Sunday, July 24, 2011

Remove Bogema SecurityRemove Bogema Security

Remove Bogema Security
Bogema Security is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Bogema Security does not kill any malware from any computer. Bogema Security infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Bogema Security will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Bogema Security.Bogema Security states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Bogema Security is a serious risk to any computer system and should be removed immediately.

Bogema Security can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Bogema Security should be removed immediately!

Bogema Security Removal Guide
Kill Process
(How to kill a process effectively?)

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "random"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'

Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Temp\[random]
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random]

remove the file shown in autorun settings.

No comments:

Post a Comment