Spyware and Malware Removal Guides

How to remove Wista Antivirus (Removal Guide)

Grinler — Fri, 04 Jul 2008 23:34:23 EDT

How to remove Wista Antivirus (Removal Guide)

Posted by Grinler on Fri, 04 Jul 2008 23:34:23 EDT · Views: 21

What this programs does:

Wista Antivirus is a rogue anti-spyware program that deliberately displays false information to scare you into purchasing their software. When Wista Antivirus is installed on your computer, it will automatically scan for malware and display a variety of infections on your computer that cannot be removed unless you first purchase the software. These infections, though, are all fake and are only being shown in order to scare you into thinking you are infected.

This guide will walk you through removing the Wista Antivirus program and any associated malware for free.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

Wista Antivirus

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [wistaantivirus] C:\Program Files\WistaAntivirus\wistaantivirus.exe

Guide Updates:

07/04/08 - Initial guide creation.

Automated Removal Instructions for Wista Antivirus using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Wista Antivirus related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the WistaAntivirus removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the WistaAntivirus program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Wista Antivirus Files:

c:\Documents and Settings\All Users\Start Menu\Programs\WistaAntivirus
c:\Documents and Settings\All Users\Start Menu\Programs\WistaAntivirus\Uninstall wistaantivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WistaAntivirus\wistaantivirus on the Web.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WistaAntivirus\WistaAntivirus.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\WistaAntivirus.lnk
%UserProfile%\Desktop\WistaAntivirus.lnk
c:\Program Files\WistaAntivirus
c:\Program Files\WistaAntivirus\alarm.wav
c:\Program Files\WistaAntivirus\click.wav
c:\Program Files\WistaAntivirus\config.cfg
c:\Program Files\WistaAntivirus\dbinfo
c:\Program Files\WistaAntivirus\success.wav
c:\Program Files\WistaAntivirus\unins000.dat
c:\Program Files\WistaAntivirus\unins000.exe
c:\Program Files\WistaAntivirus\wistaantivirus.exe
c:\Program Files\WistaAntivirus\wistaantivirus.url
c:\Program Files\WistaAntivirus\dll
c:\Program Files\WistaAntivirus\dll\antirootkit.sys
c:\Program Files\WistaAntivirus\dll\def1.base
c:\Program Files\WistaAntivirus\dll\def2.base
c:\Program Files\WistaAntivirus\dll\def3.base
c:\Program Files\WistaAntivirus\dll\immunization.pl
c:\Program Files\WistaAntivirus\dll\license
c:\Program Files\WistaAntivirus\dll\loader.sys
c:\Program Files\WistaAntivirus\dll\privacy.dat
c:\Program Files\WistaAntivirus\dll\realscanner.dll
c:\Program Files\WistaAntivirus\dll\sig1.base
c:\Program Files\WistaAntivirus\dll\sig2.base
c:\Program Files\WistaAntivirus\dll\sigrules.rul

Associated Wista Antivirus Windows Registry Information:

HKEY_CURRENT_USER\Software\wistaantivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wista Antivirus_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wistaantivirus"

How to uninstall WinAntispyware2008 (Removal Guide)

Grinler — Sun, 29 Jun 2008 18:52:15 EDT

How to uninstall WinAntispyware2008 (Removal Guide)

Posted by Grinler on Sun, 29 Jun 2008 18:52:15 EDT · Views: 436

Add to Favorites! Print Guide!

What this programs does:

WinAntispyware2008 is a rogue anti-spyware program that deliberately displays false information to scare you into purchasing their software. WinAntispyware2008 is advertised through web sites pretending to scan your computer for infections. When these fake scans are done, it will state your computer is infected and that you should install WinAntiSpyware2008 in order to remove these infections. If you decide to install WinAntiSpyware, the program will automatically start and scan your computer stating that it has found infections that can only be removed if you first purchase the software.

What it does not tell you is that the files it finds are ones that are actually planted on your computer by WinAntispyware2008. When WinAntispyware2008 is installed, it will also copy a variety of harmless files that are dummy infections on to your computer so that WinAntiSpyware 2008 can find them later when it is scanning your computer. These files are:

c:\WINDOWS\byfupo.dl
c:\WINDOWS\jezuro.ban
c:\WINDOWS\okulyretaq.dl
c:\WINDOWS\ymanev._sy
c:\WINDOWS\yqumo.db
c:\WINDOWS\system32\fuduco.com
c:\WINDOWS\system32\juporel.vbs
c:\WINDOWS\system32\retyn.lib
c:\WINDOWS\system32\roforawav.bin
c:\WINDOWS\system32\upoceso.ban

It is important to stress that these files are all harmless and are only there to scare you into thinking you have an actual infection.

This guide will walk you through removing the WinAntispyware 2008 program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

WinAntispyware2008

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKLM\..\Run: [WinAntispyware2008] "C:\Program Files\WinAntispyware2008\WinAntispyware2008.exe" /hide

Guide Updates:

06/28/08 - Initial guide creation.

Automated Removal Instructions for WinAntispyware2008 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for WinAntispyware2008 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the WinAntispyware 2008 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the WinAntispyware 2008 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated WinAntispyware2008 Files:

c:\Documents and Settings\All Users\Application Data\agekav.pif
c:\Documents and Settings\All Users\Application Data\dali.reg
c:\Documents and Settings\All Users\Application Data\myxum.dat
c:\Documents and Settings\All Users\Application Data\rozusug.vbs
c:\Documents and Settings\All Users\Application Data\utimipylof.ban
c:\Documents and Settings\All Users\Documents\ecofubyg.exe
c:\Documents and Settings\All Users\Documents\gilixowa.reg
%UserProfile%\Application Data\ewapili.com
%UserProfile%\Application Data\uwudoj.reg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntispyware2008.lnk
%UserProfile%\Cookies\iduf.reg
%UserProfile%\Cookies\jelepyl.inf
%UserProfile%\Cookies\nivo._sy
%UserProfile%\Cookies\umumula._dl
%UserProfile%\Cookies\xagoloq._dl
%UserProfile%\Desktop\WinAntispyware2008.lnk
%UserProfile%\Local Settings\Application Data\adylewu.dl
%UserProfile%\Local Settings\Application Data\ezeh.pif
%UserProfile%\Local Settings\Application Data\usow.db
%UserProfile%\Local Settings\Application Data\ysuzis.bat
%UserProfile%\Start Menu\Programs\WinAntispyware2008
%UserProfile%\Start Menu\Programs\WinAntispyware2008\Uninstall.lnk
%UserProfile%\Start Menu\Programs\WinAntispyware2008\WinAntispyware2008.lnk
c:\Program Files\Common Files\amufy.db
c:\Program Files\Common Files\egogoko.sys
c:\Program Files\WinAntispyware2008
c:\Program Files\WinAntispyware2008\htmlayout.dll
c:\Program Files\WinAntispyware2008\pthreadVC2.dll
c:\Program Files\WinAntispyware2008\Uninstall.exe
c:\Program Files\WinAntispyware2008\WinAntispyware2008.cfg
c:\Program Files\WinAntispyware2008\WinAntispyware2008.dll
c:\Program Files\WinAntispyware2008\WinAntispyware2008.exe
c:\Program Files\WinAntispyware2008\data
c:\Program Files\WinAntispyware2008\data\daily.cvd
c:\Program Files\WinAntispyware2008\Microsoft.VC80.CRT
c:\Program Files\WinAntispyware2008\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\WinAntispyware2008\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\WinAntispyware2008\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\WinAntispyware2008\Microsoft.VC80.CRT\msvcr80.dll
c:\WINDOWS\byfupo.dl
c:\WINDOWS\jezuro.ban
c:\WINDOWS\okulyretaq.dl
c:\WINDOWS\ymanev._sy
c:\WINDOWS\yqumo.db
c:\WINDOWS\system32\fuduco.com
c:\WINDOWS\system32\juporel.vbs
c:\WINDOWS\system32\retyn.lib
c:\WINDOWS\system32\roforawav.bin
c:\WINDOWS\system32\upoceso.ban

Associated WinAntispyware2008 Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntispyware2008
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntispyware2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinAntispyware2008"

PestSweeper Removal Guide (Uninstall Instructions)

Grinler — Sun, 29 Jun 2008 18:29:21 EDT

PestSweeper Removal Guide (Uninstall Instructions)

Posted by Grinler on Sun, 29 Jun 2008 18:29:21 EDT · Views: 133

Add to Favorites! Print Guide!

What this programs does:

Pestsweeper is a rogue anti-spyware program from the same family as SpywareScanner 2008. PestSweeper is advertised through the use of misleading advertisements found on web sites that masquerade as anti-malware scanners running on your computer. After the advertisement finishes, it will imply that you are infected with a variety of infections and that you should download PestSweeper in order to remove these infections. If you decide to download and install PestSweeper, it will automatically scan your computer and display a list of infections that are supposedly on your computer. In reality, though, these are fake infections and are only being displayed to scare you into purchasing the software.

This guide will walk you through removing the PestSweeper program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

PestSweeper 1.0

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [pestsweeper] C:\Program Files\PestSweeper\pestsweeper.exe

Guide Updates:

06/29/08 - Initial guide creation.

Automated Removal Instructions for PestSweeper using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for PestSweeper related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the PestSweeper removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the PestSweeper program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated PestSweeper Files:

c:\WINDOWS\system\cmsd.exe
c:\WINDOWS\system\MsWin000.exe
c:\winxplogon.sys
c:\Program Files\PestSweeper
c:\Program Files\PestSweeper\alarm.wav
c:\Program Files\PestSweeper\click.wav
c:\Program Files\PestSweeper\config.cfg
c:\Program Files\PestSweeper\dbinfo
c:\Program Files\PestSweeper\pestsweeper.exe
c:\Program Files\PestSweeper\pestsweeper.url
c:\Program Files\PestSweeper\success.wav
c:\Program Files\PestSweeper\unins000.dat
c:\Program Files\PestSweeper\unins000.exe
c:\Program Files\PestSweeper\dll
c:\Program Files\PestSweeper\dll\def2.base
c:\Program Files\PestSweeper\dll\defbase0.db
c:\Program Files\PestSweeper\dll\defbase1.db
c:\Program Files\PestSweeper\dll\defbase2.db
c:\Program Files\PestSweeper\dll\defbase3.db
c:\Program Files\PestSweeper\dll\defbase4.db
c:\Program Files\PestSweeper\dll\defbase5.db
c:\Program Files\PestSweeper\dll\defbase6.db
c:\Program Files\PestSweeper\dll\defbase7.db
c:\Program Files\PestSweeper\dll\defbase8.db
c:\Program Files\PestSweeper\dll\immunization.pl
c:\Program Files\PestSweeper\dll\license
c:\Program Files\PestSweeper\dll\sig2.base
c:\Program Files\PestSweeper\dll\sigrules.rul
c:\Program Files\PestSweeper\dll\update.scr
%UserProfile%\Desktop\pestsweeper.lnk
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\sav.exe
%UserProfile%\Local Settings\Apps
%UserProfile%\Local Settings\Apps\2.0
%UserProfile%\Local Settings\Apps\2.0\srw94.exe
%UserProfile%\Local Settings\Temp\sav.exe
c:\Documents and Settings\All Users\Start Menu\Programs\PestSweeper
c:\Documents and Settings\All Users\Start Menu\Programs\PestSweeper\pestsweeper on the Web.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PestSweeper\pestsweeper.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\pestsweeper.lnk

Associated PestSweeper Windows Registry Information:

HKEY_CURRENT_USER\Software\pestsweeper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PestSweeper_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pestsweeper"

How to remove SpywareScanner 2008 (Removal Instructions)

Grinler — Sun, 29 Jun 2008 17:00:32 EDT

How to remove SpywareScanner 2008 (Removal Instructions)

Posted by Grinler on Sun, 29 Jun 2008 17:00:32 EDT · Views: 169

Add to Favorites! Print Guide!

What this programs does:

SpywareScanner 2008 is a rogue anti-spyware program from the same family as PestSweeper. SpywareScanner 2008 is advertised through the use of deceptive advertising on web sites where they pretend they are scanning your computer and finding infections on it. In reality, though, these are just ads and the web site has no idea what is on your computer. If you decide to install SpywareScanner 2008 it will automatically scan your computer and display a list of infections that are supposedly on your computer. In reality, though, these are fake infections and are only being displayed to scare you into purchasing the software.

This guide will walk you through removing the SpywareScanner2008 program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

SpywareScanner 2008

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [spywarescanner] C:\Program Files\SpywareScanner\spywarescanner.exe

Guide Updates:

06/29/08 - Initial guide creation.

Automated Removal Instructions for SpywareScanner 2008 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for SpywareScanner 2008 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the SpywareScanner2008 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the SpywareScanner2008 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated SpywareScanner 2008 Files:

%UserProfile%\Desktop\spywarescanner.lnk
c:\Program Files\SpywareScanner
c:\Program Files\SpywareScanner\alarm.wav
c:\Program Files\SpywareScanner\click.wav
c:\Program Files\SpywareScanner\config.cfg
c:\Program Files\SpywareScanner\dbinfo
c:\Program Files\SpywareScanner\spywarescanner.exe
c:\Program Files\SpywareScanner\spywarescanner.url
c:\Program Files\SpywareScanner\success.wav
c:\Program Files\SpywareScanner\unins000.dat
c:\Program Files\SpywareScanner\unins000.exe
c:\Program Files\SpywareScanner\dll
c:\Program Files\SpywareScanner\dll\def2.base
c:\Program Files\SpywareScanner\dll\defbase0.db
c:\Program Files\SpywareScanner\dll\defbase1.db
c:\Program Files\SpywareScanner\dll\defbase2.db
c:\Program Files\SpywareScanner\dll\defbase3.db
c:\Program Files\SpywareScanner\dll\defbase4.db
c:\Program Files\SpywareScanner\dll\defbase5.db
c:\Program Files\SpywareScanner\dll\defbase6.db
c:\Program Files\SpywareScanner\dll\defbase7.db
c:\Program Files\SpywareScanner\dll\defbase8.db
c:\Program Files\SpywareScanner\dll\immunization.pl
c:\Program Files\SpywareScanner\dll\license
c:\Program Files\SpywareScanner\dll\sig2.base
c:\Program Files\SpywareScanner\dll\sigrules.rul
c:\Program Files\SpywareScanner\dll\update.scr
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareScanner
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareScanner\spywarescanner on the Web.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareScanner\spywarescanner.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareScanner\Uninstall spywarescanner.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\spywarescanner.lnk

Associated SpywareScanner 2008 Windows Registry Information:

HKEY_CURRENT_USER\Software\spywarescanner
HKEY_CURRENT_USER\Software\SpywareScanner2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareScanner 2008_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "spywarescanner"

How to remove Antivirus 2009 (Uninstall Instructions)

Grinler — Sat, 28 Jun 2008 15:59:23 EDT

How to remove Antivirus 2009 (Uninstall Instructions)

Posted by Grinler on Sat, 28 Jun 2008 15:59:23 EDT · Views: 2921

Add to Favorites! Print Guide!

What this programs does:

Antivirus 2009 is a new rogue anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can't be removed unless you first purchase the software. These infections are fake, though, and only being shown to scare you into purchasing the software.

When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software. A more detailed writeup on how the Google home page is hijacked can be found here.

This guide will walk you through removing the Antivirus 2009 program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

Note: Some of these entries are random named.

O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O4 - HKCU\..\Run: [75319611769193918898704537500611] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"

Guide Updates:

06/28/08 - Initial guide creation.

Automated Removal Instructions for Antivirus 2009 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Antivirus 2009 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the Antivirus 2009 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the Antivirus 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Antivirus 2009 Files:

Note: Some of these entries are random named.

%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

Associated Antivirus 2009 Windows Registry Information:

Note: Some of these entries are random named.

HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"

How to remove Doctor Antivirus 2008

Grinler — Sat, 28 Jun 2008 15:43:12 EDT

How to remove Doctor Antivirus 2008

Posted by Grinler on Sat, 28 Jun 2008 15:43:12 EDT · Views: 461

Add to Favorites! Print Guide!

What this programs does:

Doctor Antivirus 2008 is a new rogue anti-spyware program from the same family as Antivirus 2008 and Antivirus 2009. When installed, Doctor Antivirus will scan your computer and list a variety of infections found on your computer. In order to remove any of these infections, though, you must first purchase the software. The problem is that all of the infections Doctor Antivirus states are on your computer, are actually harmless or do not even exist. The only reason why they are being displayed is to scare you into purchasing the program.

This guide will walk you through removing the Doctor Antivirus 2008 program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKLM\..\Run: [Doctor Antivirus 2008] C:\Documents and Settings\BC\Desktop\antvr.exe

Guide Updates:

06/28/08 - Initial guide creation.

Automated Removal Instructions for Doctor Antivirus 2008 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Doctor Antivirus 2008 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the Doctor Antivirus 2008 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the Doctor Antivirus 2008 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Doctor Antivirus 2008 Files:

%UserProfile%\Desktop\antvr.exe

Associated Doctor Antivirus 2008 Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Doctor2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Doctor Antivirus 2008"

How to uninstall WinX Security Center (Removal Guide)

Grinler — Wed, 25 Jun 2008 17:11:12 EDT

How to uninstall WinX Security Center (Removal Guide)

Posted by Grinler on Wed, 25 Jun 2008 17:11:12 EDT · Views: 241

Add to Favorites! Print Guide!

What this programs does:

WinX Security Center is a new rogue anti-spyware program that is advertised through misleading web sites and popups. When visiting certain web sites, you may be presented with a popup stating that your computer is infected and that you should download and install WinX Security Center in order to clean your computer. If you decide to install the software, Winx Security Center will automatically start and scan your computer. When the scan has been completed, you will be shown a list of security risks on your computer that can only be removed if you first purchase the software. What it does not tell you, though, is that all of these supposed security risks are in fact legitimate programs being flagged as infections in order to scare you into purchasing the software.

This guide will walk you through removing the WinX Security Center program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O2 - BHO: (no name) - {F3642B57-3EA8-4EEA-A643-9DE138381A57} - C:\Program Files\WinX Security Center\redir.dll
O4 - HKCU\..\Run: [WinX Security Center] C:\Program Files\WinX Security Center\WinX Security Center.exe

Guide Updates:

06/25/08 - Initial guide creation.

Automated Removal Instructions for WinX Security Center using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for WinX Security Center related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the WinX Security Center removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the WinX Security Center program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated WinX Security Center Files:

c:\Documents and Settings\All Users\Start Menu\Programs\WinX Security Center
c:\Documents and Settings\All Users\Start Menu\Programs\WinX Security Center\Purchase License.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinX Security Center\Start WinX Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinX Security Center\Support Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinX Security Center\WinX Security Center Uninstall.lnk
c:\Documents and Settings\forensics\Application Data\WinX Security Center
c:\Documents and Settings\forensics\Application Data\WinX Security Center\base.dat
c:\Documents and Settings\forensics\Application Data\WinX Security Center\base2.dat
c:\Documents and Settings\forensics\Application Data\WinX Security Center\Desc.dat
c:\Documents and Settings\forensics\Application Data\WinX Security Center\spline.dat
c:\Documents and Settings\forensics\Application Data\WinX Security Center\WinX Security Center.ini
c:\Documents and Settings\forensics\Desktop\WinX Security Center.lnk
c:\Program Files\WinX Security Center
c:\Program Files\WinX Security Center\Buy.url
c:\Program Files\WinX Security Center\Help.url
c:\Program Files\WinX Security Center\HowToBuy.txt
c:\Program Files\WinX Security Center\License.txt
c:\Program Files\WinX Security Center\redir.dll
c:\Program Files\WinX Security Center\Restart.exe
c:\Program Files\WinX Security Center\Uninstall.exe
c:\Program Files\WinX Security Center\WinX Security Center.exe

Associated WinX Security Center Windows Registry Information:

HKEY_CLASSES_ROOT\CLSID\{F3642B57-3EA8-4EEA-A643-9DE138381A57}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3642B57-3EA8-4EEA-A643-9DE138381A57}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WinX Security Center"

How to remove Antivirus XP 2008 (Uninstall Instructions)

Grinler — Wed, 25 Jun 2008 15:45:58 EDT

How to remove Antivirus XP 2008 (Uninstall Instructions)

Posted by Grinler on Wed, 25 Jun 2008 15:45:58 EDT · Views: 9300

Add to Favorites! Print Guide!

What this programs does:

Antivirus XP 2008 is a new rogue anti-spyware program that is advertised through Trojans and other malware. It is advertised in the form of fake security alerts and warnings on web sites that state you are infected with malware or are being attacked in some manner. When you click on these ads, it will automatically download the installer for Antivirus XP 2008 and install it on your machine. In some cases, this program is installed without any intervention at all from you.

Once installed, Antivirus XP 2008 will scan your computer and display a variety of security risks found on your computer that can only be removed if you purchase a license of the software. These risks, though, are all fake and are only being displayed to scare you into thinking you are infected and thus purchase their software. Another tactic that Antivirus XP 2008, and the accompanied malware, uses is to change your desktop background to be a message stating you are infected, popups and fake alerts stating your computer is being attacked, and a fake Internet Explorer page that states Google has found your computer to be infected. All of these are further scare tactics and should be ignored. These methods are all illustrated in the images below.

This guide will walk you through removing the Antivirus XP 2008 program and its associated malware for free.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

AntivirXP08

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

Guide Updates:

06/25/08 - Initial guide creation.

Automated Removal Instructions for Antivirus XP 2008 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Antivirus XP 2008 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the AntivirusXP2008 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the AntivirusXP2008 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Antivirus XP 2008 Files:

Note, Some of these files and folders may be random:

C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\pntqkflv.dll
c:\Program Files\rhcnkrj0etfg
c:\Program Files\rhcnkrj0etfg\database.dat
c:\Program Files\rhcnkrj0etfg\license.txt
c:\Program Files\rhcnkrj0etfg\MFC71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfgSkin.dll
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\WINDOWS\system32\pphcjkrj0etfg.exe
c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
%UserProfile%\Application Data\rhcnkrj0etfg
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Packages

Associated Antivirus XP 2008 Windows Registry Information:

Note, Some of these Registry keys and values may be random:

HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "rhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "AntivirXP08"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"

How to remove Advanced Antivirus (Removal Instructions)

Grinler — Thu, 19 Jun 2008 14:30:21 EDT

How to remove Advanced Antivirus (Removal Instructions)

Posted by Grinler on Thu, 19 Jun 2008 14:30:21 EDT · Views: 1133

Add to Favorites! Print Guide!

What this programs does:

Advanced Antivirus is a rogue anti-spyware program from the same family as Ultimate Antivirus 2008, Vista Antivirus 2008, and Windows Antivirus 2008. Once installed, Advanced Antivirus will perform a scan and display a list of security risks found on your computer. These infections which are all fake and false positives, though, cannot be removed unless you first purchase a license of the software. They show these infections to scare you into thinking you are infected and hope that you will then buy their software. Another tactic they also perform is to show fake warnings that your computer is being attacked and that you should purchase Advanced Antivirus in order to protect yourself. This is just another scare tactic and should be ignored.

This guide will walk you through removing the AdvancedAntivirus program and any related malware.

Threat Classification:

Information on Rogue Programs

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe

Guide Updates:

06/19/08 - Initial guide creation.

Automated Removal Instructions for Advanced Antivirus using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Advanced Antivirus related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the AdvancedAntivirus removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the AdvancedAntivirus program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Advanced Antivirus Files:

c:\Program Files\AAV
c:\Program Files\AAV\aav.cpl
c:\Program Files\AAV\aav.exe
c:\Program Files\AAV\aav0.dat
c:\Program Files\AAV\aav1.dat
c:\WINDOWS\system32\aav.cpl
c:\Documents and Settings\Bleeping\Desktop\Advanced Antivirus.lnk

Associated Advanced Antivirus Windows Registry Information:

HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\AAV
HKEY_CURRENT_USER\Software\AntiVirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus"

How to remove WinSpywareProtect (Removal Instructions)

Grinler — Tue, 17 Jun 2008 16:27:32 EDT

How to remove WinSpywareProtect (Removal Instructions)

Posted by Grinler on Tue, 17 Jun 2008 16:27:32 EDT · Views: 2400

Add to Favorites! Print Guide!

What this programs does:

WinSpywareProtect is a rogue anti-spyware program, that once installed, will automatically scan your computer and list a variety of fake results and false positives that cannot be removed unless you first purchase the software. The tactic of showing supposed infections and requiring you to purchase the software in order to remove them is simply a scare tactic and should be ignored. Instead use a legitimate program, like the one below, to clean your computer of this software and any related malware that may have been installed with it. While WinSpywareProtect is running, you may also see fake Windows Security Center alerts and warnings stating that your computer has an active infection or that you are being attacked. These too can be ignored as they are just another scare tactic.

This guide will walk you through removing the WinSpywareProtect program and any related malware.

Threat Classification:

Information on Rogue Programs

Add/Remove Programs control panel entry:

LabelCommand

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\LabelCommand\LabelCommand.dll
O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\winspywareprotect.exe] "C:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\winspywareprotect.exe" /autorun

Guide Updates:

06/17/08 - Initial guide creation.

Automated Removal Instructions for WinSpywareProtect using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for WinSpywareProtect related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the WinSpywareProtect removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the WinSpywareProtect program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated WinSpywareProtect Files:

c:\Documents and Settings\All Users\Application Data\ADSL Software Limited
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\winspywareprotect.exe
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\BASE
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\DELETED
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\LOG
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\LOG\20080617111154889.log
c:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\SAVED
%UserProfile%\Local Settings\Temp\_addon.exe
%UserProfile%\Local Settings\Temp\temp.dll
c:\Program Files\LabelCommand
c:\Program Files\LabelCommand\LabelCommand.dll
c:\Program Files\LabelCommand\uninstall.dat
c:\Program Files\LabelCommand\Uninstall.exe

Associated WinSpywareProtect Windows Registry Information:

HKEY_CURRENT_USER\Software\ADSL Software Limited
HKEY_CURRENT_USER\Software\LabelCommand
HKEY_CLASSES_ROOT\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}
HKEY_CLASSES_ROOT\TypeLib\{8B8DF25F-2C47-4473-8E1C-7F54AC7EF481}\
HKEY_CLASSES_ROOT\LabelCommand.LabelCommand
HKEY_CLASSES_ROOT\LabelCommand.LabelCommand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7C4BCD17-BDBA-4078-9D8C-8CA8B7EABE77}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\All Users\Application Data\ADSL Software Limited\WinSpywareProtect\winspywareprotect.exe"