How to remove Antivirus System Pro


This is a rogue anti-spyware in its 3rd or 4th generation. It looks like there are several variations of this program. The one I encountered recently had the following characteristcs:
Created a folder inside of c:\program files called USCKCT
Installed a file called: meeqsysguard.exe with 252kb
Disabled three registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirus DisableNotify (changed from 0 to 1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (changed from 0 to 1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (changed from 0 to 1)

Manual removal of this flavor of Antivirus System PRO can be accomplished as follows:

Disable System restore (Right click on My computer/Properties/System Restore tab
and check the box: Turn off system restoree on all drives
Change back the three registry entries from 1 to 0
by running regedit and following the three structure on the refgistruy to get there and modify the entry
Delete the file meeqsysguard.exe located in the folder: c:\program files\ucskcf
Delete the folder: c:\program files\ucskcf
Reboot the machine
Run a full scan using your antivirus program and make sure there is no more infection.
You are done!

NOTE: If you get infected with this rogue Antispyware, a good place to start looking for the executable file is inside of Program files. Open your program files folder and sort by date; Check the most recent date on the list and see if there is a new folder with a non meaningful name such as several consonants put together; The date is the key information; If such folder exists open the folder and delete the file (or files inside) and remove the folder
Good luck!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: