Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 1 July 2011

Remove Windows Supervision Center (Uninstall Guide)

Posted on 11:36 by Unknown
Windows Supervision Center is a fake program that reports false system security threats and displays falsified security alerts on your computer. It claims that you need to buy a full version of the program in order to remove viruses and malicious software from your computer. It's distributed through the use of Trojans, fake virus scanners and other malware. Needless to say, reputable software is not distributed this way. If you think that your computer is infected with Windows Supervision Center, please follow the steps in the removal guide below.



When the rogue program is executed, it blocks other applications on your computer and displays falsified error message saying that your web browser, or any other application, is infected, e.g., Trojan.Win32.Qhost.



Windows Supervision Center pretends to scan your computer for viruses. After the fake scan, it states that some of the viruses have been removed, but if you want to cleanup your computer completely, you have to purchase the full version of the program. If you choose to purchase, the rogue program will open fraudulent payment page.



The good news is that you can remove Windows Supervision Center rather easily. You can delete it manually or download anti-malware software and run a full system scan. For more information, please follow the removal instructions below. Last, but not least, if you have purchased this rogue AV, please contact your credit card company and dispute the charges. If you need help removing Windows Supervision Center, please leave a comment below. Good luck and be safe online!

Related malware: Windows Oversight Center.


Windows Supervision Center removal instructions:

1. Rename the main executable of the rogue program:

In Windows XP:
C:\Documents and Settings\[UserName]\Application Data\Microsoft\[SET OF RANDOM CHARACTERS].exe

In Windows Vista/7:
C:\Users\[UserName]\AppData\Roaming\Microsoft\[SET OF RANDOM CHARACTERS].exe



Look for cccayn.exe or similar file and rename it to cccayn.vir.



Then restart your computer. This should disable the rogue program. After reboot, please continue with the rest of the removal process. NOTE: By default, Application Data folder is hidden. If you can find it, please read Show Hidden Files and Folders in Windows.

2. Download shell-fix.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry.
3. Download free anti-malware software from the list below and run a full system scan.
  • MalwareBytes Anti-malware
  • SUPERAntispyware
  • Spybot S&D
  • Hitman Pro 3.5
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Alternate Windows Supervision Center removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
  • MalwareBytes Anti-malware
  • SUPERAntispyware
  • Spybot S&D
  • Hitman Pro 3.5
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Associated Windows Supervision Center files and registry values:

Files:

In Windows XP:
  • C:\Documents and Settings\[UserName]\Application Data\Microsoft\[SET OF RANDOM CHARACTERS].exe
In Windows Vista/7:
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\Microsoft\[SET OF RANDOM CHARACTERS].exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ▼  July (32)
      • How can I tell if my computer is infected?
      • How do I know if I have spyware on my computer?
      • Remove "Your computer is infected with Spyware!" A...
      • Norton AntiVirus ENHANCED PROTECTION MODE
      • Microsoft Defender ENHANCED PROTECTION MODE
      • Microsoft Security Essentials ENHANCED PROTECTION ...
      • McAfee ENHANCED PROTECTION MODE
      • Dr.Web ENHANCED PROTECTION MODE
      • Comodo ENHANCED PROTECTION MODE
      • Avira AntiVir ENHANCED PROTECTION MODE
      • Remove "Avast ENHANCED PROTECTION MODE" Trojan (Un...
      • Remove "Your codec version is too old" (Uninstall ...
      • How to Remove Total Protect (Uninstall Guide)
      • How to Remove Zentom System Guard (Uninstall Guide)
      • Remove www5.antimalware-lab.com (Uninstall Guide)
      • Remove Jucheck.exe Trojan (Uninstall Guide)
      • How to Remove BlueFlare Antivirus (Uninstall Guide)
      • What Is Cloud Computing? Defining the Cloud
      • IaaS - Cloud Computing
      • PaaS - Cloud Computing
      • SaaS - Cloud Computing
      • How to Remove Scour (Uninstall Guide)
      • How to Remove System Repair (Uninstall Guide)
      • Are there any safe adult websites that won't give ...
      • Remove Windows XP Fix, Windows Vista Fix or Window...
      • "System process at address 0x3BC3 have just crashe...
      • How to Remove Anti-Malware Lab (Uninstall Guide)
      • How do I block a website on Google Chrome?
      • How to Remove Personal Shield Pro (Uninstall Guide)
      • How to Create a Strong Password
      • Remove Windows Supervision Center (Uninstall Guide)
      • Remove TR/VB.Agent.20480.A (Uninstall Guide)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile