(adsbygoogle = window.adsbygoogle || []).push({});

Welcome to the Ultimate Virus Removal Thread

In this thread there will be guides on how to remove nasty viruses which disguise themselves as Anti-Virus programs. Most of these viruses come from the group named Rogue.

For all those of you who have had a virus like this you should know what they are like. And for those who haven't trust me they are a nasty bunch. These viruses specialize in fooling the user into giving out Credit card details and other valuable information.

Here is my advice to you. If your windows security starts acting up and it says your computer/laptop is infected, you should click on it (the speech bubble). If a program appears which you have never installed or seen before, immediately close it and make sure you write down what the programs name is. After you close the program make sure you restart your computer/laptop. When your computer/laptop restarts get on this thread and make sure you look at the page with the program, follow the instructions on how to remove the program and be sure to follow it all up by getting a Anti-Virus program.

If you are premium I suggest that you take a look at this thread

You must login or register to view this content.

If you are not premium I suggest you take a look at this thread

You must login or register to view this content.

Note: If the program's removal guide is not in this thread please do not hesitate to reply giving the programs name and I should get the removal guide for that program up

[multipage=AV Security Removal Guide]

How to Remove an AV Security Virus

The AV Security Virus, also referred to as Antivirus Security, is a virus that disguises itself as a legitimate antivirus program. The virus informs you that your computer is infected and offers to remove the infection if you click on a link. The link leads to a malicious site that downloads additional Trojans onto your computer. The AV Security Virus is not just annoying, but it also attempts to procure your financial information and slows down your computer.

Instructions:

Delete Infected Files

Step 1
Click on the "Start" menu.

Step 2
Click on "Search Files and Folders."

Step 3
Search for and delete the following files:

"Desktop\Antivirus Security.lnk"
"Start Menu\Antivirus Security"
"Start Menu\Antivirus Security\Antivirus Security.lnk"
"Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Security.lnk"
"C:\WINDOWS\system32\scui.cpl"

Delete Infected Registry Keys

Step 1
Click on the "Start" menu.

Step 2
Click on "Run."

Step 3
Type "regedit" (without the quotation marks) into the box.

Step 4
Delete the following registry keys by right-clicking on each one, selecting "Modify" and then selecting "Delete":

"HKEY_CURRENT_USER\Software\9178374C66E059CC11C19DCD899FD538"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AV9"

Step 5
Download or purchase an antivirus program and run it. This will remove any malicious files and registry keys you might have missed. And it will help prevent other viruses from infecting your computer in the future.

[multipage=Lop Malware Removal Guide]

How to Remove Lop Malware

Lop is a browser hijacker virus. This means that, once Lop infects your computer, it changes your Internet homepage and redirects your Internet searches. In addition, Lop may add shortcuts to your desktop and flood your computer with pop-up advertisements. You can remove Lop by running your anti-virus program. Alternatively, you can remove the Lop virus manually. Note that manual removal involves editing the Windows Registry. This is a technical process that, if done incorrectly, can cause serious systemwide problems.

Instructions:

Step 1
Click on the "Start" menu.

Step 2
Type "regedit" into the Search Programs and Files box and press "Enter." Alternatively, if you are using a version of Windows prior to Windows Vista, you will need to click "Run" then type "regedit" into the Run box and click "OK." The Windows Registry Editor opens.

Step 3
Locate the following registry values in the left pane of the Windows Registry Editor and delete them. To delete a registry value, right-click on it and select "Delete."

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[filename]"
"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d44b5436-b3e4-4595-b0e9-106690e70a58}"
"HKEY_USERS\s-1-5-21-796845957-842925246-1060284298-500\software\trinityayb"

Step 4
Close the Windows Registry Editor and restart your computer.

[multipage=Torjan Conhook Removal Guide]

How to Remove Trojan Conhook

Trojan Conhook, also known as TojanDownloader.ConHook.I, is a Trojan downloader. Once this Trojan has infected your computer, it opens a security hole which is used to download additional Trojans. Moreover, Trojan Conhook may slow your computer, delete your files, change your system configuration and redirect your Internet searches. Remove Trojan Conhook completely by following the steps below.

Instructions:

Delete Registry Entries

Step 1
Click "Start", type "regedit" in the "Search Programs and Files" box and press "Enter". The Windows Registry Editor opens.

Step 2
Locate and delete the following registry values. To delete a registry value, right-click on it and select "Delete". If you do not want to scroll through the list of registry values, you can use the search feature by clicking "Edit" and then "Find".

592c5400-e9ef-4ac2-b2f1-fe7449de5f06
9f8edfc4-7a11-4f2d-95bf-9c7d57ab25cf
7148cbb8-ba49-41d9-a2cd-79d6b5fc25c5
1799bf3b-0f5a-41e6-bed2-939773bf5fbd
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\faiafgge
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ixsall
016F8D91-0562-41F9-BE72-AD4AD01F0155
4E86A50B-A7FF-4cae-B8B7-28A13B6D46F0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvu
77181ABF-C9ED-4D9A-B3CE-19256A287788

Step 3
Close the Windows Registry Editor.

Delete Dynamic Link Library Files

Step 1
Click on the "Start" menu, type "cmd" in the "Search Programs and Files" box and press "Enter". The Windows Command Prompt opens.

Step 2
Type the following commands at the Windows Command Prompt. Press "Enter" after each command. Click "Yes" when asked if you would like to confirm.

regsvr32 /u ovgypg.dll
regsvr32 /u uucvtt.dll
regsvr32 /u sldgtk.dll
regsvr32 /u ixsall.dll
regsvr32 /u tuvvu.dll

Step 3
Close the Windows Command Prompt.

End Process Files

Step 1
Press "Ctrl" + "Alt" + "Delete".

Step 2
Click on "Start Task Manager", and then click on the "Processes" tab.

Step 3
End each of the following processes. To end a process, select the process and then click "End Process".

ixsall.dll
tuvvu.dll
ovgypg.dll
uucvtt.dll
sldgtk.dll

[multipage=Micro Antivirus Removal Guide]

How to Remove the Micro Antivirus

There are literally hundreds of anti-virus programs. Some hackers have used the prevalence of anti-virus programs to their advantage by marketing rogue anti-virus programs. Micro Antivirus is one such program. Micro Antivirus appears on your computer in the form of a pop-up notifying you that your computer is under attack from viruses. Micro Antivirus then attempts to convince you to communicate your financial information so that these viruses can be removed.

Instructions:

End Processes

Step 1
Press "Ctrl" + "Alt" + "Delete".

Step 2
Click on "Start Task Manager" and then click on the "Processes" tab of the Windows Task Manager.

Step 3
Click on "microAV.exe" and then click "End Process". Ending the process will stop the computer virus from running, so that you can permanently remove it.

Delete Registry Values

Step 1
Click on the "Start" menu.

Step 2
Type "regedit" in the "Search Programs and Files" box, and then press "Enter". The Windows Registry Editor opens. Note that, according to Microsoft, using the Windows Registry Editor incorrectly can cause serious system-wide problems that may require the re-installation of Windows. Thus, you should proceed with caution.

Step 3
Locate and delete the following registry values from the Windows Registry Editor. To delete a registry value, right-click on it and select "Delete".

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Micro Antivirus 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ANTIVIRUS
HKEY_CURRENT_USER\Software\MicroAV
HKEY_CURRENT_USER\Software\AntiVirus
HKEY_CLASSES_ROOT\.key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ANTIVIRUS

Delete Files and Folders

Step 1
Click on the "Start" menu.

Step 2
Click on the "Search Programs and Files" box.

Step 3
Search for and remove the following files and folders. To remove a file or folder, right-click on the file or folder in the Results List and select "Delete".

C:\WINDOWS\system32\MicroAV.cpl
C:\Program Files\MicroAntivirus\microAV1.dat
C:\Program Files\MicroAntivirus\microAV.ooo
C:\Program Files\MicroAntivirus\microAV.cpl
C:\Documents and Settings\Bleeping\Desktop\MicroAntivirus.lnk
C:\Program Files\MicroAntivirus\microAV0.dat
C:\Program Files\MicroAntivirus

[multipage=Trojan Zeno Virus Removal Guide]

How to Remove a Trojan Zeno Virus

Trojan Zeno is a software program that installs itself on your computer and proceeds to launch unsolicited pop-up advertisements. These pop-up advertisements may seem harmless, but they can monitor your online behavior and even record your personal information. Moreover, Trojan Zeno can download additional malicious software onto your computer. As soon as you notice Trojan Zeno on your computer, remove it immediately and take steps to sure it does not return.

Instructions


End Processes

Step 1
Press "Ctrl" + "Alt" + "Delete."

Step 2
Click on "Start Task Manager" and then click on the "Processes" tab.

Step 3
Click on "Show Processes From All Users."

Step 4
End each of the following processes. To end a process, click on the process and then click "End Process."

"kwinosap.exe"
"inst3.exe"
"dwdsregt.exe"
"lwinmrag.exe"
"lwinnsap.exe"
"lwintqag.exe"
"mwinkqez.exe"
"mwinnag.exe"
"zigi.exe"
"kwinpsap.exe"
"kwinrqez.exe"
"kwintqez.exe"
"lwinksaw.exe"
"mwinnsai.exe"
"mwinprag.exe"
"nwinlqez.exe"
"nwinmqez.exe"
"nwinpsaw.exe"
"owinmqez.exe"
"owinnrag.exe"
"swinkqez.exe"
"swinnsap.exe"
"swinpqez.exe"
"swinrqaf.exe"
"swinsrag.exe"
"thiselt.exe"
"twinkqez.exe"
"twinrsag.exe"
"twintqez.exe"
"ysysuv6d.exe"
"zxinst12.exe"
"twinoqez.exe"
"twinpqez.exe"
"pwinlqez.exe"

Step 5
Close the Windows Task Manager.

Delete Files

Step 1
Click on the "Start" menu.

Step 2
Click on the "Search Programs and Files" box.

Step 3
Search for and delete the following files. To delete a file, right-click on the file and select "Delete."

"kwinosap.exe"
"inst3.exe"
"dwdsregt.exe"
"zigi.exe"
"lwinksaw.exe"
"lwinmrag.exe"
"lwinnsap.exe"
"kwinpsap.exe"
"kwintqez.exe"
"kwinrqez.exe"
"lwintqag.exe"
"msnav32.ax"
"mwinkqez.exe"
"mwinnag.exe"
"mwinnsai.exe"
"mwinprag.exe"
"mwinqqez.exe"
"nwinkrag.exe"
"nwinlqez.exe"
"nwinmqez.exe"
"nwinpsaw.exe"
"nwinqqez.exe"
"nwinssaw.exe"
"owinkqez.exe"
"pwintrai.exe"
"qwinlsap.exe"
"qwinlsaw.exe"
"zxdnt3d.cfg"
"zxinst12.exe"
"BrowserUpdateSched"
"pwinlqez.exe"

Turn On Windows Defender

Step 1
Click on the "Start" menu.

Step 2
Click on "All Programs" and then "Windows Defender."

Step 3
Check the box next to "Use Windows Defender" and then click "Save." Windows Defender is now turned on. Windows Defender will help protect your computer from becoming infected with the Zeno virus in the future.

[multipage=Disclaimer]

Please do not hesitate to reply leaving any requests that you would like.

Thanks,
Killakk

Search for Glary Utilities, because most of the time these days, virus's contain crap that change your registry, so it cleans it for you and does alot of other cleanup things.

I use this and Avast.

Thanks mate

thanks for this killakk +rep for the ork you put into this

Great post very informative

Thanks for the feedback lads
Hope this helps

great post

Ok mate, what's wrong? Why shouldn't he rep me :p
I did the work didn't I?

killakk <3 im using a spybot to find virus it finished scanning and it said ive had 8 entries from keyloggers when i try to remove them it says i must be the admin when i am and it wont let me remove the key loggers help please! <3 +rep for awesome thread

get a mac and you will never get virus's