Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, April 6, 2011

Windows Antivirus 2011 removal guide

Source Thanks!
Windows Antivirus 2011 is a fake antivirus program that perform like a real antivirus such as Kaspersky Anti-Virus, AVG Free Antivirus, Avira AntiVir etc. Windows Antivirus 2011 infects the computer when the user accidentally downloads a trojan from a website which provide online videos. Windows Antivirus 2011 will start automatically when Windows boot. Then, Windows Antivirus 2011 will scan the computer and produce fake scan results and display many fake alerts to urge the user to purchase the full version of Windows Antivirus 2011 in order to remove the detected malwares. Windows Antivirus 2011 attracts PC users to unknowingly execute malicious actions on a compromised computer system.

Windows Antivirus 2011 can be removed first by stopping its processes (CB130_287.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Windows Antivirus 2011 (Read the removal guide below to remove Windows Antivirus 2011 successfully).
Windows Antivirus 2011 should be removed immediately!

Windows Antivirus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)

Delete Registry entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Windows Antivirus 2011.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Antivirus 2011.lnk
%UserProfile%\Application Data\Windows Antivirus 2011\Instructions.ini
%UserProfile%\Application Data\Windows Antivirus 2011\cookies.sqlite
%UserProfile%\Application Data\Windows Antivirus 2011
%UserProfile%\Start Menu\Windows Antivirus 2011.lnk
%UserProfile%\Desktop\Windows Antivirus 2011.lnk
C:\Documents and Settings\All Users\Application Data\23077d\CB130_287.exe

No comments: