Remove Win 7 Security Cleaner Pro
Win 7 Security Cleaner Pro can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.
Win 7 Security Cleaner Pro provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, etc. None of them can help to protect the computer from any kind of malware.
Win 7 Security Cleaner Pro should be removed immediately!
Win 7 Security Cleaner Pro Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Unregister DLL files
%Temp%\[random].dll
Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""
Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random 3 characters].exe
%Temp%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
File Location Notes:
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ for Windows Vista/7.
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.
%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
Win 7 Security Cleaner Pro provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, etc. None of them can help to protect the computer from any kind of malware.
Win 7 Security Cleaner Pro should be removed immediately!
Win 7 Security Cleaner Pro Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Unregister DLL files
%Temp%\[random].dll
Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = '
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\
HKEY_CURRENT_USER\Software\Classes\
HKEY_CURRENT_USER\Software\Classes\
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\
Remove Folders and Files
%CommonAppData%\[random]
%LocalAppData%\[random]
%LocalAppData%\[random 3 characters].exe
%Temp%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
File Location Notes:
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ for Windows Vista/7.
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.
%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
No comments:
Post a Comment