Wednesday, November 27, 2013

Remove Windows Expert ConsoleRemove Windows Expert Console

Remove Windows Expert Console
Windows Expert Console is a fake antivirus program which intend to urge the user whose computer is infected by Windows Expert Console to purchase the full version of Windows Expert Console. Windows Expert Console produces fake alert in order to cheat the user. Windows Expert Console installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Expert Console will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Expert Console to remove all the malwares.

Windows Expert Console provide fake features such as firewall, automatic update, antivirus protection, anti-phishing, advanced process control, autorun manager, service manager, all-in-one suite, quick scan, deep scan and custom scan. All of them cannot protect the computer from any kind of malware.

Windows Expert Console can be removed by stopping its processes

Windows Expert Console should be removed immediately!

Windows Expert Console Removal Guide
Kill Process
(How to kill a process effectively?)
guard-fvtb.exe

Delete Registry
HHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-toiy.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-fvtb.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"

Remove Folders ad Files
%AppData%\guard-fvtb.exe
%AppData%\result1.db

File Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

No comments:

Post a Comment