Monday, September 20, 2010

Remove Antivirus IS (AntivirusIS) and Do Not Judge By Looks Only

The design of hackers pushing this fake antivirus is to keep utilizing the same program for multiple releases of rogue antispyware.
That is, get rid of Antivirus IS (AntivirusIS) as this is just the same GUI, slightly modifies, that has been used in a number of programs cloned from one and same basic templates.
However, Antivirus IS removal requires quite different actions than the removal of rogue antispyware of its family. Tat is because of new executables introduced into the rogue that make it quite unlike, if not to judge by appearance only.
Click here to run free scan and delete Antivirus IS badware, as well as any other malicious programs.

Antivirus IS screenshots:



Antivirus IS removal tool:


Antivirus IS manual removal guide:
Delete Antivirus IS files:

[random].exe
Delete Antivirus IS registry entries:
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1"

No comments: