BitDefender 2011 fake software – how to get rid manually

April 21, 2011 By

BitDefender 2011 (the fake one Bit Defender 2011) is a rogue virus which tries to intimate to be a real and legitimate antivirus scan and virus removal software although it is a virus itself. This program is a scamware created by hackers to raise funds by selling fake computer and internet security/protection softwares. Programmers have used the name if Bit Defender antivirus software for this malware to trick more users into buying the fake BitDefender 2011. Please remember that is bogus and useless tool dose not belong to Bit Defender antivirus company so avoid making a purchase of this malware.
fake Bit Defender 2011 virus BitDefender 2011 fake software how to get rid manually

The malware is spread via malicious websites that offers free malware and virus removal services. Once this virus gets into your computer, it displays fake warnings and alerts telling you about insecure activity of your system and it offers you to run the full version of BitDefender 2011 to get rid of these viruses ands defend your system. When you select to install the full version, it asks you to pay the license fee which is the target of this virus. It dose not help your system even if your pay for it so its better to remove the fake BitDefender2011 instead of downloading and buying its updated version.

This fake program may display some errors on infected pc like:

Warning!
Virtumonde is an adware program that tends to monitor your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed.

About Internet Explorer Emergency Mode
Your PC is infected with malicious software and browse couldn’t be launched

You may use Internet Explorer in Emergency mode – internal service browser of Microsoft Windows system with limited usability.

Notice: Some sites refuse connection with Internet Explorer in Emergency Mode. In such case system warning page will be showed to you.

Warning! Identity theft attempt detected!
Attacker IP: <random IP address>
Attack Target: Microsoft Corp. Keys
Description: Remote host tries to get access to your personal information.

Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe

Remember! All these warnings, alerts and virus removal offers made by BitDefender 2011 virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove the fake BitDefender 2011 malware from your computer upon detection.

How to remove the fake BitDefender 2011 virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Bit Defender 2011 processes:
bitdefender.exe
[random].exe

Delete BitDefender 2011 fake Registry keys:
HKEY_CURRENT_USER\Software\EVAEC2
HKEY_CURRENT_USER\Software\MonEC2
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “BitDefender 2011″ = ‘C:\Program Files\BitDefender 2011\bitdefender.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-EVI 21.04.2011″

Delete BitDefender 2011 files:
c:\Program Files\BitDefender 2011\
c:\Program Files\BitDefender 2011\bitdefender.exe
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\BitDefender 2011.lnk
%AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
%UserProfile%\Desktop\BitDefender 2011.lnk
%Temp%\srvED4.ini
%Temp%\srvED4.tmp

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Filed Under: 1: Spyware Removal Tagged With: , , , , ,

Antivirus Clean 2011 virus – how to get rid manually

April 13, 2011 By

Antivirus Clean 2011 or AntivirusClean 2011 is a misleading software which claims to be a powerful virus removal (antivirus) program although it is a virus itself. AntivirusClean 2011 is a rogue spyware which created by hackers who are willing to extort your money by selling fake security products to you. If your computer is under attack of Antivirus Clean 2011 program, immediately remove this virus from your system and remember, not to purchase this bogus software as it offers a variety of virus removal and system security services in its full version that costs you about $60. Please remember, all promises and offers made by Antivirus Clean 2011 are fake, this program is just a scam-ware that runs away when you buy it and you wont get back your money plus you also put your credit card on risk by giving your card information to these crooks, So be careful when dealing with Antivirus Clean 2011 software.
fake antivirus clean 2011 virus Antivirus Clean 2011 virus how to get rid manually

As you know Antivirus Clean 2011 is designed to convince users buy this rubbish program, After getting into a computer, This virus uses rogue tactics to trick users. It tries to scare users with fake warnings and alerts that your computer is infected, your computer has got spywares and viruses .etc. Once users is agree that his system is infected and Antivirus Clean 2011 is the best solution to get rid of these viruses, Then antivirus solution 2011 asks the users to pay for full version. Thats what it is created for. Once again, Please Remember! All these warnings, alerts and virus removal offers made by Antivirus Clean 2011 virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Antivirus Clean 2011 virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Antivirus Clean 2011 processes:
c:\Program Files\Antivirus Clean 2011\avc2011.exe
c:\Program Files\Antivirus Clean 2011\avservice.exe
c:\Program Files\Antivirus Clean 2011\avsetup.exe

Remove Antivirus Clean 2011 Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “AntivirusClean” = ‘C:\Program Files\Antivirus Clean 2011\avc2011.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “avservice” = ‘C:\Program Files\Antivirus Clean 2011\avservice.exe’

Remove malicious files of Antivirus Clean 2011:
c:\Program Files\Antivirus Clean 2011\
c:\Program Files\Antivirus Clean 2011\avc2011.exe
c:\Program Files\Antivirus Clean 2011\avservice.exe
c:\Program Files\Antivirus Clean 2011\avsetup.exe

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Filed Under: 1: Spyware Removal Tagged With: , , ,

System Restore virus – how to get rid of Fake SystemRestore

April 13, 2011 By

System Restore is just another fake rogue virus which claims to be a legitimate restoration software. System Restore is a clone of another malware known as Windows Restore virus. Both these tools are totally useless and bogus. they do not help you get your system restored but they mess up your computer just like other viruses.
fake system restore virus System Restore virus how to get rid of Fake SystemRestore

The virus SystemRestore is a dangerous threat for your pc so it should be treated like malwares. The main sign of system restores`s presence in your system are unwanted popup messages that contains warnings and alerts about your system. These annoying popups are displayed by System Restore on your computer when your system is infected by this virus. The aim of System Restore virus is to scare users with fake warnings telling your that your computer is infected with spywares and you should use System Restore software to get rid of these viruses. once you are convinced and agree to use solutions suggested by System Restore, it,ll ask you to pay the registration fee of full version. That is the goal of this System Restore thing. Do not buy it because this malicious program is a scamware.

Remember! All these warnings, alerts and virus removal offers made by System Restore virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove System Restore virus manually:

Stop System Restore processes:
[random name].exe

Disable System Restore DLL files:
[random].dll

Remove System Restore Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1?

Remove System Restore files:
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\[random].dll
%Documents and Settings%\[User Name]\Desktop\System Restore.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore\System Restore.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , ,

Fake Internet Protection virus – how to get rid manually

April 11, 2011 By

Theres a fake program appearing with the name of “Internet Protection” on internet. This misleading software claims to be a legitimate security software although it is a virus. Internet Protection comes from rogue spyware family which is known for spreading fake malwares. Some other clones of Internet Protection are Antimalware Tool, Internet defender.
fake internet protection virus Fake Internet Protection virus how to get rid manually

The fake software Internet Protection is a scamware which is created by hackers to earn some bucks for selling fake security softwares to innocent internet users. To sell their fake products, they clone their virus like a legitimate antivirus software. Once the virus enters into your computer, it will run its fake virus scan utility on your system without your request. Fake scanner of Internet Protection virus will also generate very poor scan results that will popup on your system and warn you of serious virus detections. All this warning and alert system is a trick to scare you of viruses and convince you buy Internet Protection software to get rid of these viruses.

Here are some fake errors displayed by Internet protection virus:

Internet Protection
Your system has come under attack of harmful software. Click here to deactivate it.

Internet Protection
External software tries to control variety of your system files. This may lead to breaking of some data in your system. Click here to protect remote access to your PC & delete these programs.

Internet Protection
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Internet Protection.

Internet Protection Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.

Internet Protection Firewall Alert
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
Attacker IP: <ip address>
Attack type: RCPT exploit

Internet Protection
Your computer is under the infections threat. Run instant shield protection to safe your data and prevent internet access to your credit card information. Select this to run instant shield.

Remember! All these warnings, alerts and virus removal offers made by Internet Protection virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Internet Protection virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Disable Internet Protection DLL files:
Internet Protection.dll

Remove Internet Protection Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘”[random]”

Remove Internet Protection files:
c:%UserProfile%\Desktop\Internet Protection.lnk
c:%UserProfile%\Local Settings\Temp\ins1.tmp
c:%UserProfile%\Local Settings\Temp\mv2.tmp
c:\Program Files\Internet Protection\
c:\Program Files\Internet Protection\Internet Protection.dll

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Super Anti Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , , ,

Fast Windows Antivirus 2011 virus – how to get rid manually

April 9, 2011 By

Fast Windows Antivirus 2011 is a bogus security software. This rogue malware is represented as a best virus and spyware removal tool although it is a virus itself. Fast Windows Antivirus 2011 is a useless and misleading program which tries to sell fake computer and windows protection and security products over internet. There are many fake clone software of Fast Windows Antivirus 2011 i.e Antimalware Tool, Win 7 Antispyware – Win 7 Total Security.

To trick more and more users into buying this scameware known as Fast Windows Antivirus 2011, this malware uses rogue tactics. When your system is infected with Fast Windows Antivirus 2011, you,ll get tons of unwanted and annoying popup alerts and warnings telling you about non-existing virus detections on your computer. It also runs a fake antivirus scan utility to appear like a real and legitimate software. The fake scanner of Fast Windows Antivirus 2011 dose a poor scan of your system and creates a very poor and low security report of your system intentionally. It displays warnings and alerts and says that your computer is infected with viruses and spywares that must be removed very soon to protect your system from further damages. It also offers you then to install updates of Fast Windows Antivirus 2011 program to protect your pc and get rid of these viruses and spywares detected by Fast Windows Antivirus 2011. When you click the install updates or any link offered in “Fast Windows Antivirus 2011″ popup, you,ll be asked to pay the license fee of Fast Windows Antivirus 2011. That is the target of this crap program. It just wants you to pay.

Please Remember! All these warnings, alerts and virus removal offers made by this virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove virus manually:

Manual removal for this virus not recommended.

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Super Anti Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , ,

Win 7 Anti-Spyware virus – how to get rid manually

April 6, 2011 By

Win 7 Anti-Spyware or Win7 Antispyware seems to be a virus windows spyware removal software but do not look at it like this. Win 7 Anti-Spyware is a virus itself. This malicious program is not a security software it is a bogus and useless scamware coded by hackers and virus programmers to erase some funds by selling fake computer security products. Win 7 Anti-Spyware is a clone of previously appeared rogue viruses i.e. Win 7 home security virus, Vista Antivirus 2011.
fake win 7 anti spyware viurs Win 7 Anti Spyware virus how to get rid manually

After getting into your computer via trojans and worms, Win 7 Anti-Spyware will display fake popup alerts and warnings telling you about virus detections. It,ll ask you to install updates and full version of Win 7 Anti-Spyware to get rid of these viruses. When you try to install its full version, you,ll be asked to pay the license fee. that is the goal of Win 7 Anti-Spyware. Please Remember! All these warnings, alerts and virus removal offers made by Win 7 Anti-Spyware virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Win 7 Anti-Spyware virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Win 7 Anti-Spyware processes:
[random name].exe

Delete Win 7 Anti-Spyware registry values:
HKEY_CURRENT_USERSoftwareClasses.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USERSoftwareClasses.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%Local SettingsApplication Data[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefile “(Default)” = ‘Application’
HKEY_CURRENT_USERSoftwareClassesexefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeDefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOTexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesInternet Exploreriexplore.exe”‘

Remove Win 7 Anti-Spyware files:
%AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
%AppData%Local[random].exe
%AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
%AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
%Temp%t3e0ilfioi3684m2nt3ps2b6lru

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


Super Anti Spyware (Download)


StopZilla Anti-Spyware (Download)


Filed Under: 1: Spyware Removal Tagged With: , ,

Antivirus Protection trial virus – how to get rid manually

April 6, 2011 By

“Antivirus Protection” is itself a virus which claims to be a powerful Antivirus Software. This bogus tool belongs to rogue spywares spread hugely with different names and clones. AntivirusProtection offers many virus scan and remove services which it could not perform in real. The aim of Antivirus Protection is to trick more and more users into buying full version of this fake security product to get rid of viruses and spywares. As we know, Antivirus Protection is a scam-ware designed by rogue programmers and hackers to earn money, Antivirus Protection is totally fake and useless and it dose not fix your computer problems even if you buy its license. So i think theres nothing good left to pay for “Antivirus Protection” software.
fake antivirus protection trial Antivirus Protection trial virus how to get rid manually

One more thing, to convince you that your system is in danger and you need security that Antivirus Protection will provide, this virus will run a fake antivirus scan utility and it will display some fake results telling you about virus detections. To scare you of viruses, it may display fake warnings and alerts like this one:

Virus Alert!
Application can’t be started!
The file notepad.exe is damaged.
Do you want to activate your antivirus software now?

Remember! All these warnings, alerts and virus removal offers made by Antivirus Protection virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Antivirus Protection virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Antivirus Protection processes:
[random].exe

Remove Antivirus Protection Registry Entries:
HKEY_CURRENT_USER\Software\[random]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = ’1?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ’127.0.0.1:33554?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.exe’
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

Remove Antivirus Protection files:
%Temp%\[random]\
%Temp%\[random]\[random].exe

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


Super Anti Spyware (Download)


StopZilla Anti-Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , , , ,

Windows Restore virus – how to get rid of WindowsRestore manually

April 4, 2011 By

This malwares named Windows Restore or WinRestore belongs to the commonly known fake programs of rogue virus family. it is also known as WindowsRestore and has a clone named System Restore virus. It is 100 percent sure and confirmed that it is not a legitimate and useful computer software but a bogus and piece of fraud tools and a part of scam which offers the restoring services of your windows and system to normal and healthier state if you pay some fee for it. You might be thinking how can it be a part of scam. The Answer is that Windows-Restore virus is a fake software developed by hackers. They just want to sell this product to innocent computer users and swindle their money. To get this program purchased, They drop it into computers over internet using malicious websites ,worm and trojans. After Windows restored virus is placed in your computer, it will try to scare you with fake warnings and alerts and it will force you to buy its full version to get rid of viruses. And if unfortunately, you use your credit and buy this useless crap, It wont remove viruses and spyware from your computer but it will mess your system more and more. And there will be no way to get back they money you paid for its non-existing services.

This program is named Windows Restore, which means it offers windows restoration services. But as it is fake, you can never get your windows restored using this malicious software. Which is a sign of its being corrupt tool.

Pleaser Remember! All these warnings, alerts and virus removal offers made by Windows Restore virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.


How to remove Windows Restore virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Windows Restore processes:
[random].exe

Remove Windows Restore Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policie \Associations “LowRiskFileTypes” = ‘{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′

Remove Windows Restore files:
%AppData%\Microsoft\[random].exe
%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Filed Under: 1: Spyware Removal Tagged With: , , , ,
« Older Posts