Mar 05

Remove Www1.hugepowerofscan.in hijacker (Removal Instructions)

Hijackers Add comments

Threat Description:

Www1.hugepowerofscan.in is a new insecure domain helping Security Antivirus rogueware enter computers and networks. You might get a bit surprised to learn that Www1.hugepowerofscan.in is entitled “My computer” and looks really similar to the corresponding Windows user interface. It’s peculiar of Www1.hugepowerofscan.in that it gets visited through browser rerouting resulting from the activity of trojan horses inside one’s Operating System. You may also hit Www1.hugepowerofscan.in if you click on some ad when surfing the Internet thinking it’s something interesting or helpful; so much for traffic driving methods. When you visit Www1.hugepowerofscan.in it issues a couple of pop-ups to stat its filthy brainwashing job. These alerts will tell you that some serious computer risks have been found on your computer. The complementing element of Www1.hugepowerofscan.in is the scan proper which runs after the initial ads are either approved or canceled by the user (it starts running either way). The scanner’s job is just to confirm that your machine is in danger. Next, there will be a downloader ad you will be prompted to click. If you do though, you will unfortunately end up letting Security Antivirus scareware inside unknowingly. It’s after this that you will start facing the real nightmare Security Antivirus is. So do not go that far; remove Www1.hugepowerofscan.in hijacker and related trojans immediately.

Determine if your system is infected with Www1.hugepowerofscan.in hijacker and related threats:

Download Www1.hugepowerofscan.in Hijacker and Security Antivirus Free Scanner with Remover

Www1.hugepowerofscan.in Screenshot:

Www1.hugepowerofscan.in

How to remove this threat manually:

Www1.hugepowerofscan.in manual uninstall procedure:

Get rid of the related corrupt files:

  • %Documents and Settings%\All Users\Application Data\345d567\
  • %Documents and Settings%\All Users\Application Data\345d567\72.mof
  • %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
  • %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
  • %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
  • %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
  • %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
  • %Documents and Settings%\[UserName]\Recent\cid.dll
  • %Documents and Settings%\[UserName]\Recent\CLSV.drv
  • %Documents and Settings%\[UserName]\Recent\DBOLE.sys
  • %Documents and Settings%\[UserName]\Recent\ddv.dll
  • %Documents and Settings%\[UserName]\Recent\ddv.sys
  • %Documents and Settings%\[UserName]\Recent\energy.tmp
  • %Documents and Settings%\[UserName]\Recent\FS.drv
  • %Documents and Settings%\[UserName]\Recent\gid.drv
  • %Documents and Settings%\[UserName]\Recent\PE.drv
  • %Documents and Settings%\[UserName]\Recent\PE.exe
  • %Documents and Settings%\[UserName]\Recent\PE.sys
  • %Documents and Settings%\[UserName]\Recent\PE.tmp
  • %Documents and Settings%\[UserName]\Recent\runddlkey.dll
  • %Documents and Settings%\[UserName]\Recent\std.exe
  • %Documents and Settings%\[UserName]\Recent\tjd.drv
  • %Documents and Settings%\[UserName]\Recent\tjd.sys
  • %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml

Delete the associated registry entries:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”

Please note that Www1.hugepowerofscan.in manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Www1.hugepowerofscan.in Hijacker Removal Tool

Leave a Reply