Monday, May 7, 2012

Removal of "Best Antivirus Software" to observe software installation rules

"Best Antivirus Software" violates a number of installation rules. First of all, its actual features have nothing to do with its vendor's description. After all, the program is a phony computer utility. Its only task is to ape a program it should be, had its description been true.
The malware is true to its forerunners in its treating host computer system as a board of its ads, namely fake scan window and fake issue specific popups.
It does not hesitate interfering with other running programs spawning its processes, which are fatal for running processes of other applications.
It has been observed in the wild to deliberately kill processes of security solution that delivers real protection against viruses. Get rid Best Antivirus Software to ensure safety of your useful programs.
As your current software is unable to remove Best Antivirus Software or your PC is unprotected, follow
the free scan link for timely and reliable detection and extermination help relevant to the above case.

Best Antivirus Software screenshot:


Best Antivirus Software activation code (helps removal):
U2FD-S2LA-H4KA-UEPB
NOTE: "Activating" Best Antivirus Software is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Best Antivirus Software malware removal using safe registry cleaner software.


Best Antivirus Software manual removal guide:

Delete infected files:
%AllUsersProfile%\Application Data\2a967e\
%AllUsersProfile%\Application Data\2a967e\TAMPSys\
%AllUsersProfile%\Application Data\2a967e\BackUp\
%AllUsersProfile%\Application Data\2a967e\Quarantine Items\
%AllUsersProfile%\Application Data\2a967e\84.mof
%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe
%AllUsersProfile%\Application Data\2a967e\TAMP.ico
%AllUsersProfile%\Application Data\TANAMNGQMP\
%AllUsersProfile%\Application Data\TANAMNGQMP\TASGMP.cfg
%AppData%\Best Antivirus Software\
%AppData%\Microsoft\Internet Explorer\Quick Launch\Best Antivirus Software.lnk
%UserProfile%\Desktop\Best Antivirus Software.lnk
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Start Menu\Best Antivirus Software.lnk
%UserProfile%\Start Menu\Programs\Best Antivirus Software.lnk
Delete Best Antivirus Software registry entries:
HKEY_LOCAL_MACHINE\Software\Classes\TAe0e_8011.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid  = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32  = %AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe
ProgID  = TAe0e_8011.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Best Antivirus Software = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe” /s /d

HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
MSCompatibilityMode = 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures = no
RunInvalidSignatures = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
IIL = 0×00000000
ltHI = 0×00000000
ltTST =0x00005f9f
PRS = ”http://127.0.0.1:27777/?inj=%ORIGINAL%”
RGF =0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MigrateProxy = 0×00000001
ProxyEnable = 0×00000000
UID = “8001″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyByPass = 0×00000001
IntranetName = 0×00000001
UNCAsIntranet = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Antivirus Software
DisplayName = “Best Antivirus Software”
DisplayIcon = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe,0″
DisplayVersion = “1.1.0.1010″
InstallLocation = “%AllUsersProfile%\Application Data\2a967e\”
Publisher = “UIS Inc.”
UninstallString = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe” /del”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
Debugger = “svchost.exe”

No comments: