Thursday, April 29, 2010

How to remove the AP Manager (Uninstall guide)

AP Manager is a fake download manager and a part of the I-Q Manager Copyright violation scam. It claims to be very fast and powerful download management software, but that's not true. If you are reading this article then your computer is probably infected with this malware. And you probably got it from a fake website that is affiliated with APManager. Usually, those misleading websites provide copyrighted games, movies, and music. Of course you may download any movie or song you like from those websites, but you have to use AP Manager for that. The copyrighted media will be added to the AP Manager download list. Just like any other download manager it will show basic information about your download such as how much time is left, the amount of KB transferred and the speed of the download. However, this information is false. It only pretends to download the file to your computer but in reality nothing is being downloaded to your computer.



Once the file has ostensibly been downloaded to your computer, a new window titled "Copyright Violation Alert" will show up. It will attempt to convince you to pay a fee for copyrighted material that you have just downloaded. The fake Copyright Violation Alert reads:

"Copyright violation alert
Copyright violation: copyrighted content detected
Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. Please read the following bulletin and try solving the problem in one of the recommended ways."



That's only a part of the whole statement, but basically it was made to look like a legitimate warning from a law firm that represents different copyright associations. It will ask you to pay a fine of around $50 dollars; otherwise it will notify the authorities and your case will supposedly be handled in a court.

AP Manager will also constantly display fake warnings from the Windows task bar as shown in the image below.



The biggest problem is that this threat then may lock the compromised computer until the user enters a correct license number for the program. Thankfully, S!Ri posted a registration code which should unlock your computer: RFHM2-TPX47-YD6RT-H4KDM.

To sum things up, AP Manager is a Trojan horse that pretends to be a download management program. Once installed, it will try to trick you into paying money for fake copyright violations. If you have already paid a fine, then you should contact your credit card company immediately and dispute the charges. Next, please follow the removal instructions below to remove AP Manager and any associated malware from your computer as soon as possible. If you have any questions or additional information about this virus, please leave a comment. Good luck and be safe!


AP Manager removal instructions:

1. Click Start -> Control Panel
2. When in the Control Panel, double-click on one of the options below depending on your version of Windows
a) Add or Remove Programs icon (for Windows XP users)
b) Uninstall Program (for Windows Vista and Windows 7 users)
3. The Add or Remove Programs (Windows XP) or the Uninstall Program (Windows Vista & 7) screen will be displayed. Scroll through the list of programs and look for entries with I-Q Manager and AP Manager, uninstall them. You are done, close the Control Panel screen.
NOTE: If the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the program.

Your computer should now be free of the I-Q Manager or Copyright Violation: Copyrighted Content Detected  and AP Manager malware. However, if it's still on your computer then complete these additional steps:

1. Click Start -> Run.
2. Input: regedit. Then click OK.
3. Navigate to and delete the following registry entries and subkeys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"iqmanager.exe" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "apmanager.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\APManager\apmanager.exe"
4. Exit the Registry Editor.
5. Download one of the following anti-malware programs (all programs are free):
6. Install selected anti-malware program, update it and run a full system scan.


AP Manager files and registry values:

Files:
  • %UserProfile%\Application Data\APManager
  • %UserProfile%\Application Data\APManager\apmanager.exe
  • %UserProfile%\Application Data\APManager\settings.ini
  • %UserProfile%\Application Data\APManager\uninstall.exe
  • %UserProfile%\Application Data\APManager\wallpaper.jpg
  • %UserProfile%\Application Data\APManager\files\
  • %UserProfile%\Application Data\APManager\iplog\
  • %UserProfile%\Application Data\APManager\ispinfo\
  • %UserProfile%\Application Data\APManager\languages\
  • %UserProfile%\Application Data\APManager\metafiles\
Registry:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APManager HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "apmanager.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\APManager\apmanager.exe"
Share this information with other people:

No comments:

Post a Comment