Monday, July 11, 2011

Removal of Windows Armour Master virus

Windows Armour Master shares backdoors installer with rootkits and other annoying and destructive programs, which means it may be introduced in a bundle with other threats or be merely independent part of extended infection delivery.
The way of its delivery does not confuse the program and it promptly announces installation of automatic security update. It also tries to make computer system launch installation wizard, but rarely succeeds in that effort.
It is not that the above way is the only possible route for the program to enter computer system, but seems to be the most unfair one.
Other methods are in place, too, but seem to be, so to say, less rascally.
Get rid of Windows Armour Master and viruses that came in one kit into your computer system, if such installation have actually had place. Reliable tool to remove Windows Armour Master and any kind of or viral, wormlike, other kind threats, is ready for free download here.

Windows Armour Master snapshot:




Manual removal guide:
Delete infected files:
%UserProfile%\Application Data\Microsoft\[random].exe
Delete infected registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

No comments: