Archive for February, 2011

What is Internet Security Essentials, How to remove Internet Security Essentials

Monday, February 21st, 2011

Internet Security Essentials is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Internet Security Essentials associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\AB120_121.exe
%UserProfile%\Application Data\Internet Security Essentials
%UserProfile%\Application Data\Internet Security Essentials\cookies.sqlite
%UserProfile%\Desktop\Internet Security Essentials.lnk
%UserProfile%\Start Menu\Internet Security Essentials.lnk
%UserProfile%\Application Data\Internet Security Essentials\Instructions.ini
%UserProfile%\Start Menu\Programs\Internet Security Essentials.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security Essentials.lnk

Internet Security Essentials associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Security Essentials

Core filename: AB120_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\AB120_121.exe
HijackThis shows Internet Security Essentials:

O4 – HKCU\..\Run: [Internet Security Essentials] “C:\Documents and Settings\All Users\Application Data\da2933\AB120_121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Internet Security Essentials removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.

What is Windows User Satellite, How to remove Windows User Satellite

Thursday, February 17th, 2011

Windows User Satellite is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Windows User Satellite associated files and folders:

%AppData%\[RANDOM CHARACTERS].exe

Windows User Satellite associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\[RANDOM CHARACTERS].exe”

Core filename: [RANDOM CHARACTERS].exe
Description: Windows User Satellite is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, Windows User Satellite will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Windows User Satellite from your computer for free using legitimate free antimalware software.

How to remove: use the Windows User Satellite removal instructions.

What is AntiVira Av, How to remove AntiVira Av

Wednesday, February 9th, 2011

AntiVira Av is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

AntiVira Av associated files and folders:

%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe

AntiVira Av associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:11215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows AntiVira Av:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: AntiVira Av is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, AntiVira Av will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove AntiVira Av from your computer for free using legitimate free antimalware software.

How to remove: use the AntiVira Av removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).