Thursday, November 17, 2011

AV Protection 2011 - FakeAV - REMOVAL GUIDE

AV Protection 2011 - it is fake antivirus. Only money ransom.


Files are created:

C:\Documents and Settings\<UserName>\Application Data\FCE03\0FD4B.exe
C:\Documents and Settings\<UserName>\Application Data\FCE03\3F0D.CE0
C:\Documents and Settings\<UserName>\Application Data\LUUJ1wscH0aTNzF\AV Protection 2011.ico
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Protection 2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
C:\Program Files\03F0D\lvvm.exe
C:\Program Files\LP\4B7F\027.exe
C:\Program Files\LP\4B7F\2.tmp
C:\Program Files\LP\4B7F\3.tmp
C:\Program Files\LP\4B7F\4.tmp
C:\WINDOWS\system32\AV Protection 2011v121.exe





Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"027.exe" = "C:\Program Files\LP\4B7F\027.exe"
"ZikkWC6uQ" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
"wbbIK2edvJwcHqT8234A" = "C:\WINDOWS\system32\AV Protection 2011v121.exe"

Random key names.


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.




Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.




When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)

Thursday, November 10, 2011

Privacy Protection - Removal Guide ( FakeAV Rogue )

Privacy Protection - dangerous virus, also known as FakeAV or Rogue. It block most of all programs and you can't to do anything.

To remove this virus first of all you need kill them from memory.

Click "Start" menu and select "Run" option. Type-in the following text exactly as it is specified here:
taskkill.exe /F /IM privacy.exe


This will kill the process of Privacy Protection virus. (if you could not do it from the first attempt then try again)

When the virus outside of memory you can do something to remove it from you PC forever.

Go to the website www.Trojan-Killer.net and download Trojan-Killer.

Run and install it.


Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.


When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.




Files are created:
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\All Users\Application Data\privacy.exe
C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk


Register:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Privacy Protection = C:\Documents and Settings\All Users\Application Data\privacy.exe

Wednesday, November 9, 2011

AV Security 2012 - How To Remove - FakeAV - Rogue

AV Security 2012 - it is fake antivirus. Only money ransom.





Files are created:
C:\Documents and Settings\<UserName>\Application Data\iEEDV8olEViWC\AV Security 2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Security 2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
C:\WINDOWS\system32\AV Security 2012v121.exe
(Will be possible to meet such a file C:\WINDOWS\system32\virus.exe)




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qxxTGN9pR8234A"="C:\WINDOWS\system32\AV Security 2012v121.exe"

Random key names.


To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.




Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.




When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)

Tuesday, November 8, 2011

System Security 2012 FakeAV How To Remove

System Security 2012 - it is fake antivirus. Only money ransom.



Files are created:
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Application Data\rCC66jQAXymZtn3\System Security  2012.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Desktop\System Security  2012.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security  2012\System Security  2012.lnk
C:\WINDOWS\system32\pttggOL3r.exe (It's random file name)
C:\WINDOWS\system32\System Security 2012v121.exe




Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"


Random key names.



To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.






Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.






When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.



I hope this guide helps you :)