Feb

25

Windows Optimal Tool Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Optimal Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimalTool.

Windows Optimal Tool is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Optimal Tool (Adware.Win32.WindowsOptimalTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

23

Windows Express Settings Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Express Settings adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExpressSettings.

Windows Express Settings is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Express Settings (Adware.Win32.WindowsExpressSettings)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

22

XP AntiSpyware 2011 Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the XP AntiSpyware 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.XPAntiSpyware2011.

XP AntiSpyware 2011 is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AllUsersProfile%\Application Data\%random%
  • %UserProfile%\Local Settings\Application Data\%random%
  • %UserProfile%\Local Settings\Application Data\%random%.exe
  • %UserProfile%\Local Settings\Temp\%random%
  • %UserProfile%\Templates\%random%

Create/modify registry entries:

  • KEY_CURRENT_USER\software\Clients\StartMenuInternet
    (String) (Default) = IEXPLORE.EXE
  • HKEY_CURRENT_USER\software\Microsoft\Windows
    (DWORD) Identity = 0x3A37AD27 (976727335)
  • HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
    (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe”
  • HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
    (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe” -safe-mode
  • HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Internet Explorer\iexplore.exe”
  • HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    (DWORD) ITBar7Height = 0×00000000 (0)

Screenshots:

How to remove the infection of XP AntiSpyware 2011 (Adware.Win32.XPAntiSpyware2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

22

Windows Safety Guarantee Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Guarantee adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSafetyGuarantee.

Windows Safety Guarantee is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Safety Guarantee (Adware.Win32.WindowsSafetyGuarantee)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

22

Windows Express Help Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Express Help adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExpressHelp.

Windows Express Help is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Express Help (Adware.Win32.WindowsExpressHelp)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

22

Windows AV Software Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows AV Software adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAVSoftware.

Windows AV Software is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows AV Software (Adware.Win32.WindowsAVSoftware)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

17

Windows User Satellite Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows User Satellite adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUserSatellite.

Windows User Satellite is a rogue application. This is another variant of Windows Problems Solution, Windows Optimal Settings, Windows Optimal Solution, Windows Care Tool, Windows Software Guard, Windows Wise Protection, Windows Software Protection, Windows Problems Protector, Windows Shield Center, Windows Problems Remover, Windows Health Center, Windows Antispyware Solution, Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows User Satellite (Adware.Win32.WindowsUserSatellite)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

17

Windows Problems Solution Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Problems Solution adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsProblemsSolution.

Windows Problems Solution is a rogue application. This is another variant of Windows Optimal Settings, Windows Optimal Solution, Windows Care Tool, Windows Software Guard, Windows Wise Protection, Windows Software Protection, Windows Problems Protector, Windows Shield Center, Windows Problems Remover, Windows Health Center, Windows Antispyware Solution, Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Problems Solution (Adware.Win32.WindowsProblemsSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

16

Security Defender Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Security Defender adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityDefender.

Security Defender is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AllUsersProfile%\Application Data\fa590639-ff19-4159-8c50-b02becb19e9c_32.avi
  • %AllUsersProfile%\Application Data\fa590639-ff19-4159-8c50-b02becb19e9c_32.ico
  • %AllUsersProfile%\Start Menu\Programs\Startup\fa590639-ff19-4159-8c50-b02becb19e9c_32.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk
  • %UserProfile%\Desktop\Security Defender.lnk
  • %UserProfile%\Local Settings\Temp\ins1.tmp
  • %UserProfile%\Local Settings\Temp\wrk2.tmp
  • %UserProfile%\Start Menu\Programs\Startup\fa590639-ff19-4159-8c50-b02becb19e9c_32.lnk
  • %ProgramFiles%\Security Defender\Security Defender.dll

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fa590639-ff19-4151-8c50-b02becb19e9c}
    (String) (Default) = {fa590639-ff19-4151-8c50-b02becb19e9c}
  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fa590639-ff19-4151-8c50-b02becb19e9c}\InProcServer32
    (String) (Default) = %AllUsersProfile%\Application Data\fa590639-ff19-4159-8c50-b02becb19e9c_32.avi
    (String) ThreadingModel = Apartment
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa590639-ff19-4151-8c50-b02becb19e9c}
    (DWORD) NoExplorer = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
    (String) fa590639-ff19-4159-8c50-b02becb19e9c_32 = “%WinDir%\system32\rundll32.exe” “%AllUsersProfile%\Application Data\fa590639-ff19-4159-8c50-b02becb19e9c_32.avi”, start
  • HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\International\CpMRU
    (DWORD) Enable = 0×00000001 (1)
    (DWORD) Size = 0x0000000A (10)
    (DWORD) InitHits = 0×00000064 (100)
    (DWORD) Factor = 0×00000014 (20)
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
    (String) fa590639-ff19-4159-8c50-b02becb19e9c_32 = “%WinDir%\system32\rundll32.exe” “%AllUsersProfile%\Application Data\fa590639-ff19-4159-8c50-b02becb19e9c_32.avi”, start

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

D13F-3B7D-B3C5-BD84

How to remove the infection of Security Defender (Adware.Win32.SecurityDefender)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Feb

16

Windows Optimal Settings Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Optimal Settings adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimalSettings.

Windows Optimal Settings is a rogue application. This is another variant of Windows Optimal Solution, Windows Care Tool, Windows Software Guard, Windows Wise Protection, Windows Software Protection, Windows Problems Protector, Windows Shield Center, Windows Problems Remover, Windows Health Center, Windows Antispyware Solution, Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (String) Shell = %UserProfile%\Application Data\%random%.exe
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
    (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Optimal Settings (Adware.Win32.WindowsOptimalSettings)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.