Monday, February 21, 2011

Internet Security Essentials Removal Guide

Internet Security Essentials Removal Guide
Internet Security Essentials is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Internet Security Essentials is installed. Internet Security Essentials installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Internet Security Essentials will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Internet Security Essentials is to urge the user to register Internet Security Essentials by purchasing the full version of Internet Security Essentials so that to earn some money from the user. Internet Security Essentials cannot detect and remove any malware / virus / trojan.

Internet Security Essentials can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Security Essentials shown in the removal guide below. All files related to Internet Security Essentials must be deleted.

Internet Security Essentials should be removed immediately!

Internet Security Essentials Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security Essentials"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun ""1" = "MSASCui.exe"

unregister DLL
%AppData%\[random]\[random].dll

Remove Folders and Files
%AppData%\[random]

No comments:

Post a Comment