Wednesday, April 27, 2011

AntiSpy 2011 Removal GuideAntiSpy 2011 Removal Guide

AntiSpy 2011 Removal Guide
AntiSpy 2011 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. AntiSpy 2011 CANNOT detect and remove any kind of malware, trojan and virus. AntiSpy 2011 can only cheat the user to purchase the full version of AntiSpy 2011 so that to removed the detected threats. Do not believe any pop ups or report shown by AntiSpy 2011. All of them is a lie.

AntiSpy 2011 can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by AntiSpy 2011 shown in the removal guide below. All files related to AntiSpy 2011 must be deleted.

AntiSpy 2011 should be removed immediately!


AntiSpy 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
securitytipps.exe
_antispy.exe
securitytipps.exe
_antispy.exe
AntiSpy2011Setup.exe
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "antispy"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "antispy"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%Windir%\AntiSpy2011Setup.exe
Monday, April 25, 2011

Safecare Removal GuideSafecare Removal Guide

Safecare Removal Guide
Safecare is a fake antivirus program which provide antivirus feature such as detecting malwares. The user click the wrong links or images in the fake online security websites. Safecare is installed on computers without the confirmation of the user. It will secretly modify the system settings and registry entries so that it will run automatically when windows boot. Safecare will constantly show security alert so that to urge the user to buy full version of Safecare. Safecare is not an antivirus but it is a parasite!

Safecare can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Safecare shown in the removal guide below. All files related to Safecare must be deleted.

Safecare should be removed from the computer immediately!

Safecare Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
remove the files and folders stated in the autorun settings.
Thursday, April 21, 2011

BitDefender 2011 Removal GuideBitDefender 2011 Removal Guide

BitDefender 2011 Removal Guide
BitDefender 2011 is a fake antivirus program same as Antivir Solution Pro, Antivir Solution Plus, AVG Antivirus 2011 and E-Set Antivirus 2011. BitDefender 2011 is not the real BitDefender which is a legitimate security application. BitDefender 2011 is made by other people who try to confuse the user that the antivirus is legitimate and is able to remove malwares and even provide many antivirus features. BitDefender 2011 is created to earn a profit from the user who are cheated by them. BitDefender 2011 infect the computer and then scan the computer. BitDefender 2011 produce fake warnings that the computer is infected by many malwares and urge the user to purchase the full version of BitDefender 2011 in order to remove the malwares. Don't be cheated by the fake warnings.

BitDefender 2011 can be removed first by stopping its processes (OQ4C92F6.exe, BitDefender 2011.exe, iesafemode.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by BitDefender 2011 (Read the removal guide below to remove BitDefender 2011 successfully).

BitDefender 2011
should be removed immediately.

BitDefender 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
bitdefender.exe

Unregister DLL files
%Program Files%\adc_w32.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 21.04.2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "BitDefender 2011" = 'C:\Program Files\BitDefender 2011\bitdefender.exe'
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '0'
HKEY_CURRENT_USER\Software\EVAEC2
HKEY_CURRENT_USER\Software\MonEC2

Remove Folders and Files
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011
c:\Program Files\BitDefender 2011
%AllUsersProfile%\Start Menu\BitDefender 2011
%UserProfile%\Desktop\BitDefender 2011.lnk
%Temp%\srvED4.tmp
%Temp%\srvED4.ini
Tuesday, April 19, 2011

Total Virus Scanner Removal GuideTotal Virus Scanner Removal Guide

Total Virus Scanner Removal Guide
Total Virus Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Total Virus Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Total Virus Scanner will display this types of fake alert to urge the user to purchase the full version of Total Virus Scanner which cannot detect and remove any kind malware, trojan or virus.

Total Virus Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Total Virus Scanner should be removed immediately!

Total Virus Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Total Virus Scanner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Total Virus Scanner"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%%PROGRAM_FILES%\Total Virus Scanner
c:\Documents and Settings\All Users\Total Virus Scanner\
c:\Documents and Settings\All Users\Start Menu\Total Virus Scanner\
c:\Documents and Settings\All Users\[random]
remove the file stated in the autorun setting

Registry Virus Scanner Removal GuideRegistry Virus Scanner Removal Guide

Registry Virus Scanner Removal Guide
Registry Virus Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Registry Virus Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Registry Virus Scanner will display this types of fake alert to urge the user to purchase the full version of Registry Virus Scanner which cannot detect and remove any kind malware, trojan or virus.

Registry Virus Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Registry Virus Scanner should be removed immediately!

Registry Virus Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Registry Virus Scanner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Registry Virus Scanner"

Remove Folders and Files
%%PROGRAM_FILES%\Registry Virus Scanner
c:\Documents and Settings\All Users\Registry Virus Scanner\
c:\Documents and Settings\All Users\Start Menu\Registry Virus Scanner\
Friday, April 15, 2011

Malware Protection Removal GuideMalware Protection Removal Guide

Malware Protection Removal Guide
Malware Protection is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Malware Protection does not kill any malware from any computer. Malware Protection infects the computer by installing KB1883574.exe into the computer which will try to disguise itself like a Windows update entitled System Security Pack Update. After installation complete, Malware Protection will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Malware Protection.

Malware Protection can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Malware Protection shown in the removal guide below. All files related to Malware Protection must be deleted.

Malware Protection should be removed immediately!

Malware Protection Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%Programs%\Malware Protection\Malware Protection.lnk
%Programs%\Malware Protection
%TempDir%\[random].exe
%TempDir%\[random]
Thursday, April 14, 2011

Windows Fix Disk Removal GuideWindows Fix Disk Removal Guide

Windows Fix Disk Removal Guide
Windows Fix Disk is a fake optimization tool which claims that it can optimize the performance of the hard drive, memory and the system of computer. However, the fact is that Windows Fix Disk cannot optimize the performance of computer, but will definitely scare the user with a lot of fake warning by showing pop ups which states that the hard drive, memory and system have a lot of errors. Do not believe any report given by Windows Fix Disk as it can do nothing but just try to urge the user to buy the full version of Windows Fix Disk to remove all the detected errors. Full version or unregistered version of Windows Fix Disk can do nothing.

Windows Fix Disk can be removed by stopping and removing all the processes and files with random name in the hard drive and restoring the registry entries added and modified by Windows Fix Disk. All of them has been shown in the removal guide below.

Windows Fix Disk should be removed immediately!

Windows Fix Disk Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Windows Fix Disk\Windows Fix Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Fix Disk\Uninstall Windows Fix Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Fix Disk\
%UserProfile%\Desktop\Windows Fix Disk.lnk
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random].dll
%AllUsersProfile%\~[random]r
%AllUsersProfile%\~[random]
Wednesday, April 13, 2011

Fake System Restore Removal GuideFake System Restore Removal Guide

Fake System Restore Removal Guide
Fake System Restore is a program that is used to cheat the money of people by showing error message in the computer hard drive, memory and system. Fake System Restore adds a registry entries to make itself to start automatically when Windows boot. After that, Fake System Restore will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the hard drive, memory and system have serious errors which can only be solved by using the full version of Fake System Restore. Thus, the user is urged to purchase it. Do not believe any report given by Fake System Restore even the warning look so real. In fact, Fake System Restore cannot detect and remove any error of computer.

Fake System Restore can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Fake System Restore must be cleared by using Windows Registry Editor.

Fake System Restore should be removed immediately!


Fake System Restore Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%TempDir%\[random].exe
%TempDir%\[random]
%Programs%\System Restore
%Programs%\System Restore\System Restore.lnk
%Desktop%\System Restore.lnk
%TempDir%\dfrg
%TempDir%\dfrgr

Antivirus Clean 2011 Removal GuideAntivirus Clean 2011 Removal Guide

Antivirus Clean 2011 Removal Guide
Antivirus Clean 2011 is another type of fake antivirus program which provide fake features to scan the computer and will surely report that the computer has been infected by malwares, trojans and viruses. Do not believe any report given by Antivirus Clean 2011 as it will show that report to any computer (no matter is free of virus or infected by virus) which have installed Antivirus Clean 2011. Antivirus Clean 2011 will run automatically when Windows boot. Then Antivirus Clean 2011 will do a fake scan on the computer and then it definitely show pop ups to scare the user that the computer has been infected. Antivirus Clean 2011 will urge the user to purchase the full version of Antivirus Clean 2011 to remove all the detected threats. However, Antivirus Clean 2011 cannot detect and remove any kind of virus, malware and trojan.

Antivirus Clean 2011 can be removed first by stopping its processes (CVMon.exe, Antivirus Clean 2011.exe, CVAutoUpdate.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Antivirus Clean 2011 (Read the removal guide below to remove Antivirus Clean 2011 successfully).

Antivirus Clean 2011 should be removed immediately!


Antivirus Clean 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
avservice.exe
avc2011.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus Clean 2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%ProgramFiles%\Antivirus Clean 2011
Tuesday, April 12, 2011

Internet Protection Removal GuideInternet Protection Removal Guide

Internet Protection Removal Guide
Internet Protection is a fake antivirus program which intend to urge the user whose computer is infected by Internet Protection to purchase the full version of Internet Protection. Internet Protection produces fake alert in order to cheat the user. Internet Protection installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Internet Protection will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Internet Protection to remove all the malwares.

Internet Protection ask the user to activate Internet Protection to get ultimate protection against Identify Theft, Malware and other threats! Internet Protection create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

Internet Protection should be removed immediately!

Internet Protection Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
C:\Program Files\Internet Protection
C:\Program Files\Internet Protection\Internet Protection.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM].lnk
C:\Documents and Settings\All Users\Application Data\[RANDOM].avi
C:\Documents and Settings\All Users\Application Data\[RANDOM].ico
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Protection.lnk
%UserProfile%\Desktop\Internet Protection.lnk
%UserProfile%\Start Menu\Programs\Startup\[RANDOM].lnk

Internet Protection Firewall Alert Removal GuideInternet Protection Firewall Alert Removal Guide

Internet Protection Firewall Alert Removal Guide
Internet Protection Firewall Alert is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of other fake antivirus. Internet Protection Firewall Alert is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Internet Protection Firewall Alert which cannot detect and remove any malware. Internet Protection Firewall Alert installs into the computer and will scan the computer when Windows boot. Then Internet Protection Firewall Alert will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Internet Protection Firewall Alert can be removed by stopping the processes with random name. Then the user should remove all the autorun settings and the related stated in the removal guide below.

Internet Protection Firewall Alert should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].EXE

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Desktop\Internet Protection.lnk
c:\Program Files\Internet Protection
%UserProfile%\Local Settings\Temp\ins1.tmp
%UserProfile%\Local Settings\Temp\mv2.tmp
Monday, April 11, 2011

Critical Hard Disk Drive Error Removal GuideCritical Hard Disk Drive Error Removal Guide

Critical Hard Disk Drive Error Removal Guide
Critical Hard Disk Drive Error is a fake warning message which try to cheat the user to install the full version of a fake antivirus into the computer such as Windows Repair, Windows Restore and Windows Diagnostic. Critical Hard Disk Drive Error is a fake warning message that you may see when the fake antivirus such as Windows Repair, Windows Restore and Windows Diagnostic are installed on your computer. Do not give your credit card information because it could be sold to other third parties.

Critical Hard Disk Drive Error can be removed first by stopping its processes and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Critical Hard Disk Drive Error (Read the removal guide below to remove Critical Hard Disk Drive Error successfully).

Critical Hard Disk Drive Error Removal Guide

Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWAE\Microsoft\Windows\CurrentVersion\Run "[random]"
search for the registry key "HKEY_LOCAL_MACHINE\Software\"Critical Hard Disk Drive Error" ." Right-click this registry key and select "Delete."

Remove Folders and Files
remove the files stated in the autorun setting.
remove other "Critical Hard Disk Drive Error" files. These "Critical Hard Disk Drive Error" files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, "Critical Hard Disk Drive Error" might create a file like
%PROGRAM_FILES%\"Critical Hard Disk Drive Error" \"Critical Hard Disk Drive Error" .exe. Locate and remove these files.

Internet Protection 2011 Removal GuideInternet Protection 2011 Removal Guide

Internet Protection 2011 Removal Guide
Internet Protection 2011 is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Internet Protection 2011. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Internet Protection 2011 is installed on the computer, it will start automatically when Windows boot. Then Internet Protection 2011 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Internet Protection 2011 will repeatedly shows the pop ups to urge the user to purchase the full version of Internet Protection 2011 so that to remove all the threats. However, Internet Protection 2011 cannot detect and remove any kind of virus, malware and trojan.

Internet Protection 2011 can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Protection 2011 shown in the removal guide below. Internet Protection 2011 DLL Files should be unregistered too (see removal guide). All files related to Internet Protection 2011 must be deleted.

Internet Protection 2011 should be removed immediately!

Internet Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

Remove Folders and Files
%CommonAppData%\[random]
c:\Documents and Settings\All Users\Application Data\[random]

MS Recovery Tool Removal GuideMS Recovery Tool Removal Guide

MS Recovery Tool Removal Guide
MS Recovery Tool is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, MS Recovery Tool. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once MS Recovery Tool is installed on the computer, it will start automatically when Windows boot. Then MS Recovery Tool will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. MS Recovery Tool will repeatedly shows the pop ups to urge the user to purchase the full version of MS Recovery Tool so that to remove all the threats. However, MS Recovery Tool cannot detect and remove any kind of virus, malware and trojan.

MS Recovery Tool can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by MS Recovery Tool shown in the removal guide below. MS Recovery Tool DLL Files should be unregistered too (see removal guide). All files related to MS Recovery Tool must be deleted.

MS Recovery Tool should be removed immediately!

MS Recovery Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%CommonAppData%\[random]
c:\Documents and Settings\All Users\Application Data\[random]
Sunday, April 10, 2011

Win 7 Anti-Spyware 2011 Removal GuideWin 7 Anti-Spyware 2011 Removal Guide

Win 7 Anti-Spyware 2011 Removal Guide
Win 7 Anti-Spyware 2011 is a fake antivirus program created to urge the user to buy the full version of Win 7 Anti-Spyware 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Anti-Spyware 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Anti-Spyware 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Anti-Spyware 2011 is nothing more than a scam and plagiarized antispyware program

Win 7 Anti-Spyware 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Anti-Spyware 2011. Finally, all the file related to Win 7 Anti-Spyware 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Anti-Spyware 2011 should be removed immediately!

Win 7 Anti-Spyware 2011 Removal Guide
Kill Process
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe

XP Smart Security 2010 Removal GuideXP Smart Security 2010 Removal Guide

XP Smart Security 2010 Removal Guide
XP Smart Security 2010 is a fake antivirus program created to urge the user to buy the full version of XP Smart Security 2010 in order to earn some profit. Don't ever buy it as it is a cheat! XP Smart Security 2010 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Smart Security 2010 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Smart Security 2010 is nothing more than a scam and plagiarized antispyware program

XP Smart Security 2010 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Smart Security 2010. Finally, all the file related to XP Smart Security 2010 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Smart Security 2010 should be removed immediately!

XP Smart Security 2010 Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe

Delete Registry
HHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\ave.exe

XP Security Removal GuideXP Security Removal Guide

XP Security Removal Guide
XP Security is a fake antivirus program created to urge the user to buy the full version of XP Security in order to earn some profit. Don't ever buy it as it is a cheat! XP Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Security is nothing more than a scam and plagiarized antispyware program

XP Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Security. Finally, all the file related to XP Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Security should be removed immediately!

XP Security Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Security"

Remove Folders and Files
C:\Documents and Settings\All Users\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Temp\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Templates\y7V11
C:\WINDOWS\Prefetch\AVE.EXE-3098ECAE.pf
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
%Documents and Settings%\[AllUsers]\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[AllUsers]\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS]
%Temp%\[RANDOM CHARACTERS]
%AppData%\ave.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%Temp%\pw.exe
%UserProfile%\Start Menu\Programs\XP Security

XP Security 2011 Removal GuideXP Security 2011 Removal Guide

XP Security 2011 Removal Guide
XP Security 2011 is a fake antivirus program created to urge the user to buy the full version of XP Security 2011 in order to earn some profit. Don't ever buy it as it is a cheat! XP Security 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Security 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Security 2011 is nothing more than a scam and plagiarized antispyware program

XP Security 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Security 2011. Finally, all the file related to XP Security 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Security 2011 should be removed immediately!

XP Security 2011 Removal Guide
Kill Process
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
ave.exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Security 2011"

Remove Folders and Files
C:\Documents and Settings\All Users\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Temp\y7V11
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\ave.exe
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\y7V11
C:\Documents and Settings\[USERNAME]\Templates\y7V11
C:\WINDOWS\Prefetch\AVE.EXE-3098ECAE.pf
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
%Documents and Settings%\[AllUsers]\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[AllUsers]\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS]
%Temp%\[RANDOM CHARACTERS]
%AppData%\ave.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%Temp%\pw.exe
%UserProfile%\Start Menu\Programs\XP Security 2011

XP Anti-Spyware 2011 Removal GuideXP Anti-Spyware 2011 Removal Guide

XP Anti-Spyware 2011 Removal Guide
XP Anti-Spyware 2011 is a fake antivirus program created to urge the user to buy the full version of XP Anti-Spyware 2011 in order to earn some profit. Don't ever buy it as it is a cheat! XP Anti-Spyware 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Anti-Spyware 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Anti-Spyware 2011 is nothing more than a scam and plagiarized antispyware program

XP Anti-Spyware 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Anti-Spyware 2011. Finally, all the file related to XP Anti-Spyware 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Anti-Spyware 2011 should be removed immediately!

XP Anti-Spyware 2011 Removal Guide
Kill Process
pw.exe


Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Antispyware 2011"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\XP Antispyware 2011
pw.exe

XP Anti-Spyware Removal GuideXP Anti-Spyware Removal Guide

XP Anti-Spyware Removal Guide
XP Anti-Spyware is a fake antivirus program created to urge the user to buy the full version of XP Anti-Spyware in order to earn some profit. Don't ever buy it as it is a cheat! XP Anti-Spyware install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Anti-Spyware produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Anti-Spyware is nothing more than a scam and plagiarized antispyware program

XP Anti-Spyware can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Anti-Spyware. Finally, all the file related to XP Anti-Spyware must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Anti-Spyware should be removed immediately!

XP Anti-Spyware Removal Guide
Kill Process
[random].exe
MSASCui.exe
pw.exe
MSASCui.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile

Remove Folders and Files
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\opRSK
Saturday, April 9, 2011

Windows 7 Total Security Removal GuideWindows 7 Total Security Removal Guide

Windows 7 Total Security Removal Guide
Windows 7 Total Security is a fake antivirus program created to urge the user to buy the full version of Windows 7 Total Security in order to earn some profit. Don't ever buy it as it is a cheat! Windows 7 Total Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows 7 Total Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows 7 Total Security is nothing more than a scam and plagiarized antispyware program

Windows 7 Total Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows 7 Total Security. Finally, all the file related to Windows 7 Total Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows 7 Total Security should be removed immediately!

Windows 7 Total Security Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\Software\Windows 7 Total Security

Remove Folders and Files
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AllUsersProfile%
%AppData%
%AppData%\Local\[random].exe (look for 3-letter names)
\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Desktop\Windows 7 Total Security.lnk
%UserProfile%\Start Menu\Programs\Windows 7 Total Security.lnk
Friday, April 8, 2011

Fast Windows Antivirus 2011 Removal GuideFast Windows Antivirus 2011 Removal Guide

Fast Windows Antivirus 2011 Removal Guide
Fast Windows Antivirus 2011 is a fake antivirus program that just cheat the user that the computer is infected by malwares and urge the user to purchase the full version of Fast Windows Antivirus 2011. When Fast Windows Antivirus 2011 is installed in the computer accidentally, it will start automatically when Windows boot. Then Fast Windows Antivirus 2011 will scan the computer and WILL SURELY show shat the computer had been infected by malwares. However, the user can only remove the malwares by activating the program by purchasing the full version of Fast Windows Antivirus 2011. In fact, the full version of Fast Windows Antivirus 2011 cannot detect and remove any malware. Fast Windows Antivirus 2011 cannot detect any malware. Do not be cheated by Fast Windows Antivirus 2011.

Fast Windows Antivirus 2011 can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Fast Windows Antivirus 2011 should be removed immediately!

Fast Windows Antivirus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\Fast Windows Antivirus 2011.lnk
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\Uninstall Fast Windows Antivirus 2011.lnk
%UserProfile%\Desktop\Fast Windows Antivirus 2011.lnk
%UserProfile%\Start Menu\Programs\Fast Windows Antivirus 2011\
Thursday, April 7, 2011

BoanSupport Removal GuideBoanSupport Removal Guide

BoanSupport Removal Guide
BoanSupport is a fake antivirus which use fake features to disguise itself that it can detect and remove malware, trojan and viruses. In fact, BoanSupport cannot do anything. BoanSupport can only do a fake scan on the computer and then show pop ups to tell the user that there are many malwares, trojans and viruses in the computer. BoanSupport run automatically when Windows boot. BoanSupport will urge the user to purchase the full version of BoanSupport in order to remove all the detected threats. Do not believe any report given by BoanSupport. BoanSupport cannot detect and remove any trojan, malware or virus.

BoanSupport can be uninstalled by first stopping the processes and then kill all the related files. Finally, restore the registry entries added and modified by BoanSupport.

BoanSupport should be removed immediately!


BoanSupport Removal Guide
Kill Process
(How to kill a process effectively?)
supportcfg.exe
boansupport_setup.exe
boansupportmon.exe
boansupport.exe
uninst.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BoanSupport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\BoanSupport
HKEY_LOCAL_MACHINE\SOFTWARE\BoanSupportPartner

Remove Folders and Files
c:\program files\boansupport\boansupportcfg.exe
c:\documents and settings\{username}\Desktop\boansupport_setup.exe
c:\program files\boansupport\uninst.exe
c:\program files\boansupport\boansupportmon.exe
c:\program files\boansupport
c:\program files\boansupport\boansupport.exe

Alfa Defender Removal GuideAlfa Defender Removal Guide

Alfa Defender Removal Guide
Alfa Defender is a fake antivirus program that looks like a legitimate antivirus. In fact, Alfa Defender cannot help protect your PC. Alfa Defender is created to cheat the user to buy the full version of Alfa Defender. When Alfa Defender is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as Alfa Defender cannot detect and remove any malware.

Alfa Defender can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Alfa Defender should be removed immediately!


Alfa Defender Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Alfa Defender"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%temp%\[random]
%temp%\[random].exe

Windows Spyware Protection Removal GuideWindows Spyware Protection Removal Guide

Windows Spyware Protection Removal Guide
Windows Spyware Protection is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows Spyware Protection does not kill any malware from any computer. Windows Spyware Protection infects the computer by installing malware into the computer which will try to disguise itself like a real antivirus which can detect and remove malwares and viruses. After installation complete, Windows Spyware Protection will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows Spyware Protection. In fact, full version of Windows Spyware Protection cannot detect and remove any trojan, malware or virus.

Windows Spyware Protection can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Spyware Protection. Finally, all the file related to Windows Spyware Protection must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows Spyware Protection should be removed immediately!

Windows Spyware Protection Removal Guide
Kill Process
(How to kill a process effectively?)
CB130_287.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun ""1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Spyware Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"

Remove Folders and Files
%UserProfile%\Application Data\Windows Spyware Protection\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Programs\Windows Spyware Protection.lnk
%UserProfile%\Desktop\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Windows Spyware Protection.lnk
%UserProfile%\Application Data\Windows Spyware Protection
%UserProfile%\Application Data\Windows Spyware Protection\cookies.sqlite
C:\Documents and Settings\All Users\Application Data\23077d\CB130_287.exe

Windows Security 2011 Removal GuideWindows Security 2011 Removal Guide

Windows Security 2011 Removal Guide
Windows Security 2011 is a fake antivirus program that try to trick the user to buy the full version of Windows Security 2011 by using fake scan results. Windows Security 2011 installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. Windows Security 2011 start itself when the computer boot and scan the computer automatically and produce fake scan result and keep on warning the users to buy the full version of Windows Security 2011. Windows Security 2011 is delivered via criminal websites and trojan infections. Windows Security 2011 cannot detect and remove any malware, trojan or virus..

Windows Security 2011 can be removed by using Emsisoft HiJackFree by stopping the process (Windows Security 2011.exe) and delete the files at the same time. Then, remove the autorun setting set by Windows Security 2011.

Windows Security 2011 should be removed immediately.


Windows Security 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
Uninstall.exe
Windows Security 2011.exe

Delete Registry
HKEY_CURRENT_USER\Software\Windows Security 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Security 2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Windows Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Security 2011

Remove Folders and Files
locate the files from the autorun settings and delete all of them
Uninstall.exe
Windows Security 2011.exe
%UserProfile%\Desktop\Windows Security 2011.lnk
%UserProfile%\Start Menu\Programs\Windows Security 2011.lnk
Wednesday, April 6, 2011

Vista Protection 2011 Removal GuideVista Protection 2011 Removal Guide

Vista Protection 2011 Removal Guide
Vista Protection 2011 is a fake antivirus program that WILL SURELY warning the user that the computer has been used as spamming machine. In fact, the computer is clean, is not used as spamming machine, however, Vista Protection 2011 try to convince the user by displaying the alert so that the user will purchase the full version of Vista Protection 2011. Vista Protection 2011 cannot detect any malware and remove any malwares. Vista Protection 2011 will start automatically when Windows boot. The user has to terminate the process, delete the registry settings and remove the folders and files of Vista Protection 2011 to remove it completely.

Vista Protection 2011 can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Vista Protection 2011 should be removed immediately!

Vista Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Template\st3e0ilfioi3684m2nt3ps2b6lru
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
Tuesday, April 5, 2011

Antivirus Protection Trial Removal GuideAntivirus Protection Trial Removal Guide

Antivirus Protection Trial Removal Guide
Antivirus Protection Trial is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Antivirus Protection Trial does not kill any malware from any computer. Antivirus Protection Trial infects the computer by installing malware into the computer which will try to disguise itself like a real antivirus which can detect and remove malware, trojan and virus. After installation complete, Antivirus Protection Trial will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Antivirus Protection Trial.

Antivirus Protection Trial can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antivirus Protection Trial shown in the removal guide below. Antivirus Protection Trial DLL Files should be unregistered too (see removal guide). All files related to Antivirus Protection Trial must be deleted.

Antivirus Protection Trial should be removed immediately!

Antivirus Protection Trial Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures"'1'

Remove Folders and Files
%Temp%\[random]\[random].exe
%Temp%\[random]\

AntiVirus AntiSyware 2011 Removal GuideAntiVirus AntiSyware 2011 Removal Guide

AntiVirus AntiSyware 2011 Removal Guide
AntiVirus AntiSyware 2011 is a fake antivirus program that disguises itself as a legitimate antivirus which cannot protect computers at all. When AntiVirus AntiSyware 2011 installs in the computer, it will start automatically when Windows boot. AntiVirus AntiSyware 2011 will scan the computer and state that the computer is infected by malwares. In fact, AntiVirus AntiSyware 2011 cannot detect any malware in the computer. AntiVirus AntiSyware 2011 will continue to alert the user to remove the malware by asking the user to purchase the full version of AntiVirus AntiSyware 2011 in order to remove the malware and to have full time protection. AntiVirus AntiSyware 2011 has colorful interface that closely resembles well-known security tools that computer users may naturally trust.

AntiVirus AntiSyware 2011 can be removed first by stopping its processes and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by AntiVirus AntiSyware 2011 (Read the removal guide below to remove AntiVirus AntiSyware 2011 successfully).

AntiVirus AntiSyware 2011 should be removed immediately!

AntiVirus AntiSyware 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
AS2011.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "updatesst"
HKEY_CURRENT_USER\SOFTWARE\SE2010
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

Remove Folders and Files
%Desktop%\Antivirus AntiSyware 2011.lnk
%AppData%\Antivirus AntiSyware 2011

XP Service Centre Removal GuideXP Service Centre Removal Guide

XP Service Centre Removal Guide
XP Service Centre is a fake antivirus program. XP Service Centre install to the computer through trojan which opens a backdoor on the computer. There are many computers which has been infected by trojans (they are not detected by antivirus). Such trojans make this fake antivirus install to the computer without any confirmation of the users. XP Service Centre start automatically when the computer boot. The main purpose of XP Service Centre is to cheat money from the users by producing fake scan result to scare the users to buy the full version of XP Service Centre. It is important to get rid of this virus as soon as possible to avoid loss of data and corruption of files on the computer.

XP Service Centre can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Service Centre. Finally, all the file related to XP Service Centre must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Service Centreshould be removed immediately.


Removal Tool: Remove Fake Antivirus. (Download it here.)

XP Service Centre Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%Documents and Settings%\[User Name]\Desktop\XP Service Centre.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\XP Service Centre
remove the file stated in the autorun settings.
Sunday, April 3, 2011

Microsoft Security Center 2011 Removal GuideMicrosoft Security Center 2011 Removal Guide

Microsoft Security Center 2011 Removal Guide
Microsoft Security Center 2011 is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Microsoft Security Center 2011. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Microsoft Security Center 2011 is installed on the computer, it will start automatically when Windows boot. Then Microsoft Security Center 2011 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Microsoft Security Center 2011 will repeatedly shows the pop ups to urge the user to purchase the full version of Microsoft Security Center 2011 so that to remove all the threats. However, Microsoft Security Center 2011 cannot detect and remove any kind of virus, malware and trojan.

Microsoft Security Center 2011 can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Microsoft Security Center 2011 shown in the removal guide below. Microsoft Security Center 2011 DLL Files should be unregistered too (see removal guide). All files related to Microsoft Security Center 2011 must be deleted.

Microsoft Security Center 2011 should be removed immediately!

Microsoft Security Center 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%CommonAppData%\[random]
%Documents and Settings%\[UserName]\Start Menu\Programs\Microsoft Security Center 2011
%Documents and Settings%\[UserName]\Desktop\Microsoft Security Center 2011.lnk
Friday, April 1, 2011

Windows Virus Update 2011 Removal GuideWindows Virus Update 2011 Removal Guide

Windows Virus Update 2011 Removal Guide
Windows Virus Update 2011 is a fake antivirus program created to urge the user to buy the full version of Windows Virus Update 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Windows Virus Update 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Virus Update 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows Virus Update 2011 cannot detect and remove any kind of malware, trojan or virus. All the reports produced by Windows Virus Update 2011 cannot be trusted at all. All of them is a lie!

Windows Virus Update 2011 can be removed by stopping the processes and kill the files with random name found in the hard drive (it often found in %temp% folder). Then the registry entries should be removed as it has been added by Windows Virus Update 2011 so that it can run automatically when Windows boot. All of these can be done by following the removal guide below.

Windows Virus Update 2011 should be removed immediately!

Windows Virus Update 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
delete the files stated in autorun settings of Antimalware Tool
%UserProfile%\Application Data\[random].exe

Antimalware Tool Removal GuideAntimalware Tool Removal Guide

Antimalware Tool Removal Guide
Antimalware Tool is a fake antivirus program which intend to urge the user whose computer is infected by Antimalware Tool to purchase the full version of Antimalware Tool. Antimalware Tool produces fake alert in order to cheat the user. Antimalware Tool installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Antimalware Tool will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Antimalware Tool to remove all the malwares.

Antimalware Tool ask the user to activate Antimalware Tool to get ultimate protection against Identify Theft, Malware and other threats! Antimalware Tool create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

Antimalware Tool should be removed immediately!

Antimalware Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\[random].exe'

Remove Folders and Files
delete the files stated in autorun settings of Antimalware Tool
%UserProfile%\Application Data\[random].exe

Windows Passport Utility Removal GuideWindows Passport Utility Removal Guide

Windows Passport Utility Removal Guide
Windows Passport Utility is a program that is used to cheat the money of people by showing error message in the computer such as the computer has been infected by malwares. Windows Passport Utility adds a registry entries to make itself to start automatically when Windows boot. After that, Windows Passport Utility will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the computer has been infected by malwares which can only be removed by the full version of Windows Passport Utility. Thus, the user is urged to purchase it. Do not believe any report given by Windows Passport Utility even the warning look so real. In fact, Windows Passport Utility cannot detect and remove any error or malware on computer.

Windows Passport Utility can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Passport Utility must be cleared by using Windows Registry Editor.

Windows Passport Utility should be removed immediately!


Windows Passport Utility Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%UserProfile%\Application Data\[random].exe

%UserProfile% is current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.