Remove Malware: WinAntivirus Ransomware

WinAntivirus malware description and removal detail
Categories:Ransomware
Visible Symptoms:
Files in system folders:

 
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe

In order to ensure that the WinAntivirus is launched automatically each time the system is booted, the WinAntivirus adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run [%SYSTEM%]\stera.exe [%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

 
Detecting WinAntivirus:
  Files:  
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe  
   Folders:  
[%APPDATA%]\WinAntiVirus Pro 2006
[%APPDATA%]\WinAntiVirus Pro 2006(2)
[%APPDATA%]\WinAntiVirus Pro 2007
[%APPDATA%]\WinAntiVirus Pro 2007(2)
[%APPDATA%]\WinAntiVirus Pro 2007(3)
[%COMMON_APPDATA%]\WinAntiVirus Corp
[%COMMON_APPDATA%]\WinAntiVirus Pro 2006
[%COMMON_APPDATA%]\WinAntiVirus Pro 2007
[%COMMON_PROGRAMS%]\WinAntiVirus 2005 Pro
[%COMMON_PROGRAMS%]\WinAntiVirus Pro 2006
[%COMMON_PROGRAMS%]\WinAntiVirus Pro 2007
[%PROFILE_TEMP%]\NI.UWA6PM_0001_N73M1004
[%PROFILE_TEMP%]\NI.UWA6PM_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PS_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PV_0001_N76M1904
[%PROFILE_TEMP%]\NI.UWA6PV_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PY_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PZ_0001_N91M2507
[%PROFILE_TEMP%]\NI.UWA6P_0001_N69M0303
[%PROFILE_TEMP%]\NI.UWA6P_0001_N69M0304
[%PROFILE_TEMP%]\NI.UWA6P_0001_N73M1004
[%PROFILE_TEMP%]\NI.UWA6P_0001_N822M1605
[%PROFILE_TEMP%]\NI.UWA6P_0001_N85M0307
[%PROFILE_TEMP%]\NI.UWA6P_0001_N91M1807
[%PROFILE_TEMP%]\NI.UWA7PM_0001_N96M0806
[%PROFILE_TEMP%]\NI.UWA7P_0001_N91M0809
[%PROFILE_TEMP%]\NI.UWA7P_0001_N99M2908
[%PROGRAMS%]\WinAntiVirus Pro 2006
[%PROGRAMS%]\WinAntiVirus Pro 2007
[%PROGRAM_FILES%]\WinAntiVirus 2005
[%PROGRAM_FILES%]\WinAntiVirus 2005 Pro
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006
[%PROGRAM_FILES%]\WinAntiVirus Pro 2007
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2007  
   Registry Keys:  
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\AntiVirusCOM.AVOfficeProtect
HKEY_CLASSES_ROOT\AntiVirusCOM.AVOfficeProtect.1
HKEY_CLASSES_ROOT\AntiVirusCOM.AVProtectOffice
HKEY_CLASSES_ROOT\AntiVirusCOM.AVProtectOffice.1
HKEY_CLASSES_ROOT\AppID\winavpgi.dll
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL
HKEY_CLASSES_ROOT\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\AppID\{6F4186D7-72A2-4bfa-9C94-601019E4D58E}
HKEY_CLASSES_ROOT\AVExplorer.ShellExtension
HKEY_CLASSES_ROOT\AVExplorer.ShellExtension.2
HKEY_CLASSES_ROOT\CDSpaceIcon1\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
HKEY_CLASSES_ROOT\CLSID\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_CLASSES_ROOT\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
HKEY_CLASSES_ROOT\CLSID\{22750ADC-C90F-43c4-9B72-0F9E60CB5119}
HKEY_CLASSES_ROOT\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}
HKEY_CLASSES_ROOT\CLSID\{31800C9A-9CC0-4816-B4C0-2C3B8F364CF7}
HKEY_CLASSES_ROOT\CLSID\{67121D62-2C97-4ef0-83EA-2DC643D50B01}
HKEY_CLASSES_ROOT\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
HKEY_CLASSES_ROOT\CLSID\{8B46110A-E24E-474f-8078-375048BE17F7}
HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
HKEY_CLASSES_ROOT\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\FWBHO.FW
HKEY_CLASSES_ROOT\FWBHO.FW.2
HKEY_CLASSES_ROOT\IEFWBHO.IEFW
HKEY_CLASSES_ROOT\IEFWBHO.IEFW.2
HKEY_CLASSES_ROOT\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
HKEY_CLASSES_ROOT\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}
HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
HKEY_CLASSES_ROOT\Interface\{F5AC4887-3651-4C2A-B188-8D5300766C93}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\TypeLib\{3C490009-145D-4A7F-8ABB-2011AC84DE3F}
HKEY_CLASSES_ROOT\TypeLib\{440D18AB-D2D9-4EC0-B807-DEF1CAA4DC33}
HKEY_CLASSES_ROOT\TypeLib\{6F4186D7-72A2-4BFA-9C94-601019E4D58E}
HKEY_CLASSES_ROOT\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_CLASSES_ROOT\UWAP7.PCheck.1
HKEY_CLASSES_ROOT\WAP6.PCheck
HKEY_CLASSES_ROOT\WAP6.PCheck.1
HKEY_CLASSES_ROOT\WAV6COM.AVOfficeProtect
HKEY_CLASSES_ROOT\WAV6COM.AVOfficeProtect.1
HKEY_CLASSES_ROOT\WAVExplorer.ShellExtension
HKEY_CLASSES_ROOT\WAVExplorer.ShellExtension.2
HKEY_CLASSES_ROOT\WinPGIntegrator.IEIntegrator
HKEY_CLASSES_ROOT\WinPGIntegrator.IEIntegrator.1
HKEY_CLASSES_ROOT\WinPopupGuardIntegrator.IEIntegrator
HKEY_CLASSES_ROOT\WinPopupGuardIntegrator.IEIntegrator.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus 2005 Pro
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus Pro 2007
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\billingnow.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.cdn.winsoftware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\go.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reliablestats.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ulog.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winnanny.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.amaena.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.winantivirus.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.winantiviruspro.com
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2005
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2005 Pro
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2006 Pro
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Corp
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Pro 2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA7P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Corp
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2007
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSFLT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTTF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtTf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK  
   Registry Values:  
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (Disabled by Starter)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunBackup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt  
    
Removing WinAntivirus:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from WinAntivirus.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove WinAntivirus manually.
  To completely manually remove WinAntivirus malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with WinAntivirus.
   Use Task Manager to terminate the WinAntivirus process.
   Delete the original WinAntivirus file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes WinAntivirus from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of WinAntivirus!  
Also Be Aware of the Following Threats:
TrojanDownloader.Swizzor.de Downloader Removal instruction
Mimail Trojan Cleaner

Remove Malware

Monday, December 15, 2008

WinAntivirus Ransomware

Detecting WinAntivirus:

Removing WinAntivirus:

No comments:

Blog Archive

About Me