Tuesday, February 22, 2011

Mega Antivirus 2012 Removal Guide

Mega Antivirus 2012 Removal Guide
Mega Antivirus 2012 is a very dangerous fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Mega Antivirus 2012 pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Mega Antivirus 2012 is installed on the computer, it will start automatically when Windows boot. Then Mega Antivirus 2012 will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Mega Antivirus 2012 will then warn the user that he should not make fun of it. If the user try to look into the infection, Mega Antivirus 2012 will show message "Do not play with this rogue" and then after a while, Mega Antivirus 2012 will really scare the user with this final message: "Say good-bye to your computer". Then, Mega Antivirus 2012 will force the computer to restart. However, the computer will not restart properly as Mega Antivirus 2012 has removed the file ntldr from the system drive. Without this file (ntldr), the windows will not reboot.

Mega Antivirus 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Mega Antivirus 2012 shown in the removal guide below. All files related to Mega Antivirus 2012 must be deleted.

Mega Antivirus 2012 should be removed immediately!

Mega Antivirus 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
addon.exe
ma2012.exe
install.exe

Delete Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies C:\WINDOWS\addons\addon.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger C:\app1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies C:\WINDOWS\addons\addon.exe
HKCU\Software\WinRAR SFX\C%%WINDOWS%addons C:\WINDOWS\addons
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\addons C:\WINDOWS\addons\addon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemStart C:\WINDOWS\addons\ma2012.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45O3M0BQ-217X-LR5A-LU8X-18207F677R23}\StubPath C:\WINDOWS\addons\addon.exe Restart
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger C:\app1.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU C:\WINDOWS\addons\addon.exe

Remove Folders and Files
%WINDIR%\addons\base\license.pwd
%WINDIR%\addons\addon.exe
%WINDIR%\addons\ma2012.exe
%WINDIR%\install.exe

No comments:

Post a Comment