Tuesday, March 1, 2011

Windows Performance Manager Removal Guide

Windows Performance Manager Removal Guide
Windows Performance Manager is a fake antivirus program that try to act like a legitimate antivirus such as Kaspersky Antivirus which can really protect our computer from viruses, malwares and torjan. However, Windows Performance Manager cannot detect and remove any kind of viruses, malwares and trojan. Windows Performance Manager will run automatically when Windows boot and will do a fake scan on the computer and will DEFINITELY state that the computer has been infected by many malwares, viruses and torjans. Then Windows Performance Manager will shows pop ups to urge the user to purchase the full version of Windows Performance Manager to remove all the detected threats. Do not buy Windows Performance Manager, as it can do nothing. Windows Performance Manager uses fake Microsoft Security Essentials Alerts to circulate.

Windows Performance Manager can be removed by stopping the process PersonalSS.exe by Emsisoft HiJackFree and kill the file at the same time. Then, the user has to remove all the related files and registry entries added by Windows Performance Manager (see removal guide below).

Windows Performance Manager should be removed immediately!

Windows Performance Manager Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%ALLUSERSPROFILE%\Application Data\095a\sqlite3.dll
%ALLUSERSPROFILE%\Application Data\095a\mozcrt19.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

Remove Folders and Files
%UserProfile%\Application Data\[random].exe

No comments:

Post a Comment