Mar 05

Remove Www1.dak-of-cure-formypc.in hijacker (Removal Instructions)

Hijackers Add comments

Threat Description:

One of the IT security news of the day is Security Antivirus rogue software got itself a new hijacker which is meant to promote it. Www1.dak-of-cure-formypc.in is the subject of this post being an intricate website that resembles an online scan window (please take a look at the screenshot within this article). The trojans associated with Security Antivirus scareware application tend to jack up your browser and reroute it to Www1.dak-of-cure-formypc.in which is today’s hijacker domain and will be swapped by a different one probably yesterday as these replacements happen with notable frequency. Www1.dak-of-cure-formypc.in will display some close resemblance of My Computer UI that has a scan progress string in the middle to allegedly indicate the status of the purported scanner that runs. Of course there is no scan really going through your hard drives and system directories. This whole thing is a mere trick to convince you that Www1.dak-of-cure-formypc.in is really doing something to ensure your computer is safe. The ultimate goal of the scam site in question becomes exhibited by its prompting you to buy Security Antivirus software which, we should not forget, is rogue.

Determine if your system is infected with Www1.dak-of-cure-formypc.in hijacker and related threats:

Download Www1.dak-of-cure-formypc.in Hijacker and Security Antivirus Free Scanner with Remover

Www1.dak-of-cure-formypc.in Screenshot:

Www1.dak-of-cure-formypc.in

How to remove this threat manually:

Www1.dak-of-cure-formypc.in manual uninstall procedure:

Get rid of the related corrupt files:

  • %Documents and Settings%\All Users\Application Data\345d567\
  • %Documents and Settings%\All Users\Application Data\345d567\72.mof
  • %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
  • %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
  • %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
  • %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
  • %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
  • %Documents and Settings%\[UserName]\Recent\cid.dll
  • %Documents and Settings%\[UserName]\Recent\CLSV.drv
  • %Documents and Settings%\[UserName]\Recent\DBOLE.sys
  • %Documents and Settings%\[UserName]\Recent\ddv.dll
  • %Documents and Settings%\[UserName]\Recent\ddv.sys
  • %Documents and Settings%\[UserName]\Recent\energy.tmp
  • %Documents and Settings%\[UserName]\Recent\FS.drv
  • %Documents and Settings%\[UserName]\Recent\gid.drv
  • %Documents and Settings%\[UserName]\Recent\PE.drv
  • %Documents and Settings%\[UserName]\Recent\PE.exe
  • %Documents and Settings%\[UserName]\Recent\PE.sys
  • %Documents and Settings%\[UserName]\Recent\PE.tmp
  • %Documents and Settings%\[UserName]\Recent\runddlkey.dll
  • %Documents and Settings%\[UserName]\Recent\std.exe
  • %Documents and Settings%\[UserName]\Recent\tjd.drv
  • %Documents and Settings%\[UserName]\Recent\tjd.sys
  • %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml

Delete the associated registry entries:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”

Please note that Www1.dak-of-cure-formypc.in manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Www1.dak-of-cure-formypc.in Hijacker Removal Tool

Leave a Reply