Sysinternals Antivirus is a rogue anti-spyware application that has been directly related to Your PC Protector. Just like the program it is related to, it tries to trick users into paying for a software license. This rogue application gets installed via Trojans that force their way on to the user system through malicious websites. Once installed, Sysinternals Antivirus loads itself as a startup service and proceeds to perform endless scans of the user’s system, handing out fake reports which try to convince the user that the computer is dangerously infected with a number of malware applications. Sysinternals Antivirus also displays a large number of fake warning pop-ups from the Windows taskbar in an attempt to scare users. The aim of all this activity is to push the user into purchasing a license for the so-called ‘full’ version of Sysinternals Antivirus by claiming that the currently installed ‘trial’ version is incapable of cleaning out all the detected ‘threats’. However, it should be kept in mind at all times that Sysinternals Antivirus is simply a fake application that cannot scan or clean your computer under any circumstances.
Sysinternals Antivirus
» Download Sysinternals Antivirus Removal Software
As soon as you detect a copy of this rogue software on your computer, you should initiate the process of Sysinternals Antivirus removal. In order to delete Sysinternals Antivirus, you need to stop its processes, unregister its DLLS, delete its files and folders and remove its registry entries.
Sysinternals Antivirus Removal ( Manual Removal Procedures )
The first step you need to take in order to remove Sysinternals Antivirus is to stop the following processes: Not all the process may be running.
- alggui.exe
- svchost.exe
- Sysinternals Antivirus.exe
- dbsinit.exe
- ccsmn.exe
- ccsrr.exe
The 2nd step in Sysinternals Antivirus removal is the unregistration of the following DLL files:
- adc32.dll
- adc_w32.dll
Next, it is necessary to delete the following files and folders:
Windows XP:
- c:\Program Files\adc_w32.dll
- c:\Program Files\alggui.exe
- c:\Program Files\extra1.dat
- c:\Program Files\extra2.dat
- c:\Program Files\nuar.old
- c:\Program Files\skynet.dat
- c:\Program Files\svchost.exe
- c:\Program Files\wp3.dat
- c:\Program Files\wp4.dat
- c:\Program Files\scdata
- c:\Program Files\scdata\dbsinit.exe
- c:\Program Files\scdata\wispex.html
- c:\Program Files\scdata\images
- c:\Program Files\scdata\images\i1.gif
- c:\Program Files\scdata\images\i2.gif
- c:\Program Files\scdata\images\i3.gif
- c:\Program Files\scdata\images\j1.gif
- c:\Program Files\scdata\images\j2.gif
- c:\Program Files\scdata\images\j3.gif
- c:\Program Files\scdata\images\jj1.gif
- c:\Program Files\scdata\images\jj2.gif
- c:\Program Files\scdata\images\jj3.gif
- c:\Program Files\scdata\images\l1.gif
- c:\Program Files\scdata\images\l2.gif
- c:\Program Files\scdata\images\l3.gif
- c:\Program Files\scdata\images\pix.gif
- c:\Program Files\scdata\images\t1.gif
- c:\Program Files\scdata\images\t2.gif
- c:\Program Files\scdata\images\Thumbs.db
- c:\Program Files\scdata\images\up1.gif
- c:\Program Files\scdata\images\up2.gif
- c:\Program Files\scdata\images\w1.gif
- c:\Program Files\scdata\images\w11.gif
- c:\Program Files\scdata\images\w2.gif
- c:\Program Files\scdata\images\w3.jpg
- c:\Program Files\scdata\images\word.doc
- c:\Program Files\scdata\images\wt1.gif
- c:\Program Files\scdata\images\wt2.gif
- c:\Program Files\scdata\images\wt3.gif
- c:\Program Files\Sysinternals Antivirus
- c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
- %UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
- %UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
- %UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
- %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
- %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
Windows Vista / 7:
- c:\Program Files\adc_w32.dll
- c:\Program Files\alggui.exe
- c:\Program Files\extra1.dat
- c:\Program Files\extra2.dat
- c:\Program Files\nuar.old
- c:\Program Files\skynet.dat
- c:\Program Files\svchost.exe
- c:\Program Files\wp3.dat
- c:\Program Files\wp4.dat
- c:\Program Files\scdata
- c:\Program Files\scdata\dbsinit.exe
- c:\Program Files\scdata\wispex.html
- c:\Program Files\scdata\images
- c:\Program Files\scdata\images\i1.gif
- c:\Program Files\scdata\images\i2.gif
- c:\Program Files\scdata\images\i3.gif
- c:\Program Files\scdata\images\j1.gif
- c:\Program Files\scdata\images\j2.gif
- c:\Program Files\scdata\images\j3.gif
- c:\Program Files\scdata\images\jj1.gif
- c:\Program Files\scdata\images\jj2.gif
- c:\Program Files\scdata\images\jj3.gif
- c:\Program Files\scdata\images\l1.gif
- c:\Program Files\scdata\images\l2.gif
- c:\Program Files\scdata\images\l3.gif
- c:\Program Files\scdata\images\pix.gif
- c:\Program Files\scdata\images\t1.gif
- c:\Program Files\scdata\images\t2.gif
- c:\Program Files\scdata\images\Thumbs.db
- c:\Program Files\scdata\images\up1.gif
- c:\Program Files\scdata\images\up2.gif
- c:\Program Files\scdata\images\w1.gif
- c:\Program Files\scdata\images\w11.gif
- c:\Program Files\scdata\images\w2.gif
- c:\Program Files\scdata\images\w3.jpg
- c:\Program Files\scdata\images\word.doc
- c:\Program Files\scdata\images\wt1.gif
- c:\Program Files\scdata\images\wt2.gif
- c:\Program Files\scdata\images\wt3.gif
- c:\Program Files\Sysinternals Antivirus
- c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
- %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn.exe
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.acf
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.ltd
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.lti
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.acb
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.aci
- %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.mt
- %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
- %UserProfile AppData \Microsoft\Internet Explorer\lleod150
- %UserProfile%\ AppData \Microsoft\Internet Explorer\wmharun.log
- %UserProfile%\ AppData \Microsoft\Internet Explorer\wmrun.log
- %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
- %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
Sysinternals Antivirus Removal of Registry Items
File deletion alone is not sufficient to completely remove Sysinternals Antivirus. The following keys and settings should be removed from the registry for complete Sysinternals Antivirus removal:
- HKCU\Software\Sysinternals Antivirus
- HKCR\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKLM\SYSTEM\CurrentControlSet\Services\AdbUpdHKEY_CURRENT_USER\Software\Sysinternals AntivirusHKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpdHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavapp"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "novavappr"
Remove Sysinternals Antivirus Directories:
- %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\ or %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
- c:\Program Files\scdata\
Outside Resources:
http://forums.malwarebytes.org/index.php?showtopic=52821
http://www.bleepingcomputer.com/virus-removal/remove-sysinternals-antivirus
Speak Your Mind