Your best source of information and news about BIOS, microsoft and software on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Rogue Antivirus

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category Rogue Antivirus.

Manual Removal of W32/AntivirusPlus.BZ Trojan

Manual Removal of W32/AntivirusPlus.BZ Trojan
W32/AntivirusPlus.BZ is a trojan. The trojan will infect Windows systems.
It displays an attractive interface to entice the user to click on it.

This trojan Copies its files to Program Files\Antivirus Plus, Windows\system, Documents and Settings\Default User\Local Settings\Temporary Internet Files as hidden files or active non-hidden files.
This trojan information updated on June 12, 2009.
Other names of W32/AntivirusPlus.BZ Trojan:
This trojan is also known as Win32.TRCrypt.XPACK, TrojanDownloader:Win32/Renos.BAO, Fraudtool.AntivirusPlus.V.

Damage Level : Medium/High
Distribution Level: Medium
W32/AntivirusPlus.BZ Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • [ Kill the Process, Use Killbox if your Access Denied ]
Download W32/AntivirusPlus.BZ Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

  • %Windows\System\kernel32.exe
  • %Windows\System\dop.exe
  • %Windows\System\svchost.exe
  • %Program Files\Antivirus Plus\AntivirusPlus.exe
  • %Windows\System32\InternetExplorer.dll
  • %Documents and Settings\Default User\Local Settings\Temporary Internet Files\InternetExplorer[1].dll
  • %Documents and Settings\Default User\Local Settings\Temporary Internet Files\AntivirusPlus[1].exe
  • %Documents and Settings\Default User\Local Settings\Temporary Internet Files\se[1].exe
    [ No Exact Information about Files, search above related files in Program files Folder ]
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
W32/AntivirusPlus.BZ Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
     and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
W32/AntivirusPlus.BZ Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
Delete The Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run
Delete file entries from right side
Search Registry For W32/AntivirusPlus.BZ Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Ultimate Links PC Tips

Written by FireFly on June 22nd, 2009 with no comments.
Read more articles on Rogue Antivirus and W32/AntivirusPlus.BZ and manual removal and removal of trojan and antivirus and otherSoftware and Windows.

Manual Removal of W32/AntiSpySpider Trojan

Manual Removal of W32/AntiSpySpider Trojan
W32/AntiSpySpider is a rogue. The trojan will infect Windows systems.
This trojan information updated on April 5, 2009.
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user’s computer, or by pretending the computer is infected.
This is the detection for the rogue antispyware program AntiSpySpider, and the downloaders it installs on the infected system.

Damage Level : Medium/High
Distribution Level: Medium
No Removal Tool for W32/AntiSpySpider Trojan
W32/AntiSpySpider Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • [ Kill the Process, Use Killbox if your Access Denied ]
Download W32/AntiSpySpider Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

  • %WINDOWS\system32\sft.res
  • %WINDOWS\system32\sockins32.dll
  • %WINDOWS\system32\sockots64.dll
    [ No Exact Information about Files, search above related files in Program files Folder ]
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
W32/AntiSpySpider Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
     and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The W32/AntiSpySpider Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries
 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66186F05-BBBB-4a39-864F-72D84615C679}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66186F05-BBBB-4a39-864F-72D84615C679}\InProcServer32

“sockins32.dll” ThreadingModel = “Apartment”

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
“Microsoft copyright”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\InprocServer32 = “sockins32.dll” ThreadingModel = “Apartment”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186F05-BBBB-4a39-864F-72D84615C679}
“Systray component”
Locale = “EN”
StubPath = “rundll32 sockins32.dll,InitModule”
IsInstalled = dword:00000001
Version = “1,0,0,2″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebProxy = “{66186F05-BBBB-4a39-864F-72D84615C679}”
HKEY_LOCAL_MACHINE\SOFTWARE\TSoft
Delete file entry from right side

Search Registry For W32/AntiSpySpider Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Ultimate Links PC Tips

Written by FireFly on April 12th, 2009 with no comments.
Read more articles on W32/AntiSpySpider and Rogue Antivirus and manual removal and removal of trojan and otherSoftware.

Manual Removal of W32/UltimateFix Trojan

Manual Removal of W32/UltimateFix Trojan
W32/UltimateFix is a trojan. The trojan will infect Windows systems.
This trojan information updated on March 30, 2009.
Other names of W32/UltimateFix:
This trojan is also known as W32/UltimateFix.
UltimateFix variants commonly launch a downloader that installs the application.
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user’s computer, or by pretending the computer is infected.

Damage Level : Medium/High
Distribution Level: Medium
No Removal Tool for W32/UltimateFix Trojan
W32/UltimateFix Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • [ Kill the Process, Use Killbox if your Access Denied ]
Download W32/UltimateFix Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

  • %Desktop\UltimateFixer 2007.lnk
  • %ProgramFiles\UltimateFixer 2007\Register UltimateFixer 2007.lnk
  • %ProgramFiles\UltimateFixer 2007\Start UltimateFixer 2007.lnk
  • %ProgramFiles\UltimateFixer 2007\Uninstall UltimateFixer 2007.lnk
  • %ProgramFiles\Ultimate Fixer\program.info
  • %ProgramFiles\Ultimate Fixer\ufixer.pkg
  • %ProgramFiles\Ultimate Fixer\UltimateFixer.db
  • %ProgramFiles\Ultimate Fixer\UltimateFixer.exe
  • %ProgramFiles\Ultimate Fixer\Uninstall.exe
    [ No Exact Information about Files, search above related files in Program files Folder ]
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
W32/UltimateFix Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
     and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The W32/UltimateFix Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Delete The Entries or by Searching the File Names
 HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Delete file entry from right side [ UltimateFixer.exe ]
Search Registry For W32/UltimateFix Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Ultimate Links PC Tips

Written by FireFly on March 31st, 2009 with no comments.
Read more articles on UltimateFixer.exe and W32/UltimateFix and Rogue Antivirus and manual removal and otherSoftware and removal of trojan and Windows.