Jan

28

PcSecureNet Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the PcSecureNet adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcSecureNet.

PcSecureNet, come from hxxp://www.pcsecurenet.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of PcSecureNet also made PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcSecureNet will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\PcSecureNet Software\PcSecureNet\main_config.xml
  • %ProgramFiles%\PcSecureNet Software\PcSecureNet\PcSecureNet.exe
  • %ProgramFiles%\PcSecureNet Software\PcSecureNet\uninstall.exe
  • %SystemRoot%\System32\p6hxvcb5.exe
  • %SystemRoot%\System32\spool\PRTPROCS\W32X8600012da.tmp
  • %SystemRoot%\System32\spool\PRTPROCS\W32X86000793d.tmp
  • %AllUsersProfile%\Desktop\PcSecureNet.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcSecureNet\1 PcSecureNet.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcSecureNet\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcSecureNet\3 Uninstall.lnk
  • %UserProfile%\Cookies\userdemo@pcsecurenet[1].txt
  • %UserProfile%\Local Settings\Temp000216e
  • %UserProfile%\Local Settings\Temp\p6hxvcb5.exe
  • %UserProfile%\Local Settings\Temp\z6oi395v.exe
  • %UserProfile%\Local Settings\Temp0002e31

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PcSecureNet
  • HKEY_LOCAL_MACHINE\software\PcSecureNet
  • HKEY_CURRENT_USER\software\PcSecureNet
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PcSecureNet”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PcSecureNet”

Screenshots:

How to remove the infection of PcSecureNet (Adware.Win32.PcSecureNet)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

25

PcsSecure Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the PcsSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcsSecure.

PcsSecure, come from hxxp://www.pcssecure.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of PcsSecure also made APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcsSecure will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\PcsSecure Software\PcsSecure\always_delete.xml
  • %ProgramFiles%\PcsSecure Software\PcsSecure\always_skip.xml
  • %ProgramFiles%\PcsSecure Software\PcsSecure\main_config.xml
  • %ProgramFiles%\PcsSecure Software\PcsSecure\PcsSecure.exe
  • %ProgramFiles%\PcsSecure Software\PcsSecure\uninstall.exe
  • %ProgramFiles%\PcsSecure Software\PcsSecure\quarantine\quarantine.xml
  • %AllUsersProfile%\Desktop\PcsSecure.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcsSecure\1 PcsSecure.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcsSecure\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\PcsSecure\3 Uninstall.lnk
  • %UserProfile%\Cookies\userdemo@pcssecure[1].txt

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PcsSecure
  • HKEY_LOCAL_MACHINE\software\PcsSecure
  • HKEY_CURRENT_USER\software\PcsSecure
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PcsSecure”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PcsSecure”

Screenshots:

How to remove the infection of PcsSecure (Adware.Win32.PcsSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

25

APcSafe Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the APcSafe adware. a-squared Anti-Malware detects this malware as Adware.Win32.APcSafe.

APcSafe, come from hxxp://www.apcsafe.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of APcSafe also made APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APcSafe will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\APcSafe Software\APcSafe\always_skip.xml
  • %ProgramFiles%\APcSafe Software\APcSafe\APcSafe.exe
  • %ProgramFiles%\APcSafe Software\APcSafe\main_config.xml
  • %ProgramFiles%\APcSafe Software\APcSafe\uninstall.exe
  • %ProgramFiles%\APcSafe Software\APcSafe\always_delete.xml
  • %ProgramFiles%\APcSafe Software\APcSafe\quarantine\quarantine.xml
  • %AllUsersProfile%\Desktop\APcSafe.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSafe\1 APcSafe.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSafe\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSafe\3 Uninstall.lnk
  • %UserProfile%\Cookies\userdemo@apcsafe[1].txt

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\APcSafe
  • HKEY_CURRENT_USER\software\APcSafe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APcSafe”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APcSafe”

Screenshots:

How to remove the infection of APcSafe (Adware.Win32.APcSafe)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

22

APcSecure Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the APcSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.APcSecure.

APcSecure, come from hxxp://www.apcsecure.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of APcSecure also made ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APcSecure will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\APcSecure Software\APcSecure\APcSecure.exe
  • %ProgramFiles%\APcSecure Software\APcSecure\main_config.xml
  • %ProgramFiles%\APcSecure Software\APcSecure\uninstall.exe
  • %AllUsersProfile%\Desktop\APcSecure.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSecure\1 APcSecure.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSecure\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\APcSecure\3 Uninstall.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\APcSecure
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APcSecure
  • HKEY_CURRENT_USER\software\APcSecure
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APcSecure”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APcSecure”

Screenshots:

How to remove the infection of APcSecure (Adware.Win32.APcSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

21

ProtectSoldier Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the ProtectSoldier adware. a-squared Anti-Malware detects this malware as Adware.Win32.ProtectSoldier.

ProtectSoldier, come from hxxp://www.protectsoldier.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ProtectSoldier also made ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ProtectSoldier will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\ProtectSoldier Software\ProtectSoldier\always_delete.xml
  • %ProgramFiles%\ProtectSoldier Software\ProtectSoldier\always_skip.xml
  • %ProgramFiles%\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe
  • %ProgramFiles%\ProtectSoldier Software\ProtectSoldier\Uninstall.exe
  • %ProgramFiles%\ProtectSoldier Software\ProtectSoldier\quarantine\quarantine.xml
  • %UserProfile%\Cookies\userdemo@protectsoldier[2].txt
  • %UserProfile%\Desktop\ProtectSoldier.lnk
  • %UserProfile%\Start Menu\Programs\ProtectSoldier.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ProtectSoldier
  • HKEY_LOCAL_MACHINE\software\ProtectSoldier
  • HKEY_CURRENT_USER\software\ProtectSoldier
  • HKEY_CURRENT_USER\software\ProtectSoldier\agents
  • HKEY_CURRENT_USER\software\ProtectSoldier\general
  • HKEY_CURRENT_USER\software\ProtectSoldier\realtime
  • HKEY_CURRENT_USER\software\ProtectSoldier\scanner
  • HKEY_CURRENT_USER\software\ProtectSoldier\tasks
  • HKEY_CURRENT_USER\software\ProtectSoldier\tasks
  • HKEY_CURRENT_USER\software\ProtectSoldier\tasks\1
  • HKEY_CURRENT_USER\software\ProtectSoldier\updates
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ProtectSoldier”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectSoldier”

Screenshots:

How to remove the infection of ProtectSoldier (Adware.Win32.ProtectSoldier)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

20

ProtectDefender Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the ProtectDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.ProtectDefender.

ProtectDefender, come from hxxp://www.protectdefender.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ProtectDefender also made ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ProtectDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\ProtectDefender Software\ProtectDefender\always_skip.xml
  • %ProgramFiles%\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
  • %ProgramFiles%\ProtectDefender Software\ProtectDefender\Uninstall.exe
  • %ProgramFiles%\ProtectDefender Software\ProtectDefender\always_delete.xml
  • %ProgramFiles%\ProtectDefender Software\ProtectDefender\quarantine\quarantine.xml
  • %UserProfile%\Cookies\userdemo@protectdefender[2].txt
  • %UserProfile%\Desktop\ProtectDefender.lnk
  • %UserProfile%\Start Menu\Programs\ProtectDefender.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\ProtectDefender
  • HKEY_CURRENT_USER\software\ProtectDefender
  • HKEY_CURRENT_USER\software\ProtectDefender\agents
  • HKEY_CURRENT_USER\software\ProtectDefender\general
  • HKEY_CURRENT_USER\software\ProtectDefender\realtime
  • HKEY_CURRENT_USER\software\ProtectDefender\scanner
  • HKEY_CURRENT_USER\software\ProtectDefender\tasks
  • HKEY_CURRENT_USER\software\ProtectDefender\tasks
  • HKEY_CURRENT_USER\software\ProtectDefender\tasks\1
  • HKEY_CURRENT_USER\software\ProtectDefender\updates
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ProtectDefender
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ProtectDefender”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectDefender”

Screenshots:

How to remove the infection of ProtectDefender (Adware.Win32.ProtectDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

19

ArmorDefender Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the ArmorDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.ArmorDefender.

ArmorDefender, come from hxxp://www.armordefender.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family, with a new GUI. The author of ArmorDefender also made DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ArmorDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\ArmorDefender Software\ArmorDefender\Uninstall.exe
  • %ProgramFiles%\ArmorDefender Software\ArmorDefender\ArmorDefender.exe
  • %SystemRoot%\system32\kus4.tmp.exe
  • %UserProfile%\Cookies\userdemo@armordefender[1].txt
  • %UserProfile%\Desktop\ArmorDefender.lnk
  • %UserProfile%\Local Settings\Temp\vow3.tmp.exe
  • %UserProfile%\Local Settings\Temp\kus4.tmp.exe
  • %UserProfile%\Start Menu\Programs\ArmorDefender.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\ArmorDefender
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ArmorDefender
  • HKEY_CURRENT_USER\software\ArmorDefender
  • HKEY_CURRENT_USER\software\ArmorDefender\agents
  • HKEY_CURRENT_USER\software\ArmorDefender\general
  • HKEY_CURRENT_USER\software\ArmorDefender\realtime
  • HKEY_CURRENT_USER\software\ArmorDefender\scanner
  • HKEY_CURRENT_USER\software\ArmorDefender\tasks
  • HKEY_CURRENT_USER\software\ArmorDefender\tasks
  • HKEY_CURRENT_USER\software\ArmorDefender\tasks\1
  • HKEY_CURRENT_USER\software\ArmorDefender\updates
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ArmorDefender”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ArmorDefender”

Screenshots:

How to remove the infection of ArmorDefender (Adware.Win32.ArmorDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

18

Win Security 360 Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Win Security 360 adware. a-squared Anti-Malware detects this malware as Adware.Win32.WinSecurity360.

Win Security 360 is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\WinSecurity360\Win Security 360.url
  • %ProgramFiles%\WinSecurity360\Win Security 360 Help.url
  • %ProgramFiles%\WinSecurity360\WinSecurity360.exe
  • %ProgramFiles%\WinSecurity360\sk.lst
  • %UserProfile%\Application Data\WinSecurity360\vlc.dat
  • %UserProfile%\Application Data\WinSecurity360\WinSecurity360.ini
  • %UserProfile%\Application Data\WinSecurity360\rmd.dat
  • %UserProfile%\Desktop\Win Security 360.lnk
  • %UserProfile%\Start Menu\Programs\Startup\Win Security 360.lnk
  • %UserProfile%\Start Menu\Programs\Win Security 360\Website.lnk
  • %UserProfile%\Start Menu\Programs\Win Security 360\Win Security 360.lnk
  • %UserProfile%\Start Menu\Programs\Win Security 360\Win Security 360 Help.lnk

Create new registry entry:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\App Paths\WinSecurity360

Screenshots:

How to remove the infection of Win Security 360 (Adware.Win32.WinSecurity360)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

18

DefendAPc Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the DefendAPc adware. a-squared Anti-Malware detects this malware as Adware.Win32.DefendAPc.

DefendAPc, come from hxxp://www.defendapc.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of DefendAPc also made SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, DefendAPc will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %ProgramFiles%\DefendAPc Software\DefendAPc\always_delete.xml
  • %ProgramFiles%\DefendAPc Software\DefendAPc\always_skip.xml
  • %ProgramFiles%\DefendAPc Software\DefendAPc\DefendAPc.exe
  • %ProgramFiles%\DefendAPc Software\DefendAPc\main_config.xml
  • %ProgramFiles%\DefendAPc Software\DefendAPc\uninstall.exe
  • %ProgramFiles%\DefendAPc Software\DefendAPc\quarantine\quarantine.xml
  • %SystemRoot%\System32\spool\PRTPROCS\W32X860004e7f.tmp
  • %AllUsersProfile%\Desktop\DefendAPc.lnk
  • %AllUsersProfile%\Start Menu\Programs\DefendAPc\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\DefendAPc\3 Uninstall.lnk
  • %AllUsersProfile%\Start Menu\Programs\DefendAPc\1 DefendAPc.lnk
  • %UserProfile%\Cookies\userdemo@defendapc[1].txt

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\DefendAPc
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\DefendAPc
  • HKEY_CURRENT_USER\software\DefendAPc
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “DefendAPc”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “DefendAPc”

Screenshots:

How to remove the infection of DefendAPc (Adware.Win32.DefendAPc)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

12

SysDefenders Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the SysDefenders adware. a-squared Anti-Malware detects this malware as Adware.Win32.SysDefenders.

SysDefenders, come from hxxp://www.sysdefenders.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of SysDefenders also made InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldierSoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SysDefenders will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

  • %ProgramFiles%\SysDefenders Software\SysDefenders\main_config.xml
  • %ProgramFiles%\SysDefenders Software\SysDefenders\SysDefenders.exe
  • %ProgramFiles%\SysDefenders Software\SysDefenders\uninstall.exe
  • %AllUsersProfile%\Desktop\SysDefenders.lnk
  • %AllUsersProfile%\Start Menu\Programs\SysDefenders\1 SysDefenders.lnk
  • %AllUsersProfile%\Start Menu\Programs\SysDefenders\2 Homepage.lnk
  • %AllUsersProfile%\Start Menu\Programs\SysDefenders\3 Uninstall.lnk
  • %UserProfile%\Cookies\userdemo@sysdefenders[1].txt

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SysDefenders
  • HKEY_LOCAL_MACHINE\software\SysDefenders
  • HKEY_CURRENT_USER\software\SysDefenders
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SysDefenders”
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SysDefenders”

Screenshots:

How to remove the infection of SysDefenders (Adware.Win32.SysDefenders)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.