SecurityTool is extremely defensive scareware that can be near impossible to remove automatically. That's because SecurityTool blocks access to Task Manager, the Registry Editor, the Deskop, Safe Mode, and many executable files. You have to somehow disable the main process before any of the traditional scanners are going to work. Fortunately, a free tool from Microsoft can do the trick. Here's how.
Here's How:
1. Visit the Microsoft Process Explorer website. On the right side of the page is a link that says Run Process Explorer.
2. Click Run Process Explorer. In the ensuing dialog box, choose Save File.
3. Browse to a folder that will be easy to access from a command prompt. However, do not choose the Desktop, as SecurityTool can block access to files in the Desktop folder. Likewise, do not save the file to the Windows folder nor to any of the Windows subfolders.
4. After selecting the destination, rename procexp.exe to explorer.exe. Click Save.
5. Using command prompt, browse to the location of the saved file and run it. Once you have Process Explorer running, disable any processes that have randomnumber.exe as the name. For example, 63814426.exe or 26540522.exe or 4946550101.exe, etc.
6. You should now be able to run an up-to-date reputable antivirus or antispyware utility to remove SecurityTool. Do not reboot the system prior to full removal, otherwise the process will load again. If that should happen, repeat step 5 to disable the process.
Source: by Mary Landersman
Thursday, April 22, 2010
Remove Vista Internet Security 2010
Vista Internet Security 2010 is scareware. Vista Internet Security 2010 hooks the shell open command so that it takes control of any executable loading on the system. This includes the handling of legitimate program files. To remove Vista Internet Security 2010, follow the steps below.
Here's How:
1. Open the system registry. If you do not know how to access the system registry, please refer to the tutorial Using the Windows System Registry.
It is imperative that you open the registry first, before proceeding with the steps below.
2. After opening the system registry, press CTRL ALT DEL and select Task Manager. Click the Processes tab if not already selected.
3. Locate av.exe or ave.exe. Right click the name and choose End Process. Now go back to the registry window you opened in Step 1.
4. Vista Internet Security 2010 scareware modifies the shell open command to gain control of certain executable / program file types. (Refer to Changes to Shell Open Command for a more complete description of this method).
Search the registry for either ave.exe or av.exe (depending on which appeared in Task Manager during Step 3). You should find several keys that had their default values modified to include C:\path\ave.exe (where \path\ specifies the location of the ave.exe/av.exe file. Any occurrences in \shell\open\command need to be deleted so that only the following remains exactly as it is shown:
"%1" %*
5. After replacing the values in the \shell\open\command section of the registry, continue searching for any other occurrences of ave.exe (or av.exe) and delete the C:\path\ave.exe or C:\path\av.exe portion leaving the remainder of the value intact.
6. Leaving the registry editor open, now click Start | Run | type %appdata% and press enter. If Windows Explorer does not open or you receive an error such as "This file does not have a program associated with it", then an error was made in Step 4. If this happens, go back to the registry pane and make sure the values you changed in shell\open\command are set exactly to:
"%1" %*
7. If the registry edits were made correctly, Windows Explorer should open to the Application Data folder for the logged in user. Search that folder for ave.exe or av.exe and delete the files. Congratulations, you have removed the Vista Internet Security 2010 scareware!
If you are unable to find ave.exe or av.exe, continue to Step Eight.
8. Click Start | Run | type cmd | press enter. A command shell will now open.
9. Using cd or cd.. to maneuver through directories, change to the location of the logged in user Application Data folder.
10. Once at the appropriate folder, type the following:
attrib -r -h -s *.*
This will remove the read only, hidden, system attributes from the files in that folder.
11. Click Start | Run | type %appdata% and press enter.
You should now be able to see the ave.exe or av.exe file in that folder. Delete the file. Congratulations, you have removed the Vista Internet Security 2010 scareware!
Source: by Mary Landersman
Here's How:
1. Open the system registry. If you do not know how to access the system registry, please refer to the tutorial Using the Windows System Registry.
It is imperative that you open the registry first, before proceeding with the steps below.
2. After opening the system registry, press CTRL ALT DEL and select Task Manager. Click the Processes tab if not already selected.
3. Locate av.exe or ave.exe. Right click the name and choose End Process. Now go back to the registry window you opened in Step 1.
4. Vista Internet Security 2010 scareware modifies the shell open command to gain control of certain executable / program file types. (Refer to Changes to Shell Open Command for a more complete description of this method).
Search the registry for either ave.exe or av.exe (depending on which appeared in Task Manager during Step 3). You should find several keys that had their default values modified to include C:\path\ave.exe (where \path\ specifies the location of the ave.exe/av.exe file. Any occurrences in \shell\open\command need to be deleted so that only the following remains exactly as it is shown:
"%1" %*
5. After replacing the values in the \shell\open\command section of the registry, continue searching for any other occurrences of ave.exe (or av.exe) and delete the C:\path\ave.exe or C:\path\av.exe portion leaving the remainder of the value intact.
6. Leaving the registry editor open, now click Start | Run | type %appdata% and press enter. If Windows Explorer does not open or you receive an error such as "This file does not have a program associated with it", then an error was made in Step 4. If this happens, go back to the registry pane and make sure the values you changed in shell\open\command are set exactly to:
"%1" %*
7. If the registry edits were made correctly, Windows Explorer should open to the Application Data folder for the logged in user. Search that folder for ave.exe or av.exe and delete the files. Congratulations, you have removed the Vista Internet Security 2010 scareware!
If you are unable to find ave.exe or av.exe, continue to Step Eight.
8. Click Start | Run | type cmd | press enter. A command shell will now open.
9. Using cd or cd.. to maneuver through directories, change to the location of the logged in user Application Data folder.
10. Once at the appropriate folder, type the following:
attrib -r -h -s *.*
This will remove the read only, hidden, system attributes from the files in that folder.
11. Click Start | Run | type %appdata% and press enter.
You should now be able to see the ave.exe or av.exe file in that folder. Delete the file. Congratulations, you have removed the Vista Internet Security 2010 scareware!
Source: by Mary Landersman
Subscribe to:
Posts (Atom)