Malware Removal Advices

Aug 26, 2009

Remove SaveSoldier - Save Soldier Removal Information

SaveSoldier is another member of the Winisoft family. A rogue antivirus and malware program, that cost you some money, but does not bring any results. After installation and further scanning it shows numerous fake viruses on yours computers. SaveSoldier usually infiltrates into one’s system absolutely unnoticed because it applies the innovative Trojan-based techniques. At the same time, it drags tons of insecure applications onto user’s computers. People ask “What is the reason of doing all that?” The answer is definite: make customers believe that their PCs are in dangerous and purchase the product that might help. But, unfortunately, it does not help. Moreover, it can cost ordinary citizens not only their money, but also their PCs. All in all, SaveSoldier will not deliver the promised security for your computer. We recommend you to remove SaveSoldier manually or using automatic removal tool.

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

SaveSoldier Automatical Removal Tool

How to remove SaveSoldier manually:

It's possible to remove SaveSoldier manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

c:\Program Files\SaveSoldier Software
c:\Program Files\SaveSoldier Software\SaveSoldier
c:\Program Files\SaveSoldier Software\SaveSoldier\data.bin
c:\Program Files\SaveSoldier Software\SaveSoldier\license.txt
c:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldier.exe
c:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldierSvc.exe
c:\Program Files\SaveSoldier Software\SaveSoldier\uninstall.exe
c:\Documents and Settings\All Users\Desktop\SaveSoldier.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SaveSoldier
c:\Documents and Settings\All Users\Start Menu\Programs\SaveSoldier\1 SaveSoldier.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SaveSoldier\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SaveSoldier\3 Uninstall.lnk

Remove registry entries:

HKEY_CURRENT_USER\Software\SaveSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\SaveSoldier
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVESOLDIERSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaveSoldierSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SaveSoldier"

Please be careful because manual removal of SaveSoldier may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.

Aug 25, 2009

Remove Windows Protection Suite - WindowsProtectionSuite Removal Information

Windows Protection Suite is successor of such infamous rogues as Windows System Suite, Windows Security Suite, MalwareCatcher, Extra Antivirus, Ultra Antivir 2009, Virusdoctor, VirusAlarm. At first sight Windows Protection Suite look like legitimate antispyware application with useful features, low CPU load, fast updates and others. But in reality Windows Protection Suite is another representative of bogus security applications with one purpose – to steal money from simple-hearted computer users. Windows Protection Suite is promoted via misleading online scanners and Trojan horses. Once Windows Protection Suite gets in touch with your system it will be configured to start automatically every boot up. While running, parasite will flood your system with fake security alerts appearing from your Windows Taskbar. Moreover, Windows Protection Suite will constantly perform full system scans and list you exaggerated scan results in order to mislead you and push into purchasing this useless piece of software. We recommend you to remove Windows Protection Suite manually or using automatic removal tool.

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

Windows Protection Suite Automatical Removal Tool

How to remove Windows Protection Suite manually:

It's possible to remove Windows Protection Suite manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

c:\ADWARE_LOG
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\285.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WI345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WINPS.ico
c:\Documents and Settings\All Users\Application Data\345d567\working.log
c:\Documents and Settings\All Users\Application Data\345d567\WINSPSys
c:\Documents and Settings\All Users\Application Data\345d567\WINSPSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WINSPSys
c:\Documents and Settings\All Users\Application Data\WINSPSys\winps.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
%UserProfile%\Application Data\Windows Protection Suite
%UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite
%UserProfile%\Application Data\Windows Protection Suite\Instructions.ini
%UserProfile%\Desktop\Windows Protection Suite.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\cid.tmp
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.drv
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\snl2w.sys
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows Protection Suite.lnk
%UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Remove registry entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "9877034603"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Protection Suite"

Please be careful because manual removal of Windows Protection Suite may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.

Aug 23, 2009

Remove PC AntiSpyware 2010 - PCAntiSpyware 2010 Removal Information

PC AntiSpyware 2010 is a rogue security application from the same family as Home Antivirus 2010. Parasite uses various fraud tactics in order to scare you and convince that your computer is seriously infected and you must purchase licensed version of PC AntiSpyware 2010 in order to protect your data and privacy. One of this tactics is displaying fake Microsoft Windows Security Center. The only difference between legitimate Microsoft Windows Security Center and fake one is that fake suggests you to purchase PC AntiSpyware 2010. Moreover PC AntiSpyware 2010 will hijack your Internet Explorer and will show page stating that your computer is infected and you must buy full version of PC AntiSpyware 2010 in order to remove all threats. PC AntiSpyware 2010 also make the most of full system scans where parasite will display you numerous infections that cannot be removed until you purchase licensed version. But you must remember that all those threats was created by PC AntiSpyware 2010 after installation, and in reality these files can’t make any harm to your computer.
We advise you to remove PC AntiSpyware 2010 immediately manually or using automatic removal tool.

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

PC AntiSpyware 2010 Automatical Removal Tool

How to remove PC AntiSpyware 2010 manually:

It's possible to remove PC AntiSpyware 2010 manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

c:\Program Files\Common Files\aqamodero.dat
c:\Program Files\Common Files\hubeweqa.lib
c:\Program Files\Common Files\jatikysup._dl
c:\Program Files\Common Files\ofyxodaqa.dat
c:\Program Files\Common Files\sahaso.bat
c:\Program Files\Common Files\zotys.bin
c:\Program Files\PC_Antispyware2010
c:\Program Files\PC_Antispyware2010\AVEngn.dll
c:\Program Files\PC_Antispyware2010\htmlayout.dll
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\Program Files\PC_Antispyware2010\pthreadVC2.dll
c:\Program Files\PC_Antispyware2010\Uninstall.exe
c:\Program Files\PC_Antispyware2010\wscui.cpl
c:\Program Files\PC_Antispyware2010\data
c:\Program Files\PC_Antispyware2010\data\daily.cvd
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\WINDOWS\akudyta.lib
c:\WINDOWS\hoxigawax.inf
c:\WINDOWS\kyci.dl
c:\WINDOWS\nuxojih.scr
c:\WINDOWS\qynomikov.bin
c:\WINDOWS\seni.reg
c:\WINDOWS\yfoneby.db
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\cocefezyj.dl
c:\WINDOWS\system32\qebykiti.dl
c:\Documents and Settings\All Users\Application Data\pybisezyr.db
c:\Documents and Settings\All Users\Application Data\ulycozoho._dl
c:\Documents and Settings\All Users\Documents\ekenubes.com
c:\Documents and Settings\All Users\Documents\icosagula.reg
%UserProfile%\Application Data\jugifyryve.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
%UserProfile%\Cookies\ajeby.reg
%UserProfile%\Cookies\yqeqaranym.vbs
%UserProfile%\Cookies\zebav.pif
%UserProfile%\Desktop\_scui.cpl.txt
%UserProfile%\Desktop\PC_Antispyware2010.lnk
%UserProfile%\Local Settings\Application Data\xoqupuwytu._dl
%UserProfile%\Start Menu\Programs\PC_Antispyware2010
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk

Remove registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PC Antispyware 2010"

Please be careful because manual removal of PC AntiSpyware 2010 may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.

Aug 8, 2009

Remove Windows System Suite - WindowsSystemSuite Removal Information

Windows System Suite is latest rogue antispyware application, successor of infamous VirusDoctor and Windows Security Suite. Like its predecessors, Windows System Suite is advertised with a help of online antimalware scanners and Trojan horses. Once Windows System Suite gets in touch with your system it will generate Windows Registry entries that make it so that if you will try to execute legitimate antispyware or antivirus applications it will launch C:\Windows\System32\svchost.exe. This means that programs will newer run until you kill all Windows System Suite processes or remove parasite. Windows System Suite is also infamous for hijacking Internet Explorer and redirecting all search requests to Search-gala.com instead of legitimate Google or Windows Live. Windows System Suite will also flood your system with fake security alerts, pop-ups, exaggerated scan results. In that way Windows System Suite can dramatically slow down your computer performance. We strongly recommend you to remove Windows System Suite as soon as possible manually or using automatic removal tool.

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

Windows System Suite Automatical Removal Tool

How to remove Windows System Suite manually:

It's possible to remove Windows System Suite manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Suite.lnk
%UserProfile%\Application Data\Windows System Suite
%UserProfile%\Application Data\Windows System Suite\cookies.sqlite
%UserProfile%\Desktop\436.mof
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\Windows System Suite.lnk
%UserProfile%\Desktop\WSYSS.ico
%UserProfile%\Desktop\WSYSSSys
%UserProfile%\Desktop\WSYSSSys\vd952342.bd
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\hijackthis.log.lnk
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows System Suite.lnk
%UserProfile%\Start Menu\Programs\Windows System Suite.lnk
c:\Documents and Settings\All Users\Application Data\61a60
c:\Documents and Settings\All Users\Application Data\61a60\WS83b.exe
c:\Documents and Settings\All Users\Application Data\WSYSSSys
c:\Documents and Settings\All Users\Application Data\WSYSSSys\wsyss.cfg

Remove registry entries:

HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows System Suite"

Please be careful because manual removal of Windows System Suite may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.

Aug 2, 2009

Remove Smart Protector - Smart Protector Removal Information

Smart Protector is new rogue antispyware application which is promoted via Trojan horses and fake online antimalware scanners. Important thing that you must know about Smart Protector from the beginning is that its database is absolutely empty even after purchasing full version for about 50$. What does it mean? Smart Protector is absolutely useless piece of software developed with one purpose – to steal money from simple-hearted computer users who care about computer security. Once inside and active, Smart Protector will be configured to start automatically every boot up. While running Smart Protector will constantly perform full system scans and list you variety of infections that cannot be removed until you first purchase licensed version. Moreover, Smart Protector will flood your system with fake security alerts and pop-ups. In that way Smart Protector can dramatically slow your computer performance by using too much system recourses. We recommend you to remove Smart Protector manually or using automatic removal tool.

Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:

Smart Protector Automatical Removal Tool

How to remove Smart Protector manually:

It's possible to remove Smart Protector manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

c:\Program Files\Smart Protector
c:\Program Files\Smart Protector\config.cnf
c:\Program Files\Smart Protector\mainbase.adb
c:\Program Files\Smart Protector\q.adb
c:\Program Files\Smart Protector\queue.vdb
c:\Program Files\Smart Protector\smartprotector.exe
c:\Program Files\Smart Protector\uninstall.exe
c:\Program Files\Smart Protector\virusbase.adb
c:\Program Files\Smart Protector\quarantine
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\internet.dll
%UserProfile%\Desktop\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector
%UserProfile%\Start Menu\Programs\Smart Protector\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector\Uninstall.lnk

Remove registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Smart Protector
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "smartprotector"

Please be careful because manual removal of Smart Protector may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.