How to remove Advanced Virus Remover

Fake : Advanced Virus remover (2009 - 2010)





Files Created
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Program Files\AdvancedVirusRemover\AVR.exe

C:\Program Files\AdvancedVirusRemover\Viruses.bdt

C:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.exe

C:\Windows\system32\AVR10.exe
C:\Windows\system32\41.exe
C:\Windows\system32\winupdate86.exe
C:\Windows\system32\winhelper86.dll
C:\Windows\system32\critical_warning.html
C:\s

%UserProfile%\Desktop\Viruses.bdt

%UserProfile%\Desktop\Advanced Virus Remover.lnk

%UserProfile%\Start Menu\Advanced Virus Remover.lnk

%UserProfile%\Application Data\Microsoft\Internet Explorer\

Quick Launch\AdvancedVirusRemover.lnk

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\

Advanced Virus Remover.lnk

%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\cookies.sqlite

Registry Modifications

Keys Added

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

HKCU\Software\AVR

Values Added

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\

NoChangingWallpaper = 0x00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\

NoSetActiveDesktop = 0x00000001

NoActiveDesktopChanges = 0x00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

HKCU\\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

winupdate86.exe = C:\Windows\System32\winupdate86.exe"

Advanced Virus Remover = C:\ProgramFiles\AdvancedVirusRemover\AVR.exe

AdvancedVirusRemover = C:\ProgramFiles\AdvancedVirusRemover\AVR.exe

PAVRM.exe = C:\Program Files\AdvancedVirusRemover\PAVRM.exe

PAVRM = C:\Program Files\AdvancedVirusRemover\PAVRM.exe

AVR = C:\Program Files\AdvancedVirusRemover\PAVRM.exe

HKCU\Software\

8636065b-fef0-4255-b14f-54639f7900a4 =

"8636065b-fef0-4255-b14f-54639f7900a4"

5222009A-DD62-49c7-A735-7BD18ECC7350 =

"5222009A-DD62-49c7-A735-7BD18ECC7350"

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

Wallpaper = "%System%\critical_warning.html"

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoSetActiveDesktop = 0x00000001

NoActiveDesktopChanges = 0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = 0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableTaskMgr = 0x00000001

HKCU\Software\Microsoft\Internet Explorer\Main\

NotifyDownloadComplete = "yes

HKCU\Software\AVR\

LastVFC = "25"

VirList = "71255354154320429142454491823411617202092515"

LastD = "18"

LastVFC = "25"

VirList = "504115033127181484212398385028451851153126451537"

LastD = "20"

LastScan = "20.11.2009 08:16

Values deleted

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\

Wallpaper = ""

The following Registry Value was modified:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\

WallpaperLocalFileTime =

Hosts modified

89.149.210.61 www.google.com

89.149.210.61 www.google.de

89.149.210.61 www.google.fr

89.149.210.61 www.google.co.uk

89.149.210.61 www.google.com.br

89.149.210.61 www.google.it

89.149.210.61 www.google.es

89.149.210.61 www.google.co.jp

89.149.210.61 www.google.com.mx

89.149.210.61 www.google.ca

89.149.210.61 www.google.com.au

89.149.210.61 www.google.nl

89.149.210.61 www.google.co.za

89.149.210.61 www.google.be

89.149.210.61 www.google.gr

89.149.210.61 www.google.at

89.149.210.61 www.google.se

89.149.210.61 www.google.ch

89.149.210.61 www.google.pt

89.149.210.61 www.google.dk

89.149.210.61 www.google.fi

89.149.210.61 www.google.ie

89.149.210.61 www.google.no

89.149.210.61 search.yahoo.com

89.149.210.61 us.search.yahoo.com

89.149.210.61 uk.search.yahoo.com

URLs to be download / data identified

http://advanced-virusremover2010.com/buy/?code=00000920

http://advanced-virusremover2010.com/buy/jq.js

http://downloadavr10.com/loads.php?code=0001001

http://downloadavr10.com/dfghfghgfj.dll

http://testavrdown.com/cgi-bin/get.pl?l=0001001

http://downloadavr10.com/cgi-bin/download.pl?code=0001001

http://advanced-virusremover2010.com/buy/?code=0000112

http://downloadavr11.com/loads.php?code=0001122

http://downloadavr11.com/dfghfghgfj.dll

http://testavrdown.com/cgi-bin/get.pl?l=0001122

http://downloadavr11.com/cgi-bin/download.pl?code=0001122

http://downloadavr10.com/loads.php?code=0000070

http://downloadavr10.com/dfghfghgfj.dll

http://downloadavr10.com/cgi-bin/download.pl?code=0000070

http://testavrdown.com/cgi-bin/get.pl?l=0000070

http://advanced-virusremover2010.com/buy/?code=00000000

===================================================

วิธีกำจัด Fake : Advanced Virus remover (2009-2010)

===================================================

Download Fix Tool : PeeTechFix-Advanced Virus Remover , Hijack This

1. Run PeeTechFix-Advanced Virus remover 1.0

2. ใช้ Hijack This Fix บรรทัด 01 - Hosts

O1 - Hosts: 89.149.210.61 www.google.com

O1 - Hosts: 89.149.210.61 www.google.de

O1 - Hosts: 89.149.210.61 www.google.fr

O1 - Hosts: 89.149.210.61 www.google.co.uk

O1 - Hosts: 89.149.210.61 www.google.com.br

O1 - Hosts: 89.149.210.61 www.google.it

O1 - Hosts: 89.149.210.61 www.google.es

O1 - Hosts: 89.149.210.61 www.google.co.jp

O1 - Hosts: 89.149.210.61 www.google.com.mx

O1 - Hosts: 89.149.210.61 www.google.ca

O1 - Hosts: 89.149.210.61 www.google.com.au

O1 - Hosts: 89.149.210.61 www.google.nl

O1 - Hosts: 89.149.210.61 www.google.co.za

O1 - Hosts: 89.149.210.61 www.google.be

O1 - Hosts: 89.149.210.61 www.google.gr

O1 - Hosts: 89.149.210.61 www.google.at

O1 - Hosts: 89.149.210.61 www.google.se

O1 - Hosts: 89.149.210.61 www.google.ch

O1 - Hosts: 89.149.210.61 www.google.pt

O1 - Hosts: 89.149.210.61 www.google.dk

O1 - Hosts: 89.149.210.61 www.google.fi

O1 - Hosts: 89.149.210.61 www.google.ie

O1 - Hosts: 89.149.210.61 www.google.no

O1 - Hosts: 89.149.210.61 search.yahoo.com

O1 - Hosts: 89.149.210.61 us.search.yahoo.com

O1 - Hosts: 89.149.210.61 uk.search.yahoo.com

-----------------------------------------------------------------------

หรือ download Host จาก mvp.org

Download: hosts.zip [right-click - Select: Save Target As] [Updated NOV-13-2009]

โดยแตกไฟล์แล้ว run ไฟล์ MVPS.bat หรือนำไฟล์ Hosts ไปวางที่ตำแหน่ง

C:\WINDOWS\system32\drivers\etc

เพื่อ block website download fake

ส่วนใครที่ใครใช้ Windows vista ให้ศึกษาเพิ่มเติมจาก link นี้ครับ

Blocking Unwanted Parasites with a Hosts File

http://www.mvps.org/winhelp2002/hosts.htm

และขอแนะนำให้ ติดตั้งโปรแกรม mcafee advisor เพื่อตรวจสอบ website ที่กำลังจะเข้าไปเยี่ยมชม