Jan

31

Windows Antispyware Solution Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Antispyware Solution adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntispywareSolution.

Windows Antispyware Solution is a rogue application. This is another variant of Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Antispyware Solution (Adware.Win32.WindowsAntispywareSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

28

Windows Universal Tools Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Universal Tools adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUniversalTools.

Windows Universal Tools is a rogue application. This is another variant of Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Universal Tools (Adware.Win32.WindowsUniversalTools)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

28

Windows Risk Eliminator Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Risk Eliminator adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRiskEliminator.

Windows Risk Eliminator is a rogue application. This is another variant of Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Risk Eliminator (Adware.Win32.WindowsRiskEliminator)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

27

Windows Security & Control Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Security & Control adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSecurityControl.

Windows Security & Control is a rogue application. This is another variant of Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Security & Control (Adware.Win32.WindowsSecurityControl)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

25

Windows Utility Tool Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Utility Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUtilityTool.

Windows Utility Tool is a rogue application. This is another variant of Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Utility Tool (Adware.Win32.Windows WindowsUtilityTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

25

Windows Scan Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Scan adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsScan.

Windows Scan is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

  • %AllUsersProfile%\Application Data\~%random%
  • %AllUsersProfile%\Application Data\~%random%r
  • %AllUsersProfile%\Application Data\%random%
  • %AllUsersProfile%\Application Data\%random%.exe
  • %AllUsersProfile%\Application Data\%random%.dll
  • %AllUsersProfile%\Application Data\%random%.exe
  • %UserProfile%\Desktop\Windows Scan.lnk
  • %UserProfile%\Local Settings\Temp\tmp1.tmp
  • %UserProfile%\Start Menu\Programs\Windows Scan\
  • %UserProfile%\Start Menu\Programs\Windows Scan\Windows Scan.lnk
  • %UserProfile%\Start Menu\Programs\Windows Scan\Uninstall Windows Scan.lnk

Create/modify registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
    Use FormSuggest: “Yes”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
    LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
    .mpeg;.mov;.mp3;.m3u;.wav;.scr;”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
    SaveZoneInformation: 0×00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
    CheckExeSignatures: “no”

Screenshots:

How to remove the infection of Windows Scan (Adware.Win32.WindowsScan)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

21

Windows Optimization & Security Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Windows Optimization & Security adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimizationSecurity.

Windows Optimization & Security is a rogue application. This is another variant of Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
    (DWORD) EnableLUA = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
    (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Optimization & Security (Adware.Win32.Windows OptimizationSecurity)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

21

Memory Optimizer Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Memory Optimizer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.MemoryOptimizer.

Memory Optimizer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

  • %AllUsersProfile%\Application Data\~%random%
  • %AllUsersProfile%\Application Data\~%random%r
  • %AllUsersProfile%\Application Data\%random%
  • %AllUsersProfile%\Application Data\%random%.exe
  • %AllUsersProfile%\Application Data\%random%.dll
  • %AllUsersProfile%\Application Data\%random%.exe
  • %UserProfile%\Desktop\Memory Optimizer.lnk
  • %UserProfile%\Local Settings\Temp\tmp1.tmp
  • %UserProfile%\Start Menu\Programs\Memory Optimizer\
  • %UserProfile%\Start Menu\Programs\Memory Optimizer\Memory Optimizer.lnk
  • %UserProfile%\Start Menu\Programs\Memory Optimizer\Uninstall Memory Optimizer.lnk

Create/modify registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
    Use FormSuggest: “Yes”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
    LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
    .mpeg;.mov;.mp3;.m3u;.wav;.scr;”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
    SaveZoneInformation: 0×00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
    CheckExeSignatures: “no”

Screenshots:

How to remove the infection of Memory Optimizer (Adware.Win32.MemoryOptimizer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

19

Disk Optimizer Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Disk Optimizer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DiskOptimizer.

Disk Optimizer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

  • %AllUsersProfile%\Application Data\~%random%
  • %AllUsersProfile%\Application Data\~%random%r
  • %AllUsersProfile%\Application Data\%random%
  • %AllUsersProfile%\Application Data\%random%.exe
  • %AllUsersProfile%\Application Data\%random%.dll
  • %AllUsersProfile%\Application Data\%random%.exe
  • %UserProfile%\Desktop\Disk Optimizer.lnk
  • %UserProfile%\Local Settings\Temp\tmp1.tmp
  • %UserProfile%\Start Menu\Programs\Disk Optimizer\
  • %UserProfile%\Start Menu\Programs\Disk Optimizer\Disk Optimizer.lnk
  • %UserProfile%\Start Menu\Programs\Disk Optimizer\Uninstall Disk Optimizer.lnk

Create/modify registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
    Use FormSuggest: “Yes”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
    LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
    .mpeg;.mov;.mp3;.m3u;.wav;.scr;”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
    SaveZoneInformation: 0×00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
    CheckExeSignatures: “no”

Screenshots:

How to remove the infection of Disk Optimizer (Adware.Win32.DiskOptimizer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Jan

19

Easy Scan Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the  Easy Scan adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.EasyScan.

Easy Scan is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

  • %AllUsersProfile%\Application Data\%random%.exe
  • %AllUsersProfile%\Application Data\%random%
  • %UserProfile%\Desktop\Easy Scan.lnk
  • %UserProfile%\Start Menu\Programs\Easy Scan\
  • %UserProfile%\Start Menu\Programs\Easy Scan\Uninstall Easy Scan.lnk
  • %UserProfile%\Start Menu\Programs\Easy Scan\Easy Scan.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    %random%: “%AllUsersProfile%\Application Data\%random%.exe”

Screenshots:

How to remove the infection of Easy Scan (Adware.Win32.EasyScan)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.