Spyware and Adware Threats

You are here: HOME > COMPUTER > ANTIVIRUS

ExpertAntiVirus

Reported: May 01, 2007

 

Description:
ExpertAntiVirus is a fake security application that may give exaggerated reports about potential risks on the computer.
 

Threat Level: Medium

 

Type: Adware

 

Systems Affected: Windows All

 

HOW TO REMOVE ExpertAntiVirus:

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]

4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry. [how to edit registry]

Navigate to and delete the following registry subkeys:
HKEY_ALL_USERS\Software\Microsoft\Office\Outlook\Addins\ExpertAntivirus.Addin.1
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\AdLoader
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Trace7
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\1das
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\1das\AdLoader
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7\tracer
HKEY_CLASSES_ROOT\Ad-Protect.Server
HKEY_CLASSES_ROOT\Ad-Protect.Server.1
HKEY_CLASSES_ROOT\Ad-Protect.Server.1\CLSID
HKEY_CLASSES_ROOT\Ad-Protect.Server\CLSID
HKEY_CLASSES_ROOT\Ad-Protect.Server\CurVer
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE
HKEY_CLASSES_ROOT\AppID\spamdet.DLL
HKEY_CLASSES_ROOT\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}
HKEY_CLASSES_ROOT\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\ProgID
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\Programmable
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\ProgID
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
HKEY_CLASSES_ROOT\CLSID\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\dnFbNoduRd
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\egfzaihulvy
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\ivlpksrbpHL
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\kdtpziAXhqfxR
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\lQjnfgzF
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\nxqqbovfiy
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\okDhFuoCc
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\tBdzrcaryk
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\LocalServer32
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\ProgID
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\Programmable
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\VersionIndependentProgID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin.1
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin.1\CLSID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin\CLSID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin\CurVer
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\TypeLib
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}\NumMethods
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\NumMethods
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}\NumMethods
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\HELPDIR
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\HELPDIR
HKEY_CLASSES_ROOT\spamdet.SpamDetector
HKEY_CLASSES_ROOT\spamdet.SpamDetector.1
HKEY_CLASSES_ROOT\spamdet.SpamDetector.1\CLSID
HKEY_CLASSES_ROOT\spamdet.SpamDetector\CLSID
HKEY_CLASSES_ROOT\spamdet.SpamDetector\CurVer
%HKEY_LOCAL_MACHINE%\SOFTWARE\ExpertAntivirus
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExpertAntivirus.exe
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExpertAntivirus
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ExpertAntivirus
 

6. Exit registry editor and restart the computer.

7. In order to make sure that the threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

  FREE ON-LINE VIRUS SCANNER:   

Click here to proceed

 

  SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware

Home | Computer | PDA | Mobile Phone | Links & Resources | Contact Us

Copyright 2005-2009 PRECISESECURITYdotCOM
All Rights Reserved