Friday, April 1, 2011

Antimalware Tool Removal Guide

Antimalware Tool Removal Guide
Antimalware Tool is a fake antivirus program which intend to urge the user whose computer is infected by Antimalware Tool to purchase the full version of Antimalware Tool. Antimalware Tool produces fake alert in order to cheat the user. Antimalware Tool installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Antimalware Tool will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Antimalware Tool to remove all the malwares.

Antimalware Tool ask the user to activate Antimalware Tool to get ultimate protection against Identify Theft, Malware and other threats! Antimalware Tool create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

Antimalware Tool should be removed immediately!

Antimalware Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\[random].exe'

Remove Folders and Files
delete the files stated in autorun settings of Antimalware Tool
%UserProfile%\Application Data\[random].exe

No comments:

Post a Comment