Wednesday, February 29, 2012

Remove Win 7  Internet Protector 2012Remove Win 7 Internet Protector 2012

Remove Win 7  Internet Protector 2012
Win 7 Internet Protector 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Win 7 Internet Protector 2012 is installed. Win 7 Internet Protector 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Win 7 Internet Protector 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Win 7 Internet Protector 2012 is to urge the user to register Win 7 Internet Protector 2012 by purchasing the full version of Win 7 Internet Protector 2012 so that to earn some money from the user. Win 7 Internet Protector 2012 cannot detect and remove any malware / virus / trojan. Win 7 Internet Protector 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


Win 7 Internet Protector 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Win 7 Internet Protector 2012 shown in the removal guide below. All files related to Win 7 Internet Protector 2012 must be deleted.

Win 7 Internet Protector 2012 should be removed immediately!

Win 7 Internet Protector 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Win 7 Internet Protector 2012.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Win 7 Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Win 7 Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win 7 Internet Protector 2012

Remove Folders and Files

%AppData%\Win 7 Internet Protector 2012
%AppData%\Microsoft\Internet Explorer\Quick Launch\Win 7 Internet Protector 2012.lnk
%Programs%\Win 7 Internet Protector 2012.lnk
%Programs%\Win 7 Internet Protector 2012

Remove Vista Internet Protector 2012Remove Vista Internet Protector 2012

Remove Vista Internet Protector 2012
Vista Internet Protector 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Vista Internet Protector 2012 is installed. Vista Internet Protector 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Vista Internet Protector 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Vista Internet Protector 2012 is to urge the user to register Vista Internet Protector 2012 by purchasing the full version of Vista Internet Protector 2012 so that to earn some money from the user. Vista Internet Protector 2012 cannot detect and remove any malware / virus / trojan. Vista Internet Protector 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


Vista Internet Protector 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Vista Internet Protector 2012 shown in the removal guide below. All files related to Vista Internet Protector 2012 must be deleted.

Vista Internet Protector 2012 should be removed immediately!

Vista Internet Protector 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Vista Internet Protector 2012.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Vista Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Vista Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vista Internet Protector 2012

Remove Folders and Files

%AppData%\Vista Internet Protector 2012
%AppData%\Microsoft\Internet Explorer\Quick Launch\Vista Internet Protector 2012.lnk
%Programs%\Vista Internet Protector 2012.lnk
%Programs%\Vista Internet Protector 2012

Remove XP Internet Protector 2012Remove XP Internet Protector 2012

Remove XP Internet Protector 2012
XP Internet Protector 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which XP Internet Protector 2012 is installed. XP Internet Protector 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. XP Internet Protector 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of XP Internet Protector 2012 is to urge the user to register XP Internet Protector 2012 by purchasing the full version of XP Internet Protector 2012 so that to earn some money from the user. XP Internet Protector 2012 cannot detect and remove any malware / virus / trojan. XP Internet Protector 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


XP Internet Protector 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by XP Internet Protector 2012 shown in the removal guide below. All files related to XP Internet Protector 2012 must be deleted.

XP Internet Protector 2012 should be removed immediately!

XP Internet Protector 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
XP Internet Protector 2012.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\XP Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Protector 2012

Remove Folders and Files

%AppData%\XP Internet Protector 2012
%AppData%\Microsoft\Internet Explorer\Quick Launch\XP Internet Protector 2012.lnk
%Programs%\XP Internet Protector 2012.lnk
%Programs%\XP Internet Protector 2012

Remove Internet Protector 2012Remove Internet Protector 2012

Remove Internet Protector 2012
Internet Protector 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Internet Protector 2012 is installed. Internet Protector 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Internet Protector 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Internet Protector 2012 is to urge the user to register Internet Protector 2012 by purchasing the full version of Internet Protector 2012 so that to earn some money from the user. Internet Protector 2012 cannot detect and remove any malware / virus / trojan. Internet Protector 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


Internet Protector 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Protector 2012 shown in the removal guide below. All files related to Internet Protector 2012 must be deleted.

Internet Protector 2012 should be removed immediately!

Internet Protector 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Internet Protector 2012.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Protector 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Protector 2012

Remove Folders and Files

%AppData%\Internet Protector 2012
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Protector 2012.lnk
%Programs%\Internet Protector 2012.lnk
%Programs%\Internet Protector 2012

Remove Internet ProtectorRemove Internet Protector

Remove Internet Protector
Internet Protector is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Internet Protector is installed. Internet Protector installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Internet Protector will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Internet Protector is to urge the user to register Internet Protector by purchasing the full version of Internet Protector so that to earn some money from the user. Internet Protector cannot detect and remove any malware / virus / trojan. Internet Protector will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.


Internet Protector can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Protector shown in the removal guide below. All files related to Internet Protector must be deleted.

Internet Protector should be removed immediately!

Internet Protector Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
internet protector.exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Internet Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Protector

Remove Folders and Files

%AppData%\Internet Protector
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Protector.lnk
%Programs%\Internet Protector.lnk
%Programs%\Internet Protector

Remove Windows Stability GuardRemove Windows Stability Guard

Remove Windows Stability Guard
Windows Stability Guard is a fake antivirus program which intend to urge the user whose computer is infected by Windows Stability Guard to purchase the full version of Windows Stability Guard. Windows Stability Guard produces fake alert in order to cheat the user. Windows Stability Guard installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Stability Guard will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Stability Guard to remove all the malwares.

Windows Stability Guard provide fake features such as firewall, automatic update, antivirus protection, anti-phishing, advanced process control, autorun manager, service manager, all-in-one suite, quick scan, deep scan and custom scan. All of them cannot protect the computer from any kind of malware.


Windows Stability Guard can be removed by stopping its processes [random].exe and Windows Stability Guard.exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Stability Guard should be removed immediately!

Windows Stability Guard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-28_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Stability Guard.lnk
%Desktop%\Windows Stability Guard .lnk

Tuesday, February 28, 2012

Remove Smart Fortress 2012Remove Smart Fortress 2012

Remove Smart Fortress 2012
Smart Fortress 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Smart Fortress 2012 does not kill any malware from any computer. Smart Fortress 2012 infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Smart Fortress 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Smart Fortress 2012.


Smart Fortress 2012 can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.


Smart Fortress 2012 provides fake features such as System Scan, Protection, Privacy, Update, etc. None of them can help protect the computer from any kind of malwares. It always shows a lot of trojan attack the computer such as Win32.Spamta.KG.worm, Trojan.IRC.Bot.d, Worm.Bagle.CP, Trojan-Downloader.VBS.Small.o and etc. All of them are fake result.

Smart Fortress 2012 should be removed immediately!

Smart Fortress 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "random"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"
HKEY_CURRENT_USER\Software\Classes\[random]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
HKEY_CLASSES_ROOT\[random]
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\%s "(Default)" = "[random]"
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\[random]\shell\open\command "(Default)" = "%CommonAppData%\[random]\[random].exe" -s "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\[random]\shell\open\command "(Default)" = "%CommonAppData%\[random]\[random].exe" -s "%1" %*


Remove Folders and Files
%appdata%\[random]

%CommonAppData%\[random]
%appdata%\Smart Fortress 2012

remove the file shown in autorun settings.

Remove Windows Basic AntivirusRemove Windows Basic Antivirus

Remove Windows Basic Antivirus
Windows Basic Antivirus is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Basic Antivirus is distributed through the same fake Microsoft Security Essentials Alert trojan that many other rogue anti-spyware programs are propagated through, allowing Windows Basic Antivirus a stealthy entry. Windows Basic Antivirus infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Basic Antivirus include browser hijacks, dysfunctional security applications and unauthorized changes to system settings. Windows Basic Antivirus will start automatically when Windows boot. Then, Windows Basic Antivirus will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Basic Antivirus in order to remove the detected malwares. Full version or unregistered version of Windows Basic Antivirus can do nothing.

Windows Basic Antivirus can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Basic Antivirus shown in the removal guide below. All files related to Windows Basic Antivirus must be deleted.

Windows Basic Antivirus should be removed immediately!

Windows Basic Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "levuvuaofd"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-27_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Basic Antivirus.lnk
%Desktop%\Windows Basic Antivirus .lnk

Sunday, February 26, 2012

Remove Windows PRO ScannerRemove Windows PRO Scanner

Remove Windows PRO Scanner
Windows PRO Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows PRO Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows PRO Scanner will display this types of fake alert to urge the user to purchase the full version of Windows PRO Scanner which cannot detect and remove any kind malware, trojan or virus.

Windows PRO Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.


Windows PRO Scanner provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows PRO Scanner should be removed immediately!

Windows PRO Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-25_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%StartMenu%\Programs\Windows PRO Scanner.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows PRO Scanner.lnk

Friday, February 24, 2012

Remove Windows Telemetry CenterRemove Windows Telemetry Center

Remove Windows Telemetry Center
Windows Telemetry Center is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Telemetry Center infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Telemetry Center will start automatically when Windows boot. Then, Windows Telemetry Center will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Telemetry Center in order to remove the detected malwares. Windows Telemetry Center is a scam application. If you have already purchased Windows Telemetry Center, then you should contact your credit card company and dispute the charges.

Windows Telemetry Center can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Telemetry Center must be cleared by using Windows Registry Editor.


Windows Telemetry Center should be removed immediately!

Windows Telemetry Center Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = knrcfkfyun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-22_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%StartMenu%\Programs\Windows Telemetry Center.lnk
%AppData%\Protector-.exe
%AppData%\result.db
%Desktop%\Windows Telemetry Center.lnk

Remove Strong Malware DefenderRemove Strong Malware Defender

Remove Strong Malware Defender
Strong Malware Defender is an unwanted application which is a rogue computer security program. Strong Malware Defender is a fake optimization tool that cannot optimize the performance of the hard drive, memory and the system of the computer. Strong Malware Defender was created to cheat the money of the user by showing fake report to the user that there are serious errors found in the hard drive, memory and the system. Strong Malware Defender urge the user to purchase the full version of Strong Malware Defender to remove all the detected threats. Strong Malware Defender will even claim it can eliminate computer issues or errors. Do not believe anything shown by Strong Malware Defender, as it can do nothing.

Strong Malware Defender can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Strong Malware Defender should be removed immediately!


Strong Malware Defender Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Strong Malware Defender"

Remove Folders and Files
%StartMenu%\Strong Malware Defender.lnk
%Programs%\Strong Malware Defender.lnk
%Desktop%\Strong Malware Defender.lnk
%CommonAppData%\[random]\ASE.ico
%CommonAppData%\[random]\[random].exe
%CommonAppData%\[random]\[random].cfg
%AppData%\Strong Malware Defender\Instructions.ini
%AppData%\Strong Malware Defender\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk
find the files in autorun setting in registry editor and remove all of them which is related to Strong Malware Defender
Thursday, February 23, 2012

Remove Windows Smart PartnerRemove Windows Smart Partner

Remove Windows Smart Partner
Windows Smart Partner is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows Smart Partner does not kill any malware from any computer. Windows Smart Partner infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Windows Smart Partner will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows Smart Partner.Windows Smart Partner states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Windows Smart Partner is a serious risk to any computer system and should be removed immediately.


Windows Smart Partner can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Windows Smart Partner should be removed immediately!

Windows Smart Partner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Protector-mwa.exe
Protector-yqm.exe
Protector-pco.exe
Protector-dpq.exe
Protector-gjb.exe
Protector-oak.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "random"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Smart Partner"

Remove Folders and Files

%APPDATA%\ Protector-mwa.exe
%APPDATA%\ Protector-yqm.exe
%APPDATA%\ Protector-pco.exe
%APPDATA%\ Protector-dpq.exe
%APPDATA%\ Protector-gjb.exe
%DesktopDir%\Windows Smart Partner.lnk
%CommonPrograms\%Windows Smart Partner.lnk
%AppData\%NPSWF32.dll
%AppData%\Protector-oak.exe
remove the file shown in autorun settings.

Wednesday, February 22, 2012

Remove Windows Secure Kit 2011Remove Windows Secure Kit 2011

Remove Windows Secure Kit 2011
Windows Secure Kit 2011 is a fake antivirus program created to urge the user to buy the full version of Windows Secure Kit 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Windows Secure Kit 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Secure Kit 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows Secure Kit 2011 is nothing more than a scam and plagiarized antispyware program

Windows Secure Kit 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Secure Kit 2011. Finally, all the file related to Windows Secure Kit 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.


Windows Secure Kit 2011 should be removed immediately!
Windows Secure Kit 2011 Removal Guide
Kill Process
[random].exe

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CustomizeSearch=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[site address]


Remove Folders and Files

%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Secure Kit 2011.lnk
%System%\drivers\UAC[RANDOM].sys
C:\Documents and Settings\User Name\Local Settings\Temporary Internet Files\Content.IE5\4SOEDFRR\setup.exe
C:\WINDOWS\system32\02612.exe or any other random number
C:\Documents and Settings\User Name\Local Settings\Temp\[RANDOM].exe

Remove Windows Smart WardenRemove Windows Smart Warden

Remove Windows Smart Warden
Windows Smart Warden is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows Smart Warden does not kill any malware from any computer. Windows Smart Warden infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Windows Smart Warden will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows Smart Warden.Windows Smart Warden states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Windows Smart Warden is a serious risk to any computer system and should be removed immediately.


Windows Smart Warden can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Windows Smart Warden should be removed immediately!

Windows Smart Warden Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Protector-hch.exe
Protector-vet.exe
Protector-ykm.exe
Protector-mon.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files

%APPDATA%\ Protector-hch.exe
%APPDATA%\ Protector-vet.exe
Windows Smart Warden.lnk
%APPDATA%\ Protector-ykm.exe
%APPDATA%\ Protector-mon.exe

remove the file shown in autorun settings.
Tuesday, February 21, 2012

Remove Security Shield 2012Remove Security Shield 2012

Remove Security Shield 2012
Security Shield 2012 is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Security Shield 2012 pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Security Shield 2012 is installed on the computer, it will start automatically when Windows boot. Then Security Shield 2012 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Security Shield 2012 will repeatedly shows the pop ups to urge the user to purchase the full version of Security Shield 2012 so that to remove all the threats. However, Security Shield 2012 cannot detect and remove any kind of virus, malware and trojan.


Security Shield 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Security Shield 2012 shown in the removal guide below. All files related to Security Shield 2012 must be deleted.

Security Shield 2012 should be removed immediately!

Security Shield 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = %UserProfile%\Application Data\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\.exe'

Remove Folders and Files

%UserProfile%\Start Menu\Programs\SecurityShield 2012.lnk
%AppData%\Microsoft\Internet Explorer\Quick Launch\SecurityShield 2012.lnk
%AppData%\SecurityShield 2012

%StartMenu\%Programs\SecurityShield 2012

Remove Home Malware CleanerRemove Home Malware Cleaner

Remove Home Malware Cleaner
Home Malware Cleaner is an unwanted application which is a rogue computer security program. Home Malware Cleaner is a fake optimization tool that cannot optimize the performance of the hard drive, memory and the system of the computer. Home Malware Cleaner was created to cheat the money of the user by showing fake report to the user that there are serious errors found in the hard drive, memory and the system. Home Malware Cleaner urge the user to purchase the full version of Home Malware Cleaner to remove all the detected threats. Home Malware Cleaner will even claim it can eliminate computer issues or errors. Do not believe anything shown by Home Malware Cleaner, as it can do nothing.

Home Malware Cleaner can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Home Malware Cleaner should be removed immediately!


Home Malware Cleaner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%Temp%\Windows Update.exe
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]
find the files in autorun setting in registry editor and remove all of them which is related to Home Malware Cleaner
Saturday, February 18, 2012

Remove Windows Functionality CheckerRemove Windows Functionality Checker

Remove Windows Functionality Checker
Windows Functionality Checker is a fake antivirus program that looks like a legitimate antivirus and is made by Russian hackers, which invades your computer system via trojan infections and software vulnerabilities. In fact, Windows Functionality Checker cannot help protect your PC. Windows Functionality Checker is created to cheat the user to buy the full version of Windows Functionality Checker. When Windows Functionality Checker is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as Windows Functionality Checker cannot detect and remove any malware.


Windows Functionality Checker can be removed by stopping all random name processes by using Emsisoft HiJackFree. After that, the user should delete the files of the processes. All registry settings modified by Windows Functionality Checker must be restored according to the removal guide below.


Windows Functionality Checker provide fake features such as antivirus,   firewall protection, update etc but all of them cannot protect the computer from any kind of malware. Do not trust it at all.

Windows Functionality Checker should be removed immediately!

Windows Functionality Checker Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Protector-hox.exe

Delete Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%StartMenu%\Programs\Windows Functionality Checker.lnk
%AppData%\NPSWF32.dll
%AppData%\Protector-hox.exe
%AppData%\result.db

Remove Antivirus Protection 2012Remove Antivirus Protection 2012

Antivirus Protection 2012 Removal Guide
Antivirus Protection 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Antivirus Protection 2012 does not kill any malware from any computer. Antivirus Protection 2012 infects the computer by installing [random].exe into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Antivirus Protection 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Antivirus Protection 2012.


Antivirus Protection 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antivirus Protection 2012 shown in the removal guide below. All files related to Antivirus Protection 2012 must be deleted.

Antivirus Protection 2012 is a new enough program that attacks systems of the world nowadays. This malware is related to different kind of trojan horses that are very widespread in the web. And no one is safe from being infected by them.
Antivirus Protection 2012 should be removed immediately!

Antivirus Protection 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
securitymanager.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

Remove Folders and Files

%AppData%\Antivirus Protection\securitymanager.exe
%AppData%\Antivirus Protection\antivirusprotection2012.exe
%Desktop%\Antivirus Protection.lnk
%StartMenu%\Programs\Antivirus Protection\antivirus protection.lnk
remove the files stated in the autorun setting.

Friday, February 17, 2012

Remove Windows Performance CatalystRemove Windows Performance Catalyst

Windows Performance Catalyst Removal Guide
Windows Performance Catalyst is a fake antivirus program that tricks the user to purchase the full version of Windows Performance Catalyst by showing fake detection of the computer. When Windows Performance Catalyst is installed in the computer, it will start automatically when Windows boot. Then, Windows Performance Catalyst will scan the computer and will surely state that there are many files in the computer are infected by malwares. Windows Performance Catalyst will urge the user to purchase the full version of Windows Performance Catalyst in order to remove all the malwares. However, Windows Performance Catalyst cannot detect and remove any malware from the computer. All the detection is a lie. Windows Performance Catalyst pretends to be affiliated with Microsoft by using the Windows icon and a comprehensive and user-friendly interface.

Windows Performance Catalyst can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified must be cleared by using Windows Registry Editor.

Windows Performance Catalyst is part of the Fake Microsoft Security Essentials infection. When this infection is installed on the computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on the computer.

Windows Performance Catalyst should be removed immediately!

Windows Performance Catalyst Removal Guide
Kill Process
(How to kill a process effectively?)
Inspector-[random].exe

Delete Registry
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{random}.exe "Debugger"

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\result.db
%AppData%\Inspector-[random].exe
%StartMenu%\Programs\Windows Performance Catalyst.lnk
%UserProfile%\Desktop\Windows Performance Catalyst.lnk


Wednesday, February 15, 2012

Remove Security Scanner 2012Remove Security Scanner 2012

Remove Security Scanner 2012
Security Scanner 2012 is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Security Scanner 2012 WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Security Scanner 2012 will display this types of fake alert to urge the user to purchase the full version of Security Scanner 2012 which cannot detect and remove any kind malware, trojan or virus.

Security Scanner 2012 provide fake features such as System Scan, Protection, Update etc. All of them cannot protect computer from any kind of malwares.


Security Scanner 2012 can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.Security Scanner 2012 should be removed immediately!

Security Scanner 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Security Scanner 2012
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Scanner 2012"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%%PROGRAM_FILES%\Security Scanner 2012
c:\Documents and Settings\All Users\Security Scanner 2012\
c:\Documents and Settings\All Users\Start Menu\Security Scanner 2012\
c:\Documents and Settings\All Users\[random]
remove the file stated in the autorun setting
Monday, February 13, 2012

Remove Windows Protection MasterRemove Windows Protection Master

Remove Windows Protection Master
Windows Protection Master is a fake security program. Windows Protection Master will start automatically when Windows boot once it is installed in the computer. Windows Protection Master will SURELY produce fake report that there are many files are infected by malwares in order to scare the user. Windows Protection Master will urge the user to buy the full version of Windows Protection Master so that to solve the problems stated. Do not purchase that license, because it's a scam. Windows Protection Master can be removed by stopping all the processes which filename is formed by random characters. After that, the files should be deleted.

Windows Protection Master will display fake message stating that there are many viruses found on the system. It will show the user the files which are infected by virus, in fact, all of the files are clean. Windows Protection Master also prevent the user from running other Windows programs or downloading any software from internet!

Windows Protection Master provides fake features such as scanning the hard drive, system scan, protection, update etc. All of them cannot protect computers from any kind of malwares.


Windows Protection Master should be removed immediately!

Windows Protection Master Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%LocalAppData%\~[random]
%LocalAppData%\~[random]
%StartMenu%\Programs\Windows Protection Master
%Temp%\smtmp
%UserProfile%\Desktop\Windows Protection Master.lnk

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7, and c:\winnt\profiles\[Current User] for Windows NT.

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\[Current User]\Start Menu\, and for Windows Vista/7 it is C:\Users\[Current User]\AppData\Roaming\Microsoft\Windows\Start Menu.

Remove Security ScannerRemove Security Scanner

Remove Security Scanner
Security Scanner is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Security Scanner WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Security Scanner will display this types of fake alert to urge the user to purchase the full version of Security Scanner which cannot detect and remove any kind malware, trojan or virus.

Security Scanner provide fake features such as System Scan, Protection, Update etc. All of them cannot protect computer from any kind of malwares.


Security Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.Security Scanner should be removed immediately!

Security Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\Software\Security Scanner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Scanner"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%%PROGRAM_FILES%\Security Scanner
c:\Documents and Settings\All Users\Security Scanner\
c:\Documents and Settings\All Users\Start Menu\Security Scanner\
c:\Documents and Settings\All Users\[random]
remove the file stated in the autorun setting
Friday, February 10, 2012

Remove Windows 7 Antispyware 2012Remove Windows 7 Antispyware 2012

Remove Windows 7 Antispyware 2012
Windows 7 Antispyware 2012 is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Windows 7 Antispyware 2012 does not kill any malware from any computer. Windows 7 Antispyware 2012 infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, Windows 7 Antispyware 2012 will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Windows 7 Antispyware 2012.Windows 7 Antispyware 2012 states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. Windows 7 Antispyware 2012 is a serious risk to any computer system and should be removed immediately.

Windows 7 Antispyware 2012 can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

Windows 7 Antispyware 2012 displayed fake alert such as "Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.", "Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.", "Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software." and so on.

Windows 7 Antispyware 2012 should be removed immediately!


Windows 7 Antispyware 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
ppn.exe
kdn.exe

Delete Registry

HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random characters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'


Remove Folders and Files
%AppData%\Local\[random].exe
%AllUsersProfile%\rghjfykak9992kdslspiw64hd
%AppData%\Local\rghjfykak9992kdslspiw64hd
%AppData%\Roaming\Microsoft\Windows\Templates\rghjfykak9992kdslspiw64hd
%Temp%\rghjfykak9992kdslspiw64hd
%LocalAppData%\ppn.exe
%LocalAppData%\kdn.exe
remove the file shown in autorun settings.
Sunday, February 5, 2012

Remove AV Security EssentialsRemove AV Security Essentials

Remove AV Security Essentials
AV Security Essentials is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, AV Security Essentials does not kill any malware from any computer. AV Security Essentials infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, AV Security Essentials will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of AV Security Essentials.AV Security Essentials states that its trialware is not able to remove malware threats detected and offers you purchasing its full version which is allegedly capable to fix them. AV Security Essentials is a serious risk to any computer system and should be removed immediately.

AV Security Essentials can be removed by using Emsisoft HiJackFree to stop the process and remove the files. Then the user should remove the registries entries added and modified according to the removal guide stated below.

AV Security Essentials displayed fake alert such as "Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.", "Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately.", "Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software." and so on.

AV Security Essentials should be removed immediately!


AV Security Essentials Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
ScanDisk_.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV Security Essentials"

Remove Folders and Files
%UserProfile%\Desktop\System Security 2012.lnk
%Temp%\svhostu.exe
C:\Windows\system32\[random].exe
remove the file shown in autorun settings.
%CommonAppData%\[RANDOM]
%StartMenu%\AV Security Essentials.lnk
%Programs%\AV Security Essentials.lnk
%Desktop%\AV Security Essentials.lnk
%AppData%\AV Security Essentials %AppData%\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk