Friday, July 29, 2011

Remove McAffee Enhanced Protection Mode that abuses name of credible product

McAffee Enhanced Protection Mode is a title of misleading alert aimed at cheating users. The trickery abuses not only credit of users as name of renowned and fair product is engaged into the marketing of imaginary update or feature.
That is, concealing the malicious intent under the name of trustworthy product  the hackers literary try to rob users of their money as the alert, on notifying of critical virus detection, is followed by the payment request.
The entire affair is managed by single trojan  which is typically manually installed by users.  It is understandable that a user would not download the trojan, if the content was fairly declared, but, of course, the trojan was introduced as another content. Typical guise used to conceal the trojan is a Flash player update. 
Besides removal of  McAffee Enhanced Protection Mode deceptive alert, there is another popup to get rid of. It is shown at the desktop tray area and reads that system is protected. It pretends to indicate the last date of AV database update.
Click here to run free scan and get rid of McAffee Enhanced Protection Mode related trojan to kill all of the misleading alerts it generates.

McAffee Enhanced Protection Mode snapshot:



Manual removal guide:
Delete infected files:
%WINDOWS%\ddh_iplist.txt
%WINDOWS\front_ip_list.txt
%WINDOWS\geoiplist
%WINDOWS\iecheck_iplist.txt
%WINDOWS\info1
%WINDOWS\iplist.txt
%WINDOWS\l1rezerv.exe
%WINDOWS\phoenix
%WINDOWS\phoenix.rar
%WINDOWS\proc_list1.log
%WINDOWS\rpcminer.rar
%WINDOWS\services32.exe
%WINDOWS\sysdriver32.exe
%WINDOWS\sysdriver32_.exe
%WINDOWS\systemup.exe
%WINDOWS\ufa
%WINDOWS\ufa.rar
%WINDOWS\unrar.exe
%WINDOWS\update.1
%WINDOWS\update.2
%WINDOWS\update.5.0
%Temp%\[random].exe
Delete infected registry entries:
HKEY_LOCAL_MACHINE\Software\Avira AntiVir Enhanced Protection Mode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Comodo Enhanced Protection Mode”
at 1:03 PM Posted by Roman 0 comments
Tags: ,

Thursday, July 28, 2011

Remove Dr.Web Enhanced Protection Mode scam alert

Dr.Web Enhanced Protection Mode is just an alert generated by agent that serves hackers. The agent generates popup  that pretends to be a notification on behalf of the above security solution.
It informs on switching the antivirus into the extra security mode due to the risk of PC damaging by severe threat. According to the alert, user needs  not to take any action, and simply let the antivirus settle down the issue.
Alas, the alert repeats too frequently and annoys user. Besides this alert, there is a desktop toolbar notification that announces protected status of computer system. It is also issued in the name of Dr.Web.
The endpoint of all those alerts would be system disordering unless removal of  Dr.Web Enhanced Protection Mode misleading alert is performed in a due time.
In their turn, the rascals masterminding the tricky affair expect users to pay misleading activation fee. In no case should one act as the hackers suggest, for that would neither put an end to the particular case of the scam, nor  facilitate its global-scale eradication.
Click here to run free scan and get rid of Dr.Web Enhanced Protection Mode scam by means of up-to-date security solution.



Dr.Web
ENHANCED PROTECTION MODE
Attention!
Dr.Web operates under enhanced
protection mode.
This is temporary measure
necessary for immediate response to
the threat from virus.
No action is required from you.
Info from Deletemalware


Manual removal guide:
Delete infected files:
%WINDOWS%\ddh_iplist.txt
%WINDOWS\front_ip_list.txt
%WINDOWS\geoiplist
%WINDOWS\iecheck_iplist.txt
%WINDOWS\info1
%WINDOWS\iplist.txt
%WINDOWS\l1rezerv.exe
%WINDOWS\phoenix
%WINDOWS\phoenix.rar
%WINDOWS\proc_list1.log
%WINDOWS\rpcminer.rar
%WINDOWS\services32.exe
%WINDOWS\sysdriver32.exe
%WINDOWS\sysdriver32_.exe
%WINDOWS\systemup.exe
%WINDOWS\ufa
%WINDOWS\ufa.rar
%WINDOWS\unrar.exe
%WINDOWS\update.1
%WINDOWS\update.2
%WINDOWS\update.5.0
%Temp%\[random].exe

Delete infected registry entries:
HKEY_LOCAL_MACHINE\Software\Avira AntiVir Enhanced Protection Mode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Comodo Enhanced Protection Mode”
at 1:41 AM Posted by Roman 0 comments
Tags: ,

Tuesday, July 26, 2011

Removal of Avast Enhanced Protection Mode that benefits on stolen names

Avast Enhanced Protection Mode is the same trick that has previously been played with Norton and Eset. The idea is to take a name of renowned AV solution as a basement; put it into the beginning of the annoyware name and add the following wording: “Enhanced Security Mode”.
Through such plain procedure, relevant counterfeits have been produced to the above three trustworthy products.
The article features removal of Avast Enhanced Protection Mode malware, but the free scanner available here is a working remedy for any of the above “Enhanced” counterfeits.
The adware described here is a piece of fake security solution. It is typically installed as a content of a kind absolutely unrelated to security solutions for Windows, for instance, it might be disguised as a codec.
Once the adware has arrived, it tries to block already installed security tools. An efficient solution such as the one above would detect the adware attack and repel it.
Then the adware generates its notorious popup which states that Avast runs in enhanced mode because of crowds of viruses detected. After several similar popups, here comes inevitable urgent suggestion to activate the program. Instead of that, it is strongly recommended to refrain from trusting the rascals and get rid of Avast Enhanced Protection Mode malware

Avast Enhanced Protection Mode snapshot:



Manual guide:
Delete infected files:

%Users%\[UserName]\Downloads\OTS.exe
%Windows%\l1rezerv.exe
%Windows%\systemup.exe
%Windows%\sysdriver32.exe

Delete infected registry entries:

HKEY_LOCAL_MACHINE\Software\Avast Enhanced Protection Mode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Avast Enhanced Protection Mode”
at 9:23 AM Posted by Roman 0 comments
Tags:

Monday, July 25, 2011

Removal of Norton Antivirus Enhanced Protection Mode virus

Norton Antivirus Enhanced Protection Mode is a name of popular advertisement virus. Its name speaks for itself, so that program is declared by its distributor/creator an award-winning security solution. Yet it bears name which sounds somewhat familiar even to minor experience users, nothing to say of the majority of people consuming computer services as most of them, beyond any doubt, have heard something of such legitimate utility as Norton and thus are inclined to instinctively consider the counterfeit as true security solution
Genuine NortonAntivirus is a fair software product that has nothing to do with the scamware this article is going to warn users about, but the hackers stole the name of legitimate program to make their sham security tool sound legitimate.
Remove Norton Antivirus Enhanced Protection Mode long-name scam and do not confuse it with legitimate products, especially the one which name is used as part of its name in violation of every intellectual property rule.
The above name designates total counterfeit, which means it does not make a single attempt to deliver the benefits mentioned in its official description. To makes things worse, it interferes with a range of useful programs and disorders computer system while ensuring its startup registry values are properly added and there are no obstacles for its popups.
Click here to get rid of Norton Antivirus Enhanced Protection Mode annoying advertisement, as well as to find and delete other scurrility risks as detected by free scanner.

Norton Antivirus Enhanced Protection Mode remover:

at 9:34 AM Posted by Roman 0 comments
Tags:

Sunday, July 24, 2011

Remove Bogema Security 2011 Bad Imitation

Bogema Security 2011 reports infections in places that are hidden by default as these are locations to store critical system files. Since the program is a mock of genuine security tool, there are no genuine detections among those so called infections. However, there might be real locations where quite safe files are stored, but the malicious program deliberately assigns scary names to them.
The names assigned by the adware are infection names that have been elaborated by real malware experts and are used in the course of real scan. The hackers masterminding the bad imitation did not invent original names for their detections and use infection names extracted from several databases.
The expected by hackers outcome of the trickery is activation of the program. This is not to be done under any circumstances, for activation of the adware does not only waste your money into useless product, but enables the malware to update itself and draw special attention of hackers to the computer system.
Get rid of Bogema Security 2011, especially if the adware has managed to persuade you to activate it. Free scanner with Bogema Security 2011 remover is available here.

Bogema Security 2011 snapshot:





Manual removal guide:
Delete infected files:
[Random characters].exe
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random characters].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ‘http=127.0.0.1:8992′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’1′
at 12:39 AM Posted by Roman 0 comments
Tags:

Wednesday, July 20, 2011

Get rid of Win32/Zwangi browser adware

Win32/Zwangi is a classical case of malicious helper object for browsers. It mainly deals with Internet Explorer and is designed to exploit breaches of Microsoft programs.
The infection achieves the goal of promoting a range of websites by changing settings of computer browser which have been set by default or by user. Therefore removal of Win32/Zwangi needs to be made in one move with relevant system adjustments to previous state or to new state that you prefer.
The suggested here Win32/Zwangi remover automatically sets browser adjustments to the state which provides no possibility of unapproved by user redirections.
Zwangi infection is mainly notorious for redirecting web-browsing to same name page (Zwangi.com). The page is a fake helper for web-searches. The suggested above action will ensure that it will not appear in no agreement with you in your browser window.

AdWare.Win32.Zwangi variants:

AdWare.Win32.Zwangi.ib
AdWare.Win32.Zwangi.dcl
AdWare.Win32.Zwangi.abx
AdWare.Win32.Zwangi.abw
AdWare.Win32.Zwangi.za
AdWare.Win32.Zwangi.cea
AdWare.Win32.Zwangi.fip
AdWare.Win32.Zwangi.fmz.
AdWare.Win32/Zwangi.B


Win32/Zwangi remover download:



at 12:18 AM Posted by Roman 0 comments
Tags:

Monday, July 18, 2011

Remove Zentom System Guard which does not keep its promise

Zentom System Guard is capable of functioning as expected by its developers only in Windows. Other computer systems would not accept it.  However, the infection does not give up and might cause malfunctioning of such computer systems and programs concerned.
Needless to say, it is reasonably considered a Windows targeting infection. It is devised to imitate computer scan offering full scope of declared features which multi-purpose utility for computer defense would perform. But, in this case words remain only words, for not a single promised feature functions. For instance, scan progress window has several variations representing prepared in advance scenarios. Folders and even drives specified in such  scan windows might mismatch with actual  structure of computer memory, which the program pretends to examine.
Removal of Zentom System Guard is not available for Windows user via Add/Remove table. Users of other operating systems, as well as other users need to apply special technology or utility to get rid of Zentom System Guard – comprehensive system cleanup with the adware covered and free scan provided is available here.



Zentom System Guard manual removal guide:
Delete infected files:
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\enemies-names.txt
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\local.ini
%TEMP%\2AD39F.dmp
%APPDATA%\Adobe\plugs\KB2721125.exe
%TEMP%\2A9473.dmp
%USERPROFILE%\Start Menu\Programs\Startup\Zentom System Guard.lnk
%TEMP%\WER13.tmp
%TEMP%\FY11.tmp
%TEMP%\2B88A7.dmp
%TEMP%\WER15.tmp
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
%TEMP%\2A8F24.dmp
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
%APPDATA%\Adobe\plugs\KB2692265.exe
%TEMP%\44d18f1b51a1182dac79e4320ec31538310a8c5f
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
%USERPROFILE%\Start Menu\Zentom System Guard.lnk
%TEMP%\WER14.tmp
%TEMP%\WER13.tmp.dir00\appcompat.txt
%TEMP%\WER14.tmp.dir00\appcompat.txt
%TEMP%\WER15.tmp.dir00\appcompat.txt
%TEMP%\2AE6AA.dmp
%TEMP%\WER16.tmp.dir00\appcompat.txt
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\hookdll.dll
Delete infected registry entries:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\
HKEY_CURRENT_USER\SESSIONINFORMATION\PROGRAMCOUNT = 4
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NV716SAVER.EXE = “%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe”
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\DISPLAYICON = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe,0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\DISPLAYNAME = Zentom System Guard
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\INSTALLLOCATION = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\NOMODIFY = 1
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\NOREPAIR = 1
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\UNINSTALLSTRING = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe /uninstall
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\AFFID = 7071627000
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\COID = Mjg5MzUxNTgyMjc4OTk5M1ZDuo9FTE
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATABASE_VERSION = 246
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARL1 = KRoAGVdOQwQJHBA2QQoa
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARL2 = KRoAGVdOQwQJHBA2QQoa
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARLA
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\INST = ok
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\INSTALL_TIME = 4/21/20[private subnet] PM
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\VIRUS_SIGNATURES = 64274
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\*KB2721125.EXE = “%APPDATA%\Adobe\plugs\KB2721125.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%TEMP%\err.log2675046


 
at 1:10 PM Posted by Roman 0 comments
Tags:
Subscribe to: Posts (Atom)