Wednesday, July 6, 2011

Windows Salvor Tool Removal Guide

Windows Salvor Tool Removal Guide
Windows Salvor Tool is a fake antivirus program that tricks the user to purchase the full version of Windows Salvor Tool by showing fake detection of the computer. When Windows Salvor Tool is installed in the computer, it will start automatically when Windows boot. Then, Windows Salvor Tool will scan the computer and will surely state that there are many files in the computer are infected by malwares. Windows Salvor Tool will urge the user to purchase the full version of Windows Salvor Tool in order to remove all the malwares. However, Windows Salvor Tool cannot detect and remove any malware from the computer. All the detection is a lie. Windows Salvor Tool pretends to be affiliated with Microsoft by using the Windows icon and a comprehensive and user-friendly interface.

Windows Salvor Tool can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified must be cleared by using Windows Registry Editor.

Windows Salvor Tool is part of the Fake Microsoft Security Essentials infection. When this infection is installed on the computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on the computer.

Windows Salvor Tool should be removed immediately!

Windows Salvor Tool Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
Remove Folders and Files
%AppData%\Microsoft\[random].exe

No comments:

Post a Comment