How to Remove Sysinternals Antivirus Rogue Anti-Spyware?
# This article How to Remove Sysinternals Antivirus Virus is an article in Spyware Removal Instructions, the original author is Security-Wire.com .You can read more information in the following:
Sysinternals Antivirus Information:
Sysinternals Antivirus is a successor of the rogue anti-spyware applications known as AKM Antivirus 2010 Pro, Your PC Protector and XJR Antivirus. Sysinternals Antivirus takes advantage of a Trojan in order to creep inside your computer without your knowledge and permission. The Trojan also modifies system registry and makes Sysinternals Antivirus run automatically every time your system boots up. Once running, Sysinternals Antivirus runs its fake scanners and displays a list of non-existing virus. Sysinternals Antivirus will also flood your desktop and Task Bar with various irritating security alerts and make your computer impossible to use. And you will be directed to its website when you click on any popup Sysinternals Antivirus triggers. Sysinternals Antivirus may block your applications, especially security applications and hijack your IE browser. Sysinternals Antivirus may even warns you that “Application cannot be executed. The file xxx is infected.” Please don’t fall in the trap of Sysinternals Antivirus. The goal of all its activities is to make you buy the full version of Sysinternals Antivirus which doesn’t actually detect and remove virus. The removal guide of Sysinternals Antivirus is available right below.
Sysinternals Antivirus Screenshot:
Manual Removal
Note: If you are not proficient with computer, it’s suggested that you backup your registry before manually removing Sysinternals Antivirus Rogue Anti-Spyware. And double check the entries that you are going to delete, or your computer can’t work for missing some files.
Registry entries you need to delete:
HKEY_CURRENT_USER\Software\Sysinternals Antivirus
HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “novavapp”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “novavappr”
Files you need to delete:
%Program Files%\adc_w32.dll
%Program Files%\alggui.exe
%Program Files%\extra1.dat
%Program Files%\extra2.dat
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\scdata
%Program Files%\scdata\dbsinit.exe
%Program Files%\scdata\wispex.html
%Program Files%\scdata\images
%Program Files%\scdata\images\i1.gif
%Program Files%\scdata\images\i2.gif
%Program Files%\scdata\images\i3.gif
%Program Files%\scdata\images\j1.gif
%Program Files%\scdata\images\j2.gif
%Program Files%\scdata\images\j3.gif
%Program Files%\scdata\images\jj1.gif
%Program Files%\scdata\images\jj2.gif
%Program Files%\scdata\images\jj3.gif
%Program Files%\scdata\images\l1.gif
%Program Files%\scdata\images\l2.gif
%Program Files%\scdata\images\l3.gif
%Program Files%\scdata\images\pix.gif
%Program Files%\scdata\images\t1.gif
%Program Files%\scdata\images\t2.gif
%Program Files%\scdata\images\Thumbs.db
%Program Files%\scdata\images\up1.gif
%Program Files%\scdata\images\up2.gif
%Program Files%\scdata\images\w1.gif
%Program Files%\scdata\images\w11.gif
%Program Files%\scdata\images\w2.gif
%Program Files%\scdata\images\w3.jpg
%Program Files%\scdata\images\word.doc
%Program Files%\scdata\images\wt1.gif
%Program Files%\scdata\images\wt2.gif
%Program Files%\scdata\images\wt3.gif
%Program Files%\Sysinternals Antivirus
%Program Files%\Sysinternals Antivirus\Sysinternals Antivirus.exe
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\lleod150
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmharun.log
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmrun.log
%Documents and Settings%\[User Name]\Start Menu\Programs\Sysinternals Antivirus
%Documents and Settings%\[User Name]\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
Please, be aware that manual removal of Sysinternals Antivirus Rogue Anti-Spyware is a cumbersome task and can not always ensure complete removal of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. That’s why it’s strongly recommended automatic removal of Sysinternals Antivirus Rogue Anti-Spyware, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.
Automatic Sysinternals Antivirus Rogue Anti-Spyware Removal:
1. Restart your computer and keep pressing F8 Key before Windows launches. Use the arrow keys to select the “Safe Mode with Networking” option, and then hit ENTER Key to continue.
2. Download Sysinternals Antivirus Virus Remover , install it and update its database to the latest. After that, restart your computer so as to make Sysinternals Antivirus Virus Remover fully functional. Repeat Step 1 into Safe Mode and run an Online Scan of your computer so that Sysinternals Antivirus Virus Remover can detect all potential malware in your system.
NOTE: If you have problem installing Sysinternals Antivirus Virus Remover, you can download this correction script, unzip it and then double click to run it. It will correct your registry settings that the virus has modified. Then double click the program and finish the installation.
3. After the Online Scan finishes, click “Details” for the malware detected to make sure that your important data are not infected and removed. Ignore or select the scan result and click “Remove” to remove the threats. Reboot your computer and let Sysinternals Antivirus Virus Remover delete all detected virus.
4. Click to repair your corrupted registry
Why should you need to repair the registry?
As we all know, virus and Trojans modify and destroy system registry and make the computer malfunction so that the computer will not perform normally. Even if the virus and Trojans are removed, the registry is still destroyed or modified, so the computer still has problems. That’s the very reason why you need to repair the registry. At the meanwhile, some virus and Trojans leave some DLL files in the registry and this will cause strange DLL errors and affect the computer performance.
To make your computer run as perfectly as before or much faster than before:
1. Download and install Multi-Awarded Registry Tool.
2. Run a full scan of your registry.
3. Click “Repair Problems” and repair all errors detected.
After these 3 easy steps, your computer will run much faster than before within minutes!
Related posts:
Step by Step Uninstall/remove Your PC Protector Guide | Security-Wire.com on June 4th, 2010
[…] PC Protector is a rogue anti-spyware program from the same family as AKM Antivirus 2010 Pro, Sysinternals Antivirus and XJR Antivirus. Your PC Protector is promoted and installed through the help of Trojans. When […]