Tuesday, February 28, 2012

Remove Windows Basic AntivirusRemove Windows Basic Antivirus

Remove Windows Basic Antivirus
Windows Basic Antivirus is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Basic Antivirus is distributed through the same fake Microsoft Security Essentials Alert trojan that many other rogue anti-spyware programs are propagated through, allowing Windows Basic Antivirus a stealthy entry. Windows Basic Antivirus infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Basic Antivirus include browser hijacks, dysfunctional security applications and unauthorized changes to system settings. Windows Basic Antivirus will start automatically when Windows boot. Then, Windows Basic Antivirus will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Basic Antivirus in order to remove the detected malwares. Full version or unregistered version of Windows Basic Antivirus can do nothing.

Windows Basic Antivirus can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Basic Antivirus shown in the removal guide below. All files related to Windows Basic Antivirus must be deleted.

Windows Basic Antivirus should be removed immediately!

Windows Basic Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "levuvuaofd"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-27_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Basic Antivirus.lnk
%Desktop%\Windows Basic Antivirus .lnk

No comments:

Post a Comment