Security Solution 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Security Solution 2011. These can be done by using Emsisoft HiJackFree.
Security Solution 2011 should be removed immediately!
Security Solution 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe" = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Security Center'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Center.lnk
%UserProfile%\Desktop\Security Center.lnk
%Temp%\wrk4.tmp
%Temp%\ins2.tmp
%Temp%\mv3.tmp
%AllUsersProfile%\Application Data\[random].dat
%AllUsersProfile%\Application Data\[random].ico
Security Solution 2011 should be removed immediately!
Security Solution 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe" = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Security Center'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Center.lnk
%UserProfile%\Desktop\Security Center.lnk
%Temp%\wrk4.tmp
%Temp%\ins2.tmp
%Temp%\mv3.tmp
%AllUsersProfile%\Application Data\[random].dat
%AllUsersProfile%\Application Data\[random].ico
No comments:
Post a Comment