Wednesday, February 27, 2008

X-Max net hijacker removal. Remove X-Max net

X-Max net is the malicious hijacker that replaces Webcry and Search-daily. It will redirect your web searches. X-Max is extremely dangerous for your privacy and security. It can show commercial advertismnets and generate false positives to trick you into buying rogue anti-spyware products. We recomend to remove it using X-max.net remover with free scan.

Tuesday, February 26, 2008

WinXDefender 2,1 removal instructions. How to get rid of WinXDefender

WinXDefender 2.1 is the latest rogue with malicious features. WinXDefender may be installed onto your computer through trojan horses that launch fake security alerts. WinXDefender may give you exaggerated security scans and/or popup security alerts to try to scare you into buying WinXDefender. This rogue usually slows your PC and causes system errors and slowdowns. Download WinXDefender Remover (Spyware Doctor anti-spyware with free scan) to get rid of this nasty spyware.

WinXDefender snapshots:



Screenshots from bleepingcomputer.com

WinXDefender automatical remover:

WinXDefender manual removal instructions:

Delete infector files:

WinXDefender
WinXDefender.exe
defender_setup[1].exe
Start WinXDefender.lnk
WinXDefender Uninstall.lnk
WinXDefender.lnk
Remove WinXDefender registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
”WinXDefender” = “C:\Program Files\WinXDefender\WinXDefender.exe”

Monday, February 25, 2008

Security Toolbar 7.1 Removal - Remove Security Toolbar 7.1

Security Toolbar 7.1 is a malicious toolbar affilated with Zlob trojan. It generates fake spyware detection reports, popups, system tray notifications to scare user and force to download and purchase rogue antispyware product. Security Toolbar 7.1 can seriously damage your computer and erase sensitive data. In addition Security Toolbar 7.1 can hijack your homepage showing fake Security Center page. We strongly recomend to download Security Toolbar 7.1 removal tool with 100% free scan to get rid of this nasty malware.

Security Toolbar 7.1 will popup the following mesages:
"Critical System Error",
"W32.Myzor.fk@yf"
"Your computer is infected",
"Trojan-Spy.win32@mx",
"Virus Alert",
"Security Alert"
"System Alert" or
"Spyware.Cyberlog-X"


Security Toolbar 7.1 screenshots:

Security Toolbar 7.1

Zlob (Security Toolbar 7.1) tray baloons:
Security Toolbar 7.1 removal tool:

Security Toolbar 7.1 manual removal instructions:
Remove Security Toolbar 7.1 files
eowygj.dll,
Ygjun.dll,
dxovx.dll
vgibz.dll
psndz.dll
cqsfk.dll
wzhtjqo.dll
lrnjnzf.dll
zpuwriz.dll
tkrsw.dll
afzdbl.dll
bgwttyl.dll
dyrwls.dll
ugofuq.dll
gtawclv.dll
vjxwnn.dll
khtbpdl.dll
cfqbw.dll
fdpzgi.dll
gusur.dll
Remove Security Toolbar 7.1 registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{5574E139-F59C-4bee-9A61-150B0D3A16C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}

Sunday, February 24, 2008

Networm-i.Virus@fp tray baloons removal - Networm-i.Virus@fp remover

Networm-i.Virus@fp is not a real worm. It's a fake security alert generated by Zlob.Trojan to promote rogue anti-spyware products (MalwareCrush, Virus Heat, Virus Protect and other). This trojan will show message (system tray notification) about Networm-i.Virus@fp infection every 2-5 minutes. This may slow your computer and may cause serious system errors. We recomend to use Spyware Doctor anti-spyware to remove Networm-i.Virus@fp fake spyware alert, Zlob.Trojan and rogue anti-spyware infections.

Networm-i.Virus@fp screenshot:

Networm-i.Virus@fp Automatical Remover:

Networm-i.Virus@fp manual removal guide:
Remove Networm-i.Virus@fp files:
ncompat.tlb
dtjby.dll
uimcu.dll
%UserProfile%Application DataMicrosoftCryptoRSA
%UserProfile%Application DataMicrosoftProtect
dumpserv.com nvctrl.exe
msmsgs.exe
hp[X].tmp
msvol.tlb
RSA
Protect
vnp7s.net
zxserv0.com
dumpserv.com
antzozc.dll
Remove Networm-i.Virus@fp registry entries:
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon
Shell=explorer.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogon
Shell=explorer.exe, msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV
SOFTWAREMicrosoftInternet ExplorerToolbar{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler
{60dea04c-9817-4309-bfa2-f8a1766c3cd1}
unsome
SoftwareMicrosoftInternet ExplorerToolbarWebBrowser{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
SOFTWAREMicrosoftWindowsCurrentVersionpoliciesexplorer
{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
{60dea04c-9817-4309-bfa2-f8a1766c3cd1}
{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
SOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}
unstart

Vundo Trojan Removal Instructions - Vundo Remover

Vundo Trojan (Virtumonde, Virtumondo) is a dangerous trojan horse that launches annoying popup ads on your computer and secretly download malware programs. Vundo creates a DLL file in the Windows system32 directory and writes registry entries, causing Windows to inject the file into winlogon.exe and many other programs. Because Trojan Vundo runs tons of popup ads, it really slows down your computer. Trojan Vundo can open huge security holes and secretly install spyware programs. We recomend to remove it using Spyware Doctor anti-spyware with free scan.

Vundo Trojan Removal Tool:


Vundo Trojan manual removal instructions:
Remove Vundo registry keys and subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State


WinSecurAV Removal Instructions

WinSecureAV (www.winsecureav.com) is a rogue anti-spyware program that can damage your computer. WinSecureAV display false security warnings and malware detection reports to scare users into buying full version of this needless program. Likewise other rogue applications, it can install other malware, capture browser's homepage, redirect search results, display ad's and do other troubles with your operating system and computer. Download WinSecureAV removal tool to get rid of this crap.

WinSecureAV screenshot:

screenshot from pcthreat.com

WinSecureAV automatical removal tool:

WinSecureAV manual removal instructions:
Remove WinSecurAV files:
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll

Remove WinSecureAV registry entires:
HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\run, winsecureav=
HKEY_LOCAL_MACHINE\software\products, prodname=winsecureav=
HKEY_LOCAL_MACHINE\software\products, rdomain=winsecureav.com=

Saturday, February 23, 2008

Ekvgsnw Removal Tool - Remove Ekvgsnw Toolbar

Ekvgsnw is a new malicious toolbar that will generate tonns of fake spyware warnings, forcing user to download and purchase rogue anti-spyware applications. Ekvgsnw Toolbar results from Zlob.Trojan infection. Ekvgsnw Toolbar dramatically slows down your computer and Internet connection speeds. We recomend to remove Ekvgsnw Toolbar using Spyware Doctor antispyware with free scan.

Ekvgsnw Toolbar Remover:

Ekvgsnw Toolbar SnapShot:


Ekvgsnw Manual Removal:
Remove Ekvgsnw files and dll's:
ekvgsnw.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll

Remove Ekvgsnw Toolbar registry entires:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

Friday, February 22, 2008

New misleading application - WinPerfomance. WinPerfomance removal.

WinPerfomance is a new fake perfomance optimizer and system cleaner. It reports false or exaggerated system problems on the computer to trick you into buying it's full version. It can slow your computer and cause system errors. Download WinPerfomance removal tool to get rid of this malware.

WinPerfomance screenshots:


WinPerfomance Removal Tool:

Wednesday, February 20, 2008

FilesSecure Removal Tool - Remove Files Secure 2.1

Files Secure 2.1 is the misleading application, fake spyware and compromising files cleaner. It shows false positives to scare user and trick into buying "full license". NEVER download or purchase this malware. It can damage your computer. If your system is already infected - download automatical remover (Spyware Doctor anti-spyware).

Files Secure screenshot:



Files Secure Removal Tool:
Files Secure manual removal instructions:
Remove FilesSecure Registry Values:
5792244C-2237-459B-8E84-FA78184843A8
4722D065-A352-42FB-924C-EAEF5A1AE571
F10587E9-0E47-4CBE-84AE-7DD20B8684CC
F10587E9-0E47-4CBE-84AE-7DD20B8685CC
Unregister FilesSecure DLL Files:
VideoMP3.dll
PowerVideo.dll
sysosa.dll
pandsf.dll
mp3avi.dll
sysdivx.dll
windivx.dll
findsiteonline.dll
Delete these FilesSecure Files:
secure.exe
Files Secure 2.1.lnk
VideoMP3.dll
PowerVideo.dll
sysosa.dll
pandsf.dll
secure.db1
secure.db2
secure.db3
secure.db4
secure.db5
mp3avi.dll
sysdivx.dll
windivx.dll
findsiteonline.dll

Tuesday, February 19, 2008

Remove Virus Heat 4.3 - VirusHeat 4.3 Removal Tool

New version of VirusHeat released! Virus Heat 4.3 have the same interface as Virus Heat 3.9 , but these two versions have different dll infectors and other files. Try manual removal instructions or download Spyware Doctor with free scan - it will remove Virus Heat 4.3 for seconds.

Virus Heat 4.3 Automatical Removal Tool:

VirusHeat 4.3 Removal Tool with Free scan

Virus Heat 4.3 manual removal instructions:
Remove VirusHeat 4.3 files, processes and unregister dll's:
wuuawkz.dll
iinqyl.dll
osdjhjc.dll
Uninstall VirusHeat 4.3.lnk
VirusHeat
4.3 Website.lnk
VirusHeat
4.3.lnk
VPPLanguage.ini
blacklist.txt
English.ini
msvcp71.dll
msvcr71.dll
uninst.exe
vht.dat
VirusHeat
4.3.exe
VirusHeat
4.3.url

Remove VirusHeat 4.3 registry entires
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKEY_CLASSES_ROOT\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}
HKEY_CLASSES_ROOT\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}
HKEY_CLASSES_ROOT\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}
HKEY_CLASSES_ROOT\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}
HKEY_CLASSES_ROOT\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}
HKEY_CLASSES_ROOT\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}
HKEY_CLASSES_ROOT\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}
HKEY_CLASSES_ROOT\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}
HKEY_CLASSES_ROOT\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}
HKEY_CLASSES_ROOT\Interface\{A1922071-390C-418D-916D-91209E95D286}
HKEY_CLASSES_ROOT\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}
HKEY_CLASSES_ROOT\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}
HKEY_CLASSES_ROOT\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}
HKEY_CLASSES_ROOT\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}
HKEY_CLASSES_ROOT\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}
HKEY_CLASSES_ROOT\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}
HKEY_CLASSES_ROOT\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat
4.3 .exe 4.3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.3
HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.3

SwiftCleaner - new malicious cleaner. Remove SwiftCleaner

SwiftCleaner is the latest software that pretends to be a PC cleaner that can remove all compromising data, cookies, temporary files and other unwanted information. But in real it's another rogue program that displays fake scan reports and warnings to trick you into buying it's full version. It can hijack your browser with www.swiftcleaner.com and show fake online scanners. We don’t recomend to download or install SwiftCleaner because it can open security backdoors and download additional spyware to track your keystrokes and steal private data. Download Spyware Doctor antispyware with free scan to remove this malware from your computer.

SwiftCleaner screenshots


SwiftCleaner web-site (www.swiftcleaner.com)




SwiftCleaner Removal Tool
SwiftCleaner manual removal instructions:
Remove SwiftCleaner files:
SwiftCleanerScanner.exe
0-49.txt
Scanner.ini
ilkjh

Emotigt Toolbar Removal Tool - Remove Emotigt Toolbar (Emotigt)

Emotigt Toolbar is the latest malicious BHO Toolbar (Browser helper object) that can be installed through Windows security holes or by Trojan.Media Star or Video Access Codec. It will generate exaggarated reprots about spyware risks and other security errors, forcing users to download rogue anti-spyware applications. Emotigt Toolbar may damage your computer and cause serious system errors and crahses We recomend to remove this toolbar using automatical removal tool with free scan.

Emotigt Toolbar Removal Tool:

Emotigt Toolbar Remover

Emotigt Toolbar Manual Removal Instructions:
Remove Emotigt Toolbar files and unregister dll's:
emotigt.dll
emotrlq.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll

Remove Emotigt Toolbar Registry Values:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

Monday, February 18, 2008

EasySprinter - new fake regitry repair tool. Remove EasySprinter

EasySprinter is the fake regitry tweaker and cleaner. Trojan horses (like Vundo or Zlob) generates fake registry error popups to trick you into downloading and buying EasySprinter's full version. Remember that programs like EasySprinter will never solve your registry errors. In addition EasySprinter can open browser security holes and install other crapware. We recomend to use Spyware Doctor anti-spyware with free scan to remove EasySprinter from your computer.

EasySprinter Removal Tool:

EasySprinter's web-site (www.easysprinter.com):



EasySprinter manual removal instructions:

Remove EasySprinter registry values:
EasySprinter
3FC8C143-F2CC-4AB1-9AC0-8B1407302795
SCToolbar.ShellBand.1
SCToolbar.ShellBand
0B187AB0-4CFF-42DA-9503-A38F6F998214
4AD56E6F-7074-41EE-8A40-583C2C76EFCD
SOFTWARE\Microsoft\Internet Explorer\Toolbar\4AD56E6F-7074-41EE-8A40-583C2C76EFCD
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\4AD56E6F-7074-41EE-8A40-583C2C76EFCD

Remove EasySprinter files:
EasySprinter.lnk
EasySprinter
Uninstall EasySprinter.lnk
cwriter

Sunday, February 17, 2008

AlfaAntivirus - how to remove?

AlfaAntiVirus is another fake virus cleaner. It will show tonns of crap ads (like spyware detection warnings) to scare user and force to pay for "full version" of this useless software. AlfaAntiVirus can infect your machine with different spyware and malware. Download Spyware Doctor with free scan to remove AlfaAntiVirus from your PC

AlfaAntiVirus Automatical Removal Tool:

AlfaAntiVirus web-site (www.alfaantivirus.com):



AlfaAntiVirus manual removal instructions:
Remove AlfaAntiVirus files and unregister dll's:
runbst.exe
ska.exe
gtb.dll
ska.dll

Remove AlfaAntiVirus registry values:
Software\Microsoft\Internet Explorer\Toolbar\03B121E9-6152-48b5-BB38-B642B21C62BD
03B121E9-6152-48b5-BB38-B642B21C62BD

Friday, February 15, 2008

SpyBurner Removal Tool - Remove SpyBurner

SpyBurner is the latest rogue antispyware (AdvancedCleaner twin). It can be installed manually from www.spyburner.com, www.pcsecuritycenter.net and other sites. Some trojan horses (like Zlob.Trojan, Virtumonde, Vundo) can show fake spyware detection reports forcing users to download and install SpyBurner. These trojans can display system tray notofications, hijack your homepage with fake SpyBurner online scanners. The purpouse of this activites is to trick user into purchasing "full" version of SpyBurner. We recomend to use Spyware Doctor antispyware, it can easily detect and remove SpyBurner and installer trojans.

SpyBurner automatical removal tool:

SpyBurner screenshots:



SpyBurner manual removal instructions:
Remove SpyBurner registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SpyBurner Free” = “”C:\Program Files\SpyBurner\SpyBurner.exe” /min”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”
SpyBurner_104911963″ = “”C:\Program Files\SpyBurner\SpyBurner” -c”
HKEY_ALL_USERS\SofTware\
SpyBurner
HKEY_LOCAL_MACHINE\SOFTWARE\SpyBurner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyBurner
HKEY_LOCAL_MACHINE\SOFTWARE\SpyBurner_

Remove SpyBurner files:
SpyBurner.exe
SpyBurner.lnk
dkto.dll
Uninstall SpyBurner

Wednesday, February 13, 2008

Antispywareupdates.net - new rogue promoting crap site

Antispywareupdates.net is the malicious web site that promote well known rogue anti-spyware programs such as SpyAway and Perfect Cleaner. Antispywareupdates.net can hijack your homepage and display annoying security warnings and fake online scanners. We recomend to download Spyware Doctor, it will remove Antispywareupdates.net for seconds.

Antispywareupdates.net screenshot:



Antispywareupdates.net automatical removal tool:


Tuesday, February 12, 2008

Emotrlq Toolbar Removal Tool - Remove Emotrlq Toolbar

Emotrlq Toolbar is a fake security toolbar that pretends to be the from spam and popup blocker and spyware remover. But in real Emotrlq generates fake spyware detection reports to trick users into downloading and purchasing fake antispyware programs (like VirusHeat 3.9). This malicious toolbar can slow your computer and may cause serious system errors and even crashes. We recomend to remove it using Spyware Doctor antispyware with free scan.

Emotrlq Toolbar Screenshot (note: there are many Emotrlq Toolbar skins) :

Emotrlq Toolbar Remover:

Emotrlq Toolbar Manual Removal:
Remove Emotrlq Toolbar files and unregister dll's:
emotrlq.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll

Remove Emotrlq Toolbar registry keys:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

Remove Puresafetyhere.com hijacker. Puresafetyhere.com removal tool

Puresafetyhere.com description:
Puresafetyhere.com is a browser hijacker that generates fake spyware detection reports (Myzor@.fk and others) to trick you into buying full verions of rogue anti-spyware programs. Puresafetyhere.com can slow your computer and secretly install dangerous spyware. Download Spyware Doctor antispyware with free scan to remove Puresafetyhere.com from your computer

Puresafetyhere.com screenshots:

Puresafetyhere.com automatical remover with free scan


Puresafetyhere.com manual removal instructions:
Remove Puresafetyhere.com registry entires:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}


Remove Puresafetyhere.com files:
icmntr.exe
icthis.exe
ictun.exe
icun.exe
isfmm.exe
isfmntr.exe
isfun.exe
pmuninst.exe
gtawclv.dll
Online Security Guide.url
Security Troubleshooting.url
Online Security Guide.url
Security Troubleshooting.url
pmmon.exe
gtawclv.dll
vjxwnn.dll
cfqbw.dll
fdpzgi.dll
vmlwp.dll
veptlh.dll
isfmdl.dll

Saturday, February 9, 2008

Iwannaseeyounude.com/scan/ - IE Defender fake scan

How to remove iwannaseeyounude.com/scan/ hijacker?
Iwannaseeyounude.com/scan/ is a browser hijacker that reults from Zlob.Trojan infection. It can slow your computer and destroy personal data. This hijacker promotes IEDefender rogue anti-spyware. If your computer was hijacked with Iwannaseeyounude.com/scan/ - download Spyware Doctor - most technologically advanced application on the Internet for detection and removal of potentially undesired items.


Iwannaseeyounude.com/scan/ Removal Tool

Iwannaseeyounude.com screenshot

Remove Powered by Zedo popups

Zedo (Powered by Zedo) is an annoying adware that will popup in the middle of the screen without warning usually when user try to search Google or another search engine. Then they would take your search term and put it in the popup ad showing Ebay or a few other sites. Pop up blockers can't remove Zedo. We recomend to use Spyware Doctor with free scan to remove Zedo cookies and files from your computer.

Zedo produces popups from this urls:
  • xads.zedo.com
  • upspiral.com
  • searchlocal.ws
  • aavalue.com
  • url.cpvfeed.com
Zedo Manual removal:
Find and remove this Zedo cookies:
  • zedo
  • c1.zedo
  • c2.zedo
  • c5.zedo
  • zedo.com
Remove Zedo files:
  • core.sys
Remove Zedo registry values:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CORE
Automatical removal:

Friday, February 8, 2008

How to remove Edfqvrw Toolbar - Edfqvrw Toolbar Remover

Edfqvrw Toolbar is the latest BHO (Browser Helper Object) that hijacks your browser and generates fake spyware detection reports. Edfqvrw Toolbar may slow your computer and cause system slowdowns and Windows errors.The Edfqvrw Toolbar usually get installed onto your PC without your permission, through Trojan, malware and virus. We recomend to use Spyware Doctor anti-spyware to remove this threat from your computer.

Edfqvrw Toolbar removal tool:

Edfqvrw Toolbar manual removal instructions:
Unregister Ekxdvft Toolbar DLL Files:
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll

Remove Ekxdvft Toolbar Registry Values:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

VirusHeat 3.9 Removal Tool

VirusHeat 3.9 is another rogue anti-spyware program created to goad you into purchasing its full version. VirusHeat may be pushed onto your system by a nefarious Trojan that will issue fake notifications regarding your computer security. Once installed, VirusHeat may also display additional popup messages from www.virusheat.com that will disrupt your Internet browsing activities. VirusHeat may recognize legitimate files as being malicious and so prompt to buy it full version. Download Spyware Doctor antispyware with free scan to remove VirusHeat.

VirusHeat Removal Tool


VirusHeat screenshot:


VirusHeat manual removal:
Remove VirusHeat files:
wuuawkz.dll
iinqyl.dll
osdjhjc.dll
iklqcx.dll
vvihh.dll
fwjgtk.dll
fwrkqfl.dll
tiqmcx.dll
zdwii.dll
mivmv.dll
tmxxxh.dll
zkpssqa.dll
ryxrho.dll
vpccw.dll
gusur.dll
ktrxe.dll
VirusHeat 3.9.exe
VirusHeat 3.9.lnk
VirusHeat 3.9.url
Uninstall VirusHeat 3.9.lnk

Remove VirusHeat registry entires:
1D52BB09-465C-4AA4-9FBD-71D1690CAED3
24998748-6E8A-40D1-AA97-E9952EE9ED18
5596A310-2E54-4B75-ADA3-7EE0AD10E228
5C17F7D3-8460-4488-84EB-986A38BEDD2D
71DF187C-DC99-4A35-BDB2-C099821A435D
74DF3F5E-99D7-4F4D-81C3-95201D4CDA88
91478017-FF82-4C5D-9FFF-7801F8D99CCC
287FFE0C-15D0-4BFD-BAA9-0582C6361BBB
45973D31-5CE3-4503-BC81-25E525119C48
46D4D563-1C43-4CEE-AF98-471385F2BC42
9F9C8CF3-EB4A-4851-A4F6-2370F5BC79EE
B1B9C911-CA24-4E1E-9F56-838486218327
C78E49C0-AB82-4C79-A189-F1E34980643B
D2A0598F-FBC4-4721-BC85-F75C0712C100
E7B2831E-A25A-430B-B3E3-3D414F9C4288
EDC652FF-2EA2-4E46-8849-D9041B77B88E
049FECE3-18C7-4023-A1BE-CFAA2C4EE387
Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 3.9.exe

Wednesday, February 6, 2008

Remove Ekxdvft Toolbar

Ekxdvft Toolbar is a new browser toolbar and hijacker. It generates false spyware detection reports to trick you into downloading fake antispyware programs. Spyware Doctor antispyware with free scan will remove Ekxdvft Toolbar (and nearly 100.000 of other spywares) for seconds.

Manual removal (only for skilled users):
Unregister Ekxdvft Toolbar dll's:
ekxdvft.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll
Remove Ekxdvft Toolbar registry entires:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

Tuesday, February 5, 2008

IECodec - new fake malware installer. IECodec removal tool and instructions

IECodec (BHO.IECodec) is a new fake codec that will try to install rogue anti-spyware programs, such as AntiVirusPro. It generates false positives and security warnings to trick users into downloading (and then buying) fake remedies. We recomend to remove IECodec using Spyware Doctor antispyware with free scan.

BHO.IE Codec screenshots:

Fake spyware detection report
Fake spyware detection warning / wallpaper hijack
Fake codec error
Internet Explorer hijacked by IECodec
Screenshots from http://siri-urz.blogspot.com/

IECodec automatical removal instructions:

IECodec manual removal guide:
Remove IECodec files:
vscodecsetup.exe iecodec.dll uninst.exe %program_files%\iecodec\iecodec.dll %program_files%\iecodec\uninst.exe %program_files%\iecodec\iecodec.dll vscodecsetup.exe %program_files%\iecodec\uninst.exe

Remove IECodec registry entires:

HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6} HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid32 HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib version HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17} HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\flags HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\helpdir HKEY_CURRENT_USER\software\classes\appid\{9f264a67-6126-451a-8d14-d6ee64364cd0} HKEY_CURRENT_USER\software\classes\appid\iecodec.dll HKEY_CURRENT_USER\software\classes\appid\iecodec.dll appid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 threadingmodel HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\progid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\programmable HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\typelib HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\versionindependentprogid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1 HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\curver HKEY_LOCAL_MACHINE\software\iecodec HKEY_LOCAL_MACHINE\software\iecodec\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} noexplorer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec uninstallstring