Tuesday, November 6, 2012

Remove PC Defender PlusRemove PC Defender Plus

Remove PC Defender Plus
PC Defender Plus is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. PC Defender Plus start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, PC Defender Plus will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

PC Defender Plus provide fake features such as Scan Results, Internet Security, Personal Security, Proactive Defense, Firewall etc. All of them cannot protect computer from any kind of malware.

PC Defender Plus can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

PC Defender Plus must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe "(Default)" = "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\[random].exe" /ex "%1" %*"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\[random].exe /min"


Remove Folders and Files

%AllUsersProfile%\Desktop\PC Defender Plus.lnk
%CommonAppData%\pcdfdata\
%CommonAppData%\pcdfdata\app.ico
%CommonAppData%\pcdfdata\config.bin
%CommonAppData%\pcdfdata\defs.bin
%CommonAppData%\pcdfdata\[random].exe
%CommonAppData%\pcdfdata\support.ico
%CommonAppData%\pcdfdata\uninst.ico
%CommonAppData%\pcdfdata\vl.bin
%CommonStartMenu%\Programs\PC Defender Plus\
%CommonStartMenu%\Programs\PC Defender Plus\PC Defender Plus Help and Support.lnk
%CommonStartMenu%\Programs\PC Defender Plus\PC Defender Plus.lnk
%CommonStartMenu%\Programs\PC Defender Plus\Remove PC Defender Plus.lnk

Remove Advanced System ProtectorRemove Advanced System Protector

Remove Advanced System Protector
Advanced System Protector is a fake antivirus program which intend to urge the user whose computer is infected by Advanced System Protector to purchase the full version of Advanced System Protector. Advanced System Protector produces fake alert in order to cheat the user. Advanced System Protector installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Advanced System Protector will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Advanced System Protector to remove all the malwares. Advanced System Protector is highly likely to block genuine scanning software and hijack your web browser through a proxy server.

Advanced System Protector can be remove by stopping the process hee.exe and remove the file by using Emsisoft HiJackFree. Then the user should remove the registries entries added and modified by Advanced System Protector according to the removal guide stated below.

Advanced System Protector should be removed immediately!

Advanced System Protector Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\.exe | @ = "pezfile"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile

Remove Folders and Files
%AppData%\[random].exe
Monday, November 5, 2012

Remove XP Antivirus Pro 2013Remove XP Antivirus Pro 2013

Remove XP Antivirus Pro 2013
XP Antivirus Pro 2013 is a fake antivirus program created to urge the user to buy the full version of XP Antivirus Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! XP Antivirus Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Antivirus Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Antivirus Pro 2013 is nothing more than a scam and plagiarized antispyware program

XP Antivirus Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

XP Antivirus Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Antivirus Pro 2013. Finally, all the file related to XP Antivirus Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Antivirus Pro 2013 should be removed immediately!
XP Antivirus Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Remove Vista Antivirus Pro 2013Remove Vista Antivirus Pro 2013

Remove Vista Antivirus Pro 2013
Vista Antivirus Pro 2013 is a fake antivirus program created to urge the user to buy the full version of Vista Antivirus Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! Vista Antivirus Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Vista Antivirus Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Vista Antivirus Pro 2013 is nothing more than a scam and plagiarized antispyware program

Vista Antivirus Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

Vista Antivirus Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Vista Antivirus Pro 2013. Finally, all the file related to Vista Antivirus Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Vista Antivirus Pro 2013 should be removed immediately!
Vista Antivirus Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Remove Win 7 Antivirus Pro 2013Remove Win 7 Antivirus Pro 2013

Remove Win 7 Antivirus Pro 2013
Win 7 Antivirus Pro 2013 is a fake antivirus program created to urge the user to buy the full version of Win 7 Antivirus Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Antivirus Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Antivirus Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Antivirus Pro 2013 is nothing more than a scam and plagiarized antispyware program

Win 7 Antivirus Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

Win 7 Antivirus Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Antivirus Pro 2013. Finally, all the file related to Win 7 Antivirus Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Antivirus Pro 2013 should be removed immediately!
Win 7 Antivirus Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Remove XP Antispyware Pro 2013Remove XP Antispyware Pro 2013

Remove XP Antispyware Pro 2013
XP Antispyware Pro 2013 is a fake antivirus program created to urge the user to buy the full version of XP Antispyware Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! XP Antispyware Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. XP Antispyware Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. XP Antispyware Pro 2013 is nothing more than a scam and plagiarized antispyware program

XP Antispyware Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

XP Antispyware Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by XP Antispyware Pro 2013. Finally, all the file related to XP Antispyware Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

XP Antispyware Pro 2013 should be removed immediately!
XP Antispyware Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Remove Vista Antispyware Pro 2013Remove Vista Antispyware Pro 2013

Remove Vista Antispyware Pro 2013
Vista Antispyware Pro 2013 is a fake antivirus program created to urge the user to buy the full version of Vista Antispyware Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! Vista Antispyware Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Vista Antispyware Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Vista Antispyware Pro 2013 is nothing more than a scam and plagiarized antispyware program

Vista Antispyware Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

Vista Antispyware Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Vista Antispyware Pro 2013. Finally, all the file related to Vista Antispyware Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Vista Antispyware Pro 2013 should be removed immediately!
Vista Antispyware Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Remove Win 7 Antispyware Pro 2013Remove Win 7 Antispyware Pro 2013

Remove Win 7 Antispyware Pro 2013
Win 7 Antispyware Pro 2013 is a fake antivirus program created to urge the user to buy the full version of Win 7 Antispyware Pro 2013 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Antispyware Pro 2013 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Antispyware Pro 2013 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Antispyware Pro 2013 is nothing more than a scam and plagiarized antispyware program

Win 7 Antispyware Pro 2013 provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

Win 7 Antispyware Pro 2013 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Antispyware Pro 2013. Finally, all the file related to Win 7 Antispyware Pro 2013 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Antispyware Pro 2013 should be removed immediately!
Win 7 Antispyware Pro 2013 Removal Guide
Kill Process
[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random] "(Default)" = "Application"
HKEY_CURRENT_USER\Software\Classes\[random] "Content Type" = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\[random]\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = ""%LocalAppData%\[random].exe" -a "%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "IsolatedCommand" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "(Default)" = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\runas\command "IsolatedCommand" = ""%1" %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%LocalAppData%\[random].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%Temp%\[random]
%UserProfile%\Templates\[random]


Saturday, November 3, 2012

Remove Windows Protection MaintenanceRemove Windows Protection Maintenance

Remove Windows Protection Maintenance
Windows Protection Maintenance is a fake antivirus program which intend to urge the user whose computer is infected by Windows Protection Maintenance to purchase the full version of Windows Protection Maintenance. Windows Protection Maintenance produces fake alert in order to cheat the user. Windows Protection Maintenance installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Protection Maintenance will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Protection Maintenance to remove all the malwares.

Windows Protection Maintenance ask the user to activate Windows Protection Maintenance to get ultimate protection against Identify Theft, Malware and other threats! Windows Protection Maintenance create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

Windows Protection Maintenance should be removed immediately!

Windows Protection Maintenance Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\ Debugger = svchost.exe

Remove Folders and Files
%AppData%\Protector-[RANDOM].exe