Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 28 August 2011

How to Remove PC Repair (Uninstall Guide)

Posted on 11:05 by Unknown
PC Repair is a rogue computer optimization program that offers fake system scans and states that a large number of problems — hard drive failures, registry errors — have been found on your computer. In reality, no problems were detected. PC Repair entices you to provide your credit card information and purchase software that you don't actually need. This type of malware is a straight gateway to identity theft, that's why you should never purchase software that looks odd or you don't know where it came from no matter how generic it may look. Only download, purchase, and use software provided by established and well-known vendors. And what do you know about PC Repair? Probably nothing, except this article. Cyber crooks usually use a few common scareware scams: fake online virus scanners, free downloads/warez that actually laden with malicious software, misleading pop-ups and backdoor Trojans that give malware authors "back door" access to your computer. PC Repair is not an exception — it's being distributed using exactly the same methods. It's not a virus, but more like intrusive and annoying software. However, it's still a threat and has to be removed from your computer. If your computer is infected, please follow the steps in the removal guide below to remove PC Repair and associated malware.



PC Repair is not a typical hijack the Desktop/block task manager type of infection. It really messes up the infected computer. First of all, it hides your files and moves to %Temp%\smtmp folder. DO NOT delete files from your Temp folder. Once you delete those files, you won't be able to recover then unless you have a recovery CD or a back-up image of your entire hard drive. Secondly, this rogue program usually comes bundled or drops a rootkit on the infected computer. It is very important to scan your computer for rootkits before removing the rogue program; otherwise will pop-up again. Most of the time, PC Repair drops a rootkit from the TDSS/Alureon family. That's why we recommend scanning your computer with TDSSKiller. For more, information, please follow the removal instructions below.

Additionally, you can activate the rogue program by entering this registration code 8475082234984902023718742058948 and any email as shown in the image below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. And remember, do not purchase PC Repair. If you have already bought it, please contact your credit card company and dispute the charges. If you have any questions or need additional help removing PC Repair, please leave a comment below or email us. Good luck and be safe online!

Fake PC Repair warnings:





Related malware:
  • HDD Repair
  • System Repair
  • Windows Recovery/Restore
PC Repair removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.



At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.



If you still can't see any of your files, Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter explorer and hit Enter or click OK.



2. Open Internet Explorer. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK. Download free anti-malware software from the list below and run a full system scan.
  • MalwareBytes Anti-malware
  • SUPERAntispyware
  • Spybot S&D
  • Hitman Pro 3.5
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller or Backdoor.Tidserv Removal Tool to remove the rootkit.



Associated PC Repair files and registry values:

Files:

Windows XP:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\PC Repair.lnk
  • %UsersProfile%\Start Menu\ProgramsPC Repair
  • %UsersProfile%\Start Menu\Programs\PC Repair\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\UninstallPC Repair.lnk
%AllUsersProfile% refers to: C:\Documents and Settings\All Users
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\
  • %UsersProfile%\Start Menu\Programs\PC Repair\PC Repair.lnk
  • %UsersProfile%\Start Menu\Programs\PC Repair\Uninstall PC Repair.lnk
%AllUsersProfile% refers to: C:\ProgramData
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ▼  August (28)
      • Remove iMesh Toolbar and iMesh search bar (Uninsta...
      • Is dinodirect.com a safe and reliable website?
      • Will Cloud Computing Prompt My Business Free-Fall?...
      • СИСТЕМНЫЙ АНТИВИРУС MICROSOFT 2011 / System Antivi...
      • Remove us-srch-system.com (Uninstall Guide)
      • How to Remove PC Repair (Uninstall Guide)
      • How to Remove OpenCloud Antivirus (Uninstall Guide)
      • How to Remove HDD Repair (Uninstall Guide)
      • Remove "Update your browser" Fake Warning (Uninsta...
      • Windows Live Re-activate your account Phishing
      • Receipt for your payment to Skype Phishing
      • Remove 404 Not Found nginx (Uninstall Guide)
      • Remove Hello4 and Blank Window2 (Uninstall Guide)
      • Remove Find-fast-answers.com (Uninstall Guide)
      • How to Remove Home Safety Essentials (Uninstall Gu...
      • Remove Goingonearth.com (Uninstall Guide)
      • Remove surveyprizecenter.com Surveys (Uninstall Gu...
      • Remove FREEzeFrog (Uninstall Guide)
      • How to Remove Wolfram Antivirus (Uninstall Guide)
      • Remove SocialSkinz (Uninstall Guide)
      • Remove 100ksearches.com (Uninstall Guide)
      • How to Remove Findxplorer (Uninstall Guide)
      • How to Remove Resulturl (Uninstall Guide)
      • Remove Android.Hippo (Uninstall Guide)
      • Remove Android.Smssniffer (Uninstall Guide)
      • Remove Coupon Alert Toolbar (Uninstall Guide)
      • Remove Android.Golddream (Uninstall Guide)
      • Free Antivirus Software
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile