Wednesday, June 30, 2010

Security Master Removal GuideSecurity Master Removal Guide

Security Master Removal Guide
Security Master is a fake antivirus program. Security Master install to the computer through trojan which opens a backdoor on the computer. There are many computers which has been infected by trojans (they are not detected by antivirus). Such trojans make this fake antivirus install to the computer without any confirmation of the users. Security Master start automatically when the computer boot. The main purpose of Security Master is to cheat money from the users by producing fake scan result to scare the users to buy the full version of Security Master.

Security Master provide fake features such as protecting the security settings of computer. In fact, Security Master changes the security setting of the compromised computers!

Security Mastershould be removed immediately.


Removal Tool: Remove Fake Antivirus. (Download it here.)

Security Master Removal Guide
Kill Process
(How to kill a process effectively?)
%CommonAppData%\8d7ca11\SM8d7c.exe
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\std.exe

Delete Registry
HKEY_CURRENT_USERSoftware3
HKEY_CLASSES_ROOTSMAVSys.DocHostUIHandler
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Security Master AV"

Remove Folders and Files
%CommonAppData%\8d7ca11\SM8d7c.exe
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\std.exe
Saturday, June 26, 2010

Free Partition Software - Partition Wizard Home EditionFree Partition Software - Partition Wizard Home Edition

Free Partition Software - Partition Wizard Home Edition
Partition Wizard Home Edition is a free partition manager software designed by MT Solution Ltd. Partition manager supports 32/64 bit Windows Operating System including Windows XP, Vista and Windows 7. Home users can perform complicated partition operations by using this powerful yet free partition manager to manage their hard disk.

Functions include:
  • Resizing partitions,
  • Copying partitions,
  • Create partition,
  • Delete partition,
  • Format partition,
  • Convert partition,
  • Explore partition,
  • Hide partition,
  • Change drive letter,
  • Set active partition,
  • Partition Recovery.
Partition Wizard Home Edition is designated for home user only, to use Partition Wizard in a business environment, Partition Wizard Professional Edition is required.

Download Partition Wizard Home Edition

Thursday, June 24, 2010

PC Sweeper Removal GuidePC Sweeper Removal Guide

PC Sweeper Removal Guide
PC Sweeper is a fake antivirus program which is used to trick the user to buy a fake antivirus program. PC Sweeper install into PC without permission of users unless the user set the UAC level to the highest level. PC Sweeper tries to convince the users that their computers are infected by malware inside their machines. In fact, PC Sweeper is the malmare that infect the computers. Then PC Sweeper will consistently asks the users to buy the full version of PC Sweeper in order to get rid of the malwares. Don't ever be cheated by buying this fake antivirus program.

PC Sweeper is not able to detect or delete any infections. PC Sweeper always show that the computer is not protected. It provide features like other antivirus program.

PC Sweeper should be removed immediately!


PC Sweeper Removal Guide
Kill Process
(How to kill a process effectively?)
pcsweeper.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PC Sweeper"

Remove Folders and Files
pcsweeper.exe

Green AV Security Suite Removal GuideGreen AV Security Suite Removal Guide

Green AV Security Suite Removal Guide
Green AV Security Suite is a fake antivirus program that use fake scan result to trick the user to buy the full version of Green AV Security Suite. It infect the computers by using trojans, spam emails or affiliated websites. Green AV Security Suite install into the computer without confirmation of the user unless the user set the UAC level to the highest level.

Green AV Security Suite make the system slow down. It may hijack web browser and block regular antispyware and antivirus applications. Green AV Security Suite always demand the users to pay for the “licensed version”.

Green AV Security Suite should be removed immediately!


Green AV Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random characters].exe
[random characters]tssd.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_CURRENT_USER\Software\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random characters]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random characters]"
HKEY_CURRENT_USER\Software\AvScan

Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters].exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe

AV Security Suite Removal GuideAV Security Suite Removal Guide

AV Security Suite Removal Guide
AV Security Suite is a fake antivirus program with purpose to cheat money from the user. AV Security Suite installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. AV Security Suite run itself when the computer boot and scan the computer automatically and produce fake scan result and urge the users to buy the full version of AV Security Suite.

AV Security Suite always states that the computer is not protected against malware. It changes Internet Explorer settings and enables proxy server which make the computer easily access by hackers! It show the computer was infected by malware such as BackdoorWin32S which is a fake alert.

AV Security Suite should be removed immediately!


AV Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random string]tssd.exe
[random string].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\AvScan

Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe
Monday, June 14, 2010

Defense Center Removal GuideDefense Center Removal Guide

Defense Center Removal Guide
Defense Center is a fake antivirus program that try to trick the user to buy the full version of Defense Center by using fake scan results. Defense Center installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. Defense Center start itself when the computer boot and scan the computer automatically and produce fake scan result and keep on warning the users to buy the full version of Defense Center.

Defense Center also disable Windows Task Manager so that the user cannot stop its process. However, we can stop the process by using a-squared HiJackFree. It also uninstall several antivirus program such as Malwarebytes', F-Secure, Trend Micro, and Symantec Antivirus.

Defense Center provide fake features such as Antivirus and Antispyware protection (DEMO version), Network Shield (Firewall)(DEMO version), Automatics Updates(DEMO version), Scheduled Scans, RAM Protection. It urge the user to buy the full version so that the user can have the full active Antivirus and Antispyware protection, Network shield and Automatic Updates. It always show the user that the computer is not protected! It asks the user to activate the protection.

Defense Center should be removed immediately.


Defense Center Removal Guide
Kill Process
(How to kill a process effectively?)
defcnt.exe
Uninstall.exe
spam001.exe
spam002.exe
spam003.exe
troj000.exe

Unregister DLL files
%Program Files%\Defense Center\defext.dll
%Program Files%\Defense Center\defhook.dll

Delete Registry
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Remove Folders and Files
%Documents and Settings%\All Users\Favorites\_favdata.dat
%Program Files%\Defense Center
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%appdata%\microsoft\internet explorer\quick launch\Defense Center.lnk
%commonprograms%\Defense Center
Saturday, June 5, 2010

Sysinternals Antivirus Removal GuideSysinternals Antivirus Removal Guide

Sysinternals Antivirus Removal Guide
Sysinternals Antivirus is a fake antivirus which is a fake security application. Sysinternals Antivirus install into computer through malwares without any permission of the user unless UAC is set to the highest level (for Windows 7 users). Sysinternals Antivirus will automatically run when windows boot. Sysinternals Antivirus produce false scan result and urge the user to activate the protection by purchasing the full version of Sysinternals Antivirus.

Sysinternals Antivirus once is installed in the computer, it will tell the user that the Windows is in danger! It will scan the computer and show that there are n Infection Found. It even state the malwares that infect the files such as Email-Worm.Win32.Meronda and in fact, it is a fake result. It provide fake features like System Scan, Firewall, Update etc.

Sysinternals Antivirus should be removed immediately!


Sysinternals Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
alggui.exe
%Program Files%\svchost.exe
dbsinit.exe
Sysinternals Antivirus.exe
ccsmn.exe
ccsrr.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_CURRENT_USER\Software\Sysinternals Antivirus
HKEY_USERS\.DEFAULT\Software\Sysinternals Antivirus
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CLASSES_ROOT\CLSID\{149256d5-e103-4523-bb43-2cfb066839d6}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavapp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavappr"

Remove Folders and Files
%Program Files%\adc_w32.dll
%Program Files%\alggui.exe
%Program Files%\extra1.dat
%Program Files%\extra2.dat
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\scdata
%Program Files%\Sysinternals Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus
Thursday, June 3, 2010

Protection Center Removal GuideProtection Center Removal Guide

Protection Center Removal Guide
Protection Center is a fake antivirus program which try to trick the user to purchase the full version of fake antivirus. It infects the computer through installing trojans and start it when computer boot. Protection Center use false scan result to make the users to purchase the fake antivirus. It may also stop the user from using anti-malware programs or antivirus.

Protection Center provide fake features like Antivirus and Antispyware protection, Network shield (Firewall), Automatic Updates, Scheduled Scans and even RAM protection. It acts live a real and good antivirus. Protection Center is installed as unregistered version. It shows the users that the computer is not protected and ask the user to upgrade to full version.

Protection Center must be removed immediately!


Protection Center Removal Guide
Kill Process
(How to kill a process effectively?)
wscsvc32.exe
mswinsck.exe
uninstall.exe
protcen.exe
cntprot.exe

Unregister DLL files
%Program Files%\Protection Center\cntext.dll
%Program Files%\Protection Center\cnthook.dll
%Documents and Settings%\All Users\Application Data\fiosejgfse.dll
%Program Files%\Protection Center\prothook.dll
%Program Files%\Protection Center\protext.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Protection Center"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection Center
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CLASSES_ROOT\secfile
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CURRENT_USER\Software\Paladin Antivirus
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_CURRENT_USER\Software\Classes\secfile

Remove Folders and Files
%Documents and Settings%\All Users\Application Data\fiosejgfse.dll
%Temp%\wscsvc32.exe
%Temp%\mswinsck.exe
%Temp%\4otjesjty.mof
%Program Files%\Protection Center
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center
%Documents and Settings%\[UserName]\Desktop\Protection Center.lnk
%Documents and Settings%\[UserName]\Desktop\Protection Center Support.lnk