Monday, November 22, 2010

Remove Pw.exe as a Kernel of Multiple Adware

The Pw.exe antispyware has been released before pw.exe and provided a basement for the counterfeits divided into three groups according to the type of Windows targeted. The groups are as follows:  Vista, Win 7 and XP.  Examples of the possible names follow: Vista Antimalware 2011, Win 7 Antispyware 2011, XP Internet Security 2011.  Respectively, the executable picks up the name that satisfies the criteria of compatibility with system infected. The compromised system is also examined to find vulnerabilities enabling in-depth integration of the adware into its processes.
 Get rid of pw.exe as a kernel of fake Windows Security Update trickery, namely its second wave. The Pw.exe incorporates dozens of names classifies into the three aforementioned groups. It is dropped as a  trojan and acts as annoying adware and fake antivirus under different names as explained above. Click here to get a free scanner and use it as pw.exe remover for any version of Windows.

Pw.exe removal tool:

Pw.exe manual removal guide:
Delete Pw.exe files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
Delete Pw.exe registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

No comments: