Tuesday, May 24, 2011

Windows Profile System Removal Guide

Windows Profile System Removal Guide
Windows Profile System is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Profile System is distributed through the same fake Microsoft Security Essentials Alert trojan that many other rogue anti-spyware programs are propagated through, allowing Windows Profile System a stealthy entry. Windows Profile System infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Profile System include browser hijacks, dysfunctional security applications and unauthorized changes to system settings. Windows Profile System will start automatically when Windows boot. Then, Windows Profile System will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Profile System in order to remove the detected malwares. Full version or unregistered version of Windows Profile System can do nothing.

Windows Profile System can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Profile System shown in the removal guide below. All files related to Windows Profile System must be deleted.

Windows Profile System should be removed immediately!

Windows Profile System Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%UserProfile%\Application Data\Microsoft\[random].exe
%Temp%\[random]

No comments:

Post a Comment