Friday, February 10, 2012

Remove Windows 7 Antispyware 2012Remove Windows 7 Antispyware 2012

Remove Windows 7 Antispyware 2012
Windows 7 Antispyware 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows 7 Antispyware 2012 does not kill any malware from any computer. Windows 7 Antispyware 2012 infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Windows 7 Antispyware 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows 7 Antispyware 2012.Windows 7 Antispyware 2012 states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Windows 7 Antispyware 2012 is a serious risk to any computer system and should be removed immediately.

Windows 7 Antispyware 2012 can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Windows 7 Antispyware 2012 displayed fake alert such as "Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.", "Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.", "Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software." and so on.

Windows 7 Antispyware 2012 should be removed immediately!


Windows 7 Antispyware 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
ppn.exe
kdn.exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'


Remove Folders and Files
%AppData%\Local\[random].exe
%AllUsersProfile%\rghjfykak9992kdslspiw64hd
%AppData%\Local\rghjfykak9992kdslspiw64hd
%AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hd
%Temp%\rghjfykak9992kdslspiw64hd
%LocalAppData%\ppn.exe
%LocalAppData%\kdn.exe
remove the file shown in autorun settings.

No comments:

Post a Comment