FakeCopyright Adware Removal Instructions
The Emsisoft malware research team has discoverd a new outbreak of the FakeCopyright adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeCopyright.
FakeCopyright trying to force users to pay a fee for illegal or copyrighted material that installed on the user computer. Once installed, this program will run automatically when starting Windows and shows a window like this:
Create new files:
- %UserProfile%\Application Data\APManager\wallpaper.jpg
- %UserProfile%\Application Data\APManager\apmanager.exe
- %UserProfile%\Application Data\APManager\files
- %UserProfile%\Application Data\APManager\iplog
- %UserProfile%\Application Data\APManager\ispinfo
- %UserProfile%\Application Data\APManager\settings.ini
- %UserProfile%\Application Data\APManager\uninstall.exe
- %UserProfile%\Application Data\APManager\languages\French.lng
- %UserProfile%\Application Data\APManager\languages\German.lng
- %UserProfile%\Application Data\APManager\languages\Italian.lng
- %UserProfile%\Application Data\APManager\languages\Portuguese.lng
- %UserProfile%\Application Data\APManager\languages\Slovak.lng
- %UserProfile%\Application Data\APManager\languages\Spanish.lng
- %UserProfile%\Application Data\APManager\languages\template.lng
- %UserProfile%\Application Data\APManager\languages\Czech.lng
- %UserProfile%\Application Data\APManager\languages\Danish.lng
- %UserProfile%\Application Data\APManager\languages\Dutch.lng
- %UserProfile%\Application Data\APManager\languages\English.lng
- %UserProfile%\Desktop\AP Manager.lnk
Create new registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APManager
- HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “apmanager.exe”
How to remove the infection of FakeCopyright (Adware.Win32.FakeCopyright)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
Tags: FakeCopyright, Rogue