Additional Guard Removal Guide

Additional Guard is a fake anti-spyware application. Additional Guard is known to use several extortion methods to basically take money from an unsuspecting computer user in return for a bogus security program. Additional Guard can perform system scans only to return falsified parasite results. Additional Guard is not able to detect actual computer parasites but instead, displays several misleading alert messages attempting to warn a computer user of detected threats. Additional Guard does all of these actions in hopes that the user will eventually break down to purchase a full version of Additional Guard. Additional Guard is not and effective security program in the free or full version. It is recommended that Additional Guard be deleted to prevent further confusion.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
FS.exe
eb.exe
WI339.exe
ppal.exe
exec.exe
cb.exe
AG345d.exe

Unregister DLL files
cid.dll
FS.dll
energy.dll
ddv.dll
sqlite3.dll
mozcrt19.dll

Delete Registry
HKCR "xp_7a9be.DocHostUIHandler"
HKCR "CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Additional Guard"

Remove Folders and Files
$APPDATA\Additional Guard
$APPDATA\2565da61
$RECENT\PE.sys
$RECENT\kernel32.drv
$RECENT\FS.exe
$RECENT\FS.drv
$RECENT\exec.tmp
$RECENT\eb.exe
$RECENT\eb.drv
$RECENT\cid.dll
$RECENT\ANTIGEN.tmp
$RECENT\ANTIGEN.drv
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$STARTMENU\Programs\Additional Guard.lnk
$STARTMENU\Additional Guard.lnk
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk
$APPDATA\WINAGSys
$APPDATA\117fc
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$RECENT\tjd.sys
$RECENT\SICKBOY.tmp
$RECENT\ppal.exe
$RECENT\PE.drv
$RECENT\FS.dll
$RECENT\fan.drv
$RECENT\exec.exe
$RECENT\energy.sys
$RECENT\energy.dll
$RECENT\dudl.drv
$RECENT\ddv.dll
$RECENT\CLSV.tmp
$RECENT\cb.exe
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
$DESKTOP\Additional Guard.lnk

IGuardPc or I Guard PC Removal Guide

IGuardPc or I Guard PC, is a fake anti-spyware application which comes from the malicious group of hackers that created other fake security programs. IGuardPc, just like its predecessors, does not have the ability to detect and remove parasites from a PC. IGuardPc may claim to have the ability to clean your system of spyware but do not trust that.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
IGuardPc.exe
uninstall.exe

Delete Registry
HKLM "SOFTWARE\IGuardPc"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGuardPc"
HKCU "Software\IGuardPc"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "IGuardPc.exe"

Remove Folders and Files
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk
$PROGRAMFILES\IGuardPc Software
$SMPROGRAMS\IGuardPc
$DESKTOP\IGuardPc.lnk

Security Tool Removal Guide

Security Tool is a rogue anti-spyware program that uses fake security alerts and system scan results to make computer users believe that they must purchase the Security Tool program to remove the found threats. Security Tool comes from the same group of attackers that made the fake security programs System Security and Total Security 2009.

Removal Tool 1: Security Tool Removal Tool. (Download it here.)
Removal Tool 2: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
SecurityTool.exe
4946550101.exe
[random>=8digits].exe (95750127.exe, 14507623.exe, 9048246710.exe etc)

Delete Registry
HKLM "SOFTWARE\SecurityTool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool"
HKCU "Software\Vista Antivirus 2010"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run " "SecurityTool"
HKCU "Software\Security Tool"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "4946550101"

Remove Folders and Files
$PROGRAMFILES\SecurityTool
$APPDATA\4946550101
$DESKTOP\Security Tool.lnk
$STARTMENU\Programs\Security Tool.lnk

Antivirus Live Removal Guide

Antivirus Live (also known as AntivirusLive) is the latest Rogue Anti-Spyware creation from the notorious Magic Software stable. Antivirus Live uses malicious cutting-edge techniques, including the use of backdoor Trojans. Once active, Antivirus Live disables the computer's security options, making it extremely difficult to uninstall through the Control Panel or via Safe Mode. Antivirus Live then starts spewing annoying popup ads and runs a security scan which reports the fake detection of numerous viruses and threats. Antivirus Live will recommend buying its licensed copy to solve the alleged spyware problems. Do not fall for Antivirus Live's trickery. This hazardous parasite should be terminated from the system immediately

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
[random]sysguard.exe

Unregister DLL files
iehelper.dll

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\AvScan"
HKCR "CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}"
HKCU "Software\Microsoft\Internet Explorer\Download" "RunInvalidSignatures"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyOverride"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings" "ProxyServer"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Associations" "LowRiskFileTypes"
HKCU "Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" "SaveZoneInformation"

Remove Folders and Files
$WINDIR\[random]sysguard.exe
$SYSDIR\iehelper.dll

Read more:
Constants in manual removal guide

Personal Security Removal Guide

Personal Security is a clone of the rogue security software, Cyber Security. Personal Security also known as PersonalSecurity, typically spreads via sneaky Trojans or false advertisements. Personal Security will conduct a fake system scan once it has entered a system, and then produce alarming results of several parasite infections on the system. This is done to scare the user into purchasing the full version of Personal Security in order to remove all the purportedly detected parasites. Personal Security may also display numerous pop-ups and warning messages to scare the user even more. Personal Security is not a legitimate security program and should be removed immediately.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
psecurity.exe
Inst_2013[1].exe

Unregister DLL files
win32extension.dll

Delete Registry
HKLM "SOFTWARE\Personal Security"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "PSecurity"
HKCR "CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}"
HKLM "SOFTWARE\5FFB10D58FFCF482208906E6A889FD56"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform" "WinTSI 01.12.2009"

Remove Folders and Files
$SMPROGRAMS\Personal Security
$SMPROGRAMS\PSecurity
$PROGRAMFILES\Personal Security
$PROGRAMFILES\PSecurity
$APPDATA\Personal Security
$APPDATA\PSecurity
$PROGRAMFILES\Common Files\PSecurityUninstall
$APPDATA\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
$SYSDIR\win32extension.dll

Read more:
Constants in manual removal guide

Control Center Removal Guide

Control Center is a Rogue Anti-Virus application that has the same characteristics as the notorious Privacy Center malware program. To avoid Control Center, Internet users must be aware of websites they visit and the files downloaded onto the computer. Control Center spreads via the Internet so browsing must be exercised with extreme caution. The Control Center virus can also come from a fake security website or fake multi-media websites that ask users to download a fake code needed to view a video online. If detected, Control Center must immediately be terminated.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Control Center Removal Guide
Kill Process
(How to kill a process effectively?)
agent.exe
cc.exe
uninstall.exe

Delete Registry
HKEY_CURRENT_USER\Software\Control Center
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Control Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Control Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Control Center

Remove Folders and Files
%Documents and Settings%\All Users\Start Menu\Programs\Control Center
%Program Files%\Control Center
%Documents and Settings%\All Users\Application Data\Control Center

Security Center Removal Guide

Security Center is a replica of Privacy Components and Secret Service, which are dangerous rogue anti-spyware applications. Security Center, through a Trojan infection such as Vundo, is able to be installed without permission from the computer user or system administrator. After installed, Security Center is able to display fake system alerts in the form of an annoying popup and conduct system scans that return falsified results.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Security Center Removal Guide
Kill Process
(How to kill a process effectively?)
SecurityCenter.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SecurityCenter"

Remove Folders and Files
%UserProfile%\Start Menu\SecurityCenter.lnk
%UserProfile%\Start Menu\Programs\SecurityCenter
C:\Program Files\SecurityCenter

Windows Enterprise Suite Removal Guide

Windows Enterprise Suite is a rogue anti-spyware program. It is considered to be part of the family of rogues which goes together with Volcano Security Suite. Research has proven how each of the above mentioned rogue program tends to make use of similar confusing ways so as to entice trustful computer users to purchase the full version of this deceitful security program.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows Enterprise Suite Removal Guide
Kill Process
(How to kill a process effectively?)
uninstall.exe
Windows Enterprise Suite.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Suite"

Remove Folders and Files
%UserProfile%\Desktop\Windows Enterprise Suite.lnk
%UserProfile%\Application Data\Windows Enterprise Suite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Suite.lnk

Windows Protection Suite Removal Guide

Windows Protection Suite is a fake antivirus which act as spyware remover that displays fake system scanners and malware detection reports that claim your computer is infected. Windows Protection Suite uses this scare tactic to persuade you to purchase the fully licensed version of Windows Protection Suite in order to protect your system from harm. Do not be fooled, and remove Windows Protection Suite as soon as possible.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows Protection Suite Removal Guide
Kill Process
(How to kill a process effectively?)
WI345d.exe
WindowsProtectionSuite.exe
std.exe
snl2w.exe
CLSV.exe
ppal.exe

Unregister DLL files
sqlite3.dll
mozcrt19.dll
SM.dll
runddl.dll
PE.dll
tempdoc.dll
kernel32.dll
grid.dll
energy.dll

Delete Registry
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsProtectionSuite"

Remove Folders and Files
$APPDATA\345d567
$APPDATA\WINSSSys
$APPDATA\Windows Protection Suite 2009
$STARTMENU\Programs\WindowsProtectionSuite
$PROGRAMFILES\WindowsProtectionSuite
$APPDATA\Windows Protection Suite
$STARTMENU\Programs\Windows Protection Suite.lnk
$DESKTOP\Windows Protection Suite 2009.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk
$STARTMENU\Programs\Windows Protection Suite 2009.lnk
$STARTMENU\Windows Protection Suite 2009.lnk
$DESKTOP\WindowsProtectionSuite.exe
$STARTMENU\WindowsProtectionSuite.lnk
$PROGRAMFILES\Mozilla Firefox\searchplugins\search.xml
$RECENT\std.exe
$RECENT\snl2w.exe
$RECENT\SM.dll
$RECENT\runddl.dll
$RECENT\PE.tmp
$RECENT\PE.dll
$RECENT\tempdoc.dll
$RECENT\kernel32.dll
$RECENT\grid.sys
$RECENT\grid.dll
$RECENT\energy.dll
$RECENT\dudl.sys
$RECENT\DBOLE.drv
$RECENT\CLSV.exe
$RECENT\ANTIGEN.drv
$DESKTOP\Windows Protection Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk

Read more:
Constants in manual removal guide

Total Security 2009 Removal Guide

Total Security 2009 is a fake antivirus. It is an updated version of the fake spyware removers called Total Security and System Security. Total Security 2009 injects affiliated trojans into your PC that, once active, begin displaying misleading security alerts and launching fake system scanners that state your computer is infected. You are then prompted to purchase and download the commercial version of Total Security 2009 in order to combat these fictitious threats.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
Sc2C21UvvM.exe
tsc.exe

Unregister DLL files
winsource.dll

Delete Registry
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}"
HKCU "Software\1FD92E3F7C34799BFB075C41DA05D1FE"
HKCR "CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}"
HKLM "SOFTWARE\Microsoft\Security Center" "FirewallOverride"
HKLM "SOFTWARE\Microsoft\Security Center" "AntiVirusOverride"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "1FD92E3F7C34799BFB075C41DA05D1FE"

Remove Folders and Files
$STARTMENU\TSC
$PROGRAMFILES\TSC
$PROGRAMFILES\Common Files\System\Uninstall
$PROGRAMFILES\Common Files\System\Uninstall\Uninstall TSC.lnk
$DESKTOP\TSC.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\TSC.lnk
$SYSDIR\winsource.dll

Read more:
Constants in manual removal guide

Windows System Suite Removal Guide

Windows System Suite is a fake antivirus and is a clone of Windows Security Suite and Antivirus System Pro. Windows System Suite uses many deceiving methods for persuading purchase of the full licensed version of Windows System Suite. Once installed, Windows System Suite display many false Windows security center alerts and performs system scans that displays fake results.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Windows System Suite Removal Guide
Kill Process
(How to kill a process effectively?)
WI345d.exe
WindowsSystemSuite.exe
std.exe
snl2w.exe
CLSV.exe
WS83b.exe
ppal.exe
cb.exe
eb.exe

Unregister DLL files
sqlite3.dll
mozcrt19.dll
energy.dll
PE.dll
SM.dll
runddl.dll
grid.dll
tempdoc.dll
kernel32.dll
cid.dll
ddv.dll

Delete Registry
HKCR "ReleaseXP.DocHostUIHandler"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsSystemSuite"
HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform " "986707143803"

Remove Folders and Files
$APPDATA\345d567
$APPDATA\WINSSSys
$PROGRAMFILES\WindowsSystemSuite
$APPDATA\Windows System Suite
$APPDATA\Windows System Suite 2009
$STARTMENU\Programs\WindowsSystemSuite
$DESKTOP\Windows System Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows System Suite.lnk
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Windows System Suite 2009.lnk
$DESKTOP\WindowsSystemSuite.exe
$DESKTOP\Windows System Suite 2009.lnk
$STARTMENU\Windows System Suite 2009.lnk
$STARTMENU\Windows System Suite.lnk
$STARTMENU\Programs\Windows System Suite.lnk
$STARTMENU\Programs\Windows System Suite 2009.lnk
$RECENT\std.exe
$RECENT\snl2w.exe
$RECENT\energy.dll
$RECENT\PE.tmp
$RECENT\PE.dll
$RECENT\SM.dll
$RECENT\runddl.dll
$RECENT\grid.dll
$RECENT\dudl.sys
$RECENT\DBOLE.drv
$RECENT\CLSV.exe
$RECENT\tempdoc.dll
$RECENT\kernel32.dll
$RECENT\grid.sys
$RECENT\ANTIGEN.drv

Read more:
Constants in manual removal guide

Remove Malware Doctor, Malware Doc, MalwareDoc

Malware Doctor, also known as Malware Doc or MalwareDoc, is a rogue system optimization program usually promoted as an online scanner. It is known to trick you into believing your computer is infested with spyware and then lure you into purchasing MalwareDoctor full version to remove the imaginary threats. It may run its fake system scanner every time you boot your computer and generate a list of spyware infections as a result.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Malware Doctor manual removal guide
Kill Process
(How to kill a process effectively?)
Malware Doctor.exe
MDsetup.exe
[randomnumbers].exe

Unregister DLL
Validation.dll
htmlayout.dll

Delete Registry
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor
HKEY_USERS\Software\Microsoft\Windows\Explorer\MenuOrder\Start Menu2\Programs\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor\AntiSpy Knight
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Alcmtr"

Remove Folders
$PROGRAMFILES\Malware Doctor
$SMPROGRAMS\Malware Doctor

Read more:
Constants in manual removal guide

Read also:

• Remove Fake Antivirus
• Safe Browser - Free 100% Protection!
• Correct way of using Browser to surf internet
• Why use Firefox rather than IE?
• How to kill a process effectively?
• Prevent Pendrive Virus forever
• Don't disable UAC or your computer will be attacked by malwares!
• Remove WGA (Windows Genuine Advantage) Notifications effectively
• How to patch without running WGA validation
  

Personal Antivirus Removal Tool

License: Freeware
File size: 58 KB

Personal Antivirus is a rogue anti-spyware program come out from the company called Innovagest 2000. It is installed by a trojan called Zlob, which trys to trick you into buying the alleged rogue anti-spyware program. Once you're infected with Zlob, a fake security message similar to a Windows notification pops up saying your PC is infected with malware. This Personal Antivirus message is used to lure you into purchasing, downloading and installing their program to remove the imaginary spyware. Remove Personal Antivirus is used to remove this fake antivirus from your computer.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Personal Antivirus 1.0 at Softpedia
Download Source code of Remove Personal Antivirus 1.0

Personal Antivirus manual removal guide
Kill Process
(How to kill a process effectively?)
PersonalAntivirus[1].exe
iv.exe
winlogon.exe
services.exe
unins000.exe
PerAvir.exe

Delete Registry
HKLM "SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE"
HKLM "SYSTEM\CurrentControlSet\Services\ITGrdEngine"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1"
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "Personal Antivirus"
HKCU "Software\Microsoft\Internet Explorer" "PrS"

Remove Folders
$APPDATA\Personal Antivirus
$PROGRAMFILES\Personal Antivirus
$APPDATA\AV1

Remove Files
$WINDIR\system32\log.txt
$APPDATA\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
$LOCALAPPDATA\Microsoft\Windows\services.exe
$LOCALAPPDATA\Microsoft\Windows\pguard.ini
$LOCALAPPDATA\Microsoft\Windows\log.txt
$LOCALAPPDATA\Microsoft\Internet Explorer\iPSh.png
$LOCALAPPDATA\Microsoft\Internet Explorer\iMSh.png
$LOCALAPPDATA\Microsoft\Internet Explorer\iGSh.png
$APPDATA\Microsoft\Windows\winlogon.exe
$LOCALAPPDATA\Microsoft\Internet Explorer\iv.exe
$DESKTOP\Personal Antivirus.lnk
$SMPROGRAMS\Personal Antivirus

Read more:
Constants in manual removal guide

Read also:

• Remove Fake Antivirus
• Safe Browser - Free 100% Protection!
• Correct way of using Browser to surf internet
• Why use Firefox rather than IE?
• How to kill a process effectively?
• Prevent Pendrive Virus forever
• Don't disable UAC or your computer will be attacked by malwares!
• Remove WGA (Windows Genuine Advantage) Notifications effectively
• How to patch without running WGA validation
  

Remove Fake Antivirus 1.76

Remove Fake Antivirus is used to remove the most popular fake antiviruses. What is fake antivirus? This is a type of virus/malwares which disguises itself to be an antivirus. It infects your computer when you accidentally click a link in a website which will download the malware into your computer and run automatically when your windows boot. It scan the infected computer and produces fake alert warnings. It convinces you that your computer is in danger and urge you to purchase a useless copy of the fake antivirus. These fake antiviruses must be removed immediately.

Remove Fake Antivirus 1.76 is used to remove:

1. Windows Antivirus 2011
2. Mega Antivirus 2012
3. AVG Antivirus 2011
4. PC Security 2011
   
5. ThinkPoint
6. ThinkSmart
7. Antivirus 8
8. Security Tool
9. My Security Shield
   
10. Antivirus 7
11. Antivirus GT
    
12. Defense Center
13. Protection Center
14. Sysinternals Antivirus
15. Security Master AV
    
16. CleanUp Antivirus
17. Security Toolbar
    
18. Digital Protection
    
19. XP Smart Security 2010
    
20. Antivirus Suite
    
21. Vista Security Tool 2010
    
22. Total XP Security
23. Security Central
24. Security Antivirus
25. Total PC Defender 2010
26. Vista Antivirus Pro 2010
    
27. Your PC Protector
28. Vista Internet Security 2010
29. XP Guardian
30. Vista Guardian 2010
31. Antivirus Soft
32. XP Internet Security 2010
33. Antivir 2010
34. Live PC Care
    
35. Malware Defense
36. Internet Security 2010
37. Desktop Defender 2010
38. Antivirus Live
    
39. Personal Security
    
40. Cyber Security
41. Alpha Antivirus
42. Windows Enterprise Suite
43. Security Center
44. Control Center
    
45. Braviax
46. Windows Police Pro
47. Antivirus Pro 2010
48. PC Antispyware 2010
49. FraudTool.MalwareProtector.d
50. Winshield2009.com
51. Green AV
52. Windows Protection Suite
53. Total Security 2009
54. Windows System Suite
55. Antivirus BEST
56. System Security
57. Personal Antivirus
    
58. System Security 2009
59. Malware Doctor
60. Antivirus System Pro
61. WinPC Defender
62. Anti-Virus-1
    
63. Spyware Guard 2008
    
64. System Guard 2009
    
65. Antivirus 2009
    
66. Antivirus 2010
    
67. Antivirus Pro 2009
    
68. Antivirus 360
    
69. MS Antispyware 2009
70. IGuardPC or I Guard PC
71. Additional Guard
    

(all of them are fake antivirus which are
viruses or trojans) from your computer.

Remove Fake Antivirus is used to remove
fake antivirus which are viruses or trojans.


Latest updated :
Link I Link II
md5: d78598edf77d70f2c04f57d81c2ce92b
Pad File: rfa.xml

Tools used in removing virus manually

These are the tools used in removing virus manually:

1. Process Explorer
   The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
   
   
2. a-squared HiJackFree
   a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.
   
   
3. Trend Micro HijackThis
   HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.
   
   
4. Unlocker
   It is used to delete any file including access-denied files.
   
   
5. Security Task Manager
   Security Task Manager shows comprehensible information about programs and processes running on the computer. For each Windows process, it improves on Windows Task Manager, providing unique security risk rating, comments from our experts and user community, free online scan with all known Antivirus engines, full directory path and file name, process description, CPU usage graph, embedded hidden functions and process type.

Emsisoft Emergency Kit 1.0

Emsisoft Emergency Kit is a very good malwares removal tool which can be used to remove almost any malware in the infected computer. Emsisoft Emergency Kit 1.0 is your emergency kit for infected PCs! Emsisoft Emergency Kit 1.0 can detects and removes malwares. Emsisoft Emergency Kit 1.0 has more than 4 million known dangers which make it to kill almost any malwares. Emsisoft Emergency Kit 1.0 is 100% portable - perfect for USB sticks. Emsisoft Emergency Kit 1.0 also includes HiJackFree and BlitzBlank.

The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware:

Emsisoft Emergency Kit Scanner

With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.

Run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found Malware can be moved to quarantine or finally deleted.

Emsisoft Commandline Scanner

This scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and can be used perfectly for batch jobs.

To run the Emsisoft Commandline Scanner, do the following actions:

- Open a command prompt window (Run: cmd.exe)
- Switch to the drive of the USB Stick (e.g.: f:) and then to the folder of the executable files (e.g.: cd run)
- Run the scanner by typing: a2cmd.exe

Next you will see a help page describing all available parameters.

Next is an example to scan drive c:\ with enabled Memory, Traces (Registry) and Cookie scan with active Heuristic module and archive support. Found Malware is moved to quarantine.

a2cmd.exe /f="c:\" /m /t /c /h /a /q="c:\quarantine\"

Emsisoft HiJackFree

HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system.

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

Self made Emergency USB stick

Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.

Download

Download the Emsisoft Emergency Kit at the Download page.

Anti-Virus-1 Removal Tool

License: Freeware
File size: 58 KB

Anti-Virus-1 is a rogue anti-spyware program similar to Antivirus2010. Anti-Virus-1 was created to trick you into believing your computer is infected with spyware to then offer Anti-Virus-1's full version to remove the supposed threats. Anti-Virus-1 may enter your computer system with the help of Trojans (such as Zlob or Vundo). Once the Trojan is installed, you'll receive numerous popups and fake system alert notifications informing you about imaginary infections. In addition, Anti-Virus-1 is able to perform a fake system scan and generate a list of spyware as a result. Anti-Virus-1 will use all its fraudulent mechanisms to finally redirect you to a malicious website that sells Anti-Virus-1 as a legitimate spyware remover.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Anti-Virus-1 1.0 at Softpedia
Download source code of Anti-Virus-1 Removal Tool

Anti-Virus-1 manual removal guide
Kill Process
(How to kill a process effectively?)
AV1i.exe
av1.exe
wingamma.exe

Delete Registry
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "AV1"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV1"
HKCU "Software\AV1"

Remove Folders
$APPDATA\AV1

Read more:
Constants in manual removal guide

Spyware Guard 2008 Removal Tool

License: Freeware
File size: 58 KB

Spyware Guard 2008 or SpywareGuard 2008, was found to be a destructive program. Spyware Guard 2008 is a rogue anti-spyware program that when installed, scans your system finding multiple parasites that are not actually present on your computer. Spyware Guard 2008 performs this scan among other actions to keep computer users perplexed about the next step to take in order to remove the found parasites.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Spyware Guard 2008 1.0a at Softpedia
Download the source code of Remove Spyware Guard 2008 1.0

Spyware Guard 2008 manual removal guide
Kill Process
(How to kill a process effectively?)
"spywareguard.exe"
"SpywareGuard2008[2].exe"
"SpywareGuard2008.exe"
"winscenter.exe"
"wsc32x.exe"
"SpywareGuard2008[1].exe"

Delete Autorun
HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "SpywareGuard2008"

Unregister DLL
SetShellVarContext current
"$APPDATA\microsoft\internet explorer\dlls\hyckgjthbm.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\dnctirxael.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\Microsoft\Internet Explorer\olesys.dll"
"$WINDIR\vmreg.dll"
SetShellVarContext all
"$APPDATA\microsoft\internet explorer\dlls\jsiitpwzvx.dll"
"$APPDATA\microsoft\internet explorer\dlls\aszfvmhrod.dll"
"$APPDATA\microsoft\internet explorer\dlls\qlolrxuhqi.dll"
"$APPDATA\microsoft\internet explorer\dlls\mrygjqlkvh.dll"
"$APPDATA\microsoft\internet explorer\dlls\ajbkogdcas.dll"
"$APPDATA\microsoft\internet explorer\dlls\jpceqlrhqp.dll"
"$APPDATA\microsoft\internet explorer\dlls\dpaijjyvdt.dll"
"$APPDATA\microsoft\internet explorer\dlls\sowuxgmbzt.dll"
"$APPDATA\microsoft\internet explorer\dlls\wstdzgcesr.dll"
"$APPDATA\microsoft\internet explorer\dlls\qrterkocjk.dll"
"$APPDATA\microsoft\internet explorer\dlls\drhlmmxplk.dll"
"$APPDATA\microsoft\internet explorer\dlls\akpykdjiau.dll"
"$APPDATA\microsoft\internet explorer\dlls\qychlykios.dll"
"$APPDATA\microsoft\internet explorer\dlls\rqtdlfaorp.dll"
"$APPDATA\microsoft\internet explorer\dlls\zqotakbhik.dll"
"$APPDATA\microsoft\internet explorer\dlls\dkwpsdctxj.dll"
"$APPDATA\microsoft\internet explorer\dlls\csflndmpof.dll"
"$APPDATA\microsoft\internet explorer\dlls\omexpqrvbt.dll"
"$APPDATA\microsoft\internet explorer\dlls\xfoixoeloq.dll"
"$APPDATA\microsoft\internet explorer\dlls\vgcugmtknb.dll"
"$APPDATA\microsoft\internet explorer\dlls\cclgwzzadh.dll"
"$APPDATA\microsoft\internet explorer\dlls\jhjqosmxio.dll"
"$APPDATA\microsoft\internet explorer\dlls\ajapetrkzq.dll"
"$APPDATA\microsoft\internet explorer\dlls\tcqvrzndns.dll"
"$APPDATA\microsoft\internet explorer\dlls\xdoeoizbow.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\cxtskpqynx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\protect\qlpygbnqit.dll"
"$APPDATA\microsoft\protect\ie.dll"
"$APPDATA\microsoft\protect\gfbnrcgvfr.dll"
"$APPDATA\microsoft\internet explorer\olesys.dll"
"olesys.dll"

Remove Folders
SetShellVarContext current
"$STARTMENU\Programs\Spyware Guard 2008"
"$PROGRAMFILES\Spyware Guard 2008"

Remove Files
(How to delete access denied file?)
SetShellVarContext current
"$WINDIR\vmreg.dll"
"$WINDIR\sys.com"
"$DESKTOP\Spyware Guard 2008.lnk"
"$APPDATA\Microsoft\Internet Explorer\olesys.dll"
"$APPDATA\microsoft\internet explorer\dlls\hyckgjthbm.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\dnctirxael.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$SYSDIR\winscenter.exe"
"$SYSDIR\wsc32x.exe"
SetShellVarContext all
"$APPDATA\microsoft\internet explorer\dlls\jsiitpwzvx.dll"
"$APPDATA\microsoft\internet explorer\dlls\aszfvmhrod.dll"
"$APPDATA\microsoft\internet explorer\dlls\qlolrxuhqi.dll"
"$APPDATA\microsoft\internet explorer\dlls\mrygjqlkvh.dll"
"$APPDATA\microsoft\internet explorer\dlls\ajbkogdcas.dll"
"$APPDATA\microsoft\internet explorer\dlls\jpceqlrhqp.dll"
"$APPDATA\microsoft\internet explorer\dlls\dpaijjyvdt.dll"
"$APPDATA\microsoft\internet explorer\dlls\sowuxgmbzt.dll"
"$APPDATA\microsoft\internet explorer\dlls\wstdzgcesr.dll"
"$APPDATA\microsoft\protect\qlpygbnqit.dll"
"$APPDATA\microsoft\internet explorer\dlls\qrterkocjk.dll"
"$APPDATA\microsoft\internet explorer\dlls\drhlmmxplk.dll"
"$APPDATA\microsoft\internet explorer\dlls\akpykdjiau.dll"
"$APPDATA\microsoft\internet explorer\dlls\qychlykios.dll"
"$APPDATA\microsoft\internet explorer\dlls\rqtdlfaorp.dll"
"$APPDATA\microsoft\internet explorer\dlls\zqotakbhik.dll"
"$APPDATA\microsoft\internet explorer\dlls\dkwpsdctxj.dll"
"$APPDATA\microsoft\internet explorer\dlls\csflndmpof.dll"
"$APPDATA\microsoft\internet explorer\dlls\omexpqrvbt.dll"
"$APPDATA\microsoft\internet explorer\dlls\xfoixoeloq.dll"
"$APPDATA\microsoft\internet explorer\dlls\vgcugmtknb.dll"
"$APPDATA\microsoft\internet explorer\dlls\cclgwzzadh.dll"
"$APPDATA\microsoft\internet explorer\dlls\jhjqosmxio.dll"
"$APPDATA\microsoft\internet explorer\dlls\ajapetrkzq.dll"
"$APPDATA\microsoft\internet explorer\dlls\tcqvrzndns.dll"
"$APPDATA\microsoft\internet explorer\dlls\xdoeoizbow.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\cxtskpqynx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\protect\ie.dll"
"$APPDATA\microsoft\protect\gfbnrcgvfr.dll"
"$APPDATA\microsoft\internet explorer\olesys.dll"

Read more:
Constants in manual removal guide

Remove System Guard 2009

License: Freeware
File size: 59 KB

System Guard 2009, or SystemGuard2009, is a rogue anti-spyware program that installs in your computer system with the help of Trojan Zlob or through security vulnerabilities in the Windows operating system or web browser. You may have also downloaded System Guard 2009 from a rogue website thinking it would remove your spyware threats.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove System Guard 2009 1.0 at Softpedia
Download Source code of System Guard 2009 1.0

System Guard 2009 Removal Guide
Kill Process
(How to kill a process effectively?)
"SystemGuard2009.exe"
"systemguard.exe"
"winscenter.exe"
"sysexplorer.exe"
"spoolsystem.exe"
"reged.exe"
"syscert.exe"

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009"
HKLM "SOFTWARE\System Guard 2009"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet"
HKCR "CLSID\{AB6DAA8C-F726-4FDD-8B06-9537C5878612}"
HKCR "CLSID\{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "ieModule"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "InternetConnection"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "systemguard"

Unregister DLL
SetShellVarContext all
"$APPDATA\microsoft\network\dlls\udunjexmim.dll"
"$APPDATA\microsoft\network\dlls\czltvtkkox.dll"
"$APPDATA\microsoft\network\dlls\jykgxumxkk.dll"
"$APPDATA\microsoft\network\dlls\fejopjgulu.dll"
"$APPDATA\microsoft\network\dlls\qvovoghiyx.dll"
"$APPDATA\microsoft\network\dlls\fnypjxnzek.dll"
"$APPDATA\microsoft\network\dlls\qxpvjgihuv.dll"
"$APPDATA\microsoft\network\dlls\zhqbmeuqai.dll"
"$APPDATA\microsoft\network\dlls\jxwwldgtxf.dll"
"$APPDATA\microsoft\network\dlls\hafjrwkdjg.dll"
"$APPDATA\microsoft\network\dlls\pheauarqzb.dll"
"$APPDATA\microsoft\network\dlls\hditohpcyc.dll"
"$APPDATA\microsoft\network\dlls\ikpxrsbnnq.dll"
"$APPDATA\microsoft\network\dlls\ndamqohbzv.dll"
"$APPDATA\microsoft\network\dlls\zdbwchlcag.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\undeiimrfx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\network\dlls\moduleie.dll"
"$APPDATA\microsoft\network\dlls\mqhkcnqxvg.dll"
"$APPDATA\microsoft\network\dlls\uqmgwcdcve.dll"
"$APPDATA\microsoft\network\dlls\iemodule.dll"
"$WINDIR\vmreg.dll"
"$APPDATA\Microsoft\Network\DLLs\ieModule.dll"
"$APPDATA\Microsoft\Network\DLLs\eewhptdpyl.dll"
"$APPDATA\Microsoft\Network\DLLs\moduleie.dll"

Remove folder
"$PROGRAMFILES\System Guard 2009"

Delete Files
(How to delete access denied file?)
SetShellVarContext current
"$SYSDIR\winscenter.exe"
"$WINDIR\sysexplorer.exe"
"$WINDIR\spoolsystem.exe"
"$WINDIR\reged.exe"
"$WINDIR\syscert.exe"
"$WINDIR\vmreg.dll"
"$WINDIR\sys.com"
"$SMPROGRAMS\System Guard 2009\Uninstall.lnk"
"$SMPROGRAMS\System Guard 2009\System Guard 2009.lnk"
"$SMPROGRAMS\System Guard 2009"
"$DESKTOP\System Guard 2009.lnk"

SetShellVarContext all
"$APPDATA\Microsoft\Network\svchost.exe"
"$APPDATA\winlogon.exe"
"$APPDATA\Microsoft\Network\DLLs\ieModule.dll"
"$APPDATA\Microsoft\Network\DLLs\eewhptdpyl.dll"
"$APPDATA\Microsoft\Network\DLLs\moduleie.dll "
"$APPDATA\Microsoft\Network\DLLs\c.cgm"
"$APPDATA\Microsoft\Network\DLLs"
"$APPDATA\Microsoft\Network\track.sys"
"$APPDATA\microsoft\network\dlls\udunjexmim.dll"
"$APPDATA\microsoft\network\dlls\czltvtkkox.dll"
"$APPDATA\microsoft\network\dlls\jykgxumxkk.dll"
"$APPDATA\microsoft\network\dlls\fejopjgulu.dll"
"$APPDATA\microsoft\network\dlls\qvovoghiyx.dll"
"$APPDATA\microsoft\network\dlls\fnypjxnzek.dll"
"$APPDATA\microsoft\network\dlls\qxpvjgihuv.dll"
"$APPDATA\microsoft\network\dlls\zhqbmeuqai.dll"
"$APPDATA\microsoft\network\dlls\jxwwldgtxf.dll"
"$APPDATA\microsoft\network\dlls\hafjrwkdjg.dll"
"$APPDATA\microsoft\network\dlls\pheauarqzb.dll"
"$APPDATA\microsoft\network\dlls\hditohpcyc.dll"
"$APPDATA\microsoft\network\dlls\ikpxrsbnnq.dll"
"$APPDATA\microsoft\network\dlls\ndamqohbzv.dll"
"$APPDATA\microsoft\network\dlls\zdbwchlcag.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\undeiimrfx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\network\dlls\moduleie.dll"
"$APPDATA\microsoft\network\dlls\mqhkcnqxvg.dll"
"$APPDATA\microsoft\network\dlls\uqmgwcdcve.dll"
"$APPDATA\microsoft\network\dlls\iemodule.dll"

Read more:
Constants in manual removal guide

Antivirus 2010 Removal Tool

License: Freeware
File size: 58 KB

Antivirus 2010 is a rogue security tool that uses misleading advertisements to gain a purchase and crashes a system and loads fake Blue Screen of Death. The text on BSOD is fabricated and claims that MS Windows recommend purchasing Antivirus 2010 to remove spyware from a machine. This recommendation is just a trick of Antivirus 2010 and it should not be trusted.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove Antivirus 2010 1.0 at Softpedia
Download Source code of Antivirus 2010 Removal Tool

Antivirus 2010 Removal Guide
Kill Process
(How to kill a process effectively?)
"AV2010.exe"
"svchost.exe"
"wingamma.exe"

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}"
HKLM "SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012"
HKLM "SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013"
HKLM "SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014"
HKCU "Software\AV2010"
HKCR "AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}"
HKCR "AppID\IEDefender.DLL"
HKCR "CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}"
HKCR "IEDefender.IEDefenderBHO"
HKCR "IEDefender.IEDefenderBHO.1"
HKCR "Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}"
HKCR "TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Windows Gamma Display"

Unregister
"IEDefender.dll"

Remove Folder
SetShellVarContext current
"$PROGRAMFILES\AV2010"
SetShellVarContext all
"$SMPROGRAMS\AV2010"
SetShellVarContext current
Delete "$SYSDIR\wingamma.exe"

Read more:
Constants in manual removal guide

Read also:

• Remove Fake Antivirus
• Safe Browser - Free 100% Protection!
• Correct way of using Browser to surf internet
• Why use Firefox rather than IE?
• How to kill a process effectively?
• Prevent Pendrive Virus forever
• Don't disable UAC or your computer will be attacked by malwares!
• Remove WGA (Windows Genuine Advantage) Notifications effectively
• How to patch without running WGA validation