Removal Instructions for the New Rogue Spyware

Removal Instructions for the New Rogue Spyware System Fix

Files to be removed manually ;

 

Windows XP;

 

%AllUsersProfile%\~<random>
%AllUsersProfile%\~<random>
%AllUsersProfile%\<random>
%AllUsersProfile%\<random>.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
%Desktop%\System Fix.lnk
%StartMenu%\Programs\System Fix\
%StartMenu%\Programs\System Fix\System Fix.lnk
%StartMenu%\Programs\System Fix\Uninstall System Fix.lnk

 

Windows 7 / Vista  

 

C:\ProgramData\QKFiHMoSiU46tv’.

C:\ProgramData\~QKFiHMoSiU46tv’.

C:\ProgramData\~QKFiHMoSiU46tvr’.

C:\ProgramData\QKFiHMoSiU46tv.exe’.

C:\ProgramData\dSPEfJqNGav.exe’.

C:\Users\%UserProfile%\Desktop\System Fix.lnk’.

C:\Users\%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk’.

C:\Users\%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix’.

 

Associated System Fix Windows Registry Entries ;

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’

Kuttus

Kuttus is an IT professional and a part time blogger. He has started the 123seminarsonly to write his findings gained in daily work life. Kuttus writes articles which are mostly related to technology and Virus Removal. He has been interested in virus and Malware removal. He is working as a remote virus removal technician from the last 7 year.

More Posts - Website

Comments are closed.