Tuesday, April 5, 2011

Antivirus Protection Trial Removal Guide

Antivirus Protection Trial Removal Guide
Antivirus Protection Trial is a fake antivirus program that try to pretend to be a real antivirus which can remove malware. However, Antivirus Protection Trial does not kill any malware from any computer. Antivirus Protection Trial infects the computer by installing malware into the computer which will try to disguise itself like a real antivirus which can detect and remove malware, trojan and virus. After installation complete, Antivirus Protection Trial will scan the computer and will surely state that the computer is infected by malwares and urge the user to buy the full version of Antivirus Protection Trial.

Antivirus Protection Trial can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Antivirus Protection Trial shown in the removal guide below. Antivirus Protection Trial DLL Files should be unregistered too (see removal guide). All files related to Antivirus Protection Trial must be deleted.

Antivirus Protection Trial should be removed immediately!

Antivirus Protection Trial Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = '127.0.0.1:33554'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures"'1'

Remove Folders and Files
%Temp%\[random]\[random].exe
%Temp%\[random]\

No comments:

Post a Comment