Saturday, April 23, 2011

Fake BitDefender 2011 Removal Guide

On the one hand, the program under consideration has been created by renaming and scripts modification of existing counterfeit. On the other hand, it pretends to be a renowned genuine security tool as its name is a direct intellectual property theft.
That is, a counterfeit created by means of another counterfeit modification pretends to be a well-known security tool, even a program of common knowledge.
Remove BitDefender 2011 rogue and do not confuse it with legitimate programs of BitDefender family. The rogue developers have not even tried to create a real double of the software which name they stole as their fake product has the same interface as E-Set Antivirus 2011 and AVG Antivirus 2011.
Click here to start free scan and get rid of BitDefender 2011 fake antivirus as another awkward attempt of hackers to fool users. 


BitDefender 2011 screenshot:


BitDefender 2011 removal tool:


BitDefender 2011 manual removal guide:
Delete BitDefender 2011 files:
 C:\Program Files\BitDefender 2011\
C:\Program Files\BitDefender 2011\bitdefender.exe
C:\Documents and Settings\All Users\Start Menu\BitDefender 2011\
C:\Documents and Settings\All Users\Start Menu\BitDefender 2011\BitDefender 2011.lnk
%AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
%UserProfile%\Desktop\BitDefender 2011.lnk
C:\WINDOWS\system32\msiexecs.exe

Delete BitDefender 2011 registry entries:
HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "BitDefender 2011" = 'C:\Program Files\BitDefender 2011\bitdefender.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 21.04.2011"


Posted by at No comments:
Labels: , , ,

Wednesday, April 20, 2011

Get Rid of XP Total Security 2011 as Even Its Installation Method So Suggests

The way of this program delivery by itself suggests XP Total Security 2011 removal. Usual method applied to implant this program is to entice users visiting seemingly harmless website. Users consider such websites harmless, because part of its name is a name of evidently trustworthy source e.g. MSN.
Suggested website appears to be a scanner or a home-page of a security solution. Needless to guess, the solution is a counterfeit presented to users under the name of XP Total Security 2011.
The website suddenly seems to be closed and then a popup appears at the middle or top of the desktop. It would rave something about issues detected on the computer system and then guide user directly to the adware download and installation dialog. In fact, the popup and the dialog are modified pages of the malware website.
As you can see, the wizard is also a showcase as real installation is performed via backdoor anyway. As a consequence, user’s approval of the adware installation is a part of  the user’s cheating. That is, hackers want to make an appearance that users themselves install the program.
Get rid of XP Total Security 2011 rogue and misleading system utility, as well as launch free scan in order to detect and exterminate real security and privacy threats.  

XP Total Security 2011 screenshot:


XP Total Security 2011 removal tool:


XP Total Security 2011 manual removal guide:
Delete infected files:
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
 Delete infected registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’

Posted by at No comments:
Labels: , , ,

Remove Antispywareon.com hijacking tool

The web is still one of the safest places for villains of any kind. One of the main reasons for that are low requirements to identity verification. For instance, there are no or easy to circumvent barriers for general website registration.That is why worldwide web abounds in websites like Antispywareon.com. They are registered on dummy persons, often without their knowledge, or on persons that do not exists.
The above website is dedicated to extremely annoying and misleading software. It is also pretends to assess security state of visiting computer.
Antispywareon.com removal has a double meaning as there  is a browser hijacker infection in addition to the content the page promotes. If this page has been downloaded, even once, there is a considerable risk of browser  hijacking by malicious browser helper. To detect the hijacker and get rid of Antispywareon.com  annoyance, click here to start free scan.
Antispywareon.com screenshot:


Antispywareon.com removal tool:

Posted by at No comments:
Labels: , ,

Tuesday, April 19, 2011

Remove Total Virus Scanner rogueware

Total Virus Scanner is another contribution to super-numerous family of Windows security tools. Basically, there is a single basic program code for Vista, XP and Win7 variants of Windows, which simply picks up one of the names by blind choice with only restriction that the name conforms to the system version. For instance, XP Antispyware is a name to be set for XP versions infected, Win 7 Antimalware is a name the basic adware would  pick up for Win 7.
However, Total Virus Scanner removal has its peculiarities compared to other modification of the basic program code. In spite of the similarity of rogue programs resulted from the modification their removal should be considered on case to case basis as there are essential differences between   clones within the family.
Get rid of Total Virus Scanner adware as one of the fake Windows security tools which are know to make their way into computer systems under the guise of Windows Update. Free scan  as  a necessary Total Virus Scanner removal stage is available here.

Total Virus Scanner remover:


Total Virus Scanner manual removal guide:
Delete infected files:
%Program Files%\Total Virus Scanner
%Program Files%\Total Virus Scanner\[random].exe

Delete infected registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Total Virus Scanner”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]“


Posted by at No comments:
Labels: ,

Friday, April 15, 2011

Get rid of XP Anti-Virus 2011 as a part of Big Cleanup

Deception and intimidation are main marketing tools for XP Anti-Virus 2011. Providing deceptive description of this product hackers by means of fraud persuade users into downloading the software.
Once the download and installation are performed by credulous user, the time for terrifying begins. The intimidation comprises sets of deceptive notifications informing of crucial system errors and deadly viruses.  The program is not a genuine security tool. That means its notifications have no relation to error or virus detections and are only shown to scare users.
Download and installation of the deceptive software is also possible without any user’s aid, neither user’s notification thanks to the effort of several carriers. According to the methods of their own multiplication and introduction into  PC memory  they are divided into worms and trojans.
Click here to get rid of XP Anti-Virus 2011 scam. The suggested way of XP Anti-Virus 2011 removal is based on free system scan and implies overall system disinfection with the adware disposal as inevitable part of it.

XP Anti-Virus 2011 screenshot:


XP Anti-Virus 2011 removal tool:

XP Anti-Virus 2011 manual removal guide:
Delete infected files:
%AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
%AppData%Local[random].exe
%AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
%AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
%Temp%t3e0ilfioi3684m2nt3ps2b6lru
Delete infected registry entries:
HKEY_CURRENT_USERSoftwareClasses.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USERSoftwareClasses.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%Local SettingsApplication Data[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefile “(Default)” = ‘Application’
HKEY_CURRENT_USERSoftwareClassesexefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeDefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOTexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesInternet Exploreriexplore.exe”‘

Posted by at No comments:
Labels: , , , ,

Get rid of Win 7 Total Security 2011 adware

Virus removers that do not remove abound in the web, especially in its part invisible for regular user. The invisible part is represented by spam and system backdoor targeting channels that pump such kind of removers into computer systems passing by download and/or installation approval by user stages.
Get rid of Win 7 Total Security 2011 as one of the most intensively pushed through the spam and backdoor channels fake virus remover. This is an easy for detection badware so that users which computers are  infected with its copy easily establish the source of odd alert.
To start free scan and remove Win 7 Total Security 2011 as unnecessary and annoying and quite destructive software product, click here to launch free scan.

Win 7 Total Security 2011 screenshot:



Win 7 Total Security 2011 removal tool:

 


Win 7 Total Security 2011 manual removal guide:
Delete infected files:
%AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
%AppData%Local[random].exe
%AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
%AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
%Temp%t3e0ilfioi3684m2nt3ps2b6lru
Delete infected registry entries:
HKEY_CURRENT_USERSoftwareClasses.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USERSoftwareClasses.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%Local SettingsApplication Data[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefile “(Default)” = ‘Application’
HKEY_CURRENT_USERSoftwareClassesexefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeDefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOTexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesInternet Exploreriexplore.exe”‘

Posted by at No comments:
Labels: , , ,

Thursday, April 14, 2011

Get rid of Rogue:Win32/FakeRean that fake Windows security

Multi-face counterfeited product is detected by several genuine AV tools under the following detection name:  Rogue:Win32/FakeRean.
In the meantime, there are several dozen of names given by hijackers to this program, e.g. WindowsFixDisk, Best Malware Protection, VistaSecurity.  Those names are used in GUI presented to the victims of the scam.
Removal of Rogue:Win32/FakeRean  means the same whatever name and face it would take. The same tricks are applied in propagation and post-installation   life of the fake antivirus. In particular, the adware  is often dropped as a Windows Security Update, i.e.  users download the parasite taking it for genuine Windows software. Click here to launch free scan and get rid of Rogue:Win32/FakeRean  and real viruses.

Rogue:Win32/FakeRean remover:


Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)