Sunday, December 19, 2010

Internet Security 2011 Removal GuideInternet Security 2011 Removal Guide

Internet Security 2011 Removal Guide
Internet Security 2011 is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. Internet Security 2011 cannot detect and remove any kind of virus, malware and trojan. What Internet Security 2011 can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Internet Security 2011 will urge the user to purchase the full version of Internet Security 2011 to remove all the detected malwares, viruses and trojan. Bare in mind that Internet Security 2011 CANNOT detect and remove any malware, virus and trojan.

Internet Security 2011 is difficult to remove. Internet Security 2011 will automatically terminate any program which try to terminate Internet Security 2011 such as legitimate antivirus. Internet Security 2011 will prevent the program from running by changing security permission on the executable file of the program. When the user attempt to run the program, Windows will give this error message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

or

"Access Denied."

To solve this problem, the user has to use command prompt and type "cacls [full path to the program] /G Everyone:F" and press "enter".

Internet Security 2011 should be removed immediately!


Internet Security 2011Removal Guide
Kill Process
(How to kill a process effectively?)
exefile.exe

Unregister DLL files
%windir%\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
%windir%\system32\mswmqnei.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiSpywareOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit

Remove Folders and Files
%windir%\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909
%ALLUSERSPROFILE%\Application Data\.wtav
%windir%\assembly\GAC\__AssemblyInfo__.ini
%windir%\system32\drivers\vbma22b4.sys
%windir%\system32\mswmqnei.dll
%windir%\system32\exefile.exe

No comments:

Post a Comment