BitDefender 2011 fake software – how to get rid manually

April 21, 2011 By

BitDefender 2011 (the fake one Bit Defender 2011) is a rogue virus which tries to intimate to be a real and legitimate antivirus scan and virus removal software although it is a virus itself. This program is a scamware created by hackers to raise funds by selling fake computer and internet security/protection softwares. Programmers have used the name if Bit Defender antivirus software for this malware to trick more users into buying the fake BitDefender 2011. Please remember that is bogus and useless tool dose not belong to Bit Defender antivirus company so avoid making a purchase of this malware.
fake Bit Defender 2011 virus BitDefender 2011 fake software how to get rid manually

The malware is spread via malicious websites that offers free malware and virus removal services. Once this virus gets into your computer, it displays fake warnings and alerts telling you about insecure activity of your system and it offers you to run the full version of BitDefender 2011 to get rid of these viruses ands defend your system. When you select to install the full version, it asks you to pay the license fee which is the target of this virus. It dose not help your system even if your pay for it so its better to remove the fake BitDefender2011 instead of downloading and buying its updated version.

This fake program may display some errors on infected pc like:

Warning!
Virtumonde is an adware program that tends to monitor your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed.

About Internet Explorer Emergency Mode
Your PC is infected with malicious software and browse couldn’t be launched

You may use Internet Explorer in Emergency mode – internal service browser of Microsoft Windows system with limited usability.

Notice: Some sites refuse connection with Internet Explorer in Emergency Mode. In such case system warning page will be showed to you.

Warning! Identity theft attempt detected!
Attacker IP: <random IP address>
Attack Target: Microsoft Corp. Keys
Description: Remote host tries to get access to your personal information.

Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe

Remember! All these warnings, alerts and virus removal offers made by BitDefender 2011 virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove the fake BitDefender 2011 malware from your computer upon detection.

How to remove the fake BitDefender 2011 virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Bit Defender 2011 processes:
bitdefender.exe
[random].exe

Delete BitDefender 2011 fake Registry keys:
HKEY_CURRENT_USER\Software\EVAEC2
HKEY_CURRENT_USER\Software\MonEC2
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “BitDefender 2011″ = ‘C:\Program Files\BitDefender 2011\bitdefender.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-EVI 21.04.2011″

Delete BitDefender 2011 files:
c:\Program Files\BitDefender 2011\
c:\Program Files\BitDefender 2011\bitdefender.exe
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\BitDefender 2011.lnk
%AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
%UserProfile%\Desktop\BitDefender 2011.lnk
%Temp%\srvED4.ini
%Temp%\srvED4.tmp

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Filed Under: 1: Spyware Removal Tagged With: , , , , ,

Vista Defender Pro virus – how to get rid manually VistaDefenderPro

April 19, 2011 By

Vista Defender Pro or VistaDefenderPro is a fake software which appears to be a professional windows vista virus removal software from microsoft although Vista DefenderPro is a virus itself. This bogus program belongs to rogue spywares, well known for phising and scam-wares.VistaDefender Pro malware somehow gets installed on a computer and then it tries its best to scare the infected user about computer security breaches. To do its job, Vista Defender Pro uses a fake antivirus scan utility which is ran on infected computer without users consent and that fake scanner generates a very poor scan report of the infected computer. This report warns the user that Vista Defender Pro has detected viruses and spywares on your computer and you must remove them very soon to protect your system from further damages. It also offers you to install updates and full version of Vista Defender Pro software to get rid of these viruses. Once you click the activate full verision of any link like it, Vista Defender Pro asks you to pay the registration fee of the full version to get it. That is the main goal of Vista Defender Pro and all rogue scamwares relates to this parasite. Please do not buy it as it is totally a fake program. Vista Defender Pro is a virus and it is not an antivirus nor a system protection/security tool.
fake vista defender pro virus Vista Defender Pro virus how to get rid manually VistaDefenderPro

Again, Please Remember! All the warnings, alerts and virus removal offers made by Vista Defender Pro virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Vista Defender Pro virus manually:

Stop Vista Defender Pro processes:
[random name].exe

Remove Vista Defender Pro registry values:
HKEY_CURRENT_USERSoftwareClasses.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USERSoftwareClasses.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%Local SettingsApplication Data[random 3 letters].exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefile “(Default)” = ‘Application’
HKEY_CURRENT_USERSoftwareClassesexefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeDefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_CLASSES_ROOT.exeshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOTexefileshellopencommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellrunascommand “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOTexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1″ %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesInternet Exploreriexplore.exe”‘

Delete Vista Defender Pro files:
%AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
%AppData%Local[random].exe
%AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
%AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
%Temp%t3e0ilfioi3684m2nt3ps2b6lru

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , , , , ,

Fake Internet Protection virus – how to get rid manually

April 11, 2011 By

Theres a fake program appearing with the name of “Internet Protection” on internet. This misleading software claims to be a legitimate security software although it is a virus. Internet Protection comes from rogue spyware family which is known for spreading fake malwares. Some other clones of Internet Protection are Antimalware Tool, Internet defender.
fake internet protection virus Fake Internet Protection virus how to get rid manually

The fake software Internet Protection is a scamware which is created by hackers to earn some bucks for selling fake security softwares to innocent internet users. To sell their fake products, they clone their virus like a legitimate antivirus software. Once the virus enters into your computer, it will run its fake virus scan utility on your system without your request. Fake scanner of Internet Protection virus will also generate very poor scan results that will popup on your system and warn you of serious virus detections. All this warning and alert system is a trick to scare you of viruses and convince you buy Internet Protection software to get rid of these viruses.

Here are some fake errors displayed by Internet protection virus:

Internet Protection
Your system has come under attack of harmful software. Click here to deactivate it.

Internet Protection
External software tries to control variety of your system files. This may lead to breaking of some data in your system. Click here to protect remote access to your PC & delete these programs.

Internet Protection
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Internet Protection.

Internet Protection Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.

Internet Protection Firewall Alert
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
Attacker IP: <ip address>
Attack type: RCPT exploit

Internet Protection
Your computer is under the infections threat. Run instant shield protection to safe your data and prevent internet access to your credit card information. Select this to run instant shield.

Remember! All these warnings, alerts and virus removal offers made by Internet Protection virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove Internet Protection virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Disable Internet Protection DLL files:
Internet Protection.dll

Remove Internet Protection Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘”[random]”

Remove Internet Protection files:
c:%UserProfile%\Desktop\Internet Protection.lnk
c:%UserProfile%\Local Settings\Temp\ins1.tmp
c:%UserProfile%\Local Settings\Temp\mv2.tmp
c:\Program Files\Internet Protection\
c:\Program Files\Internet Protection\Internet Protection.dll

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)


Super Anti Spyware (Download)

Filed Under: 1: Spyware Removal Tagged With: , , , ,

Windows Background Protector virus – how to get rid manually

March 24, 2011 By

Windows Background Protector is another fake security software issued by hackers. It is a virus belonging to rogue fake antivirus family. Windows Background Protector appears to be a legitimate virus removal tool although it is a virus itself. Do not trust Windows Background Protector as it is a bogus and useless software that has no ability to detect and remove viruses from your computer. All offers and errors displayed by Windows Background Protector are totally fake.
Fake Windows Background Protector Virus Windows Background Protector virus how to get rid manually

There are several trojans and worms and other malwares that may drop Windows Background Protector into your computer without your knowledge as the download and installation of this virus is done in hidden mode. Once Windows Background Protector gets into your computer, it will start its job by scanning your system with a fake antivirus scan utility of its own each time you reboot your infected computer. The fake scanner of Windows Background Protector will generate some scan results and will display scary warning messages and alerts telling you that your computer is infected with spywares and viruses that must be removed very soon to protect your system from further damages. It may also display a fake messages claiming to be from Microsoft Security Essentials.

Remember! All these warning messages and alerts displayed by Windows Background Protector virus are fake. This program is specially designed to extort your money by offering you to buy its fake system security and optimization products. You should ignore these warnings, avoid buying this program, avoid its installation and immediately remove it from your computer upon detection.

How to get rid of Windows Background Protector virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Windows Background Protector processes:
%UserProfile%\Application Data\[random].exe

Remove Windows Background Protector Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′

Remove Windows Background Protector files:
%UserProfile%\Application Data\[random].exe

Auto Removal

To remove this virus Automatically, We suggest following tools:

Super Anti Spyware (Download)

 

OR

Malware Bytes Anti-Malware (Download)



Filed Under: 1: Spyware Removal Tagged With: , , , ,

Windows Recovery virus – how to get rid of fake WindowsRecovery manually

March 23, 2011 By

Windows Recovery is another virus (a fake rogue software) which claims to be a powerful windows and system security tool. Windows Recovery tool is a clone of Windows Safemode virus and System Diagnostic virus. All these softwares (including Windows Recovery) are bogus and useless. Windows Recovery is a scamware thats wants you to pay for its full version to protect your system from damages caused by viruses and spywares, Remember, Windows Recovery virus has no ability to detect and remove viruses or fix windows problems but it is a virus itself and it is a dangerous threat for your pc.
fake windows recobery virus Windows Recovery virus how to get rid of fake WindowsRecovery manually

Just like other rogue spywares, WindowsRecovery virus uses the fake alerts and warning messages to scare user. It displays bunch of fake critical errors telling you about hard disk error, problem with RAM, System restore problem and many other errors. Mostly Windows Recovery virus attacks with fake hard disk drive errors. It may warn you of no disk found, or low disk space, or damage hard drive or something else. for example:

Fix Disk
Windows Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can’t find hard disk space. Hard drive error

Remember! All these warning messages and alerts displayed by Windows Recovery virus are fake. This program is specially designed to extort your money by offering you to buy its fake system security and optimization products. You should ignore these warnings, avoid buying this program, avoid its installation and immediately remove it from your computer upon detection.

How to remove Windows Recovery virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Windows Recovery processes:
[random name].exe

Disable Windows Recovery DLL files:
[random name].dll

Delete Windows Recovery Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

Delete Windows Recovery files:
%AllUsersProfile%\~[random]
%AllUsersProfile%\~[random]r
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%UserProfile%\Desktop\Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\
%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk

Auto Removal

To remove this virus Automatically, We suggest following tools:

Super Anti Spyware (Download)

OR

Malware Bytes Anti-Malware (Download)


Filed Under: 1: Spyware Removal Tagged With: , , , ,