Friday, August 13, 2010

Security Suite Removal GuideSecurity Suite Removal Guide

Security Suite Removal Guide
Security Suite is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Security Suite infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Security Suite will start automatically when Windows boot. Then, Security Suite will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Security Suite in order to remove the detected malwares.

Security Suite claims itself as innovative protection for your PC. Security Suite provide fake features like "Perform Scan", "Adjust Setting", "Get Update", "Help & Support" and so on. Security Suite also has a fake malware database.

Security Suite should be removed immediately!

Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random]shdw.exe

Delete Registry
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"

Remove Folders and Files
search the drives for [random]shdw.exe and kill them.

No comments:

Post a Comment