Thursday, March 17, 2011

E-Set Antivirus 2011 Removal GuideE-Set Antivirus 2011 Removal Guide

E-Set Antivirus 2011 Removal Guide
E-Set Antivirus 2011 is a fake antivirus. E-Set Antivirus 2011 infected your computer through a malicious website or Trojan. E-Set Antivirus 2011 scan the whole infected computer without any notice. After finish scanning, E-Set Antivirus 2011 shows false result that there are a lot of malware infections found on the computer. Moreover, the users of the infected computer will receive several warning alerts trying to force the users to purchase the fake full version of E-Set Antivirus 2011. E-Set Antivirus 2011 cannot detect and remove any kind of virus, malware or trojan. E-Set Antivirus 2011 is a SCAM. Do not believe any warning or alert given by E-Set Antivirus 2011. Most important, do not purchase the full version of E-Set Antivirus 2011 as it really cannot remove any kind of malware!


E-Set Antivirus 2011 can be removed first by stopping its processes (OQ4C92F6.exe, E-Set Antivirus 2011.exe, iesafemode.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by E-Set Antivirus 2011 (Read the removal guide below to remove E-Set Antivirus 2011 successfully).

E-Set Antivirus 2011 should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
%Temp%\OQ4C92F6.exe
c:\Program Files\E-Set\e-set.exe
c:\WINDOWS\system32\iesafemode.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "E-Set" = 'C:\Program Files\E-Set\E-Set.exe'
HKEY_CURRENT_USER\Software\Mon246
HKEY_CURRENT_USER\Software\A88246
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 28.01.2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Remove Folders and Files
%UserProfile%\Desktop\E-Set.lnk
%Temp%\OQ4C92F6.exe
c:\Program Files\E-Set\e-set.exe
c:\WINDOWS\system32\iesafemode.exe
c:\Documents and Settings\All Users\Start Menu\E-Set\Uninstall.lnk
c:\Program Files\E-Set\
c:\Documents and Settings\All Users\Start Menu\E-Set\
c:\Documents and Settings\All Users\Start Menu\E-Set\E-Set.lnk

No comments:

Post a Comment