Your PC Protector
February 11, 2010
What is Your PC Protector?
Your PC Protector is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Your PC Protector is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Your PC Protector comes from the same family of rogues that includes Windows Police Pro.
What it Does:
Your PC Protector will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Your PC Protector is not legitimate software and is actually a spyare infection. Your PC Protector can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Your PC Protector poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Your PC Protector will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Your PC Protector Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Your PC Protector unless are a trained computer professional. Your PC Protector is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
Your PC Protector.exe
2. Delete Following Files and Directories:
c:\Program Files\adc32.dll
c:\Program Files\alggui.exe
c:\Program Files\nuar.old
c:\Program Files\skynet.dat
c:\Program Files\svchost.exe
c:\Program Files\wp3.dat
c:\Program Files\wp4.dat
c:\Program Files\schtml
c:\Program Files\schtml\dbsinit.exe
c:\Program Files\schtml\wispex.html
c:\Program Files\schtml\images
c:\Program Files\schtml\images\i1.gif
c:\Program Files\schtml\images\i2.gif
c:\Program Files\schtml\images\i3.gif
c:\Program Files\schtml\images\j1.gif
c:\Program Files\schtml\images\j2.gif
c:\Program Files\schtml\images\j3.gif
c:\Program Files\schtml\images\jj1.gif
c:\Program Files\schtml\images\jj2.gif
c:\Program Files\schtml\images\jj3.gif
c:\Program Files\schtml\images\l1.gif
c:\Program Files\schtml\images\l2.gif
c:\Program Files\schtml\images\l3.gif
c:\Program Files\schtml\images\pix.gif
c:\Program Files\schtml\images\t1.gif
c:\Program Files\schtml\images\t2.gif
c:\Program Files\schtml\images\Thumbs.db
c:\Program Files\schtml\images\up1.gif
c:\Program Files\schtml\images\up2.gif
c:\Program Files\schtml\images\w1.gif
c:\Program Files\schtml\images\w11.gif
c:\Program Files\schtml\images\w2.gif
c:\Program Files\schtml\images\w3.gif
c:\Program Files\schtml\images\w3.jpg
c:\Program Files\schtml\images\word.doc
c:\Program Files\schtml\images\wt1.gif
c:\Program Files\schtml\images\wt2.gif
c:\Program Files\schtml\images\wt3.gif
c:\Program Files\Your PC Protector
c:\Program Files\Your PC Protector\Your PC Protector.exe
%UserProfile%\Start Menu\Programs\Your PC Protector
%UserProfile%\Desktop\Your PC Protector.lnk
3. Delete the Following Registry Keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
HKEY_CURRENT_USER\Software\Your PC Protector
HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Your PC Protector will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Your PC Protector is completely removed from your computer.
Security Tool
February 8, 2010
What is Security Tool?
Security Tool is dangerous rogue spyware or “scareware”. It is designed to overwhelm you with simulated scans and fake warnings that your computer is infected with various malware. The reason for this is to scare you into buying bogus software by making you believe that only the full version of Security Tool can remove these infections, when in fact, Security Tool IS the infection.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Security Tool is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Security Tool comes from the same family of rogues that include System Security and Total Security 2009.
What it Does:
Security Tool will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Security Tool is not legitimate software and is actually a spyare infection. Security Tool can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Security Tool poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Security Tool will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Security Tool Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Security Tool unless are a trained computer professional. Security Tool is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
4946550101.exe (note this is a random number generated by Security Tool and will be different on your computer)
2. Delete Following Files and Directories:
%UserProfile%\Application Data\4946550101
%UserProfile%\Application Data\4946550101\4946550101.bat
%UserProfile%\Application Data\4946550101\4946550101.cfg
%UserProfile%\Application Data\4946550101\4946550101.exe
%UserProfile%\Desktop\Security Tool.lnk
%UserProfile%\Start Menu\Programs\Security Tool.lnk
3. Delete the Following Registry Keys:
HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “4783370890″ (note this is a random number generated by Security Tool and will be different on your computer)
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Security Tool will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Security Tool is completely removed from your computer.
Personal Security
February 8, 2010
What is Personal Security?
Personal Security is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Personal Security is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Personal Security comes from the same family of rogues that include Cyber Security and Total Security.
What it Does:
Personal Security will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivir is not legitimate software and is actually a spyare infection. Personal Security can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Personal Security poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Personal Security will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Personal Security Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Personal Security unless are a trained computer professional. Personal Security is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
psecurity.exe
2. Delete Following Files and Directories:
Windows XP
c:\Program Files\PersonalSec
c:\Program Files\PersonalSec\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
c:\Documents and Settings\All Users\Start Menu\PSecurity
c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk
Windows Vista and Windows 7
**(Note: c:\ProgramData listed below is a hidden folder. You may have to change the setting in control panel to be able to view hidden folders. Get instructions how to do that by clicking here)**
c:\Program Files\PersonalSec
c:\Program Files\PersonalSec\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Computer Scan.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Personal Security.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Registration.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Security Center.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Settings.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk
3. Delete the Following Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “PSecurity”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009″
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivir will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivir is completely removed from your computer.
Antivir
February 8, 2010
What is Antivir?
Antivir is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Antivir is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Antivir comes from the same family of rogues that include Alpha Antivirus and Personal Antivirus.
What it Does:
Antivir will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivir is not legitimate software and is actually a spyare infection. Antivir can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Antivir poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivir will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Antivir Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Antivir unless are a trained computer professional. Antivir is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
antivir.exe
2. Delete Following Files and Directories:
Windows XP
c:\Documents and Settings\All Users\Start Menu\AV
c:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
c:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
c:\Program Files\AV
c:\Program Files\AV\antivir.exe
c:\Program Files\Common Files\Uninstall
c:\Program Files\Common Files\Uninstall\AV
c:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
c:\WINDOWS\system32\UpdateCheck.dll
Windows Vista and Windows 7
**(Note: c:\ProgramData listed below is a hidden folder. You may have to change the setting in control panel to be able to view hidden folders. Get instructions how to do that by clicking here)**
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivir.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
c:\Program Files\AV
c:\Program Files\AV\antivir.exe
c:\Program Files\Common Files\Uninstall
c:\Program Files\Common Files\Uninstall\AV
c:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
c:\WINDOWS\system32\UpdateCheck.dll
3. Unregister the Following DLLs:
%WINDOWS%\system32\UpdateCheck.dll
4. Delete the Following Registry Keys:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform “WinNT-EVI 25.11.2009″
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivir will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivir is completely removed from your computer.
-
Editor’s Choice Winner
"Spyware Doctor also set a new record in the malware blocking test, scoring 9.7 out of 10 possible points"
-www.pcmag.com, October 15, 2009