Super AV - Fake AV - rogue

Super AV - Fake AV - Rogue

Files:
C:\WINDOWS\atexbees.exe


Register:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security" = "C:\Windows\atexbees.exe"

Security Monitor 2012

Security Monitor 2012 - it's fake antivirus. It's a rogue that found false detects on your PC and ransom money for healing computer.

Virus create next files:

%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Monitor.lnk

%AppData%\Security Monitor\IcoActivate.ico

%AppData%\Security Monitor\IcoHelp.ico

%AppData%\Security Monitor\IcoUninstall.ico

%AppData%\Security Monitor\Security Monitor.exe

%AppData%\Security Monitor\securityhelper.exe

%AppData%\Security Monitor\securitymanager.exe

%Desktopdir%\Security Monitor.lnk

%StartMenu%\Programs\Security Monitor\Activate Security Monitor.lnk

%StartMenu%\Programs\Security Monitor\Help Security Monitor.lnk

%StartMenu%\Programs\Security Monitor\How to Activate Security Monitor.lnk

%StartMenu%\Programs\Security Monitor\Security Monitor.lnk

%StartMenu%\Programs\Security Monitor.lnk

Registry edit:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

[Security Monitor] = "\"C:\\Documents and Settings\\Admin\\Application Data\\Security Monitor\\Security Monitor.exe\" /STARTUP"

[Security Monitor 2012 Security] = "C:\\Documents and Settings\\Admin\\Application Data\\Security Monitor\\securitymanager.exe"

Remove this virus very easy. Just read next guides:

1. General information about trojans and viruses

2. How to kill process from memory

3. How to remove programs from startup

4. How to define malicious program or not

I hope my guides help you to clean your PC from viruses and trojans.

AV Protection 2011 - FakeAV - REMOVAL GUIDE

AV Protection 2011 - it is fake antivirus. Only money ransom.

Files are created:

C:\Documents and Settings\<UserName>\Application Data\FCE03\0FD4B.exe
C:\Documents and Settings\<UserName>\Application Data\FCE03\3F0D.CE0
C:\Documents and Settings\<UserName>\Application Data\LUUJ1wscH0aTNzF\AV Protection 2011.ico
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Protection 2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
C:\Program Files\03F0D\lvvm.exe
C:\Program Files\LP\4B7F\027.exe
C:\Program Files\LP\4B7F\2.tmp
C:\Program Files\LP\4B7F\3.tmp
C:\Program Files\LP\4B7F\4.tmp
C:\WINDOWS\system32\AV Protection 2011v121.exe





Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"027.exe" = "C:\Program Files\LP\4B7F\027.exe"
"ZikkWC6uQ" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
"wbbIK2edvJwcHqT8234A" = "C:\WINDOWS\system32\AV Protection 2011v121.exe"

Random key names.


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

I hope this guide helps you :)

Privacy Protection - Removal Guide ( FakeAV Rogue )

Privacy Protection - dangerous virus, also known as FakeAV or Rogue. It block most of all programs and you can't to do anything.

To remove this virus first of all you need kill them from memory.

Click "Start" menu and select "Run" option. Type-in the following text exactly as it is specified here:
taskkill.exe /F /IM privacy.exe

This will kill the process of Privacy Protection virus. (if you could not do it from the first attempt then try again)

When the virus outside of memory you can do something to remove it from you PC forever.

Go to the website www.Trojan-Killer.net and download Trojan-Killer.

Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.

Press the Remove Selected to remove them.

Files are created:
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\All Users\Application Data\privacy.exe
C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk


Register:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Privacy Protection = C:\Documents and Settings\All Users\Application Data\privacy.exe

AV Security 2012 - How To Remove - FakeAV - Rogue

AV Security 2012 - it is fake antivirus. Only money ransom.

Files are created:
C:\Documents and Settings\<UserName>\Application Data\iEEDV8olEViWC\AV Security 2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Security 2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
C:\WINDOWS\system32\AV Security 2012v121.exe
(Will be possible to meet such a file C:\WINDOWS\system32\virus.exe)




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qxxTGN9pR8234A"="C:\WINDOWS\system32\AV Security 2012v121.exe"

Random key names.


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

I hope this guide helps you :)

System Security 2012 FakeAV How To Remove

System Security 2012 - it is fake antivirus. Only money ransom.

Files are created:
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Application Data\rCC66jQAXymZtn3\System Security  2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Desktop\System Security  2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security  2012\System Security  2012.lnk
C:\WINDOWS\system32\pttggOL3r.exe (It's random file name)
C:\WINDOWS\system32\System Security 2012v121.exe




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"


Random key names.



To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

I hope this guide helps you :)

System Security 2011 - Fake AV - Rogue - Removal Guide

System Security 2011 - it is fake antivirus. Only money ransom.

Files are created:


C:\Documents and Settings\<UserName>\Application Data\GRRFB8olDViWCkC\System Security  2011.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\System Security  2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security  2011\System Security  2011.lnk
C:\WINDOWS\system32\D888oFB8lEViW6j.exe (It's random file name)




Registry edit:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"


Random key names.



To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

I hope this guide helps you :)

Windows XP Repair - Fake AV Removal Guide

The "Windows XP Repair" Fake AV hides all files and folders, and brings all the shortcuts in a some folder.

So that would find anything on your computer to show hidden files and folders.
To do this, open My Computer. In the menu click Tools - Folder Options.

Click the tab View. Scroll to the "Show hidden files and folders", select this option and click OK.

Now you can see the files and folders that were hidden in a consequence of virus infection.


Now again run My Computer and type in the address bar website trojan-killer.net and press Enter.

On this site you will need to download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

Files created:

C:\Documents and Settings\All Users\Application Data\HCPnpjMsSrIRBiL.exe
C:\Documents and Settings\All Users\Application Data\14147364.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
C:\Documents and Settings\<UserName>\Desktop\Windows XP Repair.lnk



Registry key created:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HCPnpjMsSrIRBiL"="C:\Documents and Settings\All Users\Application Data\HCPnpjMsSrIRBiL.exe"




Also I recommend you to read this guides:
General information about viruses and trojans
How to kill process from memory
How to remove programs from startup
How to define malicious program or not

System Restore - Fake AV - Rogue - How to remove

Rogue System Restore hides all files and folders, and brings all the shortcuts in a some folder.

So that would find anything on your computer to show hidden files and folders.
To do this, open My Computer. In the menu click Tools - Folder Options.

Click the tab View. Scroll to the "Show hidden files and folders", select this option and click OK.

Now you can see the files and folders that were hidden in a consequence of virus infection.


Now again run My Computer and type in the address bar website trojan-killer.net and press Enter.

On this site you will need to download Trojan-Killer.


Run and install it.

Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.

When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.

Files created:
C:\Documents and Settings\<UserName>\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
C:\Documents and Settings\<UserName>\Desktop\System Restore.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\2.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\P1kAlMiG2Kb7Fz.exe.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\P5tM1QBI6DSS92.exe.tmp
C:\ProgramData\1kAlMiG2Kb7FzP.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Restore\System Restore.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
C:\Documents and Settings\All Users\Application Data\wkocffmpai
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\Documents and Settings\All Users\Application Data\wkocffmpai.exe (or opYeyfNfgoELQR.exe, MipGepTjgvGvb.exe, VeGeMHdmoTmIHU.exe, nFEDeRLYbhvow.exe, nkvdydMXkOjUTm.exe, VBiiKvMvycJo.exe, nGAJwRsisPtsC.exe, lcfPLNqtMDTx.exe, kMoUUJmEvJ.exe, beUBhsyFTRXwF.exe, mNapNprtKQL.exe, GaRJGgXVekDX.exe, SkMtEGuPVoS.exe, KpLRDMpSNRdCe.exe, EwXTzauZm.exe, FuxUSdPsKW.exe, PubpyGvxbEEjj.exe)


Registry key created:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"wkocffmpai.exe"="C:\Documents and Settings\All Users\Application Data\wkocffmpai.exe" (or opYeyfNfgoELQR.exe, MipGepTjgvGvb.exe, VeGeMHdmoTmIHU.exe, nFEDeRLYbhvow.exe, nkvdydMXkOjUTm.exe, VBiiKvMvycJo.exe, nGAJwRsisPtsC.exe, lcfPLNqtMDTx.exe, kMoUUJmEvJ.exe, beUBhsyFTRXwF.exe, mNapNprtKQL.exe, GaRJGgXVekDX.exe, SkMtEGuPVoS.exe, KpLRDMpSNRdCe.exe, EwXTzauZm.exe, FuxUSdPsKW.exe, PubpyGvxbEEjj.exe)




How to restore all hidden files and deleted labels after virus?


Download and run next tools


GridinSoft Restore download link:
http://trojan-killer.net/download/restore.exe

GridinSoft Unhider download link:
http://trojan-killer.net/download/unhider.exe




Also I recommend you to read this guides:
General information about viruses and trojans
How to kill process from memory
How to remove programs from startup
How to define malicious program or not