Posts Comments

Remove VirusBye | Virus Bye Removal Guide

By admin on July 24, 2009 Leave a Comment

Virusbye is the latest fake security client that is sweeping the web. This is a fake security client and should be removed ASAP. Like most other fake clients this one will show bogus scan results and tries to trick the user into purchasing the program. Once again DO NOT BUY THIS PROGRAM. It is fake and this is how people who make viruses make money. Those who are infected with this virus will also find that they have several other trojans installed as well. You should run a full scan using your favorite security product. If you do not have one then download a free trial of SpyHunter. Most users who get infected with this got it from a fake video client or a fake torrent download. VirusBye is promoted through the use of Trojan viruses or it can be downloaded from virusbye.net.

Some symptoms of VirusBye:

* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans

Here is what VirusBye may look like

Virus Bye Removal

Manual removal instructions for VirusBye ( Please read our disclaimer bellow )

Kill processes:

  • uninstall.exe
  • virusbye.exe
  • virusbyeUpdater.exe

Delete registry values:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”virusbye” = “C:\Program Files\virusbye\virusbyeUpdater.exe”
  • HKEY_CLASSES_ROOT\CLSID\{D71289D6-241E-4744-89A0-BBDC76889907}
  • HKEY_CLASSES_ROOT\Interface\{44A639D7-CE76-4789-88B7-3439DD59F265}
  • HKEY_CLASSES_ROOT\SSBHO.VBBHO
  • HKEY_CLASSES_ROOT\SSBHO.VBBHO.1
  • HKEY_CLASSES_ROOT\TypeLib\{E45BF091-F837-4F0F-96BA-4A243D22E5CB}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D71289D6-241E-4744-89A0-BBDC76889907}
  • HKEY_CURRENT_USER\Software\virusbye
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D71289D6-241E-4744-89A0-BBDC76889907}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusbye

Unregister DLLs:

  • MCBlock.dll
  • MCClean.dll
  • virusbyeRes.dll

Delete files: ( Most of the below files will be in the directory shown below)

  • Enc_Code.ss
  • MCBlock.dll
  • MCClean.dll
  • uninstall.exe
  • virusbye.exe
  • virusbye.url
  • virusbyeRes.dll
  • virusbyeUpdater.exe

Delete directories:

  • %ProgramFiles%\virusbye
  • %ProgramFiles%\virusbye\data
  • %UserProfile%\Start Menu\Programs\virusbye

Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate.

Outside Resources:

The below are intended for refference only. We do not control the content on these sites so use at your own risk.

http://windows.microsoft.com/en-us/windows7/how-do-i-remove-a-computer-virus

http://www.symantec.com/security_response/writeup.jsp?docid=2009-071721-2454-99

Filed Under: Virus Removal Tagged With: , , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.