How to remove ProtectShield

ProtectShield is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detects it as ProtectShield2010.FakeSmoke

ProtectShield2010 Graphic Interface


 (Click on graphic to enlarge)

How to remove ProtectShield:

If  ProtectShield has infected your pc, you should remove it immediately. Click here to use VIPRE to remove ProtectShield from your computer now.

How to remove Spyware Protection

Spyware Protection is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detects it as SpywareProtection.FakeRean

SpywareProtection uses a PDF exploit which VIPRE detects as Exploit.PDF-JS.Gen (v)

SpywareProtection graphic interface


(Click on graphic to enlarge)

How to remove Spyware Protection:

Spyware Protection installs itself in a module: %APPDATA%\defender.exe.

If  Spyware Protection has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Spyware Protection from your computer now.

How to remove Antivirus Action

Antivirus Action is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detection Trojan.Win32.Generic.pak!cobra

Antivirus Action sale screen


(Click on graphic to enlarge)

Antivirus Action graphic interface

 
(Click on graphic to enlarge)

How to remove Antivirus Action:

If Antivirus Action has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Antivirus Action from your computer now.

How to remove HDDLow

HDDLow is the latest rogue security product in the Defragger family. It pretends to find hard drive errors and other problems on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detection: HDDLow.FakeSysDef

HDDLow graphic interface



(Click on graphic to enlarge)

How to remove HDDLow:

If HDDLow has infected your PC, you should remove it immediately. Click here to use VIPRE to remove HDDLow from your computer now.

How to remove Personal Internet Security 2011

Personal Internet Security 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It replaces InternetAntivirus2011 in the FakeVimes family.

Personal Internet Security 2011 install screen


(Click on graphic to enlarge)


Personal Internet Security 2011 graphic interface


(Click on graphic to enlarge)

How to remove Personal Internet Security 2011:

If Personal Internet Security 2011 has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Personal Internet Security 2011 from your computer now.

How to remove Scanner

Scanner is a rogue security product -- a clone of the Defragger rogue -- that pretends to find hard drive errors and other problems on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE threat name: Scanner.FakeSysDef

Scanner graphic interface

 
(Click on graphic to enlarge)

How to remove Scanner:

If Scanner has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Scanner from your computer now.

DiskRepair rogue of the FakeSysDef Family

DiskRepair is a rogue of the FakeSysDef  (Fake system Defragmenter Family that uses fake alerts stating hard drive and windows system error that then generates a fake scan mimicking  a real Windows defragging screen.

This family of rogues is also known to be infect computers with one of the TDL2, TDL3, or TDL4 MBR rootkit Trojans.

 (Click on graphic to enlarge)


(Click on graphic to enlarge)

 
(Click on graphic to enlarge)

You can download a free trial to remove the rogues of the DiskRepair rogue from your PC  for no cost by clicking on the link below:
http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/
 If you are unable to download and install our malware removal tool because this has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:
http://live.sunbeltsoftware.com/

How to remove HDDoctor

HDDoctor is a rogue security product in the FakeRean family that pretends to find system errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

It will automatically reboot the computer with its fake windows reboot.

Unlike the ThinkPoint with its fake Security Essentials fake alert this one uses other fake alerts.

HDDoctor warning screens:

 
(Click on graphic to enlarge)

 
(Click on graphic to enlarge)

 
(Click on graphic to enlarge)

HDDoctor graphic user interface


(Click on graphic to enlarge)

How to remove HDDoctor:

If HDDoctor has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDoctor from your computer now.

How to remove WindowsOptimizationCenter

WindowsOptimizationCenter is a rogue security product that pretends to find system problems and privacy exposures on a victim’s machine in order to frighten him or her into purchasing this useless application.

Windows Optimization Center warning screens
|


(Click on graphic to enlarge)

 
(Click on graphic to enlarge)

WindowsOptimizationCenter graphic interface

(Click on graphic to enlarge)

WindowsOptimizationCenter payment screen

 
(Click on graphic to enlarge)

WindowsOptomiozationCenter installs itself in a file named:

%APPDATA%\protect.exe

How to remove WindowsOptimizationCenter:

If WindowsOptimizationCenter has infected your pc, you should remove it immediately. Click here to use VIPRE to remove WindowsOptimizationCenter from your computer now.

How to remove Defragmenter

Defragmenter is a rogue security product that pretends to be a multi-function security application and find problems on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE Threat name: Defragmenter.FakeSysDef

Defragmenter graphic interface



(Click on graphic to enlarge)

How to remove Defragmenter:

If  Defragmenter has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Defragmenter from your computer now.

How to remove Antivirus Scan

Antivirus Scan is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It replaces AntivirusAction in the FakeSpyPro family of rogues.

VIPRE detects it as:VirTool.Win32.Obfuscator.ah!m (v)

Antivirus Scan graphic interface

 
(Click on graphic to enlarge)

How to remove Antivirus Scan:

If  Antivirus Scan has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Antivirus Scan from your computer now.

How to remove Antivirus 2010 RTK

Antivirus 2010 RTK is an especially dangerous rogue security product that hijacks a victim’s desktop (stopping him from running other applications) and installs a rootkit that VIPRE detects as Trojan.Win32.Olmarik.agn (v).

The rootkit gives complete access to the victim’s PC, which can allow monitoring of all activities and enable the rogue distributor to steal passwords and other confidential information.

It also pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

The rogue is an update of Antivirus 2010, which appeared in early December.

Antivirus 2010 RTK graphic interface



(Click on graphic to enlarge)

Antivirus 2010 RTK warning screen



(Click on graphic to enlarge)

Antivirus 2010 RTK fake warning screen after desktop hijacking

The desktop hijacking can occur as much as 20 minutes after the victim first becomes infected.




Analysis tool GMER indication of a rootkit installation



(Click on graphic to enlarge)

How to remove Antivirus 2010 RTK:

Antivirus 2010 RTK installs itself as a replacement for userinit.exe file which it needed to boot the PC:

running as a Service
Antivirus 2010
\\.\globalroot\systemroot\system32\us?rinit.exe

To remove it, open a DOS terminal window and rename the real userinit.exe. Rename us?erinit.exe (to a name without the question mark) then restore the original “userinit.exe” to its correct spelling.

Caution: if the machine is rebooted before the original userinit.exe is restored, it will become unbootable.

Click here to use VIPRE to remove other files associated with Antivirus 2010 RTK from your computer now.

How to remove Personal Security Sentinel

Personal Security Sentinel is a rogue security product in the FakeVimes family that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detects its main module as FraudTool.Win32.FakeVimes (fs) (which was put in VIPRE detections in 2009)

Personal Security Sentinel graphic interface:


(Click on graphic to enlarge)

How to remove Personal  Security Sentinel:

If  Personal Security Sentinel has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Personal Security Sentinel from your computer now.

How to remove HDDTools

HDDTools is the latest rogue security product in the FakeAV-defrag family. It pretends to find hard drive errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

HDDTools graphic interface:


(Click on graphic to enlarge)

How to remove HDDTools:

If  HDDTools has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDTools from your computer now.

How to remove SmartHDD

SmartHDD is a rogue security product that pretends to find hard drive problems on a victim’s machine in order to frighten him or her into purchasing this useless application.

SmartHDD graphic interface

 
(Click on graphic to enlarge)

How to remove SmartHDD:

If SmartHDD has infected your PC, you should remove it immediately. Click here to use VIPRE to remove SmartHDD from your computer now.

How to remove HDDDiagnostic

HDDDiagnostic is the latest rogue security product in the FakeAV-defrag family. It pretends to find hard drive errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detection: FakeSysDef

HDDDiagnostic warning



HDDDiagnostic warning



HDDDiagnostic graphic interface



(Click on graphic to enlarge)

How to remove HDDDiagnostic:

If  HDDDiagnostic has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDDiagnostic from your computer now.

How to remove HDDRepair

HDDRepair is a rogue security product that pretends find hard drive errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

HDDRepair graphic interface:



(Click on graphic to enlarge)

How to remove HDDRepair:

If HDDRepair has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDRepair from your computer now.

How to remove HDDRescue

HDDRescue is a rogue security product that pretends to find hard drive errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

HDDRescue graphic interface:

 

(Click on graphic to enlarge)

How to remove HDDRescue:

If HDDRescue has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDRescue from your computer now.

How to remove HDDPlus

HDDPlus is a rogue security product that pretends to find hard drive errors on a victim’s machine in order to frighten him or her into purchasing this useless application. It is a clone of the defragger rogues.

HDDPlus warning screens:

 
(Click on graphic to enlarge)
 
(Click on graphic to enlarge)

HDDPlus graphic interface:


(Click on graphic to enlarge)

How to remove HDDPlus:

If  HDDPlus has infected your pc, you should remove it immediately. Click here to use VIPRE to remove HDDPlus from your computer now.

How to remove Security Shield

Security Shield is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. VIPRE detects it as SecurityShield.

Security Shield graphic user interface:



(click on graphic to enlarge)

Security Shield fake warning screen:


(click on graphic to enlarge)

Security Shield fake firewall alert screen:



(click on graphic to enlarge)

How to remove Security Shield:

If Security Shield has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Security Shield from your computer now.

How to remove Privacy Corrector

Privacy Corrector is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It is a clone of PrivacyGuard2010.

Privacy Corrector graphic interface:

 

(Click on graphic to enlarge)

Directories created:
       
c:\Program Files\PC\Privacy Corrector
c:\Documents and Settings\All Users\Start Menu\Programs\PrivacyCorrector

How to remove Privacy Corrector:

If  Privacy Corrector has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Privacy Corrector from your computer now.

How to remove PCoptimizer 2010

PCoptimizer 2010 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It's a clone of PrivacyGuard2010.

PCoptomizer 2010 graphic interface:



(Click on graphic to enlarge)

Directories created:
   
c:\Program Files\PC\PCoptimizer 2010
c:\Documents and Settings\All Users\Start Menu\Programs\PCoptimizer 2010

How to remove PCoptimizer 2010:

If  PCoptimizer 2010 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove PCoptimizer 2010 from your computer now.

How to remove PC Protection Center

 PC Protection Center is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It is a clone of Privacy Guard 2010

 PC Protection Center graphic interface:

 
(Click on graphic to enlarge)

Directories created:

c:\Program Files\PC\PC Protection Center
c:\Documents and Settings\All Users\Start Menu\Programs\PC Protection Center

How to remove  PC Protection Center:

If   PC Protection Center has infected your pc, you should remove it immediately. Click here to use VIPRE to remove  PC Protection Center from your computer now.

How to remove Internet Antivirus 2011

Internet Antivirus 2011 is a rogue security product in the FakeVimes family that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It’s replaced InternetSecuritySuite.FakeVimes.

VIPRE detects it as InternetAntivirus2011.FakeVimes

Internet Antivirus 2011 graphic interface:

 (Click on graphic to enlarge)

Internet Antivirus 2011 installation screen:


(Click on graphic to enlarge)

Internet Antivirus 2011 payment screen:


(Click on graphic to enlarge)

How to remove Internet Antivirus 2011:

If Internet Antivirus 2011 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Internet Antivirus 2011 from your computer now.

How to remove PrivacyGuard 2010

PrivacyGuard 2010 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing a useless application.

PrivacyGuard 2010 will run a fake scan on a victim's machine claiming to be looking for viruses and other system errors, indicate that it has fixed the malcode and “errors”, but then claim it has found problems it is unable to fix until the victim purchases the application.

PrivacyGuard 2010 graphic interface:


(Click on graphic to enlarge)

PrivacyGuard 2010 “Protected Mode” alert:


(Click on graphic to enlarge)

PrivacyGuard 2010 files installed:

    c:\Documents and Settings\All Users\Desktop\PrivacyGuard 2010.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyGuard 2010\
    c:\Documents and Settings\All Users\Start Menu\Programs\PrivacyGuard 2010\PrivacyGuard 2010.lnk
    c:\Program Files\PC\
    c:\Program Files\PC\PrivacyGuard 2010\
    c:\Program Files\PC\PrivacyGuard 2010\1.ico
    c:\Program Files\PC\PrivacyGuard 2010\PrivacyGuard2010.exe
    c:\WINDOWS\Tasks\At1.job

 PrivacyGuard 2010 Windows Registry changes:

    HKEY_CURRENT_USER\Software\PC
    HKEY_CURRENT_USER\Software\PC\PrivacyGuard 2010
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Protect"

How to remove PrivacyGuard 2010:

If  PrivacyGuard 2010 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove PrivacyGuard 2010 from your computer now.

How to remove Antivirus 2010

Antivirus 2010 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.


(Click on graphic to enlarge)

How to remove Antivirus 2010:

If Antivirus 2010 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Antivirus 2010 from your computer now.

A very detailed description of how to remove Antivirus 2010 can be found on the GFI-Sunbelt support forum: “Antivirus 2010 manual removal instructions”