Wednesday, October 12, 2011

Remove Windows Monitor

Remove Windows Monitor
Windows Monitor is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Windows Monitor CANNOT detect and remove any kind of malware, trojan and virus. Windows Monitor can only cheat the user to purchase the full version of Windows Monitor so that to removed the detected threats. Do not believe any pop ups or report shown by Windows Monitor. All of them is a lie. We should also be watchful for potential browser hijack attempts, since Windows Monitor is based on malware known for abusing proxy servers.

Windows Monitor scare the user will many virus name such as Downloader.JS.Small, Sality AN, GameThief.Win32, WinWebSecurity2008 etc. Windows Monitor can be removed by using Emsisoft HiJackFree to stop the process of Windows Monitor and remove the files. Then the user should remove the registries entries added and modified by Windows Monitor according to the removal guide stated below.

Windows Monitor should be removed immediately!


Windows Monitor Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%Temp%\[random]
%UserProfile%\Application Data\Microsoft\[random].exe

No comments:

Post a Comment