Mar 08

Virus Protector Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Virus Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.VirusProtector.

VirusProtector is a rogue security program. Virus Protector create numerous harmless files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %SystemRoot%\%random%.exe
  • %SystemRoot%\%random%.dll
  • %SystemRoot%\system32\%random%.exe
  • %SystemRoot%\system32\%random%.dll
  • %SystemRoot%\system32\drivers\%random%.exe
  • %SystemRoot%\system32\drivers\%random%.dll

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\LoadAppInit_DLLs, 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\AppInit_DLLs, %random%.dll
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Shell, %random%.exe

Screenshots:

How to remove the infection of Virus Protector (Adware.Win32.VirusProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Mar 03

Dr. Guard Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Dr. Guard adware. a-squared Anti-Malware detects this malware as Adware.Win32.DrGuard.

Dr. Guard is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\Dr. Guard\activate.ico
  • %ProgramFiles%\Dr. Guard\buy.ico
  • %ProgramFiles%\Dr. Guard\drg.db
  • %ProgramFiles%\Dr. Guard\drgext.dll
  • %ProgramFiles%\Dr. Guard\drghook.dll
  • %ProgramFiles%\Dr. Guard\drguard.exe
  • %ProgramFiles%\Dr. Guard\help.ico
  • %ProgramFiles%\Dr. Guard\scan.ico
  • %ProgramFiles%\Dr. Guard\settings.ico
  • %ProgramFiles%\Dr. Guard\splash.mp3
  • %ProgramFiles%\Dr. Guard\uninstall.exe
  • %ProgramFiles%\Dr. Guard\update.ico
  • %ProgramFiles%\Dr. Guard\virus.mp3
  • %ProgramFiles%\Dr. Guard\about.ico
  • %AllUsersProfile%\Desktop\License.txt
  • %UserProfile%\Desktop\Dr. Guard.lnk
  • %UserProfile%\Desktop\Dr. Guard Support.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Activate.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Buy.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard Support.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Scan.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Settings.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\Update.lnk
  • %UserProfile%\Start Menu\Programs\Dr. Guard\About.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
  • HKEY_LOCAL_MACHINE\software\Dr. Guard
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Dr. Guard”

Screenshots:

How to remove the infection of Dr. Guard (Adware.Win32.DrGuard)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb 24

PC Defender Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender.

PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this:

Create new files:

  • %ProgramFiles%\Def Group\PC Defender\Antispyware.exe
  • %ProgramFiles%\Def Group\PC Defender\hook.dll
  • %ProgramFiles%\Def Group\PC Defender\proccheck.exe
  • %AllUsersProfile%\Desktop\PC Defender.lnk
  • %AllUsersProfile%\Start Menu\Programs\PC Defender\PC Defender.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\software\Def Group
  • HKEY_CURRENT_USER\software\Def Group\Antispyware
  • HKEY_CURRENT_USER\software\Def Group\Antispyware\Found

Modify registry entry:

  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    Old: Userinit = C:\WINDOWS\system32\userinit.exe,
    New: Userinit = C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Screenshots:

How to remove the infection of PC Defender (Adware.Win32.PCDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb 23

Your PC Protector Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Your PC Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourPCProtector.

Your PC Protector is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\nuar.old
  • %ProgramFiles%\skynet.dat
  • %ProgramFiles%\svchost.exe
  • %ProgramFiles%\wp3.dat
  • %ProgramFiles%\wp4.dat
  • %ProgramFiles%\adc32.dll
  • %ProgramFiles%\alggui.exe
  • %ProgramFiles%\Your PC Protector\Your PC Protector.exe
  • %UserProfile%\Desktop\Your PC Protector.lnk
  • %UserProfile%\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_CURRENT_USER\software\Your PC Protector
  • HKEY_CURRENT_USER\software\Your PC Protector\PC_protect
  • HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\Registration
  • HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\setdata

Modify registry entry:

  • HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command\, “C:\Program Files\alggui.exe “%1″ %*”

Screenshots:

How to remove the infection of Your PC Protector (Adware.Win32.YourPCProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb 22

Desktop Security 2010 Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Desktop Security 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.DesktopSecurity2010.

Desktop Security 2010 is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files (some files and registry name are random):

  • %ProgramFiles%\Desktop Security 2010\
  • %ProgramFiles%\Desktop Security 2010\MFC71ENU.DLL
  • %ProgramFiles%\Desktop Security 2010\msvcp71.dll
  • %ProgramFiles%\Desktop Security 2010\msvcr71.dll
  • %ProgramFiles%\Desktop Security 2010\pthreadVC2.dll
  • %ProgramFiles%\Desktop Security 2010\securitycenter.exe
  • %ProgramFiles%\Desktop Security 2010\taskmgr.dll
  • %ProgramFiles%\Desktop Security 2010\uninstall.exe
  • %ProgramFiles%\Desktop Security 2010\daily.cvd
  • %ProgramFiles%\Desktop Security 2010\Desktop Security 2010.exe
  • %ProgramFiles%\Desktop Security 2010\guide.chm
  • %ProgramFiles%\Desktop Security 2010\hjengine.dll
  • %ProgramFiles%\Desktop Security 2010\mfc71.dll
  • %SystemRoot%\system32\cbrdwlvrumw6.exe
  • %UserProfile%\Local Settings\Temp\kilslmd.exex
  • %UserProfile%\Local Settings\Temp\kn.a.exe
  • %UserProfile%\Local Settings\Temp\gedx_ae09.exe
  • %UserProfile%\Local Settings\Temp\kgn.exe

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Desktop Security 2010
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Desktop Security 2010″
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SecurityCenter”
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “cbrdwlvrumw6″

Screenshots:

How to remove the infection of Desktop Security 2010 (Adware.Win32.DesktopSecurity2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.