Dec

31

Scanner Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the  Scanner adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DefragScanner.

Scanner is a rogue application, this is another variant of HDD Low, Disk Repair, Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\Scanner.lnk
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%.dll
  • %UserProfile%\Local Settings\Temp\%random_number%
  • %UserProfile%\Local Settings\Temp\%random_number%.exe
  • %UserProfile%\Start Menu\Programs\Scanner\
  • %UserProfile%\Start Menu\Programs\Scanner\Scanner.lnk
  • %UserProfile%\Start Menu\Programs\Scanner\Uninstall Scanner.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe
    (String) %random% = %UserProfile%\Local Settings\Temp\%random_number%.exe

Screenshots:

How to remove the infection of Scanner (Adware.Win32.DefragScanner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

28

HDD Low Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the  HDD Low adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HDDLow.

HDD Low is a rogue application, this is another variant of Disk Repair, Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\HDD Low.lnk
  • %UserProfile%\Local Settings\Temp\~%random%
  • %UserProfile%\Local Settings\Temp\%random%
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Start Menu\Programs\HDD Low\
  • %UserProfile%\Start Menu\Programs\HDD Low\Uninstall HDD Low.lnk
  • %UserProfile%\Start Menu\Programs\HDD Low\HDD Low.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe

Screenshots:

How to remove the infection of HDD Low (Adware.Win32.HDDLow)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

28

Disk Repair Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the  Disk Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DiskRepair.

Disk Repair is a rogue application, this is another variant of Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AllUsersProfile%\Application Data\dfrg
  • %AllUsersProfile%\Application Data\dfrgr
  • %AllUsersProfile%\Application Data\%random%
  • %AllUsersProfile%\Application Data\%random%.exe
  • %UserProfile%\Desktop\Disk Repair.lnk
  • %UserProfile%\Start Menu\Programs\Disk Repair\
  • %UserProfile%\Start Menu\Programs\Disk Repair\Disk Repair.lnk
  • %UserProfile%\Start Menu\Programs\Disk Repair\Uninstall Disk Repair.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %AllUsersProfile%\Application Data\%random%.exe

Screenshots:

How to remove the infection of Disk Repair (Adware.Win32.DiskRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

22

Windows Optimization Center Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Windows Optimization Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimizationCenter.

Windows Optimization Center is a rogue security product. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\protect.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (SZ) Shell = %UserProfile%\Application Data\protect.exe

Screenshots:

How to remove the infection of Windows Optimization Center (Adware.Win32.WindowsOptimizationCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

22

SystemPro 2011 Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the SystemPro 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemPro2011.

SystemPro 2011 is a rogue security product. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %ProgramFiles%\SystemPro\
  • %ProgramFiles%\SystemPro\SystemPro.exe
  • %UserProfile%\Application Data\SystemPro\
  • %UserProfile%\Application Data\SystemPro\activate_hdr_2.png
  • %UserProfile%\Application Data\SystemPro\activate_hdr_bg.png
  • %UserProfile%\Application Data\SystemPro\at.png
  • %UserProfile%\Application Data\SystemPro\balloon_174.png
  • %UserProfile%\Application Data\SystemPro\balloon_201.png
  • %UserProfile%\Application Data\SystemPro\bg_button_a.png
  • %UserProfile%\Application Data\SystemPro\bg_button_span.png
  • %UserProfile%\Application Data\SystemPro\blank.gif
  • %UserProfile%\Application Data\SystemPro\block_p_01.png
  • %UserProfile%\Application Data\SystemPro\block_p_03.png
  • %UserProfile%\Application Data\SystemPro\blue.png
  • %UserProfile%\Application Data\SystemPro\critical_202.png
  • %UserProfile%\Application Data\SystemPro\filder.png
  • %UserProfile%\Application Data\SystemPro\i_1.png
  • %UserProfile%\Application Data\SystemPro\i_2.png
  • %UserProfile%\Application Data\SystemPro\i_3.png
  • %UserProfile%\Application Data\SystemPro\level.png
  • %UserProfile%\Application Data\SystemPro\loading.gif
  • %UserProfile%\Application Data\SystemPro\logo.png
  • %UserProfile%\Application Data\SystemPro\m.png
  • %UserProfile%\Application Data\SystemPro\off.png
  • %UserProfile%\Application Data\SystemPro\on.png
  • %UserProfile%\Application Data\SystemPro\pay.gif
  • %UserProfile%\Application Data\SystemPro\progressbar.gif
  • %UserProfile%\Application Data\SystemPro\progressbar_bg_1.gif
  • %UserProfile%\Application Data\SystemPro\prot.png
  • %UserProfile%\Application Data\SystemPro\scan_res_icon.png
  • %UserProfile%\Application Data\SystemPro\t01.png
  • %UserProfile%\Application Data\SystemPro\t02.png
  • %UserProfile%\Application Data\SystemPro\update.png
  • %UserProfile%\Application Data\SystemPro\w1.png
  • %UserProfile%\Application Data\SystemPro\w2.png
  • %UserProfile%\Application Data\SystemPro\w3.png
  • %UserProfile%\Application Data\SystemPro\w4.png
  • %UserProfile%\Application Data\SystemPro\w5.png
  • %UserProfile%\Application Data\SystemPro\warning_popup_072.png
  • %UserProfile%\Application Data\SystemPro\warning_popup_200.png
  • %UserProfile%\Application Data\SystemPro\windows_defender_gradient.png
  • %UserProfile%\Application Data\SystemPro\windows_defender_shield.png
  • %UserProfile%\Application Data\SystemPro\_001.png
  • %UserProfile%\Application Data\SystemPro\_002.png
  • %UserProfile%\Application Data\SystemPro\_005.png
  • %UserProfile%\Application Data\SystemPro\_006.png
  • %UserProfile%\Application Data\SystemPro\_007.png
  • %UserProfile%\Application Data\SystemPro\_ico1.png
  • %UserProfile%\Application Data\SystemPro\_ico2.png
  • %UserProfile%\Application Data\SystemPro\_ico3.png
  • %UserProfile%\Application Data\SystemPro\activate_01.png
  • %UserProfile%\Application Data\SystemPro\activate_02.png
  • %UserProfile%\Application Data\SystemPro\activate_03.png
  • %UserProfile%\Application Data\SystemPro\activate_hdr_1.png
  • %UserProfile%\Application Data\Uninstall_Security\
  • %UserProfile%\Application Data\Uninstall_Security\uninstall_security.lnk
  • %UserProfile%\Start Menu\Programs\Startup\SystemPro.lnk
  • %UserProfile%\Start Menu\Programs\SystemPro\
  • %UserProfile%\Start Menu\Programs\SystemPro\SystemPro.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\SystemPro\
    (String) date = “1293027271″
    (Binary) config = 76 36 0A 56 7A 61 39 64…
    (String) scanner = “<scanner><params><last_scan>2010/12/22 21:15</last_scan><removed>0</removed></params>…”

Screenshots:

How to remove the infection of SystemPro 2011 (Adware.Win32.SystemPro2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

22

Defragmenter Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the  Defragmenter adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.Defragmenter.

Defragmenter is a rogue application, this is another variant of HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\Defagmenter.lnk
  • %UserProfile%\Local Settings\Temp\%random%
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\dfrg
  • %UserProfile%\Local Settings\Temp\dfrgr
  • %UserProfile%\Start Menu\Programs\Defagmenter\
  • %UserProfile%\Start Menu\Programs\Defagmenter\Defagmenter.lnk
  • %UserProfile%\Start Menu\Programs\Defagmenter\Uninstall Defagmenter.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe

Screenshots:

How to remove the infection of Defragmenter (Adware.Win32.Defragmenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

21

HDD Tools Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the  HDD Tools adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HDDTools.

HDD Tools is a rogue application, this is another variant of Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\HDD Tools.lnk
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%.dll
  • %UserProfile%\Local Settings\Temp\%random_number%
  • %UserProfile%\Local Settings\Temp\%random_number%.exe
  • %UserProfile%\Local Settings\Temp\dfrg
  • %UserProfile%\Local Settings\Temp\dfrgr
  • %UserProfile%\Local Settings\Temp\tmp2.tmp
  • %UserProfile%\Start Menu\Programs\HDD Tools\
  • %UserProfile%\Start Menu\Programs\HDD Tools\HDD Tools.lnk
  • %UserProfile%\Start Menu\Programs\HDD Tools\Uninstall HDD Tools.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe
    (String) %random_number% = %UserProfile%\Local Settings\Temp\%random_number%.exe

Screenshots:

How to remove the infection of HDD Tools (Adware.Win32.HDDTools)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

16

Smart HDD Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Smart HDD adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SmartHDD.

Smart HDD is a rogue application, this is another variant of HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\Smart HDD.lnk
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%.dll
  • %UserProfile%\Local Settings\Temp\%random_number%
  • %UserProfile%\Local Settings\Temp\%random_number%.exe
  • %UserProfile%\Local Settings\Temp\dfrg
  • %UserProfile%\Local Settings\Temp\dfrgr
  • %UserProfile%\Local Settings\Temp\tmp2.tmp
  • %UserProfile%\Start Menu\Programs\Smart HDD\
  • %UserProfile%\Start Menu\Programs\Smart HDD\Smart HDD.lnk
  • %UserProfile%\Start Menu\Programs\Smart HDD\Uninstall Smart HDD.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe
    (String) %random_number% = %UserProfile%\Local Settings\Temp\%random_number%.exe

Screenshots:

How to remove the infection of Smart HDD (Adware.Win32.SmartHDD)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

16

PCoptimizer 2010 Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the PCoptimizer 2010 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.PCoptimizer2010.

PCoptimizer 2010 is a rogue application, this is another variant of PrivacyGuard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AllUsersProfile%\Desktop\PCoptimizer 2010.lnk
  • %AllUsersProfile%\Start Menu\Programs\PCoptimizer 2010\
  • %AllUsersProfile%\Start Menu\Programs\PCoptimizer 2010\PCoptimizer 2010.lnk
  • %ProgramFiles%\PC\
  • %ProgramFiles%\PC\PCoptimizer 2010\
  • %ProgramFiles%\PC\PCoptimizer 2010\1.ico
  • %ProgramFiles%\PC\PCoptimizer 2010\PCoptimizer2010.exe
  • %WinDir%\Tasks\At1.job

Create new registry entries:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection
  • HKEY_CURRENT_USER\Software\PC
  • HKEY_CURRENT_USER\Software\PC\PCoptimizer 2010
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, “Protect”

Screenshots:

How to remove the infection of PCoptimizer 2010 (Adware.Win32.PCoptimizer2010)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dec

13

HDD Rescue Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the HDD Rescue adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HDDRescue.

HDD Rescue is a rogue application, this is another variant of HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %UserProfile%\Desktop\HDD Rescue.lnk
  • %UserProfile%\Local Settings\Temp\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%.dll
  • %UserProfile%\Local Settings\Temp\%random_number%
  • %UserProfile%\Local Settings\Temp\%random_number%.exe
  • %UserProfile%\Local Settings\Temp\dfrg
  • %UserProfile%\Local Settings\Temp\dfrgr
  • %UserProfile%\Local Settings\Temp\tmp1.tmp
  • %UserProfile%\Start Menu\Programs\HDD Rescue\
  • %UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
  • %UserProfile%\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk

Create new registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe
    (String) %random_number% = %UserProfile%\Local Settings\Temp\%random_number%.exe

Screenshots:

How to remove the infection of HDD Rescue (Adware.Win32.HDDRescue)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.