Wednesday, September 28, 2011

Personal Shield Pro - How to remove fake antivirus






Files created:
C:\Documents and Settings\Admin\Local Settings\Temp\aA92E.tmp
C:\Documents and Settings\All Users\Application Data\<RandomName> (Example: nI19600AiOdB19600)
C:\Documents and Settings\All Users\Application Data\<RandomName>\<RandomName>
C:\Documents and Settings\All Users\Application Data\<RandomName>\<RandomName>.exe


Register changed:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce "<RandomName>" = "C:\Documents and Settings\All Users\Application Data\<RandomName>\<RandomName>.exe"
Author: на
Keywords:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)