Monday, February 28, 2011

Win 7 AntiVirus 2011 Removal Guide

Win 7 AntiVirus 2011 Removal Guide
Win 7 AntiVirus 2011 is a fake antivirus program created to urge the user to buy the full version of Win 7 AntiVirus 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 AntiVirus 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 AntiVirus 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 AntiVirus 2011 is nothing more than a scam and plagiarized antispyware program

Win 7 AntiVirus 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 AntiVirus 2011. Finally, all the file related to Win 7 AntiVirus 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 AntiVirus 2011 should be removed immediately!

Win 7 AntiVirus 2011 Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'

Remove Folders and Files
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[random].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru

Win 7 Home Security 2011 Removal Guide

Win 7 Home Security 2011 Removal Guide
Win 7 Home Security 2011 is a fake antivirus program created to urge the user to buy the full version of Win 7 Home Security 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Home Security 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Home Security 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Home Security 2011 is nothing more than a scam and plagiarized antispyware program

Win 7 Home Security 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Home Security 2011. Finally, all the file related to Win 7 Home Security 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Home Security 2011 should be removed immediately!

Win 7 Home Security 2011 Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARATERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'

Remove Folders and Files
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe (look for 3-letter names)
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Win 7 Total Security Removal Guide

Win 7 Total Security Removal Guide
Win 7 Total Security is a fake antivirus program created to urge the user to buy the full version of Win 7 Total Security in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Total Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Total Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Total Security is nothing more than a scam and plagiarized antispyware program

Win 7 Total Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Total Security. Finally, all the file related to Win 7 Total Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Total Security should be removed immediately!

Win 7 Total Security Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'

Remove Folders and Files
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AllUsersProfile%
%AppData%
%AppData%\Local\[random].exe (look for 3-letter names)
\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
\t3e0ilfioi3684m2nt3ps2b6lru

Win 7 Total Security 2011 Removal Guide

Win 7 Total Security 2011 Removal Guide
Win 7 Total Security 2011 is a fake antivirus program created to urge the user to buy the full version of Win 7 Total Security 2011 in order to earn some profit. Don't ever buy it as it is a cheat! Win 7 Total Security 2011 install itself into the computer without confirmation of the users and it start automatically when the windows boot. Win 7 Total Security 2011 produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Win 7 Total Security 2011 is nothing more than a scam and plagiarized antispyware program

Win 7 Total Security 2011 can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Win 7 Total Security 2011. Finally, all the file related to Win 7 Total Security 2011 must be deleted from the hard drive. All of them has been shown in the removal guide below.

Win 7 Total Security 2011 should be removed immediately!

Win 7 Total Security 2011 Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe (look for 3-letter names)
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru

Vista Total Security Removal Guide

Vista Total Security Removal Guide
Vista Total Security is a fake antivirus program created to urge the user to buy the full version of Vista Total Security in order to earn some profit. Don't ever buy it as it is a cheat! Vista Total Security install itself into the computer without confirmation of the users and it start automatically when the windows boot. Vista Total Security produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Vista Total Security is nothing more than a scam and plagiarized antispyware program

Vista Total Security can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Vista Total Security. Finally, all the file related to Vista Total Security must be deleted from the hard drive. All of them has been shown in the removal guide below.

Vista Total Security should be removed immediately!

Vista Total Security Removal Guide
Kill Process
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*

Remove Folders and Files
%UserProfile%\AppData\Local\WRblt8464P
%UserProfile%\AppData\Local\av.exe

Windows Troubles Analyzer Removal Guide

Windows Troubles Analyzer Removal Guide
Windows Troubles Analyzer is a fake antivirus program that cannot protect any computer from malware. Windows Troubles Analyzer installs into the computer and configure itself to start automatically when Windows boot. Then Windows Troubles Analyzer will scan the computer automatically without confirmation of the user and will surely scare the user that the computer is infected by several malwares. Windows Troubles Analyzer suggests itself as the best remedy. The user will have to purchase the full version of Windows Troubles Analyzer to remove the malware. In fact, do not purchase it as it will not remove any malware.

Windows Troubles Analyzer can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Troubles Analyzer shown in the removal guide below. All files related to Privacy Hidden must be deleted.

Windows Troubles Analyzer should be removed immediately!

Windows Troubles Analyzer Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\[random].exe"

Remove Folders and Files
%AppData%\[random].exe

PrivacyHidden Removal Guide

PrivacyHidden Removal Guide
PrivacyHidden is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. Most of the free files you download from the file sharing websites are bundled with Fake Antivirus software. PrivacyHidden does not kill any malware from any computer. PrivacyHidden infects the computer by installing useless program into the computer which will try to disguise itself like a legitimate antivirus. After installation complete, PrivacyHidden will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of PrivacyHidden.

PrivacyHidden can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by PrivacyHidden shown in the removal guide below. All files related to PrivacyHidden must be deleted.

PrivacyHidden should be removed immediately!

PrivacyHidden Removal Guide
Kill Process
(How to kill a process effectively?)
PrivacyHidden.exe
PrivacyHiddenMon.exe

Delete Registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\intmedialab]
"PrivacyHidden"="'"C:\Program Files\PrivacyHidden\PrivacyHidden.exe" /run1'"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"(Default)"="'C:\Program Files\PrivacyHidden\PrivacyHidden.exe'"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PrivacyHidden.exe]
"pid"="'home'"
"InstallDate"="'20110212'"
"Version"="'1.000'"
"UpdateVersion"="'1.000'"
"Environment"="'11111111111111'"
HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyHidden]
"W2KLpk"="1"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International]
"DisplayName"="'?????????????'"
"UninstallString"="'C:\Program Files\PrivacyHidden\uninst.exe'"
"DisplayIcon"="'C:\Program Files\PrivacyHidden\PrivacyHidden.exe'"
"DisplayVersion"="'1.000'"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivacyHidden]
"install"="'install_check'"
[HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyHiddenPartner]

Remove Folders and Files
C:\Program Files\PrivacyHidden

Saturday, February 26, 2011

Windows Processes Organizer Removal Guide

Windows Processes Organizer Removal Guide
Windows Processes Organizer is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Processes Organizer is distributed through the same fake Microsoft Security Essentials Alert trojan that many other rogue anti-spyware programs are propagated through, allowing Windows Processes Organizer a stealthy entry. Windows Processes Organizer infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Processes Organizer will start automatically when Windows boot. Then, Windows Processes Organizer will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Processes Organizer in order to remove the detected malwares.

Windows Processes Organizer can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Processes Organizer shown in the removal guide below. All files related to Windows Processes Organizer must be deleted.

Windows Processes Organizer should be removed immediately!

Windows Processes Organizer Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%AppData%\[RANDOM].exe

Windows Tool Removal Guide

Windows Tool Removal Guide
Windows Tool is a rogue anti-spyware program created to deceive computer users and steal their money. Windows Tool gets onto your system and it starts constantly scanning your PC. Then it starts detecting files which are created in advance and recognized as malicious. Windows Tool has no functions except to attack your computer . All of the tactics leads to urging the computer user purchase Windows Tool. Do not fall for this trickery and terminate Windows Tool immediately.

Windows Tool can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Tool shown in the removal guide below. All files related to Windows Tool must be deleted.

Windows Tool should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\[RANDOM].exe'

Remove Folders and Files
%UserProfile%\Application Data\[RANDOM].exe

PC Security 2010 Removal Guide

PC Security 2010 Removal Guide
PC Security 2010 is fake antivirus program which is mainly created to cheat the user of infected computer to buy the full license of PC Security 2010 so that to earn some profit from the user. PC Security 2010 is not a antivirus, it is a fake antivirus. PC Security 2010 infected the computer through trojan without any confirmation of the user. Once PC Security 2010 is installed in the computer, it will start automatically when the windows boot. PC Security 2010 will scan the computer shows false alert regularly to force the user buy the full version of PC Security 2010.

PC Security 2010 provide fake feature like "General Status" and "Scan Now". PC Security 2010 claims that it is an new approach to Windows Protection. PC Security 2010 show that the files in the computer are infected by malwares such as Sality.AN, Azero.B etc. It also shows that there are some threats contain unrecognized structure and cannot not be removed without update. Don't be cheated by the fake results. It is a lie!

PC Security 2010 should be removeld immediately.

PC Security 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
PC2011.exe

Delete Registry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PC Security 2010"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%AppData%\Uninstall_Security.lnk
%UserProfile%\Start Menu\Programs\PC Security 2010
%ProgramFiles%\PC Security 2010
%AppData%\PC Security 2010
PC Security 2010.lnk
%ALLUSERSPROFILE%\PC Security 2010

Cyanian 2010 - Keep glowing

Cyanian 2010 - Keep glowing
Awesome skin - take into account that I generally do not go for dark skins but this is a definite exception. I see an issue in the Media Library regarding selecting items. Initially, the highlight is there but click another item and it disappears and you are unable to see what is selected. Not sure if this is the skin or on my end.

Download Cyanian Winamp Skin

HouseCall Anti Virus

Identify and remove malware with this software.

HouseCall is an application that offer users a capable on-demand scanner to help them identify and remove viruses, Trojans, worms, unwanted browser plugins, and other malware.

This application helps you to perform fast scans that target critical system areas and active malware. It also leverages the Trend Micro Smart Protection Network to help ensure that scans catch the latest threats.

HouseCall provides a quick and easy check for threats regardless of the protection status of your existing security solution.

Requirements:

· At least 300MHz IntelTM PentiumTM processor or equivalent

· At least 256MB memor

· At least 200MB available disk spa

· At least high-color (16-bit) and a minimum resolution of 1024x768 pixel

· Internet Connection

Download 1.8 MB / Windows XP / Vista / Vista64 / 7 / 7 x64

View real TV from iPhone/iPod Touch

Air TV is an easy-to-use application that allows you to watch your TV programs while you are on the road. Air TV works by connecting your iPhone/iPod Touch using 3G/Wi-Fi networks with a host computer at your home.
With a compatible TV tuner installed on your host computer, Air TV is able to forward the audio/video signal captured by your TV tuner to your iPhone/iPod Touch. With Air TV, you get to watch your favorite program in real time whenever you are. 

Download 16.5 MB / Windows All

Friday, February 25, 2011

Windows Privacy Agent Removal Guide

Windows Privacy Agent Removal Guide
Windows Privacy Agent is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of Windows Privacy Agent. Windows Privacy Agent is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Windows Privacy Agent which cannot detect and remove any malware. Windows Privacy Agent installs into the computer and will scan the computer when Windows boot. Then Windows Privacy Agent will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Windows Privacy Agent can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Privacy Agent shown in the removal guide below. All files related to Windows Privacy Agent must be deleted.

Windows Privacy Agent should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\[random].exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%UserProfile%\Application Data\[RANDOM].exe

Thursday, February 24, 2011

I-Scan Removal Guide

I-Scan Removal Guide
I-Scan is a fake antivirus program that CANNOT detect and remove any kind of virus, trojan or malware on computers. However, once I-Scan is installed in computer, it will start automatically and do a fake scan in computer. I-Scan will display fake warning to the user that the computer has been infected by malware and urge the user to purchase the full version of I-Scan. Do not be cheated I-Scan. It can do nothing but just produces fake alert only.

I-Scan can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by I-Scan shown in the removal guide below. All files related to I-Scan must be deleted.

I-Scan should be removed immediately!

I-Scan Removal Guide
Kill Process
(How to kill a process effectively?)
i-scan.exe
i-scanU.exe
i-scandm.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “I[random]”

Remove Folders and Files
%program files%\i-scan

Special Guard Removal Guide

Special Guard Removal Guide
Special Guard is a fake antivirus program which intend to urge the user whose computer is infected by Special Guard to purchase the full version of Special Guard. Special Guard produces fake alert in order to cheat the user. Special Guard installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Special Guard will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Special Guard to remove all the malwares.

Special Guard can be removed by stopping its processes [random].exe and Special Guard.exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Special Guard should be removed immediately!

Special Guard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Special Guard.exe
SpecialGuard.exe

Delete Registry
HKEY_LOCAL_MACHINE\Software\Special Guard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%PROGRAMFILES%\Special Guard
c:\Documents and Settings\All Users\Start Menu\Special Guard\
c:\Documents and Settings\All Users\Special Guard

Wednesday, February 23, 2011

BlackBerry Smartphone Simulator

This application will offer you the possibility to run BlackBerry device applications on your desktop PC.

The BlackBerry Smartphone Simulator includes the BlackBerry device applications that are typically available on BlackBerry devices and enables you to load and test your own applications. You can simulate and test various connectivity and state changes using the BlackBerry Smartphone Simulator. When you use the BlackBerry Smartphone Simulator to perform testing, you might need to simulate additional BlackBerry services. The BlackBerry MDS Simulator and the BlackBerry email server simulator are available for this purpose. 
 
96.9 MB / Windows All  Download

QtADB Android PC manager

QtADB  Android PC manager
QtADB is a simple, easy to use application specially designed to make the connection between your Android phone and PC a lot easier.

8.4 MB / Windows All  Download

Android Injector

Android Injector is a small, easy to use application designed to enable you to quickly and easily install apps that you have downloaded to your computer in the form of ".apk" files onto your Android phone or device.

Some phones only allow loading apps through the Android Market. Using this program, you can download apps from anywhere onto your computer then install them on your phone via USB connection.

 Requirements:

· VB 6 Runtime
 3.4 MB / Windows All  Download

Internet Defender Removal Guide

Internet Defender Removal Guide
Internet Defender is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Internet Defender start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Internet Defender will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Internet Defender can be removed by stopping its processes [random].exe and [Internet Defender.exe] and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Internet Defender must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
Internet Defender.exe
[random].exe

Unregister DLL files
c:\Program Files\Internet Defender\Internet Defender.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b357_33"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
HKEY_CLASSES_ROOT\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b357_33"

Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk
c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.avi
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.ico
%UserProfile%\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
c:\Program Files\Internet Defender

Tuesday, February 22, 2011

Antivirus Antispyware 2011 Removal Guide

Antivirus Antispyware 2011 Removal Guide
Antivirus Antispyware 2011 is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. Antivirus Antispyware 2011 cannot detect and remove any kind of virus, malware and trojan. What Antivirus Antispyware 2011 can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Antivirus Antispyware 2011 will urge the user to purchase the full version of Antivirus Antispyware 2011 to remove all the detected malwares, viruses and trojan. Bare in mind that Antivirus Antispyware 2011 CANNOT detect and remove any malware, virus and trojan.

Antivirus Antispyware 2011 provide fake features such as system scan, firewall, scan option, settings and updates. It scares the users with a lot of malwares detected on the computer such as Adware.Win32/Wheresphere, W32/Rimecud, Exploit-PDF.w etc. It claims itself that it can protect your PC just simple one-click solution. It ask the user to activate Antivirus Antispyware 2011 so that to have auto protection on computer. All of them is a lie. Do not believe it.

Antivirus Antispyware 2011 should be removed immediately!


Antivirus Antispyware 2011Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\AntiVirus AntiSpyware 2011\securityhelper.exe
%APPDATA%\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
%APPDATA%\AntiVirus AntiSpyware 2011\securitymanager.exe
%AppData%\[RANDOM]\mscjm.exe
%AppData%\[RANDOM]\recf.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\ AntiVirus AntiSpyware 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AntiVirus AntiSpyware 2011

Remove Folders and Files
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011
%AppData%\AntiVirus AntiSpyware 2011
%AppData%\[RANDOM]

Windows Express Settings Removal Guide

Windows Express Settings Removal Guide
Windows Express Settings is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Express Settings infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Express Settings will start automatically when Windows boot. Then, Windows Express Settings will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Express Settings in order to remove the detected malwares.

Windows Express Settings can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Express Settings shown in the removal guide below. All files related to Windows Express Settings must be deleted.

Windows Express Settings should be removed immediately!

Windows Express Settings Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '[RANDOM].exe'

Remove Folders and Files
%AppData%\[RANDOM].exe

Mega Antivirus 2012 Removal Guide

Mega Antivirus 2012 Removal Guide
Mega Antivirus 2012 is a very dangerous fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Mega Antivirus 2012 pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Mega Antivirus 2012 is installed on the computer, it will start automatically when Windows boot. Then Mega Antivirus 2012 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Mega Antivirus 2012 will then warn the user that he should not make fun of it. If the user try to look into the infection, Mega Antivirus 2012 will show message "Do not play with this rogue" and then after a while, Mega Antivirus 2012 will really scare the user with this final message: "Say good-bye to your computer". Then, Mega Antivirus 2012 will force the computer to restart. However, the computer will not restart properly as Mega Antivirus 2012 has removed the file ntldr from the system drive. Without this file (ntldr), the windows will not reboot.

Mega Antivirus 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Mega Antivirus 2012 shown in the removal guide below. All files related to Mega Antivirus 2012 must be deleted.

Mega Antivirus 2012 should be removed immediately!

Mega Antivirus 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
addon.exe
ma2012.exe
install.exe

Delete Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies C:\WINDOWS\addons\addon.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger C:\app1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies C:\WINDOWS\addons\addon.exe
HKCU\Software\WinRAR SFX\C%%WINDOWS%addons C:\WINDOWS\addons
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\addons C:\WINDOWS\addons\addon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemStart C:\WINDOWS\addons\ma2012.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45O3M0BQ-217X-LR5A-LU8X-18207F677R23}\StubPath C:\WINDOWS\addons\addon.exe Restart
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger C:\app1.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU C:\WINDOWS\addons\addon.exe

Remove Folders and Files
%WINDIR%\addons\base\license.pwd
%WINDIR%\addons\addon.exe
%WINDIR%\addons\ma2012.exe
%WINDIR%\install.exe

Monday, February 21, 2011

Windows Optimal Tool Removal Guide

Windows Optimal Tool Removal Guide
Windows Optimal Tool is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Optimal Tool pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Optimal Tool is installed on the computer, it will start automatically when Windows boot. Then Windows Optimal Tool will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Optimal Tool will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Optimal Tool so that to remove all the threats. However, Windows Optimal Tool cannot detect and remove any kind of virus, malware and trojan.

Windows Optimal Tool can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Optimal Tool shown in the removal guide below. All files related to Windows Optimal Tool must be deleted.

Windows Optimal Tool should be removed immediately!

Windows Optimal Tool Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\[random].exe
%AppData%\svchost.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
NT\CurrentVersion\SystemRestore "DisableSR " = '1'

Remove Folders and Files
%AppData%\[random].exe
%AppData%\svchost.exe

Internet Security Essentials Removal Guide

Internet Security Essentials Removal Guide
Internet Security Essentials is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Internet Security Essentials is installed. Internet Security Essentials installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Internet Security Essentials will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Internet Security Essentials is to urge the user to register Internet Security Essentials by purchasing the full version of Internet Security Essentials so that to earn some money from the user. Internet Security Essentials cannot detect and remove any malware / virus / trojan.

Internet Security Essentials can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Security Essentials shown in the removal guide below. All files related to Internet Security Essentials must be deleted.

Internet Security Essentials should be removed immediately!

Internet Security Essentials Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security Essentials"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun ""1" = "MSASCui.exe"

unregister DLL
%AppData%\[random]\[random].dll

Remove Folders and Files
%AppData%\[random]

Windows Safety Guarantee Removal Guide

Windows Safety Guarantee Removal Guide
Windows Safety Guarantee is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Safety Guarantee pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Safety Guarantee is installed on the computer, it will start automatically when Windows boot. Then Windows Safety Guarantee will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Safety Guarantee will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Safety Guarantee so that to remove all the threats. However, Windows Safety Guarantee cannot detect and remove any kind of virus, malware and trojan.

Windows Safety Guarantee can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Safety Guarantee shown in the removal guide below. All files related to Windows Safety Guarantee must be deleted.

Windows Safety Guarantee should be removed immediately!

Windows Safety Guarantee Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\[random].exe
%AppData%\svchost.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%AppData%\[random].exe
%AppData%\svchost.exe

Saturday, February 19, 2011

Vista Anti-Virus 2011 Removal Guide

Vista Anti-Virus 2011 Removal Guide
Vista Anti-Virus 2011 is a fake antivirus program which intend to urge the user whose computer is infected by Vista Anti-Virus 2011 to purchase the full version of Vista Anti-Virus 2011. Vista Anti-Virus 2011 produces fake alert in order to cheat the user. Vista Anti-Virus 2011 installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Vista Anti-Virus 2011 will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Vista Anti-Virus 2011 to remove all the malwares. Vista Anti-Virus 2011 is highly likely to block genuine scanning software and hijack your web browser through a proxy server.

Vista Anti-Virus 2011 can be remove by stopping the process hee.exe and remove the file by using Emsisoft HiJackFree. Then the user should remove the registries entries added and modified by Vista Anti-Virus 2011 according to the removal guide stated below.

Vista Anti-Virus 2011 should be removed immediately!

Vista Anti-Virus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
hee.exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\.exe | @ = "pezfile"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile

Remove Folders and Files
%AppData%\hee.exe

Windows AV Software Removal Guide

Windows AV Software Removal Guide
Windows AV Software is a fake antivirus program that disguises itself as a legitimate antivirus which cannot protect computers at all. When Windows AV Software installs in the computer, it will start automatically when Windows boot. Windows AV Software will scan the computer and state that the computer is infected by malwares. In fact, Windows AV Software cannot detect any malware in the computer. Windows AV Software is seeded around the web by the fake Microsoft Security Essentials Alert trojan, which puts up a pretense of being a legitimate error message from your operating system. Windows AV Software will continue to alert the user to remove the malware by asking the user to purchase the full version of Windows AV Software in order to remove the malware and to have full time protection.

Windows AV Software can be removed by using Emsisoft HiJackFree to stop the process of Windows AV Software and remove the files. Then the user should remove the registries entries added and modified by Antivirus Scan Demo according to the removal guide stated below.

Windows AV Software should be removed immediately!

Windows AV Software Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

Remove Folders and Files
%UserProfile%\Application Data\[RANDOM].exe

XP Anti-Virus 2011 Removal Guide

XP Anti-Virus 2011 Removal Guide
XP Anti-Virus 2011 is a fake antivirus program designed to pilfer money form hapless computer users. XP Anti-Virus 2011 reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. XP Anti-Virus 2011 uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, XP Anti-Virus 2011 do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have XP Anti-Virus 2011 removed form your system immediately.

XP Anti-Virus 2011 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

XP Anti-Virus 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

XP Anti-Virus 2011 should be removed immediately!

XP Anti-Virus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[3 RANDOM LETTERS].exe
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Vista Home Security 2011 Removal Guide

Vista Home Security 2011 Removal Guide
Vista Home Security 2011 is a fake antivirus program designed to pilfer money form hapless computer users. Vista Home Security 2011 reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. Vista Home Security 2011 uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, Vista Home Security 2011 do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have Vista Home Security 2011 removed form your system immediately.

Vista Home Security 2011 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

Vista Home Security 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Vista Home Security 2011 should be removed immediately!

Vista Home Security 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[3 RANDOM LETTERS].exe
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

XP Home Security 2011 Removal Guide

XP Home Security 2011 Removal Guide
XP Home Security 2011 is a fake antivirus program designed to pilfer money form hapless computer users. XP Home Security 2011 reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. XP Home Security 2011 uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, XP Home Security 2011 do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have XP Home Security 2011 removed form your system immediately.

XP Home Security 2011 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

XP Home Security 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

XP Home Security 2011 should be removed immediately!

XP Home Security 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[3 RANDOM LETTERS].exe
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Win 7 Home Security Removal Guide

Win 7 Home Security Removal Guide
Win 7 Home Security is a fake antivirus program designed to pilfer money form hapless computer users. Win 7 Home Security reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. Win 7 Home Security uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, Win 7 Home Security do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have Win 7 Home Security removed form your system immediately.

Win 7 Home Security can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

Win 7 Home Security can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Win 7 Home Security should be removed immediately!

Win 7 Home Security Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[3 RANDOM LETTERS].exe
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru