Tuesday, January 31, 2012

How to prevent Fake Antivirus and Fake Antispyware?How to prevent Fake Antivirus and Fake Antispyware?

How to prevent Fake Antivirus and Fake Antispyware?
Fake or rogue antivirus has cheated many people nowadays. Normally most people are “suddenly” infected by the rogue antivirus or antispyware installed without even knowing it . It install automatically after clicking on a button in a website which show you a very convincing message telling you that you have a virus or spyware.

Fake Antivirus is a type of virus/malwares which disguises itself to be an antivirus. It infects your computer when you accidentally click a link in a website which will download the malware into your computer and run automatically when your windows boot. It scan the infected computer and produces fake alert warnings. It convinces you that your computer is in danger and urge you to purchase a useless copy of the fake antivirus. These fake antiviruses must be removed immediately.

As it is come from clicking a button in a website through a browser like Internet Explorer or Firefox, I strongly recommend all of you to install Sandboxie and use Firefox as your main browser.


Install NoScript to prevent malicious script to install virus in your computer.

Then, run your browser, Firefox, in the Sandbox after installing Sandboxie so that no virus will be installed in your computer. Why? Read this article.

I have used Sandboxie for couple years. Untill now, my computer is free from any virus and I just use the Free AVG as my main antivirus only. Try Sandboxie and Firefox (with NoScript installed)now! Your computer will be free from most type of viruses!
Friday, January 27, 2012

Remove Antivirus Smart ProtectionRemove Antivirus Smart Protection

Remove Antivirus Smart Protection
Antivirus Smart Protection is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Antivirus Smart Protection does not kill any malware from any computer. Antivirus Smart Protection infects the computer by installing malicious files into the computer which will try to disguise itself like an ultimate antivirus which can protect computer from malwares. After installation complete, Antivirus Smart Protection will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Antivirus Smart Protection.


Antivirus Smart Protection can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antivirus Smart Protection shown in the removal guide below. All files related to Antivirus Smart Protection must be deleted.


Antivirus Smart Protection should be removed immediately!

Antivirus Smart Protection Removal Guide
Kill Process
(How to kill a process effectively?)
ScanDisk_.exe
ASa76.exe
eb.exe
runddlkey.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus Smart Protection"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\[RANDOM]

Remove Folders and Files

%AppData%\Antivirus Smart Protection
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Smart Protection.lnk
%CommonAppData%\79b35
%CommonAppData%\ASPHEP
%Desktop%\Antivirus Smart Protection.lnk
%UserProfile%\Recent\cb.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\FS.tmp
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.tmp
%UserProfile%\Recent\runddlkey.exe
%UserProfile%\Recent\runddlkey.sys
%UserProfile%\Recent\snl2w.sys
%StartMenu%\Antivirus Smart Protection.lnk
%StartMenu%\Programs\Antivirus Smart Protection.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

%Desktop% means that the file is located directly on your desktop. This is C:\DOCUMENTS AND SETTINGS\\Desktop\ for Windows 2000/XP, and C:\Users\\Desktop\ for Windows Vista and Windows 7.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\\Start Menu\, and for Windows Vista/7 it is C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.

Saturday, January 21, 2012

Remove Internet Security 2012Remove Internet Security 2012

Remove Internet Security 2012
Internet Security 2012 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Internet Security 2012 CANNOT detect and remove any kind of malware, trojan and virus. Internet Security 2012 can only cheat the user to purchase the full version of Internet Security 2012 so that to removed the detected threats. Do not believe any pop ups or report shown by Internet Security 2012. All of them is a lie.

Internet Security 2012 can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Internet Security 2012 must be cleared by using Windows Registry Editor.

Internet Security 2012, after installed, usually will display a lot of pop-up alerts that attempt to make users believe that it has detected multiple threats on the system that it is installed on. Naturally, some computer users will try to take action to remove those threats simply by purchasing a full edition of Internet Security 2012. After doing so, users will later find out that Internet Security 2012 is incapable of ridding their system of any type of malware threats and will continually bombard them with deceptive pop-up messages. The only thing to do with Internet Security 2012 is remove either manually or by using an updated spyware detection tool.

Internet Security 2012 should be removed immediately!


Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘


Remove Folders and Files
remove the files stated in the autorun setting.

%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%Temp%\[random]

Friday, January 20, 2012

Remove Smart Internet Protection 2012Remove Smart Internet Protection 2012

Remove Smart Internet Protection 2012
Smart Internet Protection 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Smart Internet Protection 2012 does not kill any malware from any computer. Smart Internet Protection 2012 infects the computer by installing KB1883574.exe into the computer which will try to disguise itself like a Windows update entitled System Security Pack Update. After installation complete, Smart Internet Protection 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Smart Internet Protection 2012.
Smart Internet Protection 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Smart Internet Protection 2012 shown in the removal guide below. All files related to Smart Internet Protection 2012 must be deleted.
Smart Internet Protection 2012 should be removed immediately!

Smart Internet Protection 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\[RANDOM]

Remove Folders and Files
%Programs%\Smart Internet Protection 2012\Smart Internet Protection 2012.lnk
%Programs%\Smart Internet Protection 2012
%TempDir%\[random].exe
%TempDir%\[random]
[random].exe in hard drive

Remove Smart Protection 2012Remove Smart Protection 2012

Remove Smart Protection 2012
Smart Protection 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Smart Protection 2012 does not kill any malware from any computer. Smart Protection 2012 infects the computer by installing KB1883574.exe into the computer which will try to disguise itself like a Windows update entitled System Security Pack Update. After installation complete, Smart Protection 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Smart Protection 2012.
Smart Protection 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Smart Protection 2012 shown in the removal guide below. All files related to Smart Protection 2012 must be deleted.
Smart Protection 2012 should be removed immediately!

Smart Protection 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\[RANDOM]

Remove Folders and Files
%Programs%\Smart Protection 2012\Smart Protection 2012.lnk
%Programs%\Smart Protection 2012
%TempDir%\[random].exe
%TempDir%\[random]
[random].exe in hard drive
Saturday, January 14, 2012

Remove Internet Security GuardRemove Internet Security Guard

Remove Internet Security Guard
Internet Security Guard is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Internet Security Guard CANNOT detect and remove any kind of malware, trojan and virus. Internet Security Guard can only cheat the user to purchase the full version of Internet Security Guard so that to removed the detected threats. Do not believe any pop ups or report shown by Internet Security Guard. All of them is a lie.

Internet Security Guard can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Internet Security Guard must be cleared by using Windows Registry Editor.

Internet Security Guard, after installed, usually will display a lot of pop-up alerts that attempt to make users believe that it has detected multiple threats on the system that it is installed on. Naturally, some computer users will try to take action to remove those threats simply by purchasing a full edition of Internet Security Guard. After doing so, users will later find out that Internet Security Guard is incapable of ridding their system of any type of malware threats and will continually bombard them with deceptive pop-up messages. The only thing to do with Internet Security Guard is remove either manually or by using an updated spyware detection tool.

Internet Security Guard should be removed immediately!


Internet Security Guard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
scandsk107d_8027.exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘


Remove Folders and Files
remove the files stated in the autorun setting.

%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%Temp%\[random]

Thursday, January 12, 2012

Remove Windows XP Internet Security 2012Remove Windows XP Internet Security 2012

Remove Windows XP Internet Security 2012
Windows XP Internet Security 2012 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Windows XP Internet Security 2012 CANNOT detect and remove any kind of malware, trojan and virus. Windows XP Internet Security 2012 can only cheat the user to purchase the full version of Windows XP Internet Security 2012 so that to removed the detected threats. Do not believe any pop ups or report shown by Windows XP Internet Security 2012. All of them is a lie.

Windows XP Internet Security 2012 can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows XP Internet Security 2012 must be cleared by using Windows Registry Editor.

Windows XP Internet Security 2012, after installed, usually will display a lot of pop-up alerts that attempt to make users believe that it has detected multiple threats on the system that it is installed on. Naturally, some computer users will try to take action to remove those threats simply by purchasing a full edition of Windows XP Internet Security 2012. After doing so, users will later find out that Windows XP Internet Security 2012 is incapable of ridding their system of any type of malware threats and will continually bombard them with deceptive pop-up messages. The only thing to do with Windows XP Internet Security 2012 is remove either manually or by using an updated spyware detection tool.

Windows XP Internet Security 2012 should be removed immediately!


Windows XP Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘


Remove Folders and Files
remove the files stated in the autorun setting.

%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%Temp%\[random]

Tuesday, January 10, 2012

Remove Windows 7 Security 2012Remove Windows 7 Security 2012

Remove Windows 7 Security 2012
Windows 7 Security 2012 is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows 7 Security 2012 infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows 7 Security 2012 will start automatically when Windows boot. Then, Windows 7 Security 2012 will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows 7 Security 2012 in order to remove the detected malwares.

Windows 7 Security 2012 provides fake features such as System Scan, Protection, Privacy and Update. None of them can really protect computer from malware, virus or trojans.Windows 7 Security 2012 should be removed immediately!

Windows 7 Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah
HKEY_CLASSES_ROOT\ah
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1? %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1? %*
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*


Remove Folders and Files

%AppData%\Microsoft\Windows\Templates\[random]
%LocalAppData%\[random]
%LocalAppData%\.exe[random]
%AllUsersProfile%\[random]
%Temp%\[random]
%AppData%\Microsoft\Windows\Templates\[random]
%LocalAppData%\[random]
%LocalAppData%\.exe[random]
%AllUsersProfile%\[random]
%Temp%\[random]

Remove Windows Vista Security 2012Remove Windows Vista Security 2012

Remove Windows Vista Security 2012
Windows Vista Security 2012 is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Vista Security 2012 infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Vista Security 2012 will start automatically when Windows boot. Then, Windows Vista Security 2012 will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Vista Security 2012 in order to remove the detected malwares.

Windows Vista Security 2012 provides fake features such as System Scan, Protection, Privacy and Update. None of them can really protect computer from malware, virus or trojans.Windows Vista Security 2012 should be removed immediately!

Windows Vista Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah
HKEY_CLASSES_ROOT\ah
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1? %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1? %*
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*


Remove Folders and Files

%AppData%\Microsoft\Windows\Templates\[random]
%LocalAppData%\[random]
%LocalAppData%\.exe[random]
%AllUsersProfile%\[random]
%Temp%\[random]
%AppData%\Microsoft\Windows\Templates\[random]
%LocalAppData%\[random]
%LocalAppData%\.exe[random]
%AllUsersProfile%\[random]
%Temp%\[random]

Remove Windows 7 Internet Security 2012Remove Windows 7 Internet Security 2012

Remove Windows 7 Internet Security 2012
Windows 7 Internet Security 2012 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Windows 7 Internet Security 2012 CANNOT detect and remove any kind of malware, trojan and virus. Windows 7 Internet Security 2012 can only cheat the user to purchase the full version of Windows 7 Internet Security 2012 so that to removed the detected threats. Do not believe any pop ups or report shown by Windows 7 Internet Security 2012. All of them is a lie.

Windows 7 Internet Security 2012 can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows 7 Internet Security 2012 must be cleared by using Windows Registry Editor.

Windows 7 Internet Security 2012, after installed, usually will display a lot of pop-up alerts that attempt to make users believe that it has detected multiple threats on the system that it is installed on. Naturally, some computer users will try to take action to remove those threats simply by purchasing a full edition of Windows 7 Internet Security 2012. After doing so, users will later find out that Windows 7 Internet Security 2012 is incapable of ridding their system of any type of malware threats and will continually bombard them with deceptive pop-up messages. The only thing to do with Windows 7 Internet Security 2012 is remove either manually or by using an updated spyware detection tool.

Windows 7 Internet Security 2012 should be removed immediately!


Windows 7 Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘


Remove Folders and Files
remove the files stated in the autorun setting.

%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%Temp%\[random]

Saturday, January 7, 2012

Remove Windows Vista Internet Security 2012Remove Windows Vista Internet Security 2012

Remove Windows Vista Internet Security 2012
Windows Vista Internet Security 2012 is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Windows Vista Internet Security 2012 CANNOT detect and remove any kind of malware, trojan and virus. Windows Vista Internet Security 2012 can only cheat the user to purchase the full version of Windows Vista Internet Security 2012 so that to removed the detected threats. Do not believe any pop ups or report shown by Windows Vista Internet Security 2012. All of them is a lie.

Windows Vista Internet Security 2012 can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Vista Internet Security 2012 must be cleared by using Windows Registry Editor.

Windows Vista Internet Security 2012, after installed, usually will display a lot of pop-up alerts that attempt to make users believe that it has detected multiple threats on the system that it is installed on. Naturally, some computer users will try to take action to remove those threats simply by purchasing a full edition of Windows Vista Internet Security 2012. After doing so, users will later find out that Windows Vista Internet Security 2012 is incapable of ridding their system of any type of malware threats and will continually bombard them with deceptive pop-up messages. The only thing to do with Windows Vista Internet Security 2012 is remove either manually or by using an updated spyware detection tool.

Windows Vista Internet Security 2012 should be removed immediately!


Windows Vista Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘


Remove Folders and Files
remove the files stated in the autorun setting.

%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%Temp%\[random]