Wednesday, June 8, 2011

Win 7 Anti-Virus 2012 Removal Guide

Win 7 Anti-Virus 2012 Removal Guide
Win 7 Anti-Virus 2012 is a fake antivirus program which intend to urge the user whose computer is infected by Win 7 Anti-Virus 2012 to purchase the full version of Win 7 Anti-Virus 2012. Win 7 Anti-Virus 2012 produces fake alert in order to cheat the user. Win 7 Anti-Virus 2012 installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Win 7 Anti-Virus 2012 will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Win 7 Anti-Virus 2012 to remove all the malwares. Win 7 Anti-Virus 2012 is highly likely to block genuine scanning software and hijack your web browser through a proxy server.

Win 7 Anti-Virus 2012 can be remove by stopping the process hee.exe and remove the file by using Emsisoft HiJackFree. Then the user should remove the registries entries added and modified by Win 7 Anti-Virus 2012 according to the removal guide stated below.

Win 7 Anti-Virus 2012 should be removed immediately!

Win 7 Anti-Virus 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘

Remove Folders and Files
%Temp%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random]
%AppData%\Local\[random].exe
%AllUsersProfile%\[random]

No comments:

Post a Comment