Saturday, October 23, 2010

System Tool Removal GuideSystem Tool Removal Guide

System Tool Removal Guide
System Tool is a fake antivirus program that cannot detect and remove any malware. Once System Tool is installed in the computer, it will configure itself to start automatically when Windows boot. After that, System Tool will scan some files in the computer and WILL SURELY display fake warning that the computer is infected by many malware. System Tool will urge the user to register System Tool by purchasing the full version of System Tool so that to remove the malwares. Actually, System Tool cannot detect and remove any malware. System Tool just want to cheat the money of the user only.

System Tool provide fake features such as System Scan, Protection, Privacy, full real-time protection with System Tool etc. All of these cannot function at all. It scares the user by showing that there are many malwares in the computer such as Dialer.Trafficjam.a, Win32.Delbot.Ai, Win32.PerFiler, Trojan-Downloader.VBS.Small.dc, Win32.Spamta.KG.worm and so on. Don't be afraid, all of them is a lie. Your computer is clean.

System Tool should be removed immediately!

System Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%ALLUSERSPROFILE%\Application Data\[random]

[random] mean words formed by random alphabets such as "fklasjsdfk", "fdkjiu289", "dj328ufdkj" etc.
Friday, October 22, 2010

ThinkPoint Removal GuideThinkPoint Removal Guide

ThinkPoint Removal Guide
ThinkPoint is a fake antivirus program that cannot detect and remove any malware. However, once ThinkPoint is installed in the computer, it WILL SURELY state that the computer has been infected by malwares and ask the user to purchase the full version of ThinkPoint. ThinkPoint is part of Microsoft Security Essential infection. Do not ever purchase ThinkPoint as it cannot detect and remove any malware. ThinkPoint will start automatically when Windows boot. Then ThinkPoint will states that it is a World's leading security solution. Actually, ThinkPoint cannot protect any computer from malwares.

ThinkPoint provide fake features such as Quick Scan, Full Scan and Firewall. It scares the user that the %ProgramFiles%\Messenger\msmsgs.exe is infected with Trojan.Horse.Win32.PAV.64.a. Don't be cheated as the file is clean. It disable Windows Task Manager and stop other legitimate antivirus program from protecting the computer.

ThinkPoint should be removed immediately!

ThinkPoint Removal Guide
Kill Process
(How to kill a process effectively?)
hotfix.exe

Delete Registry
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = %AppData%\hotfix.exe

Remove Folders and Files
%UserProfile%\Application Data\completescan
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\install
Tuesday, October 19, 2010

AntiVirus Solution 2010 Removal GuideAntiVirus Solution 2010 Removal Guide

AntiVirus Solution 2010 is a fake antivirus program that just cheat the user that the computer is infected by malwares and urge the user to purchase the full version of AntiVirus Solution 2010. When AntiVirus Solution 2010 is installed in the computer accidentally, it will start automatically when Windows boot. Then AntiVirus Solution 2010 will scan the computer and WILL SURELY show shat the computer had been infected by malwares. However, the user can only remove the malwares by activating the program by purchasing the full version of AntiVirus Solution 2010. In fact, the full version of AntiVirus Solution 2010 cannot detect and remove any malware. AntiVirus Solution 2010 cannot detect any malware. Do not be cheated by AntiVirus Solution 2010.

AntiVirus Solution 2010 provide fake features like Auto Protection, System Scan and Firewall. None of them can really protect the computer from malware. It scares the users by stating that there are many malwares in the computer such as Adware Win32/Wheerphee, Worm Win32/Rescue.B and so on.

AntiVirus Solution 2010 should be removed immediately!

AntiVirus Solution 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
uninstall.exe
AntiVirus Solution 2010.exe
securitycenter.exe
securityhelper.exe
backd-efq.exe
cunifuc.exe
dc_3.exe
dd10×10.exe
ddhelp.exe
destroyer.exe
fadz43.exe
fe.exe
format.exe
hardwh.exe
kock.exe
safe.exe
snowif.exe
sycre.exe
test.exe
timem.exe
w32-reno-c.exe
wined.exe
winlogoff.exe
%Temp%\02c9c3c35bdx5.exe
%Temp%\17dkf.exe
%Temp%\1iowieoo.exe
%Temp%\2010yo.exe
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\8gmsed-bd.exe
%Temp%\a75wef8e0e7.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\aler3fa.exe
%Temp%\alerfa.exe
%Temp%\alerfa2.exe
%Temp%\alerfa322.exe
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddhelp.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\dwl_bqz.exe
%Temp%\eelnvd13.exe
%Temp%\eephilpe.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\gedx_ae09.exe
%Temp%\gpdfsws_bbg.exe
%Temp%\gpupz2a.exe
%Temp%\hardwh.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hjkgfddd.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jofcdks.exe
%Temp%\kgn.exe
%Temp%\kilslmd.exex
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\lorsk.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rsrtd12.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\test.exe
%Temp%\timem.exe
%Temp%\w32-reno-c.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wergfq.exe
%Temp%\wined.exe
%Temp%\winlogoff.exe
%Temp%\wqefqw7e.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiVirus Solution 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirus Solution 2010
HKEY_CURRENT_USER\Software\AntiVirus Solution 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Solution 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "2kowmeuswvw3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiVirus Solution 2010"

Remove Folders and Files
%WINDOWS%\system32\[random].exe
%Program Files%\AntiVirus Studio 2010
%Program Files%\Desktop Security 2010
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Solution 2010.lnk
%Documents and Settings%\All Users\Start Menu\Programs\AntiVirus Solution 2010
%UserProfile%\Application Data\AntiVirus Solution 2010
%UserProfile%\Start Menu\Programs\AntiVirus Solution 2010
Sunday, October 17, 2010

Smart Engine Antivirus Removal GuideSmart Engine Antivirus Removal Guide

Smart Engine Antivirus is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of Smart Engine Antivirus. Smart Engine Antivirus is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Smart Engine Antivirus which cannot detect and remove any malware. Smart Engine Antivirus installs into the computer and will scan the computer when Windows boot. Then Smart Engine Antivirus will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Smart Engine Antivirus provide fake feature like scanning the computer but in fact it cannot detect any malware. It claims that the user can get ultimate protection against identify theft, viruses, malwares and other threats if Smart Engine Antivirus is activated. It also provide a fake Windows Advanced Security Center which show fake result.

Smart Engine Antivirus should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
SM17a_2211.exe
SmartEngine.exe
SMda2_2121.exe
energy.exe
smae0_2129.exe
exec.exe
pal.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Engine"
HKEY_CLASSES_ROOT\MSSSys.DocHostUIHandler
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SMae0_2129.DocHostUIHandler


Remove Folders and Files
%Documents and Settings%\[UserName]\StartMenu\Programs\Smart Engine.lnk
%Documents and Settings%\[UserName]\StartMenu\Smart Engine.lnk
%Documents and Settings%\[UserName]\Desktop\Smart Engine.lnk
%Documents and Settings%\[UserName]\Application Data\Smart Engine
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
%Documents and Settings%\All Users\Application Data\17acbd
%userprofile%\recent\antigen.dll
%userprofile%\recent\antigen.drv
%userprofile%\recent\cid.tmp
%userprofile%\recent\clsv.exe
%userprofile%\recent\clsv.sys
%userprofile%\recent\dbole.drv
%userprofile%\recent\delfile.sys
%userprofile%\recent\eb.sys
%userprofile%\recent\energy.exe
%userprofile%\recent\exec.exe
%userprofile%\recent\fan.drv
%userprofile%\recent\kernel32.dll
%userprofile%\recent\pal.exe
%userprofile%\recent\pe.dll
%userprofile%\recent\ppal.drv
%userprofile%\recent\tempdoc.tmp
%commonappdata%\ae01cc
%commonappdata%\smifgkmpdqe
%appdata%\smart engine
Monday, October 11, 2010

Antivirus Action Removal GuideAntivirus Action Removal Guide

Antivirus Action is a fake antivirus program that mainly created to trick the users to think that their computers are infected by malwares. In fact, Antivirus Action cannot detect and remove any malware. When Antivirus Action is accidentally installed in the computer, it will start automatically when Windows boot. Then, Antivirus Action will scan the computer and WILL SURELY scare the user that the computer has been infected by malwares. Antivirus Action will urge the user to activate the program by purchasing the full version of Antivirus Action so that to remove the malwares. Do not ever buy the program as it cannot remove any malware.

Antivirus Action claims itself as an Innovative protection for your PC. It has fake basic antivirus feature such as "Performing Scan" and remove malware. It scare the user by showing the files in the computer are infected by malwares such as VMalum AWS, Advanced Stealth Email Protector Redirector 6.2, Ld Pinch V and so on. Do not be trick by it as all of them is a lie.

Antivirus Action should be removed immediately!

Antivirus Action Removal Guide
Kill Process
(How to kill a process effectively?)
[random]agnz.exe

Delete Registry
HKEY_CURRENT_USER\Software\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]agnz.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]agnz.exe"

Remove Folders and Files
%Temp%\[random]
Saturday, October 9, 2010

SecureDefenseSecureDefense

SecureDefense is a fake antivirus program that always produce fake scanning report of computer in order to urge the user to purchase the full version of SecureDefense. When SecureDefense is accidentally installed in the computer, it will start automatically every time Windows boot. Then SecureDefense will scan some files in the computer and WILL SURELY show the users that some of the files are infected by malwares. When the user try to remove the malwares, SecureDefense will ask the user to register the program by purchasing the full version of SecureDefense which cannot remove any malware.

SecureDefense cheats that it can help protect your PC by providing fake features such as Full Scan, System Scan, Scan Basic Locations, Scan Removable Media, Scan Folder and even Realtime protection.

SecureDefense should be removed immediately!

SecureDefense Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\SecureDefense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecureDefense
HKEY_LOCAL_MACHINE\SOFTWARE\SecureDefense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"

Remove Folders and Files
%Program Files%\80D9C
%ALLUSERSPROFILE%\Start Menu\Programs\SecureDefense.lnk
%HOMEDRIVE%\Bleeping\Desktop\SecureDefense.lnk
%HOMEDRIVE%\Bleeping\Local Settings\Temp\[random].exe
%windir%\[random].dll
%windir%\[random].bin
%windir%\[random].cpl
%windir%\system32\[random].cpl
%windir%\system32\[random].exe
%windir%\system32\[random].bin
Friday, October 8, 2010

TrustDefender Removal GuideTrustDefender Removal Guide

TrustDefender is a fake antivirus program that looks like a legitimate antivirus. In fact, TrustDefender cannot help protect your PC. TrustDefender is created to cheat the user to buy the full version of TrustDefender. When TrustDefender is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as TrustDefender cannot detect and remove any malware.

TrustDefender also installs RegistryClever which is another fake registry cleaner. Besides, it will also show fake Windows Security Center window and ask the user to register TrustDefender. TrustDefender provide fake feature like Full Scan, System Scan, Scan Basic Locations, Scan Removable Media, Scan Folder and Realtime Protection.

TrustDefender should be removed immediately!

TrustDefender Removal Guide
Kill Process
(How to kill a process effectively?)
F0E84.exe
RegistryClever.exe
RegistryCleverTray.exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\RegistryClever
HKEY_CURRENT_USER\Software\TrustDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustDefender
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\TrustDefender
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"

Remove Folders and Files
%ALLUSERSPROFILE%\Desktop\RegistryClever.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\TrustDefender.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\RegistryClever
%ProgramFiles%\FDFCA
%ProgramFiles%\RegistryClever Software
%UserProfile%\Desktop\TrustDefender.lnk
%UserProfile%\Local Settings\Temp\[random].exe
%windir%\[random].dll
%windir%\[random].bin
%windir%\[random].cpl
%windir%\system32\[random].cpl
%windir%\system32\[random].exe
%windir%\system32\[random].bin
Thursday, October 7, 2010

IronProtector Removal GuideIronProtector Removal Guide

IronProtector is a fake antivirus program that try to pretend itself like a legitimate antivirus which can detect and remove malwares and also give Realtime protection. However, IronProtector cannot detect and remove and malwares. Once IronProtector installs in the computer, it will configure itself to start automatically when Windows boot. After that, it will scan the computer and produce fake report which states that there are many malwares detected. IronProtector will urge the user to register the program by purchasing the full version of IronProtector so that to remove all the malwares detected. Do not believe the report and do not ever purchase IronProtector, as it cannot help us to protect our computer, but just make our computer slow only.

IronProtector also install RegistryClever into the computer which is a fake registry scanner program. IronProtector provide fake features like "Full Scan", "System Scan", "Scan Basic Locations", "Scan Removable Media", "Scan Folder" and even "Realtime Protection".

IronProtector should be removed immediately!

IronProtector Removal Guide
Kill Process
(How to kill a process effectively?)
F0E84.exe
RegistryClever.exe
RegistryCleverTray.exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\IronProtector
HKEY_CURRENT_USER\Software\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\IronProtector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IronProtector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryClever
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"

Remove Folders and Files
%ALLUSERSPROFILE%\Application Data\RegistryClever
%ALLUSERSPROFILE%\Desktop\RegistryClever.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\IronProtector.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\RegistryClever
%ProgramFiles%\FDFCA
%ProgramFiles%\RegistryClever Software
%windir%\[random].dll
%windir%\[random].bin
%windir%\[random].cpl
%windir%\system32\[random].cpl
%windir%\system32\[random].exe
%windir%\system32\[random].bin
%UserProfile%\Desktop\IronProtector.lnk
%UserProfile%\Local Settings\Temp\[random].exe

ShieldSoldier Removal GuideShieldSoldier Removal Guide

ShieldSoldier is a fake antivirus program that try to cheat the user to register the program so that to remove the malwares detected. When ShieldSoldier is accidentally installed into the computer, ShieldSoldier will start automatically when Windows boot. Then, it will scan the files in the computer and produce fake report that there are several malwares detected. ShieldSoldier will ask the user to register the program by purchasing the full version of ShieldSoldier in order to remove all the malwares. In fact, ShieldSoldier cannot detect any malware and also remove and malwares.

ShieldSoldier also install RegistryClever into the computer which is also another program created to trick the user to waste money. It claims that it can help protect your PC and give Realtime protection. However, all of these are fake features.

ShieldSoldier should be removed immediately!

ShieldSoldier Removal Guide
Kill Process
(How to kill a process effectively?)
F0E84.exe
RegistryClever.exe
RegistryCleverTray.exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\RegistryClever
HKEY_CURRENT_USER\Software\ShieldSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShieldSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\ShieldSoldier
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"

Remove Folders and Files
%ALLUSERSPROFILE%\Desktop\RegistryClever.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\ShieldSoldier.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\RegistryClever
%ProgramFiles%\FDFCA
%ProgramFiles%\RegistryClever Software
%windir%\[random].dll
%windir%\[random].bin
%windir%\[random].cpl
%windir%\system32\[random].cpl
%windir%\system32\[random].exe
%windir%\system32\[random].bin
%UserProfile%\Desktop\ShieldSoldier.lnk
%UserProfile%\Local Settings\Temp\[random].exe
Sunday, October 3, 2010

Antivirus Studio 2010 Removal GuideAntivirus Studio 2010 Removal Guide

Antivirus Studio 2010 is a fake antivirus program that tricks the user to purchase the full version of Antivirus Studio 2010 by showing fake detection of the computer. When Antivirus Studio 2010 is installed in the computer, it will start automatically when Windows boot. Then, Antivirus Studio 2010 will scan the computer and will surely state that there are many files in the computer are infected by malwares. Antivirus Studio 2010 will urge the user to purchase the full version of Antivirus Studio 2010 in order to remove all the malwares. However, Antivirus Studio 2010 cannot detect and remove any malware from the computer. All the detection is a lie.

Antivirus Studio 2010 claims that it can provide simple one-click solution to protect your PC. It provide fake features such as System Scan and Firewall. There is an Activate button in Antivirus Studio 2010. It also define Trial Version as a version of the Software used only to review, demonstrate and evaluate the Software for an unlimited time period.

Antivirus Studio 2010 should be removed immediately!

Antivirus Studio 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
02c9c3c35bdx5.exe
17dkf.exe
1iowieoo.exe
2010yo.exe
472a10e2ebxd9.exe
56493.exe
8gmsed-bd.exe
a75wef8e0e7.exe
ae0965a7157cd.exe
al3erfa3.exe
aler3fa.exe
alerfa.exe
alerfa2.exe
alerfa322.exe
aqfitrlxi2.exe
backd-efq.exe
brdss.exe
bzqa43d.exe
cffd4.exe
cosock.exe
cowceb.exe
cunifuc.exe
dc_3.exe
dd10x10.exe
ddhelp.exe
ddoll3342.exe
destroyer.exe
dkfjd93.exe
ds7hw.exe
dwl_bqz.exe
eelnvd13.exe
eephilpe.exe
exppdf_w.exe
fadz43.exe
fe.exe
format.exe
g_dx234.exe
gedx_ae09.exe
gpdfsws_bbg.exe
gpupz2a.exe
hardwh.exe
hhbboll_2.exe
hiphop.exe
hjkgfddd.exe
hodeme.exe
htfad4.exe
hvipws9.exe
jdhellwo3.exe
jofcdks.exe
kgn.exe
kilslmd.exex
kjdh_gf_jjdhgd.exe
kjh102k3.exe
kn.a.exe
kock.exe
ljts-23.exe
lkhgg_ea.exe
lols.exe
lorsk.exe
ploper.exe
poertd.exe
ppddfcfux.exxe
pswwg3c.exe
puzpup.exe
qwedvor.exe
qwklrvjhqlkj.exe
r0life.exe
rator.exe
rsrtd12.exe
rtfme.exe
safe.exe
snowif.exe
sycre.exe
test.exe
timem.exe
w32-reno-c.exe
warsddd_w.exe
wefgetn_00.exe
wergfq.exe
wined.exe
winlogoff.exe
wqefqw7e.exe
wrcud12.exe
wrfwe_di.exe
wwautrsd.exe
wwwsssgen.exe
AntiVirus Studio 2010.exe
securitycenter.exe
securityhelper.exe

Delete Registry
HKEY_CURRENT_USER\Software\AntiVirus Studio 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "2kowmeuswvw3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiVirus Studio 2010"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SecurityCenter"

Remove Folders and Files
%Temp%\02c9c3c35bdx5.exe
%Temp%\17dkf.exe
%Temp%\1iowieoo.exe
%Temp%\2010yo.exe
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\8gmsed-bd.exe
%Temp%\a75wef8e0e7.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\aler3fa.exe
%Temp%\alerfa.exe
%Temp%\alerfa2.exe
%Temp%\alerfa322.exe
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddhelp.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\dwl_bqz.exe
%Temp%\eelnvd13.exe
%Temp%\eephilpe.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\gedx_ae09.exe
%Temp%\gpdfsws_bbg.exe
%Temp%\gpupz2a.exe
%Temp%\hardwh.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hjkgfddd.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jofcdks.exe
%Temp%\kgn.exe
%Temp%\kilslmd.exex
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\lorsk.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rsrtd12.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\test.exe
%Temp%\timem.exe
%Temp%\w32-reno-c.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wergfq.exe
%Temp%\wined.exe
%Temp%\winlogoff.exe
%Temp%\wqefqw7e.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe
%UserProfile%\Application Data\AntiVirus Studio 2010
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010
Saturday, October 2, 2010

Antivirus IS Remove GuideAntivirus IS Remove Guide

Antivirus IS is a fake antivirus program that cannot protect any computer from malware. Antivirus IS installs into the computer and configure itself to start automatically when Windows boot. Then Antivirus IS will scan the computer automatically without confirmation of the user and will surely scare the user that the computer is infected by several malwares. The user will have to purchase the full version of Antivirus IS to remove the malware. In fact, do not purchase it as it will not remove any malware.

Antivirus IS claims itself as an innovative protection for your PC. It provide basic antivirus feature such as "Performing Scan" and "Get Updates". However, all of these are fake features which do not really function. It gives fake malware(such as Backdoor.Win32.Small.x, PSW.Win32.OnLineGames.rth, Downloader.Win32.Delf.cgx etc) detection.

Antivirus IS should be removed immediately!

Antivirus IS Removal Guide
Kill Process
(How to kill a process effectively?)
[random]lanw.exe

Delete Registry
HKEY_CURRENT_USER\Software\mksybupgw
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:27811"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]lanw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]lanw.exe"

Remove Folders and Files
%Temp%\[random]
%Temp%\[random]\[random]lanw.exe