Thursday, January 5, 2012

Win 7 Antivirus Detection and Removal

Win 7 Antivirus is rouge antivirus software which claims to disinfect your system based on fake scan results. It won’t either show genuine notifications. This article contains the Win 7 Antivirus detection and removal instructions.

1.       Scan your Computer
2.       Delete Startup Entries
3.       Delete the Spyware Information from the Registry
4.       Delete Spyware Files Stored on your Hard Disk

Scan your Computer
Using a genuine antivirus software, entirely scan the system and remove infected files. Be sure to update its definitions before you begin the scan process.

Delete Startup Entries
The startup entries are made by Win 7 Antivirus so that it will automatically run each time Windows has been started. You must delete these entries before you begin the steps given here-after.
1.       Restart the computer.
2.       Press F8 key repeatedly.  Select Safe Mode with Networking option and press ENTER.
3.       Click Start, select Run. Or press Windows Key + R.
4.       Type MSCONFIG and press ENTER.
5.       Click Startup tab, deselect all the startup entries and click Apply.
6.       Click Services tab, mark Hide all Microsoft Services as checked. Deselect all the services entries and click Apply | OK.
7.       Restart the computer when you’re prompted to do so.

Delete the Spyware Information from the Registry
The spyware entries are stored in the registry. Win 7 Antivirus detection and removal step is to delete such entries by modifying your registry.
1.       Click Start, select Run.
2.       Type RegEdit and press ENTER.
3.       Browse and delete the following registry keys:
  • HKEY_LOCAL_MACHINE => SOFTWARE => Clients => StartMenuInternet => FIREFOX.EXE => shell => safemode => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%Program Files% => Mozilla Firefox => firefox.exe” -safe-mode’
  • HKEY_LOCAL_MACHINE => SOFTWARE => Clients => StartMenuInternet => IEXPLORE.EXE => shell => open => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%Program Files% => Internet Explorer => iexplore.exe”‘
  • HKEY_LOCAL_MACHINE => SOFTWARE => Clients => StartMenuInternet => FIREFOX.EXE => shell => open => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%Program Files% => Mozilla Firefox => firefox.exe”‘
  • HKEY_CURRENT_USER => Software => Classes => .exe “(Default)” = ‘exefile’
  • HKEY_CURRENT_USER => Software => Classes => .exe “Content Type” = ‘application/x-msdownload’
  • HKEY_CURRENT_USER => Software => Classes => exefile “(Default)” = ‘Application’
  • HKEY_CURRENT_USER => Software => Classes => exefile “Content Type” = ‘application/x-msdownload’
  • HKEY_CURRENT_USER => Software => Classes => exefile => DefaultIcon “(Default)” = ‘%1?
  • HKEY_CURRENT_USER => Software => Classes => exefile => shell => open => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => .exe => DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => .exe => shell => open => command “IsolatedCommand” = ‘”%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => .exe => shell => runas => command “(Default)” = ‘”%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => .exe => shell => runas => command “IsolatedCommand” = ‘”%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => exefile => shell => runas => command “IsolatedCommand” – ‘”%1? %*’
  • HKEY_CLASSES_ROOT => .exe => shell => open => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%1? %*’
  • HKEY_CLASSES_ROOT => exefile => shell => open => command “(Default)” = ‘”%UserProfile% => Local Settings => Application Data => [random].exe” /START “%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => exefile => shell => open => command “IsolatedCommand” = ‘”%1? %*’
  • HKEY_CURRENT_USER => Software => Classes => exefile => shell => runas => command “(Default)” = ‘”%1? %*’
4.       Close Registry Editor.

Delete Spyware Files Stored on your Hard Disk
The next Win 7 Antivirus detection and removal step is to delete all the spyware files from your hard disk.
1.       Press Windows Key + R. Or click Start, select Run.
2.       Type %AppData%\Local and press ENTER.
3.       Delete all files which are randomly named. For example, 01.exe, 02.exe.
4.       Open Run, type %AppData%\Roaming\Microsoft\Windows\Templates.
5.       In the same way, delete all random files.
6.       Open Run, type %AllUsersProfile% and press ENTER.
7.       Delete all random files found.
8.       Finally close My Computer.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.