them back.

Removal Guide
Kill Process
(How to kill a process effectively?)
SmartSecurity.exe
unins000.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Security_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SmartSecurity"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SmartSecurity"

Remove Folders and Files
%Program Files%\Smart Security
%CommonPrograms%\Smart Security
%Documents and Settings%\All Users\Start Menu\Programs\Smart Security

Security Guard Removal GuideSecurity Guard Removal Guide

Security Guard Removal Guide
Security Guard is another rogue anti-spyware which belongs to malicious family also known for releasing Cleanup Antivirus rogue. Being promoted by backdoor Trojans and fake online scanners, Security Guard reveals its existence on the infected computer by displaying fake alerts and system scanners that all appear too frequently to be ignored. By its annoying activity, program tries to push users into getting its commercial version, so don’t give your money away for this scareware.

Removal Guide
Kill Process
(How to kill a process effectively?)
SG345d.exe
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\SICKBOY.exe

Unregister DLL files
mozcrt19.dll
sqlite3.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "layout/2.01002"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Guard"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"

Remove Folders and Files
%UserProfile%\Application Data\Security Guard
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\fix.tmp
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Security Guard.lnk
%UserProfile%\Start Menu\Programs\Security Guard.lnk

Control Components Removal GuideControl Components Removal Guide

Control Components Removal Guide
Control Components is a rogue anti-spyware program designed to pilfer money form hapless computer users. Control Components reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. This fake program is from the same family as Control Center. Control Components uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, Control Components simulates a system scan and displays a list of malware infections. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have Control Components removed form your system immediately.

Removal Guide
Kill Process
(How to kill a process effectively?)
uninstall.exe
ccmain.exe
ccagent.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "ccmain.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ccagent.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallControl Components

Remove Folders and Files
Control Components.lnk
uninstall.exe
settings.ini
guide.html
ccmain.exe
ccagent.exe
%UserProfile%\Application Data\Control Components
%UserProfile%\Desktop\Control Components.lnk

Antivirus Suite Removal GuideAntivirus Suite Removal Guide

Antivirus Suite Removal Guide
Antivirus Suite (aka AntivirusSuite) is a rogue anti-spyware program which enters a targeted computer via a backdoor created by malware. AntivirusSuite displays similar tactics to its rogue cousin Antivirus Soft. The hackers behind this cyber-scam use malware to redirect Internet users to a fake scan page which produces bogus results claiming the system is infected with all sorts of malware. The fake scanner also produces popup warnings which urge users to purchase Antivirus Suite to remove the so-called threats. Do not fall for this trickery, it is a blatant scam.

Removal Guide
Kill Process
(How to kill a process effectively?)
mrkkuvktssd.exe
wvhstoctssd.exe
[random]tssd.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "val Tool"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\avsuite

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]tssd.exe
%UserProfile%\Local Settings\Application Data\[random characters]

Your Protection Removal GuideYour Protection Removal Guide

Your Protection Removal Guide
Your Protection is a dangerous rogue anti-spyware program. Your Protection comes from the same family of rogues as Dr. Guard and User Protection. Your Protection is also known to black other legitimate anti-virus or anti-spyware programs. It may be very difficult to attempt manual removal of Your Protection. When installed, Your Protection may initiate system scans that return bogus results. It is very important to take immediate action to remove Your Protection completely from the affected computer.

Removal Guide
Kill Process
(How to kill a process effectively?)
urpprot.exe
mplay32xe.exe

Unregister DLL files
fiosejgfse.dll
urpext.dll
urphook.dll

Delete Registry
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Your Protection
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "mplay32xe.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Your Protection"
HKEY_CLASSES_ROOT\shellex\ContextMenuHandlers\SimpleShlExt "(Default)" = "{5E2121EE-0300-11D4-8D3B-444553540000}"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt "(Default)" = "{5E2121EE-0300-11D4-8D3B-444553540000}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell ExtensionsApproved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Remove Folders and Files
%Program Files%\Your Protection
%ALLUSERSPROFILE%\application data\fiosejgfse.dll
%Temp%\4otjesjty.mof
%Temp%\asd1.tmp
%Temp%\mplay32xe.exe
%Temp%\urp.dat
%Temp%\urpr.dat
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk
%UserProfile%\Desktop\Your Protection Support.lnk
%UserProfile%\Desktop\Your Protection.lnk
%UserProfile%\Start Menu\Programs\Your Protection

Digital Protection Removal GuideDigital Protection Removal Guide

Digital Protection Removal Guide
Digital Protection is a rogue anti-spyware program designed to pilfer money from unwary computer users. Digital Protection uses a fake system scan with bogus results to scare users into purchasing a useless software. After producing warnings claiming the system is infected with malware, the user will be bombarded by popup warnings urging the purchase of Digital Protection to remove the alleged threats. Do not fall for this blatant scam and have the Digital Protection threat terminated with reliable anti-spyware.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
davclnt.exe
Uninstall.exe
digprot.exe

Unregister DLL files
dighook.dll
digext.dll
fiosejgfse.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Digital Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PoliciesSystem "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallDigital Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

Remove Folders and Files
digr.dat
dig.dat
dhdhtrdhdrtr5y
davclnt.exe
c865.tmp
asd1.tmp
4otjesjty.mof
virus.mp3
update.ico
Uninstall.exe
splash.mp3
settings.ico
scan.ico
help.ico
digprot.exe
dighook.dll
digext.dll
buy.ico dig.db
activate.ico
about.ico
Update.lnk
Settings.lnk
Scan.lnk
Buy.lnk
Activate.lnk
About.lnk
Support.lnk
Digital Protection
Digital Protection.lnk
fiosejgfse.dll