Wednesday, October 16, 2013

Remove CryptoLockerRemove CryptoLocker

Remove CryptoLocker
CryptoLocker is a program that was detected in the beginning of September 2013. CryptoLocker encrypt certain files in computer using RSA and AES encryption. When CryptoLocker has finished encrypting your files, it will display a CryptoLocker payment program that force you to send $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 3 days, to pay the ransom or CryptoLocker will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted. However, don't believe whatever displayed. All of them is a lie! They just want to cheat your hard-earn money.

CryptoLocker states that Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files... To obtain the private key for this computer, which will automatically decrypt fiels, you need to pay 300 USD / 300 EUR / similar amount in another currency. Any attempt to remove or damage this software will lead to the immediate destruction fo the private key by server.

CryptoLocker should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[Random]"

Remove Folders and Files
%UserProfile%\[random].exe
%UserProfile%\[random]
Wednesday, October 9, 2013

Remove AntimalwareRemove Antimalware

Remove Antimalware
Antimalware is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Antimalware is installed. Antimalware installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Antimalware will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Antimalware is to urge the user to register Antimalware by purchasing the full version of Antimalware so that to earn some money from the user. Antimalware cannot detect and remove any malware / virus / trojan.


Antimalware can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antimalware shown in the removal guide below. All files related to Antimalware must be deleted. Antimalware provide fake features such as Scan PC, Quarantine, Updates, Memory Protection, File System, Anti-Spyware and even Firewall, but none of them can really protect the computer from any kind of malwares.

Antimalware should be removed immediately!

Antimalware Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\
HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%Temp%\\.exe -r "%1" %*"
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" ="%Temp%\\.exe -r "%1" %*"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar "Enabled" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "EnabledV9" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:48738"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" = "%Temp%\\.exe"
HKEY_CLASSES_ROOT\.key "(Default)" = "regfile"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = 1

Remove Folders and Files
%temp%\[random]

Saturday, October 5, 2013

Remove Security Cleaner ProRemove Security Cleaner Pro

Remove Security Cleaner Pro
Security Cleaner Pro is a fake antivirus program created to urge the user to buy the full version of Security Cleaner Pro in order to earn some profit. Don't ever buy it as it is a cheat! Security Cleaner Pro install itself into the computer without confirmation of the users and it start automatically when the windows boot. Security Cleaner Pro produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Security Cleaner Pro is nothing more than a scam and plagiarized antispyware program

Security Cleaner Pro provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Settings, Complete PC Protection, Automating Updating, Protection against bank account fraud, Self-protection from malware etc. All of them cannot protect the computer from any kind of malware.

Security Cleaner Pro can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Security Cleaner Pro. Finally, all the file related to Security Cleaner Pro must be deleted from the hard drive. All of them has been shown in the removal guide below.

Security Cleaner Pro should be removed immediately!
Security Cleaner Pro Removal Guide
Kill Process
shl.exe

Delete Registry
HKCU\Software\Protection
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "ProtSoftware Inc" = "%AppData%\shl.exe"

Remove Folders and Files
%StartMenu%\Programs\Startup\shl.exe
%AppData%\shl.exe
File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\[Current User]\Start Menu\, and for Windows Vista/7/8 it is C:\Users\[Current User]\AppData\Roaming\Microsoft\Windows\Start Menu.