FrEn

Envoyer Imprimer

Free malware removal tool to remove AdvancedAntivirus (IS15.exe,smss32.exe,winlogon32.exe,helper32.dll)
Écrit par Administrator  |  Mardi, 12 Janvier 2010 19:16
AddThis Social Bookmark Button
There are no translations available.

AdvancedAntivirus is another rogue antispyware, a scareware, that tries to get money from users by prompting them to register and buy their products. Some old malwares often return to the front of the stage. AdvancedAntivirus will also download and instal Internet Security 2010 onto computer without your will.

To remove AdvancedAntivirus (Uninstall AdvancedAntivirus)

  • Download this free removal tool for AdvancedAntivirus
  • Extract it
  • Launch
  • Click on the delete button

AdvancedAntivirus will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

  • IS15.exe
  • smss32.exe
  • winlogon32.exe

Files :

  • c:\s
  • %System%\41.exe
  • %System%\helper32.dll
  • %System%\IS15.exe
  • %System%\smss32.exe
  • %System%\winlogon32.exe
  • %System%\warning.html
  • %System%\wbem\Performance\WmiApRpl_new.ini

Registry

Registry keys created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Registry values created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    • NoChangingWallpaper = 0x00000001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    • NoSetActiveDesktop = 0x00000001
    • NoActiveDesktopChanges = 0x00000001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • smss32.exe = "%System%\smss32.exe"
  • HKEY_CURRENT_USER\Software
    • 8636065b-fef0-4255-b14f-54639f7900a4 = "8636065b-fef0-4255-b14f-54639f7900a4"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
    • Wallpaper = "%System%\warning.html"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • NoSetActiveDesktop = 0x00000001
    • NoActiveDesktopChanges = 0x00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
    • NoChangingWallpaper = 0x00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    • DisableTaskMgr = 0x00000001
Registry value deleted:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
    • Wallpaper = ""

Registry value modified

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Userinit =
    • Should be Userinit = "%System%\userinit.exe,"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
    • WallpaperLocalFileTime =

 

Download

 
 

Articles connexes
Derniers articles

No data

.
Information | Contact

© All Rights Reserved. net-studio.org 2009