Monday, February 20, 2012

How to remove Windows Smart Warden? (Uninstall Directions)

Windows Smart Warden is FAKE! It may keep you out of access to basic services of your computer system. It targets Windows users in USA and Europe, but could be detected in other countries too. A lot of users thinks that this antivirus is real, it have very similar to Microsoft Security Esentials interface. Some users think that the only way to unlock their computers and stop fake security warnings –– is to make a payment and “activate” Windows Smart Warden.
Get rid of Windows Smart Warden and other parasites that terrorize you and your PC using this free link (direct remover download). If the link, and even your entire PC is blocked by the malware, please do as follows:
•    before new Windows session, enter boot menu by pressing F8
•    in the menu, select Safe Mode with Networking and let Windows load in this mode.
• download and install removal tool or get rid of Windows Smart Warden using manual removal directions.

Windows Smart Warden screenshot:




Windows Smart Warden manual removal guide:
Delete infected files:
%StartMenu%\Programs\Windows Smart Warden.lnk
%AppData%\NPSWF32.dll
%AppData%\Protector-hox.exe
%AppData%\result.db
Delete Windows Smart Warden registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: