Tuesday, November 23, 2010

Uninstall Win7 Internet Security - manual removal info

Once you stumble upon any of the adware popups, take your time to see if your PC has been infected. There are two types or rather two stages of the adware infection and some users find their computers at the second stage without any visible preliminaries, i.e. skipping the stage 1. Stage 1 is only in place where there is a browser hijacker infection that deals with browser of compromised computers turning them into mediators of the adware online ads. The ads may even include online scanner. They invite users to get their computer equipped with Win 7 Internet Security. If the stage is skipped, that means the adware has either been uploaded by backdoor droppers or users got lured by casual online ads. Get rid of Win7 Internet Security at any stage. It is annoying and dangerous rogue antispyware. Win7 Internet Security removal tool and more can be downloaded here

Win7 Internet Security screenshot:


Win7 Internet Security uninstaller:


Win7 Internet Security manual removal guide:
Delete Win7 Internet Security files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
Delete Win7 Internet Security registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

No comments: