Thursday, April 19, 2012

Remove Windows Advanced Care fake antispyware as it struggles to quit true antivirus processes

Windows Advanced Care is desperate to report threats. Even for blank new machines the pretended security solution does not hesitate specifying a host of infections requiring, according to its further alerts, immediate intervention of its resident security suite.
That is, the rogue basically has two scanners. Both are fakes. One of the fakes is a website that seduces users into getting another fake, a resident scanner.
It is understood the definition of scanner applies to the malware as far as it tries to look like it; in no case that is to say the adware has a skill in identifying viruses.
However, it is quite proficient in getting true security tools blocked and even exterminated as it struggles to detect genuine scan activities and prevent them by killing relevant process and its source.
No surprise removal of Windows Advanced Care requires its performer to be , first of all, able to defend its own components. Such is the free scanner which proficiency and ability to remove Windows Advanced Care has been examined in the wild on real unrestricted copies of the infection. The free scan link is here.

Windows Advanced Care screenshot:


Windows Advanced Care manual removal directions:

Delete Windows Advanced Care files:
%AppData%\Inspector-[rnd].exe
 %AppData%\Protector-[rnd].exe
Delete registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
 

No comments: