Wednesday, March 16, 2011

E-Set Removal Guide

E-Set Removal Guide
E-Set is a fake antivirus. E-Set infected your computer through a malicious website or Trojan. E-Set scan the whole infected computer without any notice. After finish scanning, E-Set shows false result that there are a lot of malware infections found on the computer. Moreover, the users of the infected computer will receive several warning alerts trying to force the users to purchase the fake full version of E-Set. E-Set cannot detect and remove any kind of virus, malware or trojan. E-Set is a SCAM. Do not believe any warning or alert given by E-Set. Most important, do not purchase the full version of E-Set as it really cannot remove any kind of malware!


E-Set can be removed first by stopping its processes (OQ4C92F6.exe, E-Set.exe, iesafemode.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by E-Set (Read the removal guide below to remove E-Set successfully).

E-Set should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
%Temp%\OQ4C92F6.exe
c:\Program Files\E-Set\e-set.exe
c:\WINDOWS\system32\iesafemode.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "E-Set" = 'C:\Program Files\E-Set\E-Set.exe'
HKEY_CURRENT_USER\Software\Mon246
HKEY_CURRENT_USER\Software\A88246
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 28.01.2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'iesafemode.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Remove Folders and Files
%UserProfile%\Desktop\E-Set.lnk
%Temp%\OQ4C92F6.exe
c:\Program Files\E-Set\e-set.exe
c:\WINDOWS\system32\iesafemode.exe
c:\Documents and Settings\All Users\Start Menu\E-Set\Uninstall.lnk
c:\Program Files\E-Set\
c:\Documents and Settings\All Users\Start Menu\E-Set\
c:\Documents and Settings\All Users\Start Menu\E-Set\E-Set.lnk

No comments:

Post a Comment