Sunday, July 28, 2013

Attentive AntivirusAttentive Antivirus

Remove Attentive Antivirus
Attentive Antivirus is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Attentive Antivirus is installed. Attentive Antivirus installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Attentive Antivirus will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Attentive Antivirus is to urge the user to register Attentive Antivirus by purchasing the full version of Attentive Antivirus so that to earn some money from the user. Attentive Antivirus cannot detect and remove any malware / virus / trojan.


Attentive Antivirus can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Attentive Antivirus shown in the removal guide below. All files related to Attentive Antivirus must be deleted. Attentive Antivirus provide fake features such as Scan PC, Quarantine, Updates, Memory Protection, File System, Anti-Spyware and even Firewall, but none of them can really protect the computer from any kind of malwares.

Attentive Antivirus should be removed immediately!

Attentive Antivirus Removal Guide
Kill Process
(How to kill a process effectively?)
WaDprnV7.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AA2014" = "%CommonAppData%\WaDprnV7\WaDprnV7.exe"

Remove Folders and Files
%CommonAppData%\WaDprnV7

Saturday, July 27, 2013

Remove Ministry of Public Safety Canada RansomwareRemove Ministry of Public Safety Canada Ransomware

Remove Ministry of Public Safety Canada Ransomware
Ministry of Public Safety Canada Ransomware is a virus, malware, trojan family that infect the computer to cheat the hard-earn money of computer user. Ministry of Public Safety Canada Ransomware mainly target computers in Canada. The Ministry of Public Safety Canada Ransomware installs itself to the computer through website which provide download pirated software and songs. The Ministry of Public Safety Canada ransomware displays a lock screen to the computer users to force them to pay NZD $100 before allowing to access the windows desktop. The lock screen pretends to be from the Canada E-Crime Lab, Canada Police, Centre for Infrastructure Protection (CCIP), and Interpol and was placed because the computer user has been involved in illegal cyber activity related to pornography and copyrighted content. This activity supposedly the computer users has distributed pornography, copyrighted files, or computer viruses to others through various way. The Ministry of Public Safety Canada ransomware continues to show that the computer user must pay a fine in the amount of NZD $100 within 48 hours or you will face legal prosecution. It is important to note that this is a computer virus and that you are not actually being targeted by these agencies, thus please do not be cheated and pay the ransom.

Ministry of Public Safety Canada ransomware show a word "ATTENTION". Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophillia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Canada criminal law. Article 161 of Canada criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Ministry of Public Safety Canada ransomware should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "shell" = "explorer.exe,%AppData%\cache.dat"

Remove Folders and Files
%AppData%\cache.dat

File Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.
Wednesday, July 24, 2013

Remove Ministry of Public Safety New Zealand RansomwareRemove Ministry of Public Safety New Zealand Ransomware

Remove Ministry of Public Safety New Zealand Ransomware
Ministry of Public Safety New Zealand Ransomware is a virus, malware, trojan family that infect the computer to cheat the hard-earn money of computer user. Ministry of Public Safety New Zealand Ransomware mainly target computers in New Zealand. The Ministry of Public Safety New Zealand Ransomware installs itself to the computer through website which provide download pirated software and songs. The Ministry of Public Safety New Zealand ransomware displays a lock screen to the computer users to force them to pay NZD $100 before allowing to access the windows desktop. The lock screen pretends to be from the New Zealand E-Crime Lab, New Zealand Police, Centre for Infrastructure Protection (CCIP), and Interpol and was placed because the computer user has been involved in illegal cyber activity related to pornography and copyrighted content. This activity supposedly the computer users has distributed pornography, copyrighted files, or computer viruses to others through various way. The Ministry of Public Safety New Zealand ransomware continues to show that the computer user must pay a fine in the amount of NZD $100 within 48 hours or you will face legal prosecution. It is important to note that this is a computer virus and that you are not actually being targeted by these agencies, thus please do not be cheated and pay the ransom.

Ministry of Public Safety New Zealand ransomware show a word "ATTENTION". Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophillia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of New Zealand criminal law. Article 161 of New Zealand criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Ministry of Public Safety New Zealand ransomware should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "shell" = "explorer.exe,%AppData%\cache.dat"

Remove Folders and Files
%AppData%\cache.dat

File Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.
Monday, July 22, 2013

Remove Department of Justice RansomwareRemove Department of Justice Ransomware

Department of Justice


Department of Justice Ransomware a malware that shows a screen locker that you are not allow to access your Windows desktop. You must pay a ransom to unlock the windows desktop. The screen locker is very nasty indeed. It try to be an alert from the United States Department of Justice. It warn you that they have detected that you have been viewing child pornography, using unlicensed software, or sharing copyrighted files. They also stated that in order to avoid criminal prosecution, you must pay a fee of $300 in the form of a MoneyPak voucher within 48 hours to gain access to your computer again. The ransomware must be removed as fast as possible.

Department of Justice Ransomware show that: The work of your computer has been suspended on the grounds of the violation of the law of the United Sates of America. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300. It continue to threaten you that this fine may only be paid within 48 hours. If you let 48 hours pass without payment, the possibility of unlocking your computer expires. In this case a criminal case against you will be initiated automatically. Department of Justice Ransomware should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
MigAutoPlay.exe
syssecurity.exe

Delete Registry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MigAutoPlay" = %CommonAppData%\MigAutoPlay.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DisplaySwitch" = %UserProfile%\Templates\syssecurity.exe"

Remove Folders and Files
%CommonAppData%\MigAutoPlay.exe
%UserProfile%\Templates\syssecurity.exe
%UserProfile%\Templates\1.jpg
%UserProfile%\Templates\1.bmp

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7, and Windows 8.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData.
Sunday, July 14, 2013

Remove Antivirus SystemRemove Antivirus System

Remove Antivirus System
Antivirus System is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Antivirus System cannot detect and remove any kind of virus, malware or trojan on the computer. When Antivirus System is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Antivirus System. Antivirus System will recommend the user to purchase the full version of Antivirus System in order to remove all the detected threats. Do not buy Antivirus System as it can do nothing.

Antivirus System provide fake features such as System Scanner, Internet Security, Privacy Security, Proactive Defence,  Firewall, Update Database and Configuration. It shows that a lot of files in the computer are infected by trojan, dialer, spyware and so on. It also provide the descriptions of the trojan, dialer, spyware and so on.

Antivirus System can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Antivirus System. These can be done by using Emsisoft HiJackFree.

Antivirus System should be removed immediately!

Antivirus System Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pavsdata
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = "application/x-m"
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = "%1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pavsdata\[number].1.exe" /ex "%1" %*"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "avsdsvc" = "%CommonAppData%\pavsdata\[number].1.exe /min"
HKEY_CLASSES_ROOT\.exe "(Default)" = "[random]"
HKEY_CLASSES_ROOT\.exe "Content Type" = "application/x-m"

Remove Folders and Files
%CommonAppData%\pavsdata
%CommonStartMenu%\Programs\Antivirus System