Remove Windows Web Watchdog

Windows Web Watchdog is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows Web Watchdog cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows Web Watchdog is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows Web Watchdog. Windows Web Watchdog will recommend the user to purchase the full version of Windows Web Watchdog in order to remove all the detected threats. Do not buy Windows Web Watchdog as it can do nothing.

Windows Web Watchdog provide fake features such as Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malwares.

Windows Web Watchdog can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows Web Watchdog. These can be done by using Emsisoft HiJackFree.

Windows Web Watchdog should be removed immediately!

Windows Web Watchdog Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\data.sec
%UserProfile%\Desktop\Windows Web Watchdog.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Web Watchdog.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows AntiBreach Patrol

Windows AntiBreach Patrol is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows AntiBreach Patrol . pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows AntiBreach Patrol is installed on the computer, it will start automatically when Windows boot. Then Windows AntiBreach Patrol will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows AntiBreach Patrol will repeatedly shows the pop ups to urge the user to purchase the full version of Windows AntiBreach Patrol so that to remove all the threats. However, Windows AntiBreach Patrol cannot detect and remove any kind of virus, malware and trojan.

Windows AntiBreach Patrol can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows AntiBreach Patrol shown in the removal guide below. Windows AntiBreach Patrol DLL Files should be unregistered too (see removal guide). All files related to Windows AntiBreach Patrol must be deleted. 

Windows AntiBreach Patrol provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows AntiBreach Patrol should be removed immediately!

Windows AntiBreach Patrol Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows AntiBreach Patrol .lnk
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Patrol .lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows Antivirus Patrol

Windows Antivirus Patrol is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Antivirus Patrol. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Antivirus Patrol is installed on the computer, it will start automatically when Windows boot. Then Windows Antivirus Patrol will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Antivirus Patrol will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Antivirus Patrol so that to remove all the threats. However, Windows Antivirus Patrol cannot detect and remove any kind of virus, malware and trojan.

Windows Antivirus Patrol can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Antivirus Patrol shown in the removal guide below. Windows Antivirus Patrol DLL Files should be unregistered too (see removal guide). All files related to Windows Antivirus Patrol must be deleted. 

Windows Antivirus Patrol provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows Antivirus Patrol should be removed immediately!

Windows Antivirus Patrol Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows Antivirus Patrol.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Patrol.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Futurro Antivirus Software

Futurro Antivirus Software is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. Futurro Antivirus Software cannot detect and remove any kind of virus, malware and trojan. What Futurro Antivirus Software can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Futurro Antivirus Software will urge the user to purchase the full version of Futurro Antivirus Software to remove all the detected malwares, viruses and trojan. Bare in mind that Futurro Antivirus Software CANNOT detect and remove any malware, virus and trojan.

Futurro Antivirus Software provide fake features such as System Scan, Protection, Privacy, Update, Settings, etc. All of them cannot protect the computer from any kind of malware.

Futurro Antivirus Software can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Futurro Antivirus Software should be removed immediately!

Futurro Antivirus Software Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\AVInfo
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AVSoft"

Remove Folders and Files
c:\Documents and Settings\All Users\Application Data\[random]
c:\Documents and Settings\All Users\Application Data\[random].exe

Read More

Remove Windows Pro Defence Kit

Windows Pro Defence Kit is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Pro Defence Kit. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Pro Defence Kit is installed on the computer, it will start automatically when Windows boot. Then Windows Pro Defence Kit will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Pro Defence Kit will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Pro Defence Kit so that to remove all the threats. However, Windows Pro Defence Kit cannot detect and remove any kind of virus, malware and trojan.

Windows Pro Defence Kit can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Pro Defence Kit shown in the removal guide below. Windows Pro Defence Kit DLL Files should be unregistered too (see removal guide). All files related to Windows Pro Defence Kit must be deleted. 

Windows Pro Defence Kit provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows Pro Defence Kit should be removed immediately!

Windows Pro Defence Kit Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows Pro Defence Kit.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Pro Defence Kit.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows Defence Master

Windows Defence Master is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Windows Defence Master start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Windows Defence Master will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Windows Defence Master provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malware.

Windows Defence Master can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Defence Master must be removed from your computer immediately!

Removal Guide

Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows Security Master

Windows Security Master is a fake antivirus program created to urge the user to buy the full version of Windows Security Master in order to earn some profit. Don't ever purchase it as it is a cheat! Windows Security Master install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Security Master produce fake virus warning alert consistently to force the user to buy the full version so that to remove the malwares. We must uninstall Windows Security Master as it bring nothing but provide a lot of rubbish into the computer.

Windows Security Master provide fake features such as Perform Scan, Internet Security, Personal Security, Proactive Defense, Firewall, Configuration, Complete PC Protection,  Automating Updating, Protection against bank account fraud, Self-protection from malware, Update Now, Scan Now etc. All of them cannot protect the computer from any kind of malware.

Windows Security Master can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Security Master. Finally, all the file related to Windows Security Master must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows Security Master should be removed immediately!
Windows Security Master Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows Defence Unit

Windows Defence Unit is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Windows Defence Unit start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Windows Defence Unit will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Windows Defence Unit provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect computer from any kind of malware.

Windows Defence Unit can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Defence Unit must be removed from your computer immediately!

Removal Guide

Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows Protection Booster

Windows Protection Booster is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Protection Booster WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Protection Booster will display this types of fake alert to urge the user to purchase the full version of Windows Protection Booster which cannot detect and remove any kind malware, trojan or virus.

Windows Protection Booster can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Protection Booster provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows Protection Booster should be removed immediately!

Windows Protection Booster Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More

Remove Windows AntiVirus Booster

Windows AntiVirus Booster is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. Windows AntiVirus Booster cannot detect and remove any kind of virus, malware and trojan. What Windows AntiVirus Booster can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Windows AntiVirus Booster will urge the user to purchase the full version of Windows AntiVirus Booster to remove all the detected malwares, viruses and trojan. Bare in mind that Windows AntiVirus Booster CANNOT detect and remove any malware, virus and trojan.

Windows AntiVirus Booster provide fake features such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows AntiVirus Booster can be removed by stopping all the processes with random name and name . Then the user has to remove the files of the processes. Finally, the registry settings have to be restored by removing the registry keys stated below.

Windows AntiVirus Booster should be removed immediately!

Windows AntiVirus Booster Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.

Read More