Saturday, April 20, 2013

Remove Win 7 Security Cleaner ProRemove Win 7 Security Cleaner Pro

Remove Win 7 Security Cleaner Pro
Win 7 Security Cleaner Pro is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Win 7 Security Cleaner Pro WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Win 7 Security Cleaner Pro will display this types of fake alert to urge the user to purchase the full version of Win 7 Security Cleaner Pro which cannot detect and remove any kind malware, trojan or virus.

Win 7 Security Cleaner Pro can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Win 7 Security Cleaner Pro provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, etc. None of them can help to protect the computer from any kind of malware.

Win 7 Security Cleaner Pro should be removed immediately!

Win 7 Security Cleaner Pro Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""


Remove Folders and Files

%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random 3 characters].exe
%Temp%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
File Location Notes:

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.

%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ for Windows Vista/7.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.

No comments:

Post a Comment