|
Feb
26
|
Threat Description:
Www1.pcsecureshield.in is a new support site for Security Antivirus crimeware. Just a quick note: Security Antivirus is a malicious solution which tells you it can help your computer get cleaned up from any malware, spyware, trojans etc. In order to persuade people into believing this, the rogueware has plenty of resources at its disposal. It displays deceitful popup ads, runs deliberately fabricated virus scanners and hijacks a victim’s browser. Www1.pcsecureshield.in is an exemplification of the last point above. It’s a site you get forcedly directed to if Security Antivirus trojans get into your system. Along with being a fabricated scan page, Www1.pcsecureshield.in is also linked to a fraudulent download service that enables people to install Security Antivirus and purchase its commercial version. Do not hesitate to close the browser windows if Www1.pcsecureshield.in is being visited – that’s the only judicious decision to make. One must admit Www1.pcsecureshield.in looks like a real online scan and the right website to trust. This is a wrong impression though. You should keep clear of Www1.pcsecureshield.in as it helps malicious software propagate. Security Antivirus elimination tips can be found below.
Determine if your system is infected with Www1.pcsecureshield.in hijacker and related threats:
Download Www1.pcsecureshield.in Hijacker and Security Antivirus Free Scanner with Remover
Www1.pcsecureshield.in Screenshot:
How to remove this threat manually:
Www1.pcsecureshield.in manual uninstall procedure:
Get rid of the related corrupt files:
- %Documents and Settings%\All Users\Application Data\345d567\
- %Documents and Settings%\All Users\Application Data\345d567\72.mof
- %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
- %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
- %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
- %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
- %Documents and Settings%\All Users\Application Data\345d567\BackUp
- %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
- %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
- %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items\
- %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
- %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
- %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
- %Documents and Settings%\[UserName]\Application Data\Security Antivirus
- %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
- %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
- %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
- %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
- %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
- %Documents and Settings%\[UserName]\Recent\cid.dll
- %Documents and Settings%\[UserName]\Recent\CLSV.drv
- %Documents and Settings%\[UserName]\Recent\DBOLE.sys
- %Documents and Settings%\[UserName]\Recent\ddv.dll
- %Documents and Settings%\[UserName]\Recent\ddv.sys
- %Documents and Settings%\[UserName]\Recent\energy.tmp
- %Documents and Settings%\[UserName]\Recent\FS.drv
- %Documents and Settings%\[UserName]\Recent\gid.drv
- %Documents and Settings%\[UserName]\Recent\PE.drv
- %Documents and Settings%\[UserName]\Recent\PE.exe
- %Documents and Settings%\[UserName]\Recent\PE.sys
- %Documents and Settings%\[UserName]\Recent\PE.tmp
- %Documents and Settings%\[UserName]\Recent\runddlkey.dll
- %Documents and Settings%\[UserName]\Recent\std.exe
- %Documents and Settings%\[UserName]\Recent\tjd.drv
- %Documents and Settings%\[UserName]\Recent\tjd.sys
- %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
- %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
- %Program Files%\Mozilla Firefox\searchplugins\search.xml
Delete the associated registry entries:
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”
Please note that Www1.pcsecureshield.in manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:
 |
Download Www1.pcsecureshield.in Hijacker Removal Tool |  |