Tuesday, June 5, 2012

Remove Windows PC Aid malware (Uninstall guide)

Windows PC Aid is a recent development of hackers. The web-criminals have used old skins, well-known for malware experts as a GUI utilized in a range of bogus programs, but drastically changed program scripts and infiltration mechanism to aggravate removal of Windows PC Aid and to facilitate its dissemination.
According to the malware expert’s estimate, at least a million computers have got the program dropped as a trojan. Probably, the same number of people have been scared to manually download and install the infection on one of its spoofed online scanners. Those online fraud tools readily report a long list of parasites for any computer visiting them and recommend to load and install relevant cleaning device that turns out to be the adware in question.
Circumstances of the malware introduction do not matter much. Eventually, a method is required to properly remove Windows PC Aid; free scanner available here is a relevant technology.

Windows PC Aid screenshots:


Windows PC Aid activation code (helps removal):
0W000-000B0-00T00-E0020
NOTE: "Activating" Windows PC Aid  is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows PC Aid malware removal using safe registry cleaner software.

Windows PC Aid manual removal guide:

Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows PC Aid.lnk
%Desktop%\Windows PC Aid.lnk
Delete Windows PC Aid registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: