Spyware descriptions, detection and removal

Antivirus Smart Protection

January 25th, 2012
Home » Rogue Antispyware » Antivirus Smart Protection

Repair and protect your computer easily. Download Antivirus Smart Protection removal tool

Antivirus Smart Protection description

Antivirus Smart Protection is a fake security program. It may look like a real tool at the first glance; however the program is actually useless and fraudulent.

Antivirus SmartProtection spreads with help of deceptive websites and trojans. It is able to mimics system scan and infection alerts. Do not trust reports loaded by Antivirus Smart Protection! The threats “detected” by this program are harmless files installed by Antivirus Smart Protection itself. Do not pay creators of Antivirus Smart Protection for deleting imaginary infections.

Use U2FD-S2LA-H4KA-UEPB registration code to stop Antivirus Smart Protection pop-ups and then hurry to remove this pesky fraud.

Manual Antivirus Smart Protection Removal

Antivirus Smart Protection processes:

runddlkey.exe
eb.exe
ASa76.exe
ScanDisk_.exe
Help: A Guideline of Killing Malicious Processes

Antivirus Smart Protection registry values:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\AS3f2_8046.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8046&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8046&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "78990148703"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "ver:2.08046"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus Smart Protection"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe = "svchost.exe"
Help: How to edit windows registry entries

Antivirus Smart Protection DLLs:

cb.dll
mozcrt19.dll
sqlite3.dll

Other malicious Antivirus Smart Protection files:

%AppData%\Antivirus Smart Protection\
%AppData%\Antivirus Smart Protection\cookies.sqlite
%AppData%\Antivirus Smart Protection\Instructions.ini
%AppData%\Antivirus Smart Protection\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Smart Protection.lnk
%CommonAppData%\79b35\
%CommonAppData%\79b35\ASa76.exe
%CommonAppData%\79b35\ASP.ico
%CommonAppData%\79b35\5162.mof
%CommonAppData%\79b35\mozcrt19.dll
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\BackUp\
%CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk
%CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk
%CommonAppData%\79b35\ASPSys\
%CommonAppData%\79b35\Quarantine Items\
%CommonAppData%\ASPHEP\
%CommonAppData%\ASPHEP\ASZNFSJTNP.cfg
%Desktop%\Antivirus Smart Protection.lnk
%UserProfile%\Recent\cb.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\FS.tmp
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.tmp
%UserProfile%\Recent\runddlkey.exe
%UserProfile%\Recent\runddlkey.sys
%UserProfile%\Recent\snl2w.sys
%StartMenu%\Antivirus Smart Protection.lnk
%StartMenu%\Programs\Antivirus Smart Protection.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Antivirus Smart Protection, if you are not familiar with deleting malware manually.

Spyware Doctor for Antivirus Smart Protection removal

Tags: Antivirus Smart Protection Antivirus SmartProtection AntivirusSmart Protection AntivirusSmartProtection

Trackbacks /
Pingbacks

AV Security Essentials removal guide

Spyware descriptions, detection and removal

Antivirus Smart Protection

Antivirus Smart Protection description

Manual Antivirus Smart Protection Removal

Trackbacks / Pingbacks

Leave a Reply

Trackbacks /
Pingbacks