Tuesday, March 15, 2011

Windows Remedy Removal Guide

Windows Remedy Removal Guide
Windows Remedy is a fake antivirus program which is used to trick the user to buy a fake antivirus program. Windows Remedy install into PC without permission of users unless the user set the UAC level to the highest level. Windows Remedy tries to convince the users that their computers are infected by malware inside their machines. In fact, Windows Remedy is the malmare that infect the computers. Then Windows Remedy will consistently asks the users to buy the full version of Windows Remedy in order to get rid of the malwares. Don't ever be cheated by buying this fake antivirus program.

Windows Remedy is not able to detect or delete any infections. Windows Remedy always show that the computer is not protected. It provide features like other antivirus program. It can be removed by stopping its processes [random].exe and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Windows Remedy should be removed immediately!


Windows Remedy Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugge = "svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe 'Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%AppData%\Microsoft\[random].exe
pcsweeper.exe

No comments:

Post a Comment