Malware Scanner
Reported: May 14, 2008
Category: Unwanted Program, Threats
Malware Scanner is a fake anti-malware program that reports generated exaggerated system security threats on the computer.
Other Alias: MalwareScanner
Threat Level: Low
Systems Affected: Windows - All
Source: Symantec
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Malware Scanner” = “C:\Program Files\MalwareRemover.com\Malware Scanner\MalScr.exe”
Navigate to and delete the following registry subkeys:
HKEY_CURRENT_USER\Software\Malware Scanner
HKEY_CLASSES_ROOT\.mfp
HKEY_CLASSES_ROOT\.sol
HKEY_CLASSES_ROOT\.sor
HKEY_CLASSES_ROOT\ActiveSplash.Splash.1
HKEY_CLASSES_ROOT\ActiveSplash.Splash
HKEY_CLASSES_ROOT\CLSID\{09C38747-4633-4AEE-9C9A-EFA67F08AB13}
HKEY_CLASSES_ROOT\CLSID\{11B75807-E720-460B-99C5-D750581D9F3A}
HKEY_CLASSES_ROOT\CLSID\{268580D5-B20E-4B2B-9C4A-09F56AA00CC3}
HKEY_CLASSES_ROOT\CLSID\{2FA44B26-F9A8-469C-AF7E-C5D301E1BF4B}
HKEY_CLASSES_ROOT\CLSID\{5C6289F4-C822-45D0-9BBE-06BCE8A7A8EB}
HKEY_CLASSES_ROOT\CLSID\{6241AF3F-2B41-41AD-A268-68CD710D34C2}
HKEY_CLASSES_ROOT\CLSID\{6A0CC99A-3471-4FC3-9BF9-E9DFD9CF7A05}
HKEY_CLASSES_ROOT\CLSID\{84FD864B-8B6B-41AC-8CE3-15F3BBBAE904}
HKEY_CLASSES_ROOT\CLSID\{A6C9D669-AE01-411F-B0FF-64E23352E140}
HKEY_CLASSES_ROOT\CLSID\{C9F99872-310A-4F9D-9E36-ED5C8FD6A5B0}
HKEY_CLASSES_ROOT\CLSID\{D1B5603A-54B5-4C23-BA4B-DEAA204AF07C}
HKEY_CLASSES_ROOT\CLSID\{D4D72717-D96A-4BA1-A136-EADB379BE963}
HKEY_CLASSES_ROOT\CLSID\{D88797FA-4784-4B40-8C5A-C4626297EC0E}
HKEY_CLASSES_ROOT\Interface\{1ED66E9B-5A1B-4354-9A00-8CE8C809F0A0}
HKEY_CLASSES_ROOT\Interface\{1FD72A8C-E2CE-41EB-9AA4-3D2E18DCA49F}
HKEY_CLASSES_ROOT\Interface\{25B5C75A-CC13-443C-AA0F-D92A2A8ECE7E}
HKEY_CLASSES_ROOT\Interface\{3F6FC238-3D6C-455F-B1AD-203F3F9DE391}
HKEY_CLASSES_ROOT\Interface\{4CA2CA27-2031-405C-86E5-84637FB595C5}
HKEY_CLASSES_ROOT\Interface\{4E0E6D86-082D-4D60-A733-29A66909BDC8}
HKEY_CLASSES_ROOT\Interface\{6F7C160F-ECE1-4DFC-A4C1-AE0D0AA5CD20}
HKEY_CLASSES_ROOT\Interface\{8573FCF1-941E-4D3A-880B-3F34B380104B}
HKEY_CLASSES_ROOT\Interface\{99102376-125C-4A3B-B236-B5F2A94C4259}
HKEY_CLASSES_ROOT\Interface\{9F2D645B-C067-4001-9212-F5DC813415FE}
HKEY_CLASSES_ROOT\Interface\{A8999341-7238-4AEE-806F-2D2FEA37C255}
HKEY_CLASSES_ROOT\Interface\{B5745800-DA7C-4B4B-B775-D56AE8984D82}
HKEY_CLASSES_ROOT\Interface\{C0F24FD7-D91A-4858-BE9B-FCF1DA5B2A31}
HKEY_CLASSES_ROOT\Interface\{D3B810A9-7B1C-47F0-9B72-F1A24568B8A6}
HKEY_CLASSES_ROOT\Interface\{E09C0C3D-3C14-4F65-B4D1-CF7DD53F7AF3}
HKEY_CLASSES_ROOT\Interface\{EC058846-AE55-4BDF-B379-9D2BE64D7D3A}
HKEY_CLASSES_ROOT\Interface\{EEDD46CD-3900-426F-838F-E543A0D69584}
HKEY_CLASSES_ROOT\Interface\{FB3AF05A-AB26-48E7-BE5A-CFFAA5980A97}
HKEY_CLASSES_ROOT\MacromediaFlashPaper.MacromediaFlashPaper
HKEY_CLASSES_ROOT\Scanner.Backup2
HKEY_CLASSES_ROOT\Scanner.Error2
HKEY_CLASSES_ROOT\Scanner.Loading2
HKEY_CLASSES_ROOT\Scanner.Remove2
HKEY_CLASSES_ROOT\Scanner.Scan2
HKEY_CLASSES_ROOT\Scanner.Shield2
HKEY_CLASSES_ROOT\Scanner.ThreadControl2
HKEY_CLASSES_ROOT\Scanner.ThreadLaunch2
HKEY_CLASSES_ROOT\Scanner.Worker2
HKEY_CLASSES_ROOT\ShockwaveFlash.ShockwaveFlash.7
HKEY_CLASSES_ROOT\ShockwaveFlash.ShockwaveFlash.8
HKEY_CLASSES_ROOT\TypeLib\{46D36DC4-1F37-11D3-9DD0-AE1592195F1B}
HKEY_CLASSES_ROOT\TypeLib\{51B5287B-1776-4DD7-8EC2-9EF1BEAF4102}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Scanner_is1
6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.