ONLINE ANTIVIRUS REMOVAL

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 30 August 2012

Remove Win 8 Security System

Posted on 16:25 by Unknown
Remove Win 8 Security System
Win 8 Security System is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Win 8 Security System cannot detect and remove any kind of virus, malware or trojan on the computer. When Win 8 Security System is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Win 8 Security System. Win 8 Security System will recommend the user to purchase the full version of Win 8 Security System in order to remove all the detected threats. Do not buy Win 8 Security System as it can do nothing.

Win 8 Security System provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Protection, Firewall, Complete PC Protection, Automatic Updating, Protection against bank account fraud and Self protection from malware.

Win 8 Security System can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Win 8 Security System. These can be done by using Emsisoft HiJackFree.

Win 8 Security System should be removed immediately!

Win 8 Security System Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 "*" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 ":Range" = "127.0.0.1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\Root\LEGACY_[random]

Remove Folders and Files
%LocalAppData%\[random].exe
%StartMenu%\Programs\Win 8 Security System
%System%\drivers\[random].sys
%UserProfile%\Desktop\Buy Win 8 Security System.lnk
Read More
Posted in Removal Guide | No comments

Wednesday, 29 August 2012

Remove PC Utility Kit

Posted on 07:29 by Unknown
Remove PC Utility Kit
PC Utility Kit is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. PC Utility Kit can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of PC Utility Kit. PC Utility Kit infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download PC Utility Kit to remove them. PC Utility Kit will start automatically when Windows boot. Then PC Utility Kit will do a fake scan on the computer and then it will show the fake report. Do not purchase PC Utility Kit as it can do nothing.The user should switch to Safe Mode to make sure any scans detect PC Utility Kit and remove PC Utility Kit with anti-malware applications that are designed to handle such threats.

PC Utility Kit provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

PC Utility Kit can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by PC Utility Kit. Finally, all the file related to PC Utility Kit must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install PC Utility Kit on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

PC Utility Kit should be removed immediately!

PC Utility Kit Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\PC Utility Kit.lnk
%Desktop%\PC Utility Kit.lnk


Read More
Posted in Removal Guide | No comments

Wednesday, 15 August 2012

Remove Windows Secure Workshop

Posted on 03:22 by Unknown
Remove Windows Secure Workshop
Windows Secure Workshop is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Secure Workshop can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Secure Workshop. Windows Secure Workshop infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Secure Workshop to remove them. Windows Secure Workshop will start automatically when Windows boot. Then Windows Secure Workshop will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Secure Workshop as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Secure Workshop and remove Windows Secure Workshop with anti-malware applications that are designed to handle such threats.

Windows Secure Workshop provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Secure Workshop can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Secure Workshop. Finally, all the file related to Windows Secure Workshop must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Secure Workshop on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Secure Workshop should be removed immediately!

Windows Secure Workshop Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-15_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "prrdetmjne"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Secure Workshop.lnk


Read More
Posted in Removal Guide | No comments

Tuesday, 14 August 2012

Remove Windows Safety Series

Posted on 16:33 by Unknown
Remove Windows Safety Series
Windows Safety Series is a fake antivirus program which intend to urge the user whose computer is infected by Windows Safety Series to purchase the full version of Windows Safety Series. Windows Safety Series produces fake alert in order to cheat the user. Windows Safety Series installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Safety Series will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Safety Series to remove all the malwares.

Windows Safety Series provide fake features such as firewall, automatic update, antivirus protection, anti-phishing, advanced process control, autorun manager, service manager, all-in-one suite, quick scan, deep scan and custom scan. All of them cannot protect the computer from any kind of malware.

Windows Safety Series can be removed by stopping its processes [random].exe and Windows Safety Series.exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Safety Series should be removed immediately!

Windows Safety Series Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-8-14_3"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "eduqudxohp"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe
... and many more Image File Execution Options entries.

Remove Folders ad Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\result.db
Read More
Posted in Removal Guide | No comments

Monday, 13 August 2012

Remove Windows Secure Workstation

Posted on 09:57 by Unknown
Remove Windows Secure Workstation
Windows Secure Workstation is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Secure Workstation can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Secure Workstation. Windows Secure Workstation infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Secure Workstation to remove them. Windows Secure Workstation will start automatically when Windows boot. Then Windows Secure Workstation will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Secure Workstation as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Secure Workstation and remove Windows Secure Workstation with anti-malware applications that are designed to handle such threats.

Windows Secure Workstation provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Secure Workstation can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Secure Workstation. Finally, all the file related to Windows Secure Workstation must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Secure Workstation on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Secure Workstation should be removed immediately!

Windows Secure Workstation Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-15_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "prrdetmjne"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Secure Workstation.lnk


Read More
Posted in Removal Guide | No comments

Saturday, 11 August 2012

Remove Windows Anti-Malware Patch

Posted on 09:47 by Unknown
Remove Windows Anti-Malware Patch
Windows Anti-Malware Patch is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Anti-Malware Patch can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Anti-Malware Patch. Windows Anti-Malware Patch infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Anti-Malware Patch to remove them. Windows Anti-Malware Patch will start automatically when Windows boot. Then Windows Anti-Malware Patch will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Anti-Malware Patch as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Anti-Malware Patch and remove Windows Anti-Malware Patch with anti-malware applications that are designed to handle such threats.

Windows Anti-Malware Patch provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Anti-Malware Patch can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Anti-Malware Patch. Finally, all the file related to Windows Anti-Malware Patch must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Anti-Malware Patch on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Anti-Malware Patch should be removed immediately!

Windows Anti-Malware Patch Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-15_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "prrdetmjne"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Anti-Malware Patch.lnk


Read More
Posted in Removal Guide | No comments

Thursday, 9 August 2012

Remove Windows Virtual Security

Posted on 08:59 by Unknown
Remove Windows Virtual Security
Windows Virtual Security is a fake antivirus program that tricks the user to purchase the full version of Windows Virtual Security by showing fake detection of the computer. When Windows Virtual Security is installed in the computer, it will start automatically when Windows boot. Then, Windows Virtual Security will scan the computer and will surely state that there are many files in the computer are infected by malwares. Windows Virtual Security will urge the user to purchase the full version of Windows Virtual Security in order to remove all the malwares. However, Windows Virtual Security cannot detect and remove any malware from the computer. All the detection is a lie. Windows Virtual Security pretends to be affiliated with Microsoft by using the Windows icon and a comprehensive and user-friendly interface.

Windows Virtual Security provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.


Windows Virtual Security can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified must be cleared by using Windows Registry Editor.

Windows Virtual Security should be removed immediately!

Windows Virtual Security Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-8-9_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "cxqjcwgpve"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Virtual Security.lnk
%Desktop%\Windows Virtual Security.lnk
Read More
Posted in Removal Guide | No comments

Wednesday, 8 August 2012

Remove Windows Antivirus Release

Posted on 06:26 by Unknown
Remove Windows Antivirus Release
Windows Antivirus Release is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Antivirus Release cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Antivirus Release is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Antivirus Release. Windows Antivirus Release will recommend the user to purchase the full version of Windows Antivirus Release in order to remove all the detected threats. Do not buy Windows Antivirus Release as it can do nothing.

Windows Antivirus Release provide fake features such as Real-time protection, Firewall, Antivirus Protection, Autoupdate virus database, Anti-phishing protection and so on. None of them can help to protect the computer from any kind of malware. It recommend the user to activate Windows Antivirus Release to get Full protection against malicious, virus, spyware and unwanted software.

Windows Antivirus Release can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Antivirus Release. These can be done by using Emsisoft HiJackFree.

Windows Antivirus Release should be removed immediately!

Windows Antivirus Release Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\Windows Antivirus Release\ScanDisk_.exe
%CommonAppData%\79b35\BAa76.exe
%UserProfile%\Recent\kernel32.exe

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\TAA.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Mod/4.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Antivirus Release"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Antivirus Release.lnk
%AppData%\Windows Antivirus Release
%CommonAppData%\79b35
%UserProfile%\Desktop\Windows Antivirus Release.lnk
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\kernel32.dll
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.dll
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\SM.sys
%UserProfile%\Recent\snl2w.sys
%UserProfile%\Recent\tjd.dll
%StartMenu%\Windows Antivirus Release.lnk
%StartMenu%\Programs\Windows Antivirus Release.lnk
Read More
Posted in Removal Guide | No comments

Monday, 6 August 2012

Remove Windows Interactive Safety

Posted on 08:54 by Unknown
Remove Windows Interactive Safety
Windows Interactive Safety is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Interactive Safety WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Interactive Safety will display this types of fake alert to urge the user to purchase the full version of Windows Interactive Safety which cannot detect and remove any kind malware, trojan or virus.

Windows Interactive Safety can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Interactive Safety provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Interactive Safety should be removed immediately!

Windows Interactive Safety Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-25_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Interactive Safety.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Interactive Safety.lnk
Read More
Posted in Removal Guide | No comments

Saturday, 4 August 2012

Remove Windows Ultimate Safeguard

Posted on 07:39 by Unknown
Remove Windows Ultimate Safeguard
Windows Ultimate Safeguard is a fake antivirus program which intend to urge the user whose computer is infected by Windows Ultimate Safeguard to purchase the full version of Windows Ultimate Safeguard. Windows Ultimate Safeguard produces fake alert in order to cheat the user. Windows Ultimate Safeguard installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Windows Ultimate Safeguard will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Windows Ultimate Safeguard to remove all the malwares.

Windows Ultimate Safeguard provide fake features such as firewall, automatic update, antivirus protection, anti-phishing, advanced process control, autorun manager, service manager, all-in-one suite, quick scan, deep scan and custom scan. All of them cannot protect the computer from any kind of malware.

Windows Ultimate Safeguard can be removed by stopping its processes [random].exe and Windows Ultimate Safeguard.exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Ultimate Safeguard should be removed immediately!

Windows Ultimate Safeguard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-8-4_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ibgtkufodn"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Ultimate Safeguard.lnk
%Desktop%\Windows Ultimate Safeguard .lnk
Read More
Posted in Removal Guide | No comments

Wednesday, 1 August 2012

Remove Windows Antivirus Machine

Posted on 06:33 by Unknown
Remove Windows Antivirus Machine
Windows Antivirus Machine is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Antivirus Machine cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Antivirus Machine is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Antivirus Machine. Windows Antivirus Machine will recommend the user to purchase the full version of Windows Antivirus Machine in order to remove all the detected threats. Do not buy Windows Antivirus Machine as it can do nothing.

Windows Antivirus Machine provide fake features such as Real-time protection, Firewall, Antivirus Protection, Autoupdate virus database, Anti-phishing protection and so on. None of them can help to protect the computer from any kind of malware. It recommend the user to activate Windows Antivirus Machine to get Full protection against malicious, virus, spyware and unwanted software.

Windows Antivirus Machine can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Antivirus Machine. These can be done by using Emsisoft HiJackFree.

Windows Antivirus Machine should be removed immediately!

Windows Antivirus Machine Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\Windows Antivirus Machine\ScanDisk_.exe
%CommonAppData%\79b35\BAa76.exe
%UserProfile%\Recent\kernel32.exe

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\TAA.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Mod/4.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Antivirus Machine"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Antivirus Machine.lnk
%AppData%\Windows Antivirus Machine
%CommonAppData%\79b35
%UserProfile%\Desktop\Windows Antivirus Machine.lnk
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\kernel32.dll
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.dll
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\SM.sys
%UserProfile%\Recent\snl2w.sys
%UserProfile%\Recent\tjd.dll
%StartMenu%\Windows Antivirus Machine.lnk
%StartMenu%\Programs\Windows Antivirus Machine.lnk
Read More
Posted in Removal Guide | No comments
Newer Posts Older Posts Home
Subscribe to: Comments (Atom)

Popular Posts

  • Remove Windows Internet Guard
    Windows Internet Guard is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares...
  • Remove XP Smart Defender
    XP Smart Defender is a fake antivirus program created to urge the user to buy the full version of XP Smart Defender in order to earn some p...
  • Windows Antidanger Center Removal Guide
    Windows Antidanger Center is an unwanted application which is a rogue computer security program. Windows Antidanger Center is a fake optimi...
  • Don't disable UAC or your computer will be attacked by malwares!
    UAC or User Account Control is one of the very good features provided by Windows Vista and Windows 7. However, many people try to disable ...
  • Remove Ministry of Public Safety Canada Ransomware
    Ministry of Public Safety Canada Ransomware is a virus, malware, trojan family that infect the computer to cheat the hard-earn money of com...
  • Great News
    All your life you have waited for the good news, and that day has finally come. Very soon you will witness large-scale mass arrests all over...
  • Remove Windows Antipiracy Virus
    Windows Antipiracy Virus is a fake antivirus program which intend to urge the user whose computer is infected by Windows Antipiracy Virus t...
  • Remove Windows Foolproof Protector
    Windows Foolproof Protector is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windo...
  • Remove Vista Antispyware Pro 2013
    Vista Antispyware Pro 2013 is a fake antivirus program created to urge the user to buy the full version of Vista Antispyware Pro 2013 in or...
  • Remove Windows Internet Watchdog
    Windows Internet Watchdog is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect t...

Categories

  • facebook
  • Kill Process
  • Removal Guide
  • Removal Tool
  • Remove Virus
  • Repair File
  • RFA
  • security
  • System Tool
  • Task Manager

Blog Archive

  • ►  2014 (27)
    • ►  April (3)
    • ►  March (10)
    • ►  February (8)
    • ►  January (6)
  • ►  2013 (66)
    • ►  December (7)
    • ►  November (2)
    • ►  October (4)
    • ►  September (3)
    • ►  August (12)
    • ►  July (5)
    • ►  June (2)
    • ►  May (15)
    • ►  April (3)
    • ►  March (8)
    • ►  February (3)
    • ►  January (2)
  • ▼  2012 (224)
    • ►  December (12)
    • ►  November (9)
    • ►  October (23)
    • ►  September (3)
    • ▼  August (11)
      • Remove Win 8 Security System
      • Remove PC Utility Kit
      • Remove Windows Secure Workshop
      • Remove Windows Safety Series
      • Remove Windows Secure Workstation
      • Remove Windows Anti-Malware Patch
      • Remove Windows Virtual Security
      • Remove Windows Antivirus Release
      • Remove Windows Interactive Safety
      • Remove Windows Ultimate Safeguard
      • Remove Windows Antivirus Machine
    • ►  July (15)
    • ►  June (23)
    • ►  May (29)
    • ►  April (29)
    • ►  March (34)
    • ►  February (25)
    • ►  January (11)
  • ►  2011 (221)
    • ►  December (9)
    • ►  November (11)
    • ►  October (13)
    • ►  September (10)
    • ►  August (19)
    • ►  July (38)
    • ►  June (60)
    • ►  May (30)
    • ►  April (31)
Powered by Blogger.

About Me

Unknown
View my complete profile