FrEn

Envoyer Imprimer

Free malware removal tool to remove Virus Protector
Écrit par Administrator  |  Lundi, 15 Mars 2010 07:42
AddThis Social Bookmark Button
There are no translations available.

Virus Protector is a rogue Antispyware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is Virus Protector. It invites you to purchase a license to remove malware, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you. Uninstall Virus Protector immediately from your system.

Virus Protector

To remove Virus Protector (Uninstall Virus Protector)

  • Download this free removal tool for Virus Protector
  • Extract it
  • Launch
  • Click on the delete button

Virus Protector will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

  • many [random].exe files

Files :

  • %AppData%\[random].exe
  • %AppData%\[random].dll
  • %Temp%\[random].exe
  • %Temp%\[random].dll
  • %ProgramFiles%\Internet Explorer\[random].dll
  • %System%\[random].dll
  • %System%\drivers\[random].dll
  • %System%\[random].exe
  • [malware's path]\[random].exe

Registry

Registry key created

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • Virus Protector = [malware's path]\[random].exe

Registry values modified

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    • “LoadAppInit_DLLs” = “1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    • “AppInit_DLLs” = “random.dll”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49c47ce0-9ba4-11d0-8212-00c04fc32c45}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49C47CE4-9BA4-11D0-8212-00C04FC32C45}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49c47ce5-9ba4-11d0-8212-00c04fc32c45}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8496e040-af4c-11d0-8212-00c04fc32c45}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF0F2F7C-F7BF-11d0-900D-00C04FD9189D}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2468580-af8a-11d0-8212-00c04fc32c45}\InprocServer32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E6CDE29-C0C4-11D0-8FF1-00C04FD9189D}\1.0\0\win32
    • (Default) =
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E6CDE29-C0C4-11D0-8FF1-00C04FD9189D}\1.0\HELPDIR
    • (Default) =

 

 

Download

 
 

Articles connexes
Derniers articles

No data

.
Information | Contact

© All Rights Reserved. net-studio.org 2009