Saturday, April 20, 2013

Remove Win 7 Security Cleaner ProRemove Win 7 Security Cleaner Pro

Remove Win 7 Security Cleaner Pro
Win 7 Security Cleaner Pro is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Win 7 Security Cleaner Pro WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Win 7 Security Cleaner Pro will display this types of fake alert to urge the user to purchase the full version of Win 7 Security Cleaner Pro which cannot detect and remove any kind malware, trojan or virus.

Win 7 Security Cleaner Pro can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Win 7 Security Cleaner Pro provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, etc. None of them can help to protect the computer from any kind of malware.

Win 7 Security Cleaner Pro should be removed immediately!

Win 7 Security Cleaner Pro Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""


Remove Folders and Files

%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random 3 characters].exe
%Temp%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
File Location Notes:

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.

%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ for Windows Vista/7.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.

Wednesday, April 10, 2013

System Care AntivirusSystem Care Antivirus

Remove System Care Antivirus
System Care Antivirus is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which System Care Antivirus is installed. System Care Antivirus installs into the computer and will configure itself to start automatically (in registry) when Windows boot. System Care Antivirus will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of System Care Antivirus is to urge the user to register System Care Antivirus by purchasing the full version of System Care Antivirus so that to earn some money from the user. System Care Antivirus cannot detect and remove any malware / virus / trojan.


System Care Antivirus can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by System Care Antivirus shown in the removal guide below. All files related to System Care Antivirus must be deleted. 

System Care Antivirus should be removed immediately!

System Care Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
[various-file-names].exe

Delete Registry

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "[Download Path]\[various-file-names].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = "[Download Path]\[various-file-names].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WindowsSecurity" = "[Download Path]\[various-file-names].exe" -a "%1" %*.exe
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "[Download Path]\[various-file-names].exe" -a "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WindowsSecurity" = "[Download Path]\[various-file-names].exe" -a "%1" %*.exe


Remove Folders and Files
[Download Path]\[various-file-names].exe

Remove iON Internet SecurityRemove iON Internet Security

Remove iON Internet Security
iON Internet Security is a fake antivirus program created to urge the user to buy the full version of iON Internet Security in order to earn some profit. Don't ever buy it as it is a cheat! iON Internet Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. iON Internet Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. iON Internet Security is nothing more than a scam and plagiarized antispyware program

iON Internet Security provide fake features such as System Scan, Protection, Privacy, Update and setttings etc. All of them cannot protect the computer from any kind of malware.

iON Internet Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by iON Internet Security. Finally, all the file related to iON Internet Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

iON Internet Security should be removed immediately!
iON Internet Security Removal Guide
Kill Process
SysInit.exe

Delete Registry
HKEY_CURRENT_USER\Software\Internet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SysInit" = "%AppData%\Microsoft\Protect\SysInit.exe"
Remove Folders and Files
%AppData%\Microsoft\Protect\SysInit.exe