Tuesday, October 18, 2011

Remove AV Protection Online

Remove AV Protection Online
AV Protection Online is a fake antivirus which is not from the opencloudav.com AV Protection Online infected your computer through a malicious website or Trojan. AV Protection Online scan the whole infected computer without any notice. After finish scanning, AV Protection Online shows false result that there are a lot of malware infections found on the computer. Moreover, the users of the infected computer will receive several warning alerts trying to force the users to purchase the fake full version of AV Protection Online. AV Protection Online cannot detect and remove any kind of virus, malware or trojan. AV Protection Online is a SCAM. Do not believe any warning or alert given by AV Protection Online. Most important, do not purchase the full version of AV Protection Online as it really cannot remove any kind of malware! AV Protection Online is delivered through many ways that involve installing via a bogus scanner page created to look like a Windows application screen. Another way of how AV Protection Online spreads is via a Trojan infection generated to look like a flash update or video codec.

AV Protection Online can be removed first by stopping its processes ([random].exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by AV Protection Online (Read the removal guide below to remove AV Protection Online successfully).

When AV Protection Online is installed, AV Protection Online will be configured to start automatically installing a file called [random].exe. Once Windows is started, [random].exe will automatically be launched, which will then start the main executable for this infection.

AV Protection Online should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…”
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"

Remove Folders and Files
%Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online
%Documents and Settings%\[UserName]\Desktop\AV Protection Online.lnk
%Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp
%Documents and Settings%\[UserName]\Application Data\ldr.ini
%Documents and Settings%\[UserName]\Application Data\[random]
%Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online
%Windows%\system32\[random].exe
%AppData%\[random]

No comments:

Post a Comment