Saturday, February 19, 2011

Windows AV Software Removal Guide

Windows AV Software Removal Guide
Windows AV Software is a fake antivirus program that disguises itself as a legitimate antivirus which cannot protect computers at all. When Windows AV Software installs in the computer, it will start automatically when Windows boot. Windows AV Software will scan the computer and state that the computer is infected by malwares. In fact, Windows AV Software cannot detect any malware in the computer. Windows AV Software is seeded around the web by the fake Microsoft Security Essentials Alert trojan, which puts up a pretense of being a legitimate error message from your operating system. Windows AV Software will continue to alert the user to remove the malware by asking the user to purchase the full version of Windows AV Software in order to remove the malware and to have full time protection.

Windows AV Software can be removed by using Emsisoft HiJackFree to stop the process of Windows AV Software and remove the files. Then the user should remove the registries entries added and modified by Antivirus Scan Demo according to the removal guide stated below.

Windows AV Software should be removed immediately!

Windows AV Software Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

Remove Folders and Files
%UserProfile%\Application Data\[RANDOM].exe

No comments:

Post a Comment