Sunday, July 24, 2011

Remove Clean SecurityRemove Clean Security

Remove Clean Security
Clean Security is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Clean Security does not kill any malware from any computer. Clean Security infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Clean Security will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Clean Security.Clean Security states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Clean Security is a serious risk to any computer system and should be removed immediately.

Clean Security can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Clean Security should be removed immediately!

Clean Security Removal Guide
Kill Process
(How to kill a process effectively?)

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe" -a "%1" %*'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'

Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Temp\[random]
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random]

remove the file shown in autorun settings.

No comments:

Post a Comment