Monday, May 21, 2012

Remove Antispyware Pro 2012 as a professional fake

Antispyware Pro 2012, aka AntispywarePRO2012, is a professional counterfeit. It is made to look as good as, and even better than, genuine security solutions. However, the effort of hackers is only applied to the looks while nothing is made to include at least out-of-date scanner into the program.
The malware is available on various data-sharing portals and comes along with codec, free movies, books etc. Besides, a fake scanner runs online on a dozen of urls as the hackers try to convince, rather scare, people into manually infecting their computers with the counterfeit.
Once the malware has managed to infiltrate into your PC, it amends startup registry entries and makes other changes to show its tricky deceptive popups as provided for by its developers.
Get rid of Antispyware Pro 2012 virus to prevent upcoming popups and restrictions applied by the adware to your computer system. Free-scan your PC with the solution available here and ensure the removal of Antispyware Pro 2012 as a part of memory disinfection on your PC.

 Antispyware Pro 2012 screenshot:


Manual removal guide:

Delete infected files:
%AppData%\random.dll
%AppData%\Protector-.exe
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Antispyware Pro 2012.lnk
%Desktop%\Antispyware Pro 2012.lnk<
Delete Antispyware Pro 2012 registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-5-12_7″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “ypjcmvvgbv”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe

No comments: