Wednesday, July 6, 2011

Remove Windows Easy Supervisor security imitation

Windows Easy Supervisor is a security imitation supplied by hackers through the chain of popups. As a rule, a user goes through several popups until eventually installation dialog is launched.  The online popups combine attractive content with forbidden technologies of disabling close button or replacing expand and close button to draw surfer to installation box.
Also, alternate tricks are applied to spread copies of the fake antispyware. In particular, several worms have been found to be in charge of the fake security tool distribution.
Nevertheless, most of the web security researches state the infection must be manually installed. Those researches made mistake or failed to amend their reports in line with recent information on cases of backdoor introduction of the counterfeit without direct participation of user. 
Windows Easy Supervisor removal is recommended and should not be postponed, even if you feel like you can put up with irritating popups by the program. The point is that the program is a carrier of a destructive potential, which it would realize sooner or later. Part of the destruction made by the malware is irreparable so that, in case of the malware under review, it makes sense to get rid of Windows Easy Supervisor at the earliest opportunity.
Apply free scanner available here  to detect the aforementioned counterfeit and get rid of other infections submitting suspicious detections for in-depth examination and instantly disposing of obvious threats. 

Windows Easy Supervisor snapshot:

 
 

Manual removal guide:
Delete infected files:
%UserProfile%\Application Data\Microsoft\.exe
Deelete infected registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

No comments: