Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 28 August 2011

How to Remove PC Repair (Uninstall Guide)

Posted on 11:05 by Unknown
PC Repair is a rogue computer optimization program that offers fake system scans and states that a large number of problems — hard drive failures, registry errors — have been found on your computer. In reality, no problems were detected. PC Repair entices you to provide your credit card information and purchase software that you don't actually need. This type of malware is a straight gateway to identity theft, that's why you should never purchase software that looks odd or you don't know where it came from no matter how generic it may look. Only download, purchase, and use software provided by established and well-known vendors. And what do you know about PC Repair? Probably nothing, except this article. Cyber crooks usually use a few common scareware scams: fake online virus scanners, free downloads/warez that actually laden with malicious software, misleading pop-ups and backdoor Trojans that give malware authors "back door" access to your computer. PC Repair is not an exception — it's being distributed using exactly the same methods. It's not a virus, but more like intrusive and annoying software. However, it's still a threat and has to be removed from your computer. If your computer is infected, please follow the steps in the removal guide below to remove PC Repair and associated malware.



PC Repair is not a typical hijack the Desktop/block task manager type of infection. It really messes up the infected computer. First of all, it hides your files and moves to %Temp%\smtmp folder. DO NOT delete files from your Temp folder. Once you delete those files, you won't be able to recover then unless you have a recovery CD or a back-up image of your entire hard drive. Secondly, this rogue program usually comes bundled or drops a rootkit on the infected computer. It is very important to scan your computer for rootkits before removing the rogue program; otherwise will pop-up again. Most of the time, PC Repair drops a rootkit from the TDSS/Alureon family. That's why we recommend scanning your computer with TDSSKiller. For more, information, please follow the removal instructions below.

Additionally, you can activate the rogue program by entering this registration code 8475082234984902023718742058948 and any email as shown in the image below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. And remember, do not purchase PC Repair. If you have already bought it, please contact your credit card company and dispute the charges. If you have any questions or need additional help removing PC Repair, please leave a comment below or email us. Good luck and be safe online!

Fake PC Repair warnings:





Related malware:
  • HDD Repair
  • System Repair
  • Windows Recovery/Restore
PC Repair removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.



At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.



If you still can't see any of your files, Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter explorer and hit Enter or click OK.



2. Open Internet Explorer. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK. Download free anti-malware software from the list below and run a full system scan.
  • MalwareBytes Anti-malware
  • SUPERAntispyware
  • Spybot S&D
  • Hitman Pro 3.5
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller or Backdoor.Tidserv Removal Tool to remove the rootkit.



Associated PC Repair files and registry values:

Files:

Windows XP:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\PC Repair.lnk
  • %UsersProfile%\Start Menu\ProgramsPC Repair
  • %UsersProfile%\Start Menu\Programs\PC Repair\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\UninstallPC Repair.lnk
%AllUsersProfile% refers to: C:\Documents and Settings\All Users
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\
  • %UsersProfile%\Start Menu\Programs\PC Repair\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\Uninstall PC Repair.lnk
%AllUsersProfile% refers to: C:\ProgramData
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Facebook Security and Privacy Best Practices
    Facebook is the most popular social networking site. Nearly all of my friends have Facebook accounts. They log on to Facebook at least a cou...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Smartphone Security: Using Your Mobile Phone Safely
    Smartphone is like a little copy of your computer with lots of personal information: photos, text messages, access to e-mail account and oth...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Antispyis.com and other Antivirus Scan related domains
    New additions of misleading websites which promote a rogue security application called Antivirus Scan. antispyis.com afantispy.net softwaree...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Antivired.com and other Antivirus Monitor Related Domains
    Just a short note about several malicious domains related to the Antivirus Monitor fraud. This rogue anti-virus program reports non-existent...
  • WebCake Adware Removal Guide
    If you’re reading this it is very likely that your computer is infected with WebCake adware which displays extremely obnoxious and intrusiv...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ▼  August (28)
      • Remove iMesh Toolbar and iMesh search bar (Uninsta...
      • Is dinodirect.com a safe and reliable website?
      • Will Cloud Computing Prompt My Business Free-Fall?...
      • СИСТЕМНЫЙ АНТИВИРУС MICROSOFT 2011 / System Antivi...
      • Remove us-srch-system.com (Uninstall Guide)
      • How to Remove PC Repair (Uninstall Guide)
      • How to Remove OpenCloud Antivirus (Uninstall Guide)
      • How to Remove HDD Repair (Uninstall Guide)
      • Remove "Update your browser" Fake Warning (Uninsta...
      • Windows Live Re-activate your account Phishing
      • Receipt for your payment to Skype Phishing
      • Remove 404 Not Found nginx (Uninstall Guide)
      • Remove Hello4 and Blank Window2 (Uninstall Guide)
      • Remove Find-fast-answers.com (Uninstall Guide)
      • How to Remove Home Safety Essentials (Uninstall Gu...
      • Remove Goingonearth.com (Uninstall Guide)
      • Remove surveyprizecenter.com Surveys (Uninstall Gu...
      • Remove FREEzeFrog (Uninstall Guide)
      • How to Remove Wolfram Antivirus (Uninstall Guide)
      • Remove SocialSkinz (Uninstall Guide)
      • Remove 100ksearches.com (Uninstall Guide)
      • How to Remove Findxplorer (Uninstall Guide)
      • How to Remove Resulturl (Uninstall Guide)
      • Remove Android.Hippo (Uninstall Guide)
      • Remove Android.Smssniffer (Uninstall Guide)
      • Remove Coupon Alert Toolbar (Uninstall Guide)
      • Remove Android.Golddream (Uninstall Guide)
      • Free Antivirus Software
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile