Wednesday, March 20, 2013

Remove AVASoft Professional AntivirusRemove AVASoft Professional Antivirus

Remove AVASoft Professional Antivirus
AVASoft Professional Antivirus is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, AVASoft Professional Antivirus cannot detect and remove any kind of virus, malware or trojan on the computer. When AVASoft Professional Antivirus is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by AVASoft Professional Antivirus. AVASoft Professional Antivirus will recommend the user to purchase the full version of AVASoft Professional Antivirus in order to remove all the detected threats. Do not buy AVASoft Professional Antivirus as it can do nothing.

AVASoft Professional Antivirus provide fake features such as system scan, protection, privacy, update and setting. It recommend the user to activate AVASoft Professional Antivirus to get Full protection against malicious, virus, spyware and unwanted software.

AVASoft Professional Antivirus can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by AVASoft Professional Antivirus. These can be done by using Emsisoft HiJackFree.

AVASoft Professional Antivirus should be removed immediately!

AVASoft Professional Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\AVASoft Professional Antivirus\ScanDisk_.exe
%CommonAppData%\79b35\BAa76.exe
%UserProfile%\Recent\kernel32.exe

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\TAA.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Mod/4.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AVASoft Professional Antivirus"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\Microsoft\Internet Explorer\Quick Launch\AVASoft Professional Antivirus.lnk
%AppData%\AVASoft Professional Antivirus
%CommonAppData%\79b35
%UserProfile%\Desktop\AVASoft Professional Antivirus.lnk
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\kernel32.dll
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.dll
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\SM.sys
%UserProfile%\Recent\snl2w.sys
%UserProfile%\Recent\tjd.dll
%StartMenu%\AVASoft Professional Antivirus.lnk
%StartMenu%\Programs\AVASoft Professional Antivirus.lnk

No comments:

Post a Comment