Wednesday, March 9, 2011

Windows Servant System Removal Guide

Windows Servant System Removal Guide
Windows Servant System is a fake antivirus program. Windows Servant System install to the computer through trojan which opens a backdoor on the computer. There are many computers which has been infected by trojans (they are not detected by antivirus). Such trojans make this fake antivirus install to the computer without any confirmation of the users. Windows Servant System start automatically when the computer boot. The main purpose of Windows Servant System is to cheat money from the users by producing fake scan result to scare the users to buy the full version of Windows Servant System. Windows Servant System should not be a trusted program for detecting and eliminating computer issues including malware. Windows Servant System cannot detect and remove any kind of virus, malware and trojan.

Windows Servant System can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Servant System shown in the removal guide below. All files related to Windows Servant System must be deleted.

Windows Servant Systemshould be removed immediately.


Windows Servant System Removal Guide
Kill Process
(How to kill a process effectively?)
%UserProfile%\Application Data\[random].exe
%AppData%\[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = "%AppData%\{random}.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\[random].exe"

Remove Folders and Files
%UserProfile%\Application Data\[random].exe
%AppData%\[random].exe

No comments:

Post a Comment