Archive for March, 2011

What is Windows Power Expansion, How to remove Windows Power Expansion

Saturday, March 26th, 2011

Windows Power Expansion is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Windows Power Expansion associated files and folders:

%AppData%\Microsoft\[RANDOM CHARACTERS].exe

Windows Power Expansion associated registry keys and values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[RANDOM CHARACTERS].exe”

Core filename: [RANDOM CHARACTERS].exe
Description:Windows Power Expansion is a fake antivirus program that installed through the use of Microsoft Security Essentials Alert trojan without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, this malware will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake antivirus! Instead, follow the removal guide below to remove Windows Power Expansion from your computer for free using legitimate free antimalware software.

How to remove: use the Windows Power Expansion removal instructions.

What is Windows Remedy, How to remove Windows Remedy

Tuesday, March 15th, 2011

Windows Remedy is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Windows Remedy associated files and folders:

%AppData%\Microsoft\[RANDOM CHARACTERS].exe

Windows Remedy associated registry keys and values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[RANDOM CHARACTERS].exe”

Core filename: [RANDOM CHARACTERS].exe
Description:Windows Remedy is a fake antivirus program that installed through the use of Microsoft Security Essentials Alert trojan without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, this malware will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake antivirus! Instead, follow the removal guide below to remove Windows Remedy from your computer for free using legitimate free antimalware software.

How to remove: use the Windows Remedy removal instructions.

What is Windows Troubles Remover, How to remove Windows Troubles Remover

Saturday, March 12th, 2011

Windows Troubles Remover is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Windows Troubles Remover associated files and folders:

%AppData%\Microsoft\[RANDOM CHARACTERS].exe

Windows Troubles Remover associated registry keys and values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[RANDOM CHARACTERS].exe”

Core filename: [RANDOM CHARACTERS].exe
Description:Windows Troubles Remover is a fake antivirus program that installed through the use of Microsoft Security Essentials Alert trojan without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, this malware will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake antivirus! Instead, follow the removal guide below to remove Windows Troubles Remover from your computer for free using legitimate free antimalware software.

How to remove: use the Windows Troubles Remover removal instructions.

What is System Defender, How to remove System Defender

Friday, March 11th, 2011

System Defender is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

System Defender associated files and folders:

C:\Program Files\System Defender
C:\Program Files\System Defender\System Defender.dll
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
%UserProfile%\Desktop\System Defender.lnk
%UserProfile%\Start Menu\Programs\Startup\{RANDOM}.lnk
C:\Documents and Settings\All Users\Application Data\{RANDOM}.avi
C:\Documents and Settings\All Users\Application Data\{RANDOM}.ico
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\{RANDOM}.lnk

System Defender associated registry keys and values:

HKEY_CLASSES_ROOT\CLSID\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}
Description: System Defender is a fake antivirus program. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, System Defender will display numerous fake security alerts and may block the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove System Defender from your computer for free using legitimate free antimalware software.

How to remove: use the System Defender removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is Antivirus Monitor, How to remove Antivirus Monitor

Monday, March 7th, 2011

Antivirus Monitor is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Antivirus Monitor associated files and folders:

%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe

AAntivirus Monitor associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:11215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows Antivirus Monitor:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: Antivirus Monitor is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, Antivirus Monitor will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Antivirus Monitor from your computer for free using legitimate free antimalware software.

How to remove: use the Antivirus Monitor removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).