Friday, May 11, 2012

Remove Windows Abnormality CheckerRemove Windows Abnormality Checker

Remove Windows Abnormality Checker
Windows Abnormality Checker is a fake antivirus program that looks like a legitimate antivirus and is made by Russian hackers, which invades your computer system via trojan infections and software vulnerabilities. In fact, Windows Abnormality Checker cannot help protect your PC. Windows Abnormality Checker is created to cheat the user to buy the full version of Windows Abnormality Checker. When Windows Abnormality Checker is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as Windows Abnormality Checker cannot detect and remove any malware.

Windows Abnormality Checker can be removed by stopping all random name processes by using Emsisoft HiJackFree. After that, the user should delete the files of the processes. All registry settings modified by Windows Abnormality Checker must be restored according to the removal guide below.

Windows Abnormality Checker provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Abnormality Checker should be removed immediately!

Windows Abnormality Checker Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Abnormality Checker.lnk
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
Posted by Olzen at 8:59 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)