How to remove Antivirus Smart Protection

January 25th, 2012
Home » Rogue Anti-Spyware » Antivirus Smart Protection Repair and protect your computer easily. Download Antivirus Smart Protection removal tool

Antivirus Smart Protection description

Antivirus Smart Protection is rogue software and it should be removed right upon detection. The tool is able to mimic some action of virus removers but it is not able to detect or delete malware. Antivirus Smart Protection is only capable of “detecting” files it installs itself. That’s right: it brings a bunch of useless files and later it demands purchasing Antivirus SmartProtection license for deleting the imaginary infections. Avoid the trap and remove Antivirus Smart Protection as soon as its pop-ups appear on your screen.

Deleting Antivirus Smart Protection might be difficult because it may block regular security tools. Use U2FD-S2LA-H4KA-UEPB “registration code” for temporary disable of Antivirus Smart Protection fraud.

How to get rid of Antivirus Smart Protection

This infection can be removed using Spyware Doctor.

Download does not start? Try a mirror download here

Spyware Doctor is widely valued as one of the best AntiSpyware programs available to protect you from Antivirus Smart Protection and the latest internet security threats. If your computer is infected with Antivirus Smart Protection we strongly recommend automatic spyware scanner.

How to manually remove Antivirus Smart Protection

To get rid of spyware such as Antivirus Smart Protection you need to remove processes, search and delete registry keys, DLL and other Antivirus Smart Protection related files from your computer.

Take Note: The manual process of removing spyware from your computer is difficult and puts you at risk of damaging your computer. We advise using our automatic Antivirus Smart Protection remover.

  1. Uninstall Antivirus Smart Protection from Control Panel
    Start > Settings > Control Panel > Add/Remove Programs. Double click to uninstall.
  2. End these Antivirus Smart Protection processes:
    runddlkey.exe
    eb.exe
    ASa76.exe
    ScanDisk_.exe
    To stop processes press Ctrl + Alt + Del or click Start > Run > type "taskmgr". Select malicious process in the list and click "End Process" button.
  3. Unregister Antivirus Smart Protection DLL files:
    cb.dll
    mozcrt19.dll
    sqlite3.dll
    To unregister DLL click Start > Run > type "regsvr32 /u PATH_TO_FILE/FILE.dll"
  4. Delete Antivirus Smart Protection registry entries: HKEY_CURRENT_USER\Software\3
    HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
    HKEY_CLASSES_ROOT\AS3f2_8046.DocHostUIHandler
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8046&q={searchTerms}"
    HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8046&q={searchTerms}"
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "78990148703"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "ver:2.08046"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus Smart Protection"
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe = "svchost.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe = "svchost.exe"
    To open registry editor click Start > Run > type "regedit".
    Warning! Manual registry entries editing may cause damage to your system.
    Download Uniblue RegistryBooster 2010 to scan for registry errors.
  5. Search and delete these Antivirus Smart Protection related files:
    %AppData%\Antivirus Smart Protection\
    %AppData%\Antivirus Smart Protection\cookies.sqlite
    %AppData%\Antivirus Smart Protection\Instructions.ini
    %AppData%\Antivirus Smart Protection\ScanDisk_.exe
    %AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Smart Protection.lnk
    %CommonAppData%\79b35\
    %CommonAppData%\79b35\ASa76.exe
    %CommonAppData%\79b35\ASP.ico
    %CommonAppData%\79b35\5162.mof
    %CommonAppData%\79b35\mozcrt19.dll
    %CommonAppData%\79b35\sqlite3.dll
    %CommonAppData%\79b35\BackUp\
    %CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk
    %CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk
    %CommonAppData%\79b35\ASPSys\
    %CommonAppData%\79b35\Quarantine Items\
    %CommonAppData%\ASPHEP\
    %CommonAppData%\ASPHEP\ASZNFSJTNP.cfg
    %Desktop%\Antivirus Smart Protection.lnk
    %UserProfile%\Recent\cb.dll
    %UserProfile%\Recent\CLSV.drv
    %UserProfile%\Recent\CLSV.sys
    %UserProfile%\Recent\eb.exe
    %UserProfile%\Recent\exec.drv
    %UserProfile%\Recent\FS.tmp
    %UserProfile%\Recent\kernel32.tmp
    %UserProfile%\Recent\PE.drv
    %UserProfile%\Recent\PE.sys
    %UserProfile%\Recent\PE.tmp
    %UserProfile%\Recent\ppal.tmp
    %UserProfile%\Recent\runddlkey.exe
    %UserProfile%\Recent\runddlkey.sys
    %UserProfile%\Recent\snl2w.sys
    %StartMenu%\Antivirus Smart Protection.lnk
    %StartMenu%\Programs\Antivirus Smart Protection.lnk

Tags

, , ,

Similar Threats

One Response on Antivirus Smart Protection removal

  • 1
    AV Security Essentials uninstall guide
    February 6th, 2012 11:09

    [...] The parasite is also a clone of fake Smart Anti-Malware Protection, Malware Protection Center, Antivirus Smart Protection programs [...]

Leave a Reply

«
»

  • Search