Thursday, March 29, 2012

Smart Fortress 2012 virus - Removal Guide

Smart Fortress 2012 - Very advanced virus extortionist.

It is very difficult to get rid of it, but the way is still there.



Icon of Smart Fortress 2012

Main window of Smart Fortress 2012

Fake Warning by Smart Fortress 2012



HOW TO GET RID OF THIS TERRIBLE VIRUS



Step 1.

Press WinKey + R

Step 2.

Type http://trojan-killer.net/download/pkiller.exe
and press Enter key to download pkiller tool.

Step 3.

Right mouse click on the PKiller icon and select Run as...

Step 4.

Uncheck a checkbox as shown on screenshot.
And click OK.

Step 5.

Repeat steps 3 and 4 untill you see this message.
If you see this message then the virus was terminated.



DO NOT CLOSE THE PROCESS KILLER WINDOW

TO COMPLETE ENTIRE PROCESS OF VIRUS REMOVAL.



Step 6.

Now you can open your Internet Browser and download the Trojan-Killer
Run and install it.

Step 7.

After installation of Trojan Killer run a scan.

Step 8.

When scaning is complete. Click on Remove Selected button as shown on a screen.


Thats all. You can reboot your PC and make sure that the virus is removed.



Additional information.

Files created by virus:

C:\Documents and Settings\<UserName>\Desktop\Smart Fortress 2012.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Smart Fortress 2012\Smart Fortress 2012.lnk
C:\Documents and Settings\All Users\Application Data\<RandomNameFolder>\<RandomNameFile>.exe

Wednesday, February 22, 2012

Internet Security Virus - Easy Remove

Internet Security - It's a Fake AV (Rogue, Virus, Malware) that blocks Task Manager and other programs.
It show a fake messages about infections on your PC and wish a money for disinfect it, but don't cure it.


Internet Security Icon
Internet Security main window


IS'T EASY WAY TO DELETE THIS VIRUS


Step 1.
Open "Start menu" and click on "Run" icon as shown in screenshot.
In command line type "taskkill /f /im isecurity.exe" as shown in screenshot and press Enter.


Step 2.


Go to the Trojan-Killer.net and download Trojan-Killer programm.


Step 3.
Install Trojan-Killer


Step 4.
After installation run it


Step 5.
Wait until the scanning process is completed


Step 6.
After scaning click on "Remove Selected"


Thats all. Good bye :) I hope this guide helps you to remove this terrible virus.


Additional information
Files:
C:\Documents and Settings\All Users\Application Data\isecurity.exe
C:\Documents and Settings\All Users\Desktop\Internet Security.lnk


Registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Internet Security" = "C:\Documents and Settings\All Users\Application Data\isecurity.exe"

Friday, February 17, 2012

System Check Virus - How To Get Rid

System Check - It's Fake AV (Rogue, Virus, Malware). Just ransom money, nothing more.

System Check icon
Fake Errors
One more message
System Check main window
Effects of virus activity. All icons from Start menu and desktop are dissapeared.
HOW TO GET RID OF THE SYSTEM CHECK VIRUS

Step 1.

Press WinKey + R
Step 2.

In the opened command line type http://trojan-killer.net end press Enter
Step 3.

Download Trojan-Killer and run it.
Step 4.

Install Trojan-Killer
Step 5.

Run after installing
Step 6.

Wait while Trojan-Killer updade
Step 7.

After update scaning start automaticaly
Step 8.

Remove selected viruses
Step 9.

Run restore tool, and reset IE settings
Step 10.

Restart your PC

I HOPE THIS GUIDE HELPS YOU TO DELETE SYSTEM CHECK VIRUS :)

Additional Information.
System Check virus saved in hard disk with random named:
elXE7O7kJEBqT2.exe, HjLoCTYovD.exe, 6Hiyf0CT8BQuRB.exe, aSlILEXTGK87pa.exe, bR10hjnBB0Lpl.exe, ctsPWQNgCGxQAM.exe, dJfESasFBfaCsH.exe, fSTdkdZMtxFJkF.exe, ghxSJLETyoE.exe, GViAGAIDJIj.exe, hlBQa4E0touTaM.exe, IFEvuifXpHuouiv.exe, NjnSXj2tuRoKUS7.exe, rlETiIymYqlcUo6.exe, tauWkXtJMV9Db16.exe, ZQLvmgjdesHXTo2.exe, ZQLvmgjdesHXTo.exe, LoBoUYvVYw.exe, OgpDDLdaoq.exe, pBdLGFtTPyTq4K.exe, I97Lhx0Ur44APQ.exe, gVCMtk2aAKoij7.exe, vkYWHap0CdYhWW.exe, muNojdbroJgYEBX.exe, aPPhFOdsiSvcW7.exe, BHMmHjYKMAcfJ.exe, 0ewnDCcYZm4iD3.exe, gIknGA87xxJsXw.exe, PiGUNCilaeLmpu.exe, dpJPDS5zQXezbA.exe, xImULAUPBbuJP.exe, Jv4J8k9ZI2dNK6.exe, DeWkPGfSKxJfrv.exe, mPEEtw0FBFwhHE.exe, 9Zh9PqXYrplTPt.exe, 1O2o5Lb6LBhKTu.exe, FtY2mOkk7pve3M.exe, hhBUqpMjwRyef.exe, Wseuh3qsrMaNwj.exe, A1RX7zy8DgkpIQ.exe, 1MBJNfryNudaBx.exe, d2hl1WNdwFUQTx.exe, Y5Jt54B3tgxAhj.exe, 6sMTpXHIHIDMiu.exe, FNUpoBDe7Eh4nB.exe, oY80E0A3oE8428.exe, yiaYdRfrCjDkrP.exe, Q8Jj92og9IaiOP.exe, gnvI5aAHmNSLWb.exe, fPa6UdkhxeC6yN.exe, wbwILJy9bS5PBx.exe, LWhRvhHGnxlb4Z.exe, RhXKiTAQTdkfUsv.exe, D6nJ6QgLH4n7uj.exe, dAhFAvypmBDkGG.exe, MkZgT5YT24PhUu.exe, dwVTehTVyfVwUz.exe, wU4PAImT4vqv8b.exe, EBwohSmD2z5slH.exe, UeTjQalhkrwo31.exe, stTb6fzDOvR36S.exe, rZUjMC9UfwQjpi.exe, aKOdSYRlPw.exe, cwuKGCkVOILNu.exe, gvSR04lzAEFGnF.exe, zzlugUg198bjnN.exe, HtwXTICLskgoqa.exe, pgR68QKlA82AiX.exe, YSKyBGXKufhzjl.exe, 0Qnpcw6RN2fTfT.exe, l5Yvpgc7IHOvPG.exe, fFldlHRWjE.exe, xPjxtTsYl3qJDo.exe, dGjFaowmJSBwz3.exe, 5dav05veeegnfd.exe, 7bBESB2WJxbbog.exe, 1kAlMiG2Kb7FzP.exe, eu3fxtu7k.exe, 5dAv05veEEGnFD.exe, 11LgbhuIEemvEx.exe, yRXawHVrgFKjit.exe, E44VUIbrfRPsIe.exe, tK7RR9NkXHeupu.exe, 99WEo1VbBLlrIJ.exe, tDSwR0FVohJmhD.exe, zc24Lp02GXSZrk.exe, ey4oNJqwOgBclX.exe, OgpDDLdaoq.exe, QngLqBh4Uh1mgg.exe, n34qmiGOCOItaN.exe, D8opXeiXM6oZKx.exe, dAhFAvypmBDkGG.exe, fRWQFf1xHcKXXG.exe, CZ7L11beLoDUSv.exe, 7F6SrcE5kfgCsr.exe, YVg6j6ft7eFowM.exe, 0EoGlhpqfMk2xW.exe, E73VRiLGP6pkpb.exe, JG3U7FYhmzpZlA.exe, FB6Sx3NDGppDU6.exe, QXrnnZ0f2CPURj.exe, Njw6dU5SyvPhic.exe, NiEPAkXfDEhi.exe, BUYb1NLnpjLHYp.exe, vAYW5uxswcccap.exe, 9MVWHoNhOzAqZp.exe, DvhhCCFbLujqW.exe, MDpvuKDqT0HQQt.exe, aoJdsIXIjoqyd.exe, wpyigYDfWj.exe, KJLp67ulyEdtFU.exe, 9SMCCuIkakzNz5.exe, qLYEwoUwbT.exe, CdYe4VFba1YyaC.exe, pDCFmzrI4KSE4N.exe, p3efvXR0ndPmPU.exe, xP86UelhhDds5G.exe, ISj5jP7c6wL1pZ.exe, FEPXvquGMaIdUNF.exe, WzEjZgxQwuruPE.exe, om2V5ciGsylbbO.exe, FEPXvquGMaIdUNF.exe, i26UVs4aaKWhOj.exe, HxiSncYsv2876J.exe, 7BGJbkbrQmhgpf.exe, fA4nFAWTifUL9y.exe and other.

Monday, January 23, 2012

Smart Protection 2012 - FAKE AV - ROGUE

Smart Protection 2012 - FAKE AV - Removal Guide


Files created:

C:\Documents and Settings\<UserName>\Desktop\Smart Protection 2012.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Smart Protection 2012\Smart Protection 2012.lnk
C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe




Register edit:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\<RandomNumericName> C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\DisplayIcon C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe,0
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\DisplayName Smart Protection 2012
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\ShortcutPath "C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe" Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\UninstallString "C:\Documents and Settings\All Users\Application Data\<RandomFolder>\<RandomNumericFile>.exe" Uninstall

How to remove Smart Protection 2012
First of all you should download anti-trojan software Trojan-Killer.


Virus can block any runing programs. But you can rename install of trojan-killer to "explorer.exe" and it's should be run normally.



Run and install it.



Upon completion of installation, uncheck the Launch GridinSoft Trojan Killer checkbox and click Finish.



Why we did not run Trojan-Killer after installation? Becouse Smart Protection 2012 block all application exclude explorer.exe.

Next step to delete Smart Protection 2012 will be rename of Trojan-Killer to explorer.exe :)
Go to the folder where Trojan-Killer installed and rename "trojankiller.exe" to "explorer.exe".


Then you can run Trojan-Killer and scan your system.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



Wednesday, December 28, 2011

Super AV - Fake AV - rogue

Super AV - Fake AV - Rogue





Files:
C:\WINDOWS\atexbees.exe


Register:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security" = "C:\Windows\atexbees.exe"