'Now We Hack Virus' Not They

Remove PC Privacy Cleaner (PCPrivacyCleaner)

2008-07-27T03:36:00.000-07:00

A rogue antivirus which is often accompanied by other similar antivirus. Well if you have it in your system remove it as soon as possible as it will download so many similar programs that it will become a impossible to work on your computer. Some of the screenshots of PC Privacy Cleaner

NEVER CLICK YES A WARNING LIKE THIS ONE

Manual Removal Steps

1. Open task manager (Ctrl+Alt+Del) and kill the process pcpc.exe
If you also having a process named PCPC_Setup_Free.exe running, end that too.
If you get a message like task manager has been disabled..., download a tool from here to open task manager.

2. Now go to C:\Program Files (assuming you have your windows in C drive) and delete the folder named PCPrivacyCleaner.

3. Next remove shortcuts of PC Privacy Cleaner from desktop, start menu and quick launch.

4. Empty Recycle Bin

Now we need to do some registry editing. Be care ful as wrongly doing this can lead to system instability

5. Go Start->Run-> type regedit and press enter

6. Navigate to
HKEY_CURRENT_USER\Software\{65DE966D-11D1-4bb1-BF7E-B8A273514DAF}
and del the key {65DE966D-11D1-4bb1-BF7E-B8A273514DAF}
(See the pic after next step to know how to do it)

7. Now navigate to
HKEY_CURRENT_USER\Software\PCPrivacyCleaner
and delete the key PCPrivacyCleaner.

8. Now navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
locate and delete the string named PCPrivacyCleaner

9. Again navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner
And delete the key PCPrivacyCleaner

Your system is free from this rogue antivirus.
Because this usually is accompanied by other similar antiviruses be sure to check your pc.

Remove Antivirus 2009

2008-07-16T10:18:00.000-07:00

Antivirus 2009 is the newer version of the Antivirus 2008 and is there to scam you. Also just like its older version, its makes your system slow, brings unwanted popups and can also make your system infected with some serious trojans. So its advisable to remove it as soon as you get infected.
The following pics reveal how convincing this scam is that the user in major cases believe it to be a true antivirus.

The new antivirus is out with an added professional look

Its make a fake security center named 'Windows Security Center', the windows one being the Security Center

REMOVAL STEPS
1. Open task manager(Ctrl+Alt+Del). Locate and end the process av2009.exe using right click and selecting 'end process' option.

2. Now go to C:\Program Files(Assuming that you have windows installed in C drive) and delete the entire folder named Antivirus 2009.
3. As seen in the second picture, Antivirus 2009 makes a fake Windows security center. So we need to remove that. So go to C:\windows\system32 and delete the file scui.cpl

4. Now delete all the shortcuts on desktop and start menu made by Antivirus 2009

5. Empty recycle bin

Now we need to do some registry editing. Please complete the following steps carefully as improper registry editing could lead to system instability.

6. Go to Start Menu->Run-> Type regedit and press enter

7. Navigate to
HKEY_CURRENT_USER\Software\39148080807332159842981568027496
Delete the key ( i.e. the key with a long number which may differ in your pc but will be very long)

8. Now Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and delete name(long nos.) with data as C:\Program Files\Antivirus 2009\av2009.exe

9. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2009
Delete this key i.e. Antivirus 2009

10 Now if your themes, appearance and settings are missing you can download small tool from here

Your pc is clean

Please post your comments in the comments section or click the CONTACT ME PIC ABOVE.

Remove Antivirus 2008 Pro Fake Antivirus

2008-07-16T01:27:00.000-07:00

Antivirus2008Pro is another fake antivirus scam that wants your $50. It displays fake virus reports, hogs ups system memory and makes you frustrated. Though it is categorised as dangerous by many websites, it is quite simple to remove. You just need to follow the following to simple steps to remove it.

REMOVAL STEPS

1. Open task manager(Ctrl+Alt+Del). Locate and kill the process Antivirus2008PRO.exe using right click.

2. Now go to C:\program files(Assuming that your windows are installed in C drive).
Locate and delete the folder Antivirus 2008 PRO

3. Now delete the shortcuts made by it on desktop and in start menu.

4. Empty recycle bin

Now we need to do some registry editing. This need to be done carefully, otherwise it can lead to system instability

5. Open registry editing. Start Menu->Run-> Type regedit and press enter

6. Navigate to
HKEY_CURRENT_USER\Software\Antivirus 2008 PRO
and delete the key Antivirus 2008 PRO

7. Now Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Locate string antivirus-2008pro.exe on right side and delete it using the right click.
DONOT DELETE THE RUN KEY
8. Now Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
and delete the key Antivirus 2008 PRO

9 Now if your themes, appearance and settings are missing you can download small tool from here

Now your system is free from this virus

Please post your comments in the comments section or click the CONTACT ME BUTTON

Remove Nhatquanglan i.e. New Folder.exe Virus

2008-07-15T01:25:00.000-07:00

New Folder.exe Virus also known as Nhatquanglan is a very common virus with high multiply rate. This virus hides itself as scvhsot.exe though the actual actaul windows process is Scvhost.exe. The virus drops a copy of itself everytime you attach a removable media to your computer. Besides this it disables registry, task manager and removes the option of task manager.

SOFTWARES REQUIRED
As your task manager, registry editor and folder options are disabled we will need a couple of tiny but very helpful softwares.
Click on them to download
Security Task Manager
RRT

ATTACH YOUR INFECTED FLASH DRIVE(if any) TO YOUR COMPUTER AND MAKE A BACKUP OF DATA ON IT

REMOVAL STEPS
1. Install security task manager and start it. You will see one,two or more processes named Nhatquanglan. Select all of them by pressing Ctrl key and remove them
(right click->remove ->end process-> yes)

2. Next run the RRT software and remove all the restrictions. Now you will be able to open task manager and registry editor. It will say you need a system restart but you dont need it.

3. Go to Control panel->scheduled task and delete the At1 task

4. Next C:\windows\system32 folder and click tools->folder options->view tab
Find the Hide protected operating system.... and untick it.
Click YES on the a warning-> click Apply and OK.

FORMAT YOU REMOVABLE DISK WITHOUT OPENING IT OTHERWISE YOU WILL HAVE TO REPEAT ALL THE STEPS

5. Next we need to delete some files.
Also you need to be a bit careful as if you double click any of these files you will have to start all over again from step 1

In the C:\windows\system32 folder delete the following files.
(The last two files will have the icon of a folder as in the picture)
setting.ini
autorun.ini
SCVHSOT.exe (225792 bytes)
blastclnnn.exe (225792 bytes)

In the C:\windows folder delete the following files.
(The files will have icon of a folder)
SVCHSOT.exe (225792 bytes)
hinhem.scr (225792 bytes)

6. Empty Recycle bin

Now we need to do some registry editing
Please follow these steps very carefully as improper registry editing could lead to system crash.

7. Go to start->run->type regedit and press enter

8. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and delete the string Yahoo Messengger with data pointing to SCVHSOT.exe

9. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Find the string named shell on the right side with data as Explorer.exe SCVHSOT.exe
Double click it and Change its value to Explorer.exe
You dont have to delete anything here

10 Now if your themes, appearance and settings are missing you can download small tool from here

Now your pc is clean from this nasty virus.

WORD OF CAUTION
Well as a word of caution, whenever you see a file with an icon of a folder, BE CAREFUL. In 99.99% cases it will be a virus ready to infect as soon as you double click it.

For any comments, suggestions or queries please use the comments section or click the contact me picture above.

Remove Antivirus XP 2008

2008-07-13T12:51:00.000-07:00

Antivirus XP 2008 has been scamming many people off late. It installs on your pc shows false scanning showing that you have plenty of viruses and to remove them you will have to purchase the Antivirus XP 2008. Seeing this many people have already shelled out there hard earned money for this fake software. Besides this it also slows down your pc making it impossible to work. Well following are some of shots of this virus.

Well if you have downloaded it from some website, here is the screen shot its website.

Browser Hijack by Antivirus XP 2008

REMOVAL PROCEDURE

1. Open task manager(Ctrl+Alt+Del) & kill the following processes by using right click in the following order(the exact names of the files will differ but they will be 12 character long. Also note the names of the files before deleting as at all places the variation of name will be there accordingly. Because of variation I will be using Virus1 for the first one and Virus2 for the second one)

rhc1cdj0e12r.exe
pphc5cdj0e12r.exe

2. Now open C:\windows\system32(Assuming you have windows installed in C drive) and trace Virus2 and delete it.

3. Next open c:\program files and find the folder named Virus1. Delete the entire folder.

4. Next delete all traces of Antivirus XP 2008 from desktop and start menu(shortcuts)

5. Empty recycle bin

The following steps require registry editing so follow them carefully. Improper editing could lead to system crash.

6. Go start menu->run-> type 'regedit' and press enter. Regsitry Editor will open up.

7. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Locate and delete virus1 using right click

8. Next Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locate & delete SMvirus1 using right click

9. Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1cdj0e12r
del key Virus1 using right click

10. Now
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Locate 'AntivirXP08' on right side and delete it.

Now there is only one step left which can be performed only when you log in to windows next time.

11.Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1cdj0e12r
del key Virus1

12 Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
And delete the key Antivirus XP 2008

13 Now if your themes, appearance and settings are missing you can download small tool from here

Now your system is clean from this fake antivirus.

For any comments, questions or suggestions, please do comment in the comment section or click the contact me button above.

Remove Vista Antivirus 2008

2008-07-12T11:45:00.000-07:00

Vista Antivirus is a new rogue antivirus which tries to rob your money. Besides that it slows down your pc and with unwanted popups, it makes your working on the computer impossible. The following is a screenshot of Vista Antivirus 2008 and its warning

Also if you downloaded it from its website, here is the screenshot of the website
Though it may be very harmful, it is very easy to clean. Just follow these easy steps accompanied by pictures to clean your pc from this false vista antivirus.

1. First of all open task manager(Ctrl+Alt+Del) and go to process tab. Now search the process vav.exe. Kill process vav.exe by right clicking on it and selecting end process.

2. Now go to C:\windows\system32 folder(assuming that you have windows in your C drive).
Locate and delete file vav.cpl

3. Now go to C:\program files
Locate a folder named vav. It will be having four files(vav0.dat, vav1.dat, vav.cpl, vav.exe) in most cases. Delete the entire folder

4. Vista Antivirus 2008 also makes a shortcut on your desktop. Delete that also

5. Empty recycle bin

Now we will be doing some registry editing which is to be done very carefully. If not done with care it can lead to system instability

6. Go to start->run->type 'regedit' and press enter

7. Now navigate to the following key and del the string named antivirus as shown in the picture.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

8. Now navigate to the following key and del the key as shown in the picture.
HKEY_CURRENT_USER\Software\VAV

9. Now navigate to the following key and del the string named antivirus as shown in the picture.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

10 Now if your themes, appearance and settings are missing you can download small tool from here

Now your system is clean from this Scam Antivirus.
If you have any queries post it in the comments section or click the contact me pic above

Remove IE Antivirus Spyware

2008-07-08T12:16:00.000-07:00

This is one of the common spywares infecting systems around the world. When people reach these websites, they are made to believe that there systems are full of viruses, trojans & spywares and therefore they need to delete these viruses. Reading this people download and install the fake SPYWARE antivirus program and are thus infected with this spyware.
Remember its a SCAM and the spyware will ask you to buy the software online and take you to a website (Like this one)
Am I Infected
If a window like this troubles you each time you start windows and while you are working, with title IE Antivirus, then you are infected with this spyware and need to remove it as soon as possible.
Removal Steps
Follow the following steps to remove it

1. Open windows task manager(Ctrl+Alt+Del). Go to Processes Tab. Find the image name antivir.exe and highlight it. Next kill the process by clicking end process. Click yes on task manager warning.

2. Next go to control panel and Open Add remove programs. Find IE Antivirus and remove it. It will say the program looks to be already uninstalled but its not so.
3. Now go to C:\Program Files(assuming that you have windows in C drive) and delete the folder named IEAntiVirus.

You have deleted the spyware except that its to be removed from registry.
(Registry editing is dangerous and improper editing could lead to system crash) Please follow the following instructions very carefully otherwise can lead to system instability.
4. Go start menu-> Run-> type 'regedit' without commas-> press enter

5.Now in the left menu go to the following key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
On the right side spot antispy and delete it

6. Now go to
HKEY_CURRENT_USER\Software\IEAntiVirus
And delete the key 'IEAntivirus' by right clicking on it and selecting delete.

You have cleaned the Spyware from your system.

Remove Kavo.exe

2008-06-20T00:34:00.000-07:00

Well kavo.exe is a worm very similar to amvo.exe but very cumbersome to remove. Well here I will explain how to remove it manually & completely.

If your drves on double click are opening in new folder & you are not bing able to view your hidden folders & files (even after selecting show hidden flies from tools->folder options...), then you may be infected with this virus.

Well to be sure that you are infected with this virus do the following steps
1. click on start menu 2. click on RUN 3. type in there 'msconfig' without commas 4. go to the last tab named 'startup' 5. under the 'startup item' check if there is any item named 'KAVA'. Well if its there you got this virus.

The virus usually spreads through external drives like flash drives, pen drives etc.
It copies itself to all the drives on being run thus ensuring that the virus is activated as every time any drive is opened.

First of all as the virus hides the hidden files you need a software RRT to unhide them. To download the software click here.
Follow these easy steps to remove the virus

1. Open all the drives in new window (Just like here)

2. In an another window go to C:\windows\system32 folder (if your windows is in drive other than C use another drive letter)
3. Open registry editor by going to start->run->regedit (Registry editing could be dangerous if not done properly so be careful)
4. Now run the RRT utility and click on auto remove. Dont close the utility.
5. The utility helps in keeping hidden files unhidden but the virus keeps hiding the system files every few seconds. So you will have to perform this function every few seconds
Find the Tools option at the top of the window -> folder optiond ->view tab -> untick hide protected operating system(recommended) -> click yes on the warning and click apply

6. Now in the C:\windows\system32 folder trace these files and try deleting them using shift + Delete (You may have to redo 5th step to unhide them)
kavo.exe
kavo0.dll
kavo1.dll
kavo2.dll
kavo3.dll
You may be able to delete all of them except one. Dont worry we will treat with it later.
7. As I have told you earlier that virus copies it self to all the drives we need to proceed to the drives now. You will have to repeat step 5 on each drive atleast once. Its assumed that you have all the drives already opened in new different windows.
8. The virus makes a common file with an extension of .bat(example 1.bat) in each drive. Find out the common .bat file in each folder and delete them along with the autorun.inf file. To enable exensions do the following
Find the Tools option at the top of the window -> folder optiond ->view tab -> untick hide extensions for known file types -> click apply
9. Well now we need to do some registry editing to open registry editor go to
start-> run-> type regedit & enter
10. Go the following key & delete value named 'kava'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Now search thw whole of registry with the name 'kava' and delete all instances where you find it in use with word 'kavo'(Use ctrl + F to search & F3 to find next).
11. Now you are almost done. Just log off and log in again into windows (start->log off) and delete the file from the sixth step which you couldn't. You should be able to do it now.

Well now you are free from the Kavo.exe virus.

Remove Sandeep Verma virus i.e. snake.exe.vbs

2008-06-13T06:26:00.000-07:00

The virus also known as snake.exe.vbs is in form a vbs script which copies itself in the system32 folder and adds itself to the startup items so that it starts as soon as windows boots. The most common feature of this virus is that it sets the homepage of your internet explorer to http://sandeep-verma.blogspot.com

The virus creates the following files in system32 folder
snake.exe.vbs

To remove the virus you need to first of all kill the following process
wscript.exe

Next delete the virus i.e. the following files from the removable media if the virus came from there.
snake.exe.vbs
autorun.inf

Next go to C:\WINDOWS\system32 folder and find the following file and delete it
snake.exe.vbs
(It may be hidden. You may need RRT a free tool to show hidden files)

Now you need to do some editing with the registry.
(Be careful before you edit registry. Improper edition could lead to system crash)

Go to the following key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\AutoRun\command
On the right hand side there will be value of default with data of wscript.exe snake.exe.vbs
Click on default and delete the value data and click ok.

Repeat the above procedure for the following key also
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\open\Command

Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
And find the value userinit with data value C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\snake.exe.vbs
Change it to C:\WINDOWS\system32\userinit.exe

Now to correct the internet explorer settings go to
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Find the Value Start Page. It will be having data as http://sandeep-verma.blogspot.com/
Change the data value to about:blank

Next below it you will find a value named Window Title with data as Sandeep Verma
Click the Name and delete the data.

Congrats! Now you are free from Sandeep Verma Virus

Remove Kinza.exe

2008-06-12T09:07:00.000-07:00

The following files are created in the system32 folder
kinza.exe
fiber.exe
boot.vbs
actmon.ini
The following variation may also be there
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll

Kill the following processes with your username from task manager
wscript.exe
cmd.exe
netsh.exe

First of all the taskmanager, registry editor & folder options may be disabled
To enable it use the free tool RRT (To Download click here)
On How to use it click here

Change the following registry values
(Be careful before you edit registry. Improper editing could lead to system crash)
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
On the Right Side find the entry named Userinit
It will have data as
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs

Change it to
C:\WINDOWS\system32\userinit.exe

Now delete the following files located at C:\windows\system32\
kinza.exe
fiber.exe
actmon.ini
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll

The virus disables windows firewall which you have to activate by going to control panel, clicking on security center, and then on windows firewall. It will say that the service has been stopped, do you want to start it. Click yes to start the firewall again.

Delete the following registry values to complete the removal of unnecessary registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shellnoroam\MUICache
On the right side locate and delete value c:\windows\system32\fiber.exe

Contact me

2008-06-10T10:33:00.000-07:00

Please feel free to contact me at my email muditgoyal1131@yahoo.co.in
Also you can post in the comments section.
I will try my best to solve your virus related problems asap.

Also if you want me to personally remove virus from your pc, I would be available for minimal charges. Just shoot me a mail and we can set up time which is suitable to both of us. I would be cleaning the virus by remote controlling your pc using a specialized software in which you would also have a full control over your pc.

As for now
Happy Virus Hacking