Here is another way to disable and remove this fake antivirus
Copy Task Manager to Windows folder and rename it as CMD.exe
Launch the renamed file and terminate the fake AV process. Smart Guard Protection will not block CMD.exe. You can also copy File Assassin or any program to the Windows folder and rename it to trick Smart Guard Protection.
Now that the fake AV is no longer running in the background, we can start deleting the files and registry entry to prevent it from starting with Windows again
On your Desktop right click on Smart Guard Protection icon and click Properties. Click the Find Target... button. This will launch explorer to the location of the fake AV file. Delete the entire folder.
Launch regedit and navigate to
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Delete the value AS2014
Alternative: If you have CCleaner, launch it and go to Tools | Startup and delete AS2014
Scan your computer with MBAM to reverse the changes made by Smart Guard Protection. Here is the result of the scan.
Registry Values: 1
Hijack.SecurityCenter, HKU\S-1-5-21-746137067-1078145449-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DON'T LOAD|wscui.cpl, No, Quarantined, [e5be7d215d1e4ee8d3e93b1110f303fd]
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[5350ccd2b1ca8fa79b556c2b8d7713ed]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[6c375648b5c6d462f1003661e71d04fc]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[a8fb1886037811256f836433aa5ac63a]
No comments:
Post a Comment