Wednesday, November 27, 2013

Remove Windows Cleaning ToolkitRemove Windows Cleaning Toolkit

Remove Windows Cleaning Toolkit
Windows Cleaning Toolkit is a fake antivirus program which intend to urge the user whose computer is infected by Windows Cleaning Toolkit to purchase the full version of Windows Cleaning Toolkit. Windows Cleaning Toolkit produces fake alert in order to cheat the user. Windows Cleaning Toolkit installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Cleaning Toolkit will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Cleaning Toolkit to remove all the malwares.

Windows Cleaning Toolkit provide fake features such as firewall, automatic update, antivirus protection, anti-phishing, advanced process control, autorun manager, service manager, all-in-one suite, quick scan, deep scan and custom scan. All of them cannot protect the computer from any kind of malware.

Windows Cleaning Toolkit can be removed by stopping its processes

Windows Cleaning Toolkit should be removed immediately!

Windows Cleaning Toolkit Removal Guide
Kill Process
(How to kill a process effectively?)
guard-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
Remove Folders ad Files
%AppData%\guard-[random].exe
%AppData%\result1.db

File Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

No comments:

Post a Comment