This rogue software blocks installation and execution of other software to protect itself. Preferably use another computer to download the following free tools to a removable drive:
• HijackThis Executable
• MalwareBytes’s Anti-Malware (mbam-setup.exe Direct download)
• Start HijackThis by clicking on HijackThis.exe.
• Click on Do a system scan only. In the results of the HijackThis scan, carefully select only the following entries by placing a checkmark in the box provided:
1. R1 -- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555;
2. O4 -- HKLM\..\Run: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
3. O4 -- HKLM\..\Run: [SecurityCenter] C:\WINDOWS\system32\p9tdwlvru6ww.exe
4. O4 -- HKLM\..\Run: [p9tdwlvru6ww] C:\WINDOWS\system32\p9tdwlvru6ww.exe
The file name in the last two entries above are made up of random 12 digit alpha-numeric characters.
• Click Fix Checked. Choose Yes to confirm your selection. Close HijackThis. This would have killed the Desktop Security 2010 executable and the “fake task manager”.
• Right-click on the Taskbar and open Task Manager, select Securitycenter.exe and click End Process. Confirm Yes in the Task Manager Warning. Now you are likely to have a “scare message free” desktop.
• Install MalwareBytes’s Anti-Malware (mbam-setup.exe Direct download), Open and choose a full-scan. Once the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
• Turn System Restore off and on
0 comments :
Post a Comment