Remove AV Protection 2011
AV Protection 2011 can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.
AV Protection 2011 displayed fake alert such as "Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.", "Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.", "Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software." and so on.
AV Protection 2011 should be removed immediately!
AV Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
svhostu.exe
Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59232"
HKEY_CURRENT_USER\Software\System Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
Remove Folders and Files
%UserProfile%\Desktop\System Security 2012.lnk
%Temp%\svhostu.exe
C:\Windows\system32\[random].exe
%DesktopDir%\AV Protection 2011.lnk
%AppData%\[random]
%Programs%\AV Protection 2011
%AppData%\ldr.ini
%Temp%\8.tmp
remove the file shown in autorun settings.
AV Protection 2011 displayed fake alert such as "Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.", "Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.", "Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software." and so on.
AV Protection 2011 should be removed immediately!
AV Protection 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
svhostu.exe
Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:59232"
HKEY_CURRENT_USER\Software\System Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
Remove Folders and Files
%UserProfile%\Desktop\System Security 2012.lnk
%Temp%\svhostu.exe
C:\Windows\system32\[random].exe
%DesktopDir%\AV Protection 2011.lnk
%AppData%\[random]
%Programs%\AV Protection 2011
%AppData%\ldr.ini
%Temp%\8.tmp
remove the file shown in autorun settings.
No comments:
Post a Comment