XP Internet Security,Antivirus Vista 2010, and Win 7 Antispyware Removal Guide


*************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area!

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

***********************************************************************************************************************

60 different names here but all are from the same Rogue depending on which operating system it attacks XP-Vista-7.

AntiSpyware XP                    AntiSpyware Vista                   AntiSpyware Win 7
AntiSpyware XP 2010          AntiSpyware Vista 2010          AntiSpyware Win 7 2010
Antivirus XP                          Antivirus Vista                          Antivirus Win 7
Antivirus XP 2010                Antivirus Vista 2010                Antivirus Win 7 2010
Total XP Security                 Total Vista Security                Total Win 7 Security
XP AntiSpyware 2010         Vista Guardian                        Win 7 Antispyware 2010
XP Antivirus Pro                  Vista Security Tool                 Win 7 Antivirus Pro
XP Guardian                          Vista Security Tool 2010        Win 7 Guardian
XP Security Tool                   Vista Smart Security              Win 7 Security Tool
XP Security Tool 2010          Vista Smart Security 2010     Win 7 Security Tool 2010
XP Smart Security                 Vista AntiMalware                   Win 7 Smart Security
XP Smart Security 2010        Vista AntiMalware 2010          Win 7 Smart Security 2010
XP AntiMalware                      Vista AntiSpyware                  Win 7 AntiMalware
XP AntiMalware 2010             Vista Antivirus Pro                  Win 7 Antimalware 2010
XP Defender                           Vista Defender                         Win 7 Defender
XP Defender Pro                    Vista Defender Pro                  Win 7 Defender 2010
XP Security                            Vista Security                           Win 7 Security
XP Security 2010                   Vista Security 2010                  Win 7 Security 2010
XP Internet Security             Vista Internet Security            Win 7 Internet Security
XP Internet Security 2010    Vista Internet Security 2010   Win 7 Internet Security 2010

************************************************************************************************************************

Option #1.

Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. When installed, this rogue pretends to be an update for Windows installed via Automatic Update.

NOTE:

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in this guide to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. If this is not possible, see the <<RescueCD>> section on home page.

Click to Enlarge

Step 1. Use this guide first

2010 Guide

BleepingComputer’s XP Internet Security,Antivirus Vista 2010, and Win 7 Antispyware (Uninstall Guide)

2011 Guide

XP Anti-Spyware 2011, Vista Security 2011, Win 7 Internet Security 2011 Removal Guide

Removal instructions for XP Total Security 2011 (and its clones)

Use Malwarebytes’ and the FixReg.exe first as instructed by Bleeping Computer and if the threat remains then use Rkill to stop the rogue process and without restarting your computer run Mbam again

RKill – What it does and What it Doesn’t – A brief introduction to the program

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs. Disable all security software if possible to run

#3.Vista and Windows 7 users, right click and click run as administrator.

Disable security software before using rkill

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Malwarebytes’ Removal Guide

Microsoft’s Removal Guide

Malwarebytes’ Tutorial*****by Bleeping Computer  🙂

Malwarebytes’ Video Tutorials

For those having trouble running Malwarebytes Anti-Malware

Bleeping Computer Self-Help Guides

Microsoft How to Get Rid of Malware

Option #2.

You can register by entering the following serial code 1147-175591-6550 (manual registration) Thanks to Xylitol

The Malware Researchers have found these Registration Keys from within the Rogue programs themselves and have kindly provided them for all to use.  After using the Reg Key you let the Rogue scan or do what ever it wants to do(Scan is normall) and then do a restart. After the restart the Rogue is NO LONGER AN ISSUE.  Malwarebytes’ or the removal tool of your choice can be downloaded with NO interference from the Rogue. You enter no personal info, only the Reg Key, Fools the Rogue into thinking you paid for it.

S!Ri URZ blog-Well known in the Security Research Field

NOTE:I don’t expect this to last very long, take advantage while we can. The malware makers ya know won’t like getting beat.

********************************************************************************************************************************

Rootkit Removal if Needed

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

********************************************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

********************************************************************************************************************************

The tools needed for this removal are:

ATF For cleaning of Temp Files & the Java cache

See Screenshots

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>

Malwarebytes’ Anti-Malware

Please download Malwarebytes’ Anti-Malware to your desktop.

Click the Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial*****by VMSAR  🙂

Malwarebytes’ Self-Help Guides

Common Issues,Questions,and their Solutions

********************************************************************************

Step 2. If Needed

SUPERAntiSpyware Tutorial 🙂

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

************************************

DrWeb CureIt!

******************************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

<<<<<<<<<<>>>>>>>>>>

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeaveBOTH CheckedApplications and Applets
      Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page HERE

************************************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open and set to full scan and running or the ESET Online scanner below. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

************************************************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format? 😦

VMSAR Virus/Rogue Removal Guide

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

********************************************************************************************************************************

Online Scanners

That Detect and Remove for Free!

********************************************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure  😦

Windows XP:

c:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\ave.exe
%UserProfile%\Local Settings\Application Data\QJyrk5wvCU1
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\Local Settings\Temp\QJyrk5wvCU1
%UserProfile%\Templates\QJyrk5wvCU1

Windows Vista and Windows 7:

C:\ProgramData\QJyrk5wvCU1
C:\Users\All Users\QJyrk5wvCU1
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\ave.exe
%UserProfile%\AppData\Local\QJyrk5wvCU1
%UserProfile%\AppData\Local\WRblt8464P
%UserProfile%\AppData\Local\Temp\QJyrk5wvCU1
%UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\QJyrk5wvCU1

XP Internet Security,Antivirus Vista 2010, and Win 7 Antispyware 2010 windows registry information:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

Issues that “may” be in a HijackThis log.

NA

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

Post your HijackThis log  HERE and I will advise what needs to be done. Please read the Tutorial so that you have a understanding of how this works.

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of what software’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

********************************************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

********************************************************************************************************************************

********************************************************************************************************************************


Advertisements

Posted February 2, 2010 by Wide Glide in Virus Removal

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: