Free malware removal tool to remove AdvancedAntivirus (IS15.exe,smss32.exe,winlogon32.exe,helper32.dll)

Written by Administrator | Tuesday, 12 January 2010 19:16

AdvancedAntivirus is another rogue antispyware, a scareware, that tries to get money from users by prompting them to register and buy their products. Some old malwares often return to the front of the stage. AdvancedAntivirus will also download and instal Internet Security 2010 onto computer without your will.

To remove AdvancedAntivirus (Uninstall AdvancedAntivirus)

Download this free removal tool for AdvancedAntivirus
Extract it
Launch
Click on the delete button

AdvancedAntivirus will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

IS15.exe
smss32.exe
winlogon32.exe

Files :

c:\s
%System%\41.exe
%System%\helper32.dll
%System%\IS15.exe
%System%\smss32.exe
%System%\winlogon32.exe
%System%\warning.html
%System%\wbem\Performance\WmiApRpl_new.ini

Registry

Registry keys created

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Registry values created

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- NoChangingWallpaper = 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- NoSetActiveDesktop = 0x00000001
- NoActiveDesktopChanges = 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- smss32.exe = "%System%\smss32.exe"
HKEY_CURRENT_USER\Software
- 8636065b-fef0-4255-b14f-54639f7900a4 = "8636065b-fef0-4255-b14f-54639f7900a4"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
- Wallpaper = "%System%\warning.html"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- NoSetActiveDesktop = 0x00000001
- NoActiveDesktopChanges = 0x00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
- NoChangingWallpaper = 0x00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- DisableTaskMgr = 0x00000001

Registry value deleted:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
- Wallpaper = ""

Registry value modified

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- Userinit =
- Should be Userinit = "%System%\userinit.exe,"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
- WallpaperLocalFileTime =

Add comment

Free malware removal tool for AntiMalware Pro

Free malware removal tool for KeepCop

Free malware removal tool for Secure Warrior

Free malware removal tool for Windows Protection Suite

Free malware removal tool to get rid of AntiAID

Free malware removal tool to get rid of BlockWatcher

Free malware removal tool to get rid of GreatDefender

Free malware removal tool to get rid of SaveArmor

Free malware removal tool to get rid of SysDefence

Free malware removal tool to remove Active Security