tag:blogger.com,1999:blog-33844668041019843232024-02-21T02:44:41.227+08:00Free of Virus & Computer TipsOlzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.comBlogger931125tag:blogger.com,1999:blog-3384466804101984323.post-47954922767633317852014-04-29T20:00:00.000+08:002014-04-29T19:20:07.348+08:00Remove Windows Internet Guard<div style="float: right;">
<img alt="Remove Windows Internet Guard" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Internet Guard</span></b><span class="Apple-style-span" style="font-size: large;"> is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Internet Guard WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Internet Guard will display this types of fake alert to urge the user to purchase the full version of Windows Internet Guard which cannot detect and remove any kind malware, trojan or virus.</span><br />
<br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Internet Guard </span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><br />
<span class="Apple-style-span" style="font-size: large;"><b>Windows Internet Guard</b> provide fake features such as </span><span style="font-size: large;">Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware</span><span class="Apple-style-span" style="font-size: large;">.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows Internet Guard</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Internet Guard Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-6841150285770237302014-04-29T19:30:00.000+08:002014-06-09T11:00:37.301+08:00Remove Fake Antivirus 1.99<span style="font-family: Georgia, serif; font-size: 130%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><b>Remove Fake Antivirus </b>is used to remove the most popular fake antiviruses. <a href="http://www.blogger.com/blogger.g?blogID=3384466804101984323" name="fa"></a>What is fake antivirus? This is a type of virus/malwares which disguises itself to be an antivirus. It infects your computer when you accidentally click a link in a website which will download the malware into your computer and run automatically when your windows boot. It scan the infected computer and produces fake alert warnings. It convinces you that your computer is in danger and urge you to purchase a useless copy of the fake antivirus. These fake antiviruses must be removed immediately.</span><span class="Apple-style-span" style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><br />
</span><br />
<div style="float: left;">
<br />
<b style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">Remove Fake Antivirus 1.99</b><span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;"> is used to remove:</span></span><br />
<ol>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-prime-shield.html">Windows Prime Shield</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-antivirus-plus-2014.html">AntiVirus Plus 2014</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/10/remove-security-cleaner-pro.html">Security Cleaner Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/09/remove-sinergia-cleaner.html">Sinergia Cleaner</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-titan-antivirus-2013.html">Titan Antivirus 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-antivirus-security-pro.html">Antivirus Security Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/07/attentive-antivirus.html">Attentive Antivirus</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/07/remove-antivirus-system.html">Antivirus System File</a></li>
<li><span style="font-family: Georgia, serif;"><a href="http://freeofvirus.blogspot.com/2013/04/remove-ion-internet-security.html">iON Internet Security</a></span></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2013/01/remove-smart-security.html" style="font-family: 'Times New Roman'; font-size: medium;">Smart Security</a> </li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2012/11/remove-pc-defender-plus.html" style="font-family: 'Times New Roman'; font-size: medium;">PC Defender Plus</a> </li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2012/06/remove-windows-proprietary-advisor.html">Windows Proprietary Advisor</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2012/02/remove-windows-smart-warden.html">Windows Smart Warden</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2012/02/remove-home-malware-cleaner.html">Home Malware Cleaner</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2012/02/remove-strong-malware-defender.html">Strong Malware Defender</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/11/remove-av-security-2012.html" target="_blank">AV Security 2012</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/09/remove-data-recovery.html" target="_blank">Data Recovery</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/08/remove-wolfram-antivirus.html" target="_blank">Wolfram Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/06/security-protection-removal-guide.html" target="_blank">Security Protection</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/03/windows-antivirus-2011-removal-guide.html" target="_blank">Windows Antivirus 2011</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/02/mega-antivirus-2012-removal-guide.html" target="_blank">Mega Antivirus 2012</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/01/avg-antivirus-2011-removal-guide.html" target="_blank">AVG Antivirus 2011</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2011/01/pc-security-2011-removal-guide.html" target="_blank">PC Security 2011</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/10/thinkpoint-removal-guide.html" target="_blank">ThinkPoint</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/11/thinksmart-removal-guide.html" target="_blank">ThinkSmart</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/09/antivirus-8-removal-guide.html" target="_blank">Antivirus 8</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/12/security-tool-removal-guide.html" target="_blank">Security Tool</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/08/my-security-shield-removal-guide.html" target="_blank">My Security Shield</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/antivirus-7-removal-guide.html" target="_blank">Antivirus 7</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/07/antivirus-gt-removal-guide.html" target="_blank">Antivirus GT</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/06/defense-center-removal-guide.html">Defense Center</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/06/protection-center-removal-guide.html">Protection Center</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/06/sysinternals-antivirus-removal-guide.html">Sysinternals Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/05/security-master-av-removal-guide.html">Security Master AV</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/cleanup-antivirus-removal-guide.html" target="_blank">CleanUp Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/security-toolbar-removal-guide.html" target="_blank">Security Toolbar</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/digital-protection-removal-guide.html" target="_blank">Digital Protection</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/xp-smart-security-2010-removal-guide.html" target="_blank">XP Smart Security 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/antivirus-suite-removal-guide.html" target="_blank">Antivirus Suite</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/vista-security-tool-2010-removal-guide.html" target="_blank">Vista Security Tool 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/04/total-xp-security-removal-guide.html" target="_blank">Total XP Security</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/security-central-removal-guide.html" target="_blank">Security Central</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/security-antivirus-removal-guide.html" target="_blank">Security Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/total-pc-defender-2010-removal-guide.html" target="_blank">Total PC Defender 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/03/vista-antivirus-pro-2010-removal-guide.html" target="_blank">Vista Antivirus Pro 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/your-pc-protector-removal-guide.html" target="_blank">Your PC Protector</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/vista-internet-security-2010-removal.html" target="_blank">Vista Internet Security 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/xp-guardian-removal-guide.html" target="_blank">XP Guardian</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/vista-guardian-2010-removal-guide.html" target="_blank">Vista Guardian 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/antivirus-soft-removal-guide.html" target="_blank">Antivirus Soft</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/xp-internet-security-2010-removal-guide.html" target="_blank">XP Internet Security 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/antivir-2010-removal-guide.html" target="_blank">Antivir 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/02/live-pc-care-removal-guide.html" target="_blank">Live PC Care</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/01/malware-defense-removal-guide.html" target="_blank">Malware Defense</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/01/internet-security-2010-removal-guide.html" target="_blank">Internet Security 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2010/01/desktop-defender-2010-removal-guide.html" target="_blank">Desktop Defender 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/12/antivirus-live-removal-guide.html" target="_blank">Antivirus Live</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/12/personal-security-removal-guide.html" target="_blank">Personal Security</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/10/cyber-security-removal-guide.html" target="_blank">Cyber Security</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/10/alpha-antivirus-is-rogue-anti-spyware.html" target="_blank">Alpha Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/11/windows-enterprise-suite-removal-guide.html" target="_blank">Windows Enterprise Suite</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/11/security-center-removal-guide.html" target="_blank">Security Center</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/11/control-center-removal-guide.html" target="_blank">Control Center</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/braviax-removal-guide.html" target="_blank">Braviax</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/windows-police-pro-removal-guide.html" target="_blank">Windows Police Pro</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/antivirus-pro-2010-removal-guide.html" target="_blank">Antivirus Pro 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/pc-antispyware-2010-removal-guide.html" target="_blank">PC Antispyware 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/fraudtoolmalwareprotectord-removal.html" target="_blank">FraudTool.MalwareProtector.d</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/winshield2009com-removal-guide.html" target="_blank">Winshield2009.com</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/09/green-av-removal-guide.html" target="_blank">Green AV</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/08/windows-protection-suite-removal-guide.html" target="_blank">Windows Protection Suite</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/08/total-security-2009-removal-guide.html" target="_blank"><span id="intelliTxt">Total Security 2009</span></a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/08/windows-system-suite-removal-guide.html" target="_blank"><span id="intelliTxt">Windows System Suite</span></a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/07/antivirusbest-antivirus-best-removal.html" target="_blank">Antivirus BEST</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/system-security-removal-guide.html" target="_blank">System Security</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/04/personal-antivirus-removal-tool.html" target="_blank">Personal Antivirus</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/07/system-security-2009-removal-guide.html" target="_blank">System Security 2009</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/06/remove-malware-doctor-malware-doc.html" target="_blank">Malware Doctor</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/07/antivirus-system-pro-removal-guide.html" target="_blank">Antivirus System Pro</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/07/winpc-defender-removal-guide.html" target="_blank">WinPC Defender</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/03/anti-virus-1-removal-tool.html" target="_blank">Anti-Virus-1</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/spyware-guard-2008-removal-tool.html" target="_blank">Spyware Guard 2008</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/system-guard-2009.html" target="_blank">System Guard 2009</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/antivirus-2009-removal-tool_17.html" target="_blank">Antivirus 2009</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/antivirus-2010-removal-tool.html" target="_blank">Antivirus 2010</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/antivirus-pro-2009-removal-tool.html" target="_blank">Antivirus Pro 2009</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/antivirus-360-removal-tool.html" target="_blank">Antivirus 360</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/02/ms-antispyware-2009-removal-tool.html" target="_blank">M</a><a href="http://freeofvirus.blogspot.com/2009/02/ms-antispyware-2009-removal-tool.html" target="_blank">S Antispyware 2009</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/12/iguardpc-or-i-guard-pc-removal-guide.html" target="_blank">IGuardPC or I Guard PC</a></li>
<li style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><a href="http://freeofvirus.blogspot.com/2009/12/additional-guard-removal-guide.html" target="_blank">Additional Guard</a></li>
</ol>
<div style="float: left; font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
<br /></div>
<div style="float: left; font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
<br /></div>
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">(all of them are fake antivirus which are</span></span><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">viruses or trojans) and other fake antivirus from your computer.</span></span><br />
<br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">Remove Fake Antivirus is used to remove</span></span><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">fake antivirus which are viruses or trojans.</span></span><br />
<br />
<b style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">CLICK <a href="http://olzen.info/RemoveFakeAntivirus.exe">HERE</a> TO DOWNLOAD</b><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">Latest updated :</span></span><br />
<a href="http://www.box.net/shared/qzy9ylb7mu" style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;" target="_blank">Link I</a> <a href="http://www.box.net/shared/p33obaovi6" style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;" target="_blank">Link II</a><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">md5: </span></span><span style="font-family: Georgia, serif;">cd4ad05b8d35029372278825ab46adf1</span><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">Pad File 1: </span></span><a href="http://sites.google.com/site/removefakeantivirus/rfa.xml" style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;" target="_blank">rfa.xml</a><br />
<span style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"><span style="font-size: 100%;">Pad File 2: </span></span><a href="http://olzen.info/rfa.xml" style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;" target="_blank">rfa.xml</a><br />
<br />
<b style="font-family: Georgia, serif; font-size: 100%; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">Recent Posts </b><br />
<ul>
<li><a href="http://freeofvirus.blogspot.com/2014/04/remove-windows-internet-guard.html">Remove Windows Internet Guard</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/04/remove-windows-internet-watchdog.html">Remove Windows Internet Watchdog</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-web-watchdog.html">Remove Windows Web Watchdog</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-antibreach-patrol.html">Remove Windows AntiBreach Patrol</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-futurro-antivirus-software.html">Remove Futurro Antivirus Software</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-antivirus-patrol.html">Remove Windows Antivirus Patrol</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-pro-defence-kit.html">Remove Windows Pro Defence Kit</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-defence-master.html">Remove Windows Defence Master</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-security-master.html">Remove Windows Security Master</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-defence-unit.html">Remove Windows Defence Unit</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-protection-booster.html">Remove Windows Protection Booster</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-antivirus-booster.html">Remove Windows AntiVirus Booster</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/03/remove-windows-antivirus-helper.html">Remove Antivirus Helper</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-antibreach-helper.html">Remove Windows AntiBreach Helper</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-antivirus-suite.html">Remove Windows Antivirus Suite</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-antibreach-suite.html">Remove Windows AntiBreach Suite</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-antibreach-tool.html">Remove Windows AntiBreach Tool</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-paramount-protection.html">Remove Windows Paramount Protection</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-antivirus-master.html">Remove Windows Antivirus Master</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/02/remove-windows-safety-master.html">Remove Windows Safety Master</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-ultimate-booster.html">Remove Windows Ultimate Booster</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-prime-accelerator.html">Remove Windows Prime Accelerator</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-prime-booster.html">Remove Windows Prime Booster</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-prime-shield.html">Remove Windows Prime Shield</a></li>
<li><a href="http://freeofvirus.blogspot.com/2014/01/remove-windows-virtual-protector.html">Remove Windows Virtual Protector</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-accelerator-pro.html">Remove Windows Accelerator Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-premium-shield.html">Remove Windows Premium Shield</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-efficiency-console.html">Remove Windows Efficiency Console</a> </li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-activity-booster.html">Remove Windows Activity Booster</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-smart-guard-protection.html">Remove Smart Guard Protection</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-antivirus-plus-2014.html">Remove Antivirus Plus 2014</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-warding-module.html">Remove Windows Warding Module</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/12/remove-windows-active-hotspot.html">Remove Windows Active HotSpot</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/11/remove-windows-expert-console.html">Remove Windows Expert Console</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/11/remove-windows-cleaning-toolkit.html">Remove Windows Cleaning Toolkit</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/10/remove-antimalware_6517.html">Remove Antimalware</a> </li>
<li><a href="http://freeofvirus.blogspot.com/2013/10/remove-security-cleaner-pro.html">Remove Security Cleaner Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/09/remove-sinergia-cleaner.html">Remove Sinergia Cleaner</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-titan-antivirus-2013.html">Remove Titan Antivirus 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-antivirus-security-pro.html">Remove Antivirus Security Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-antiviral-factory-2013.html">Remove Antiviral Factory 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-pc-defender-360.html">Remove PC Defender 360</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/08/remove-live-security-professional.html">Remove Live Security Professional</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/07/attentive-antivirus.html">Remove Attentive Antivirus</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/07/remove-antivirus-system.html">Remove Antivirus System</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/06/remove-pc-health-boost.html">Remove PC Health Boost</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/06/remove-internet-security-premium.html">Remove Internet Security Premium</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/06/remove-system-doctor-2014.html">Remove System Doctor 2014</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/04/win-7-security-cleaner-pro-is-fake.html">Remove Win 7 Security Cleaner Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/04/system-care-antivirus.html">Remove System Care Antivirus</a></li>
<li>Remove <a href="http://freeofvirus.blogspot.com/2013/04/remove-ion-internet-security.html" style="font-family: Georgia, serif;">iON Internet Security</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-avasoft-professional-antivirus.html">Remove AVASoft Professional Antivirus</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-vista-security-cleaner-pro.html">Remove Vista Security Cleaner Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-xp-smart-defender-pro.html">Remove XP Smart Defender Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-win-7-smart-defender-pro.html">Remove Win 7 Smart Defender Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-vista-smart-defender-pro.html">Remove Vista Smart Defender Pro</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-vista-smart-defender.html">Remove Vista Smart Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-win-7-smart-defender.html">Remove Win 7 Smart Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/03/remove-xp-smart-defender.html">Remove XP Smart Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/02/remove-vista-defender-plus.html">Remove Vista Defender Plus</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/02/remove-win-7-defender-plus.html">Remove Win 7Defender Plus </a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/02/remove-xp-defender-plus.html">Remove XP Defender Plus </a> </li>
<li><a href="http://freeofvirus.blogspot.com/2013/01/remove-disk-antivirus-professional.html">Remove Disk Antivirus Professional</a></li>
<li><a href="http://freeofvirus.blogspot.com/2013/01/remove-smart-security.html">Remove Smart Security</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-xp-security-plus-2013.html">Remove XP Security Plus 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-vista-security-plus-2013.html">Remove Vista Security Plus 2013</a> </li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-win-7-defender.html">Remove Win 7 Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-xp-defender.html">Remove XP Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-vista-defender.html">Remove Vista Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-win-server-defender.html">Remove Win Server Defender</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-win-7-home-security-pro-2013.html">Remove Win 7 Home Security Pro 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-super-av-2013.html">Remove Super AV 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-microsoft-antivirus-2013.html">Remove Microsoft Antivirus 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-vista-internet-security-pro-2013.html">Remove Vista Internet Security Pro 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/xp-internet-security-pro-2013.html">Remove XP Internet Security Pro 2013</a></li>
<li><a href="http://freeofvirus.blogspot.com/2012/12/remove-win-7-internet-security-pro-2013.html">Remove Win 7 Internet Security Pro 2013</a> </li>
<li><a href="http://freeofvirus.blogspot.com/2012/11/remove-pc-defender-plus.html">Remove PC Defender Plus</a></li>
</ul>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com62tag:blogger.com,1999:blog-3384466804101984323.post-79217679737949113492014-04-02T09:53:00.002+08:002014-04-02T09:53:41.792+08:00Remove Windows Internet Watchdog<div style="float: right;"><img alt="Remove Windows Internet Watchdog" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Internet Watchdog </span></b><span class="Apple-style-span" style="font-size: large;">is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Internet Watchdog cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Internet Watchdog is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Internet Watchdog. Windows Internet Watchdog will recommend the user to purchase the full version of Windows Internet Watchdog in order to remove all the detected threats. Do not buy Windows Internet Watchdog as it can do nothing.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><b><span class="Apple-style-span"></span></b><br />
<div><span class="Apple-style-span" style="font-size: large;"><b>Windows Internet Watchdog</b> provide fake features such as Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malwares.</span></div><div><span class="Apple-style-span" style="font-size: large;"><b><br />
</b></span></div><div><span class="Apple-style-span" style="font-size: large;"><b><span class="Apple-style-span" style="font-weight: normal;"><b></b></span>Windows Internet Watchdog</b> </span><span class="Apple-style-span" style="font-size: large;">can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Internet Watchdog. These can be done by using </span><a href="http://www.blogger.com/posts.g?blogID=3384466804101984323" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">.</span><br />
<div style="float: left;"><span class="Apple-style-span"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows Internet Watchdog </span></b><span class="Apple-style-span" style="font-size: large;">should be removed immediately!</span><br />
<br />
<b>Windows Internet Watchdog Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Internet Watchdog.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Internet Watchdog.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads"></div></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-52572268487371156932014-03-29T22:44:00.002+08:002014-03-29T22:44:19.655+08:00Remove Windows Web Watchdog<div style="float: right;"><img alt="Remove Windows Web Watchdog" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Web Watchdog </span></b><span class="Apple-style-span" style="font-size: large;">is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Web Watchdog cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Web Watchdog is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Web Watchdog. Windows Web Watchdog will recommend the user to purchase the full version of Windows Web Watchdog in order to remove all the detected threats. Do not buy Windows Web Watchdog as it can do nothing.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><b><span class="Apple-style-span"></span></b><br />
<div><span class="Apple-style-span" style="font-size: large;"><b>Windows Web Watchdog</b> provide fake features such as Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malwares.</span></div><div><span class="Apple-style-span" style="font-size: large;"><b><br />
</b></span></div><div><span class="Apple-style-span" style="font-size: large;"><b><span class="Apple-style-span" style="font-weight: normal;"><b></b></span>Windows Web Watchdog</b> </span><span class="Apple-style-span" style="font-size: large;">can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Web Watchdog. These can be done by using </span><a href="http://www.blogger.com/posts.g?blogID=3384466804101984323" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">.</span><br />
<div style="float: left;"><span class="Apple-style-span"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows Web Watchdog </span></b><span class="Apple-style-span" style="font-size: large;">should be removed immediately!</span><br />
<br />
<b>Windows Web Watchdog Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Web Watchdog.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Web Watchdog.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads"></div></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-68152061466303531512014-03-25T10:09:00.001+08:002014-03-25T10:09:06.615+08:00Remove Windows AntiBreach Patrol<div style="float: right;">
<img alt="Remove Windows AntiBreach Patrol" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Patrol </span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows AntiBreach Patrol . pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows AntiBreach Patrol is installed on the computer, it will start automatically when Windows boot. Then Windows AntiBreach Patrol will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows AntiBreach Patrol will repeatedly shows the pop ups to urge the user to purchase the full version of Windows AntiBreach Patrol so that to remove all the threats. However, Windows AntiBreach Patrol cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Patrol </span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows AntiBreach Patrol shown in the removal guide below. Windows AntiBreach Patrol DLL Files should be unregistered too (see removal guide). All files related to Windows AntiBreach Patrol must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;"><b>Windows AntiBreach Patrol </b> provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Patrol </span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows AntiBreach Patrol Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows AntiBreach Patrol .lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Patrol .lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-47993945054765521262014-03-24T21:30:00.000+08:002014-03-24T19:41:12.012+08:00Remove Windows Antivirus Patrol<div style="float: right;">
<img alt="Windows Antivirus Patrol Removal Guide" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Patrol</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Antivirus Patrol. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Antivirus Patrol is installed on the computer, it will start automatically when Windows boot. Then Windows Antivirus Patrol will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Antivirus Patrol will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Antivirus Patrol so that to remove all the threats. However, Windows Antivirus Patrol cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Patrol</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Antivirus Patrol shown in the removal guide below. Windows Antivirus Patrol DLL Files should be unregistered too (see removal guide). All files related to Windows Antivirus Patrol must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;"><b>Windows Antivirus Patrol</b> provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Patrol</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Antivirus Patrol Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Antivirus Patrol.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Patrol.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-10994698013865481652014-03-21T09:23:00.002+08:002014-03-21T09:23:55.969+08:00Remove Futurro Antivirus Software<div style="float: right;"><img alt="Remove Futurro Antivirus Software" src="http://olzen.info/rfa.png" /></div><span class="Apple-style-span" style="font-size: large;"><b>Futurro Antivirus Software</b> is a <a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank">fake antivirus</a> program which come with a rootkit to prevent many program from running on the computer. Futurro Antivirus Software cannot detect and remove any kind of virus, malware and trojan. What Futurro Antivirus Software can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Futurro Antivirus Software will urge the user to purchase the full version of Futurro Antivirus Software to remove all the detected malwares, viruses and trojan. Bare in mind that Futurro Antivirus Software CANNOT detect and remove any malware, virus and trojan</span>.<br />
<br />
<div style="float: left;"><span class="Apple-style-span" style="font-size: large;"> <b>Futurro Antivirus Software</b> provide fake features such as System Scan, Protection, Privacy, Update, Settings, etc. All of them cannot protect the computer from any kind of malware.<br />
<br />
<b>Futurro Antivirus Software</b> can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.<br />
<br />
<b>Futurro Antivirus Software</b> should be removed immediately!</span><br />
<br />
<b>Futurro Antivirus Software Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\AVInfo<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AVSoft"<br />
<br />
<u>Remove Folders and Files</u><br />
c:\Documents and Settings\All Users\Application Data\[random]<br />
c:\Documents and Settings\All Users\Application Data\[random].exe<br />
<br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-753123436057865322014-03-19T06:49:00.003+08:002014-03-19T06:49:21.622+08:00Remove Windows Pro Defence Kit<div style="float: right;">
<img alt="Remove Windows Pro Defence Kit" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Pro Defence Kit</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Pro Defence Kit. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Pro Defence Kit is installed on the computer, it will start automatically when Windows boot. Then Windows Pro Defence Kit will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Pro Defence Kit will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Pro Defence Kit so that to remove all the threats. However, Windows Pro Defence Kit cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Pro Defence Kit</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Pro Defence Kit shown in the removal guide below. Windows Pro Defence Kit DLL Files should be unregistered too (see removal guide). All files related to Windows Pro Defence Kit must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;"><b>Windows Pro Defence Kit</b> provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Pro Defence Kit</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Pro Defence Kit Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Pro Defence Kit.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Pro Defence Kit.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-29829900054740708112014-03-15T08:38:00.002+08:002014-03-15T08:38:58.007+08:00Remove Windows Defence Master<div style="float: right;"><img alt="Remove Windows Defence Master" src="http://olzen.info/rfa.png" /></div><span style="font-size: 130%;"><b>Windows Defence Master</b> is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Windows Defence Master start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Windows Defence Master will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.</span><br />
<div style="float: left;"><span style="font-size: 130%;"><b><br />
</b></span> <span style="font-size: 130%;"><b>Windows Defence Master</b> provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malware.</span><br />
<span style="font-size: 130%;"><b><br />
</b></span> <span style="font-size: 130%;"><b>Windows Defence Master</b> can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.</span><br />
<span style="font-size: 130%;"><br />
</span> <span style="font-size: 130%;"><b>Windows Defence Master</b> must be removed from your computer immediately!</span><br />
<span style="font-size: 130%;"><br />
</span> <span style="font-size: 130%;"><b>Removal Guide</b></span><br />
<br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<span style="font-size: 130%;"> <br />
</span><br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-6845280610610277692014-03-11T23:05:00.000+08:002014-03-11T23:05:04.241+08:00Remove Windows Security Master<div style="float: right;">
<img alt="Remove Windows Security Master" src="http://olzen.info/rfa.png" /></div>
<span style="font-size: 130%;"><b>Windows Security Master</b> is a fake antivirus program created to urge the user to buy the full version of Windows Security Master in order to earn some profit. Don't ever purchase it as it is a cheat! Windows Security Master install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Security Master produce fake virus warning alert consistently to force the user to buy the full version so that to remove the malwares. We must uninstall Windows Security Master as it bring nothing but provide a lot of rubbish into the computer.</span><br />
<br />
<div style="float: left;">
<span style="font-size: 130%;"><b>Windows Security Master</b> provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection, Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span style="font-size: 130%;"></span><br />
<span style="font-size: 130%;"><b>Windows Security Master </b>can be removed by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;"> to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Security Master. Finally, all the file related to Windows Security Master must be deleted from the hard drive. All of them has been shown in the removal guide below.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <span style="font-size: 130%;"><b>Windows Security Master</b> should be removed immediately!</span><br />
<b>Windows Security Master Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-35392958828884218502014-03-09T08:30:00.002+08:002014-03-09T08:30:54.816+08:00Remove Windows Defence Unit<div style="float: right;">
<img alt="Remove Windows Defence Unit" src="http://olzen.info/rfa.png" /></div>
<span style="font-size: 130%;"><b>Windows Defence Unit</b> is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Windows Defence Unit start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Windows Defence Unit will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.</span><br />
<div style="float: left;">
<span style="font-size: 130%;"><b><br />
</b></span> <span style="font-size: 130%;"><b>Windows Defence Unit</b> provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malware.</span><br />
<span style="font-size: 130%;"><b><br />
</b></span> <span style="font-size: 130%;"><b>Windows Defence Unit</b> can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.</span><br />
<span style="font-size: 130%;"><br />
</span> <span style="font-size: 130%;"><b>Windows Defence Unit</b> must be removed from your computer immediately!</span><br />
<span style="font-size: 130%;"><br />
</span> <span style="font-size: 130%;"><b>Removal Guide</b></span><br />
<br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<span style="font-size: 130%;">
<br />
</span><br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-5604600173638977502014-03-06T10:03:00.000+08:002014-03-06T10:03:00.058+08:00Remove Windows Protection Booster<div style="float: right;">
<img alt="Remove Windows Protection Booster" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Protection Booster</span></b><span class="Apple-style-span" style="font-size: large;"> is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Protection Booster WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Protection Booster will display this types of fake alert to urge the user to purchase the full version of Windows Protection Booster which cannot detect and remove any kind malware, trojan or virus.</span><br />
<br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Protection Booster </span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><br />
<span class="Apple-style-span" style="font-size: large;"><b>Windows Protection Booster</b> provide fake features such as </span><span style="font-size: large;">Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware</span><span class="Apple-style-span" style="font-size: large;">.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows Protection Booster</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Protection Booster Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-32881652801541588742014-03-02T08:04:00.000+08:002014-03-02T08:04:05.295+08:00Remove Windows AntiVirus Booster<div style="float: right;"><img alt="Windows AntiVirus Booster Removal Guide" src="http://olzen.info/rfa.png" /></div><span class="Apple-style-span" style="font-size: large;"><b>Windows AntiVirus Booster</b> is a <a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank">fake antivirus</a> program which come with a rootkit to prevent many program from running on the computer. Windows AntiVirus Booster cannot detect and remove any kind of virus, malware and trojan. What Windows AntiVirus Booster can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Windows AntiVirus Booster will urge the user to purchase the full version of Windows AntiVirus Booster to remove all the detected malwares, viruses and trojan. Bare in mind that Windows AntiVirus Booster CANNOT detect and remove any malware, virus and trojan</span>.<br />
<br />
<div style="float: left;"><span class="Apple-style-span" style="font-size: large;"><br />
<b>Windows AntiVirus Booster</b> provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.<br />
<br />
<b>Windows AntiVirus Booster</b> can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.<br />
<br />
<b>Windows AntiVirus Booster</b> should be removed immediately!</span><br />
<br />
<b>Windows AntiVirus Booster Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0 <br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-76196409219417613772014-03-01T08:38:00.002+08:002014-03-01T08:38:34.242+08:00Remove Windows Antivirus Helper<div style="float: right;">
<img alt="Remove Windows Antivirus Helper" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Helper </span></b><span class="Apple-style-span" style="font-size: large;">is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Antivirus Helper cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Antivirus Helper is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Antivirus Helper. Windows Antivirus Helper will recommend the user to purchase the full version of Windows Antivirus Helper in order to remove all the detected threats. Do not buy Windows Antivirus Helper as it can do nothing.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><b><span class="Apple-style-span"></span></b><br />
<div>
<span class="Apple-style-span" style="font-size: large;"><b>Windows Antivirus Helper</b> provide fake features such as Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malwares.</span></div>
<div>
<span class="Apple-style-span" style="font-size: large;"><b><br />
</b></span></div>
<div>
<span class="Apple-style-span" style="font-size: large;"><b><span class="Apple-style-span" style="font-weight: normal;"><b></b></span>Windows Antivirus Helper</b> </span><span class="Apple-style-span" style="font-size: large;">can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Antivirus Helper. These can be done by using </span><a href="http://www.blogger.com/posts.g?blogID=3384466804101984323" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">.</span><br />
<div style="float: left;">
<span class="Apple-style-span"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Helper </span></b><span class="Apple-style-span" style="font-size: large;">should be removed immediately!</span><br />
<br />
<b>Windows Antivirus Helper Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Antivirus Helper.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Helper.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads">
</div>
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-89512670917920803382014-02-23T20:37:00.000+08:002014-02-23T20:37:49.995+08:00Remove Windows Antivirus Suite<div style="float: right;"><img alt="Windows Antivirus Suite Removal Guide" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Suite</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Antivirus Suite. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Antivirus Suite is installed on the computer, it will start automatically when Windows boot. Then Windows Antivirus Suite will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Antivirus Suite will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Antivirus Suite so that to remove all the threats. However, Windows Antivirus Suite cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;"><b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Suite</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Antivirus Suite shown in the removal guide below. Windows Antivirus Suite DLL Files should be unregistered too (see removal guide). All files related to Windows Antivirus Suite must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;">Windows Antivirus Suite provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Suite</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Antivirus Suite Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows Antivirus Suite.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Suite.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div><br />
</div><br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-56877098282340534322014-02-23T20:33:00.002+08:002014-03-19T06:47:25.649+08:00Remove Windows AntiBreach Suite<div style="float: right;">
<img alt="Windows AntiBreach Suite Removal Guide" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Suite</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows AntiBreach Suite. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows AntiBreach Suite is installed on the computer, it will start automatically when Windows boot. Then Windows AntiBreach Suite will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows AntiBreach Suite will repeatedly shows the pop ups to urge the user to purchase the full version of Windows AntiBreach Suite so that to remove all the threats. However, Windows AntiBreach Suite cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Suite</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows AntiBreach Suite shown in the removal guide below. Windows AntiBreach Suite DLL Files should be unregistered too (see removal guide). All files related to Windows AntiBreach Suite must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;"><b>Windows AntiBreach Suite</b> provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Suite</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows AntiBreach Suite Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows AntiBreach Suite.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Suite.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-6948071939595792662014-02-23T20:31:00.001+08:002014-02-23T20:31:53.056+08:00Remove Windows AntiBreach Helper<div style="float: right;">
<img alt="Windows AntiBreach Helper Removal Guide" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Helper</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows AntiBreach Helper. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows AntiBreach Helper is installed on the computer, it will start automatically when Windows boot. Then Windows AntiBreach Helper will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows AntiBreach Helper will repeatedly shows the pop ups to urge the user to purchase the full version of Windows AntiBreach Helper so that to remove all the threats. However, Windows AntiBreach Helper cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Helper</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows AntiBreach Helper shown in the removal guide below. Windows AntiBreach Helper DLL Files should be unregistered too (see removal guide). All files related to Windows AntiBreach Helper must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;">Windows AntiBreach Helper provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Helper</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows AntiBreach Helper Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys <br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
%UserProfile%\Desktop\Windows AntiBreach Helper.lnk<br />
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnk<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-16440067504892230552014-02-15T09:08:00.002+08:002014-02-15T09:08:45.951+08:00Remove Windows AntiBreach Tool<div style="float: right;">
<img alt="Remove Windows AntiBreach Tool" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Tool </span></b><span class="Apple-style-span" style="font-size: large;">is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows AntiBreach Tool cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows AntiBreach Tool is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows AntiBreach Tool. Windows AntiBreach Tool will recommend the user to purchase the full version of Windows AntiBreach Tool in order to remove all the detected threats. Do not buy Windows AntiBreach Tool as it can do nothing.</span><br />
<span class="Apple-style-span" style="font-size: large;"></span><b><span class="Apple-style-span"></span></b><br />
<div>
<span class="Apple-style-span" style="font-size: large;"><b>Windows AntiBreach Tool</b> provide fake features such as </span><span style="font-size: large;">Firewall, Automatic Update, Antivirus Protection, Anti-Phising, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan etc. All of them cannot protect the computer from any kind of malware.</span></div>
<div>
<span class="Apple-style-span" style="font-size: large;"><b><br />
</b></span></div>
<div>
<span class="Apple-style-span" style="font-size: large;"><b><span class="Apple-style-span" style="font-weight: normal;"><b></b></span>Windows AntiBreach Tool</b> </span><span class="Apple-style-span" style="font-size: large;">can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows AntiBreach Tool. These can be done by using </span><a href="http://www.blogger.com/posts.g?blogID=3384466804101984323" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">.</span><br />
<div style="float: left;">
<span class="Apple-style-span"><br />
</span><b><span class="Apple-style-span" style="font-size: large;">Windows AntiBreach Tool </span></b><span class="Apple-style-span" style="font-size: large;">should be removed immediately!</span><br />
<br />
<b>Windows AntiBreach Tool Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PrSft"=%AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads">
</div>
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-70739678728508527242014-02-11T09:25:00.002+08:002014-02-11T09:25:05.695+08:00Remove Windows Paramount Protection<div style="float: right;"><img alt="Remove Windows Paramount Protection" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Paramount Protection</span></b><span class="Apple-style-span" style="font-size: large;"> is a fake antivirus program which intend to urge the user whose computer is infected by Windows Paramount Protection to purchase the full version of Windows Paramount Protection. Windows Paramount Protection produces fake alert in order to cheat the user. Windows Paramount Protection installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Paramount Protection will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Paramount Protection to remove all the malwares.</span><br />
<br />
<div style="float: left;"><b><span class="Apple-style-span" style="font-size: large;">Windows Paramount Protection</span></b><span class="Apple-style-span" style="font-size: large;"> provide fake features such as Firewall, Automatic Update, Antivirus Protection, Anti-Phising, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan etc. All of them cannot protect the computer from any kind of malware.</span><br />
<br />
<span style="font-size: large;"><b>Windows Paramount Protection</b> is a scareware program from the Rogue.FakeVimes family of computer infections. This program is considered a rogue anti-spyware program because it does not allow you to access your Windows desktop, automatically terminates legitimate applications, and displays false scan results and security alerts that are designed to scare you into purchasing the program. This program will also be configured to start automatically before your Windows desktop is shown, which makes your computer unusable until the infection is removed. Windows Paramount Protection is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.</span><br />
<br />
<span class="Apple-style-span" style="font-size: large;"></span><br />
<b style="font-size: x-large;">Windows Paramount Protection</b><span style="font-size: large;"> can be removed by stopping its processes </span><random and="" be="" below.="" by="" cleaning="" exe="" file.="" following="" guide="" kill="" registry="" remember="" removal="" restored="" settings="" should="" span="" the="" to="" toolkit.exe="" user="" windows=""><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span><b style="font-size: x-large;"><span class="Apple-style-span" style="font-size: large;">Windows Paramount Protection</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b style="font-size: x-large;">Windows Paramount Protection Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PrSft"=%AppData%\svc-<random>.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-<random>.exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders ad Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
</random></random></random><br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-37277774350155232142014-02-11T09:24:00.003+08:002014-02-11T09:24:45.735+08:00Remove Windows Antivirus Master<div style="float: right;"><img alt="Remove Windows Antivirus Master" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Master</span></b><span class="Apple-style-span" style="font-size: large;"> is a fake antivirus program which intend to urge the user whose computer is infected by Windows Antivirus Master to purchase the full version of Windows Antivirus Master. Windows Antivirus Master produces fake alert in order to cheat the user. Windows Antivirus Master installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Antivirus Master will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Antivirus Master to remove all the malwares.</span><br />
<br />
<div style="float: left;"><b><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Master</span></b><span class="Apple-style-span" style="font-size: large;"> provide fake features such as Firewall, Automatic Update, Antivirus Protection, Anti-Phising, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan etc. All of them cannot protect the computer from any kind of malware.</span><br />
<br />
<span style="font-size: large;"><b>Windows Antivirus Master</b> is a scareware program from the Rogue.FakeVimes family of computer infections. This program is considered a rogue anti-spyware program because it does not allow you to access your Windows desktop, automatically terminates legitimate applications, and displays false scan results and security alerts that are designed to scare you into purchasing the program. This program will also be configured to start automatically before your Windows desktop is shown, which makes your computer unusable until the infection is removed. Windows Antivirus Master is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.</span><br />
<br />
<span class="Apple-style-span" style="font-size: large;"></span><br />
<b style="font-size: x-large;">Windows Antivirus Master</b><span style="font-size: large;"> can be removed by stopping its processes </span><random and="" be="" below.="" by="" cleaning="" exe="" file.="" following="" guide="" kill="" registry="" remember="" removal="" restored="" settings="" should="" span="" the="" to="" toolkit.exe="" user="" windows=""><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span><b style="font-size: x-large;"><span class="Apple-style-span" style="font-size: large;">Windows Antivirus Master</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b style="font-size: x-large;">Windows Antivirus Master Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PrSft"=%AppData%\svc-<random>.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-<random>.exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders ad Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
</random></random></random><br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-63322916947014913542014-02-04T08:44:00.003+08:002014-02-04T08:44:32.595+08:00Remove Windows Safety Master<div style="float: right;">
<img alt="Remove Windows Safety Master" src="http://olzen.info/rfa.png" /></div>
<span style="font-size: 130%;"><b>Windows Safety Master</b> is a fake antivirus program created to urge the user to buy the full version of Windows Safety Master in order to earn some profit. Don't ever buy it as it is a cheat! Windows Safety Master install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Safety Master produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows Safety Master is nothing more than a scam and plagiarized antispyware program</span><br />
<br />
<div style="float: left;">
<span style="font-size: 130%;"><b>Windows Safety Master</b> provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span style="font-size: 130%;"></span><br />
<span style="font-size: 130%;"><b>Windows Safety Master </b>can be removed by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;"> to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Safety Master. Finally, all the file related to Windows Safety Master must be deleted from the hard drive. All of them has been shown in the removal guide below.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <span style="font-size: 130%;"><b>Windows Safety Master</b> should be removed immediately!</span><br />
<span style="font-size: 130%;"><br />
</span> <b>Windows Safety Master Removal Guide</b><br />
<u>Kill Process</u><br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-<random>.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-<random>.exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
</random></random><br />
<div>
<br /></div>
<br />
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-42362303477085578252014-01-28T10:05:00.001+08:002014-01-28T10:05:14.913+08:00Remove Windows Ultimate Booster<div style="float: right;"><img alt="Windows Ultimate Booster Removal Guide" src="http://olzen.info/rfa.png" /></div><span class="Apple-style-span" style="font-size: large;"><b>Windows Ultimate Booster</b> is a <a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank">fake antivirus</a> program which come with a rootkit to prevent many program from running on the computer. Windows Ultimate Booster cannot detect and remove any kind of virus, malware and trojan. What Windows Ultimate Booster can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Windows Ultimate Booster will urge the user to purchase the full version of Windows Ultimate Booster to remove all the detected malwares, viruses and trojan. Bare in mind that Windows Ultimate Booster CANNOT detect and remove any malware, virus and trojan</span>.<br />
<br />
<div style="float: left;"><span class="Apple-style-span" style="font-size: large;"><br />
<b>Windows Ultimate Booster</b> provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.<br />
<br />
<b>Windows Ultimate Booster</b> can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.<br />
<br />
<b>Windows Ultimate Booster</b> should be removed immediately!</span><br />
<br />
<b>Windows Ultimate Booster Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0 <br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-[random].exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-91005955712253073002014-01-22T20:28:00.002+08:002014-01-22T20:28:44.670+08:00Remove Windows Prime Accelerator<div style="float: right;"><img alt="Windows Prime Accelerator Removal Guide" src="http://olzen.info/rfa.png" /></div><b><span class="Apple-style-span" style="font-size: large;">Windows Prime Accelerator</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Prime Accelerator. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Prime Accelerator is installed on the computer, it will start automatically when Windows boot. Then Windows Prime Accelerator will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Prime Accelerator will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Prime Accelerator so that to remove all the threats. However, Windows Prime Accelerator cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;"><b><span class="Apple-style-span" style="font-size: large;">Windows Prime Accelerator</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Prime Accelerator shown in the removal guide below. Windows Prime Accelerator DLL Files should be unregistered too (see removal guide). All files related to Windows Prime Accelerator must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;">Windows Prime Accelerator provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Prime Accelerator</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Prime Accelerator Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-lefx.exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-lefx.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\safe-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-lefx.exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div><br />
</div><br />
<div id="postads"></div></div>Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-29590750538460107722014-01-15T18:00:00.002+08:002014-01-15T18:00:14.568+08:00Remove Windows Prime Booster<div style="float: right;">
<img alt="Windows Prime Booster Removal Guide" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Prime Booster</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Prime Booster. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Prime Booster is installed on the computer, it will start automatically when Windows boot. Then Windows Prime Booster will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Prime Booster will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Prime Booster so that to remove all the threats. However, Windows Prime Booster cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Prime Booster</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Prime Booster shown in the removal guide below. Windows Prime Booster DLL Files should be unregistered too (see removal guide). All files related to Windows Prime Booster must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;"><b>Windows Prime Booster</b> provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Prime Booster</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Prime Booster Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
safe-[random].exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\safe-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = "0"<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\safe-[random].exe<br />
%AppData%\result1.db<br />
%UserProfile%\Desktop\Windows Prime Booster.lnk<br />
%CommonStartMenu%\Programs\Windows Prime Booster.lnk<br />
<br />
File Location Notes:<br />
<br />
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<br />
%CommonStartMenu% refers to the Windows Start Menu for All Users. Any programs or files located in the All Users Start menu will appear in the Start Menu for all user accounts on the computer. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Start Menu\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData\Microsoft\Windows\Start Menu\.<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0tag:blogger.com,1999:blog-3384466804101984323.post-16343751822909494352014-01-15T17:55:00.003+08:002014-01-15T17:55:30.317+08:00Remove Windows Prime Shield<div style="float: right;">
<img alt="Windows Prime Shield Removal Guide" src="http://olzen.info/rfa.png" /></div>
<b><span class="Apple-style-span" style="font-size: large;">Windows Prime Shield</span></b><span class="Apple-style-span" style="font-size: large;"> is a </span><a href="http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html#fa" target="_blank"><span class="Apple-style-span" style="font-size: large;">fake antivirus</span></a><span class="Apple-style-span" style="font-size: large;"> program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Prime Shield. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Prime Shield is installed on the computer, it will start automatically when Windows boot. Then Windows Prime Shield will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Prime Shield will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Prime Shield so that to remove all the threats. However, Windows Prime Shield cannot detect and remove any kind of virus, malware and trojan.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <br />
<div style="float: left;">
<b><span class="Apple-style-span" style="font-size: large;">Windows Prime Shield</span></b><span class="Apple-style-span" style="font-size: large;"> can be removed by stopping the processes and removing the files ([random].exe) by using </span><a href="http://freeofvirus.blogspot.com/2010/11/emsisoft-hijackfree.html" target="_blank"><span class="Apple-style-span" style="font-size: large;">Emsisoft HiJackFree</span></a><span class="Apple-style-span" style="font-size: large;">. Then the user should remove the registry entries added or modified by Windows Prime Shield shown in the removal guide below. Windows Prime Shield DLL Files should be unregistered too (see removal guide). All files related to Windows Prime Shield must be deleted. </span><br />
<span style="font-size: large;"><br />
</span> <span style="font-size: large;">Windows Prime Shield provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.</span><br />
<span class="Apple-style-span" style="font-size: large;"><br />
</span> <b><span class="Apple-style-span" style="font-size: large;">Windows Prime Shield</span></b><span class="Apple-style-span" style="font-size: large;"> should be removed immediately!</span><br />
<br />
<b>Windows Prime Shield Removal Guide</b><br />
<u>Kill Process</u><br />
(<a href="http://freeofvirus.blogspot.com/2009/02/how-to-kill-process-effectively.html" target="_blank">How to kill a process effectively?</a>)<br />
svc-lefx.exe<br />
<br />
<u>Delete Registry</u><br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-lefx.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\safe-[random].exe"<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0<br />
<br />
<u>Remove Folders and Files</u><br />
%AppData%\svc-lefx.exe<br />
%AppData%\data.sec<br />
<br />
File Location Notes:<br />
<br />
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.<br />
<div>
<br /></div>
<br />
<div id="postads">
</div>
</div>
Olzenhttp://www.blogger.com/profile/08667460576433825151noreply@blogger.com0