Wednesday, September 8, 2010

How to remove Malware Destructor 2011 (Uninstall Guide)

Malware Destructor 2011 is a rogue anti-malware program that masquerades as a legitimate security product. It attempts to deceive users into buying the full version of the program to remove infected files supposedly found during a false system scan. This fake program uses the same graphical user interface as Antimalware Doctor. The rogue program is promoted mostly through the use of fake online anti-malware scanners but it may come bundled with other malware too. Most of the time, Malware Destructor 2011 has to be manually installed and it pretends to be a system security pack upgrade (see images below), in our case it was System Security Pack 2010.78.932 (Malware Destructor Upgrade; KB987222). After the installation the fake Malware Destructor 2011 scanner will pop-up on your computer screen. The main process of this rogue program is randomly generated (structure: KB[RANDOM NUMBERS].exe). In our case it was KB7154702.exe. Once installed, this fake program will pretend to scan your computer for malware and claim to find potentially unwanted programs, dialers, adware, hijackers, Trojans and other malicious software on your computer. Then it will prompt you to pay for a full version of the program to remove the infected files which actually don't even exist on your computer. It goes without saying that you shouldn't pay for this rogue program. Please follow the removal instructions below to remove Malware Destructor 2011 and any related malware from your computer for free using legitimate anti-malware programs.




(Thanks to rogueamp)

Malware Destructor drops a text file on your computer called "enemies-names.txt". This file contains a list of fake infections that the rogue program uses in its false scan results. Some of the false threats are: AllInOneTelcom.HotA, InterFun, Autodialer, Axis, BD Internet Billing, SmileyWorld, TNS-Search, Wow Access, R-Bot, FakeWGA, Zlob.DVBX11_Bat, eUniverse.PowerSearch, Win32.Small.v, Fake.xpRecovery, HappyToFind.Toolbar, Cydoor, Win32.BHO.kv, IRCBot.svchost, Vegas.Red.Casino.PT. I bet you will find some of these infections in the false scan report.



As a typical rogue security product, Malware Destructor 2011 will display fake security warning and pop-ups like every two or five minutes. Some of the fake alerts you may see:
Warning!
Your system is infected! 35 dangerous objects have been found during last system scan. It is strongly recommended to remove them immediately.

Network intrusion detected!
Warning! Network attack detected!
Your computer is being attacked from a remote PC.
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.

Protection Center Alert
To help protect your computer, Malware Destructor has blocked some features of this program
Name: VacPro
Alert Level: High
Description: This program is a trojan that tracks the user's surfing habits. There are several variants that create a registry under the specific and copy files to the System32 folder.

Malware Destructor - Hacker attack detected
Your computer is subjected to hacker attack. Malware Destructor has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.

Warning! Removed attack detected!
Malware Destructor has detected that somebody is trying to stole Your private data via Trojan.Win32.Generic!BT. Transfer for Your private data will start in: 4
We strongly recommend you to block attack immediately.


As you can see, Malware Destructor 2011 is nothing more but a scam. It forces to register the rogue program to remove the threats and protect your computer against virus and hackers. It gives false sense of security. That's why you should remove Malware Destructor 2011 from your computer as soon as possible. Please note that this rogue program may block genuine security software and system tools. It may also block certain websites. If you can't run any programs in normal mode then reboot your computer is safe mode with networking, download anti-malware software from the list below, update it and run a full system scan. If you have already purchased it then contact your credit card company immediately and dispute the charges. The pay page of Malware Destructor 2011 looks like this:



If you are reading this article then your computer is probably infected with this malware. Please follow Malware Destructor 2011 removal instructions below. You can remove this scareware either manually or with legitimate anti-malware programs. Furthermore, after the successful removal of this rogue program we recommend you to purge all system restore points and create a new clean one. Last, but not least, if you have any questions about this malware please don't hesitate and leave a comment. Good luck and be safe online!


Malware Destructor 2011 removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternative Malware Destructor 2011 removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for similar entries in the scan results:
O4 – HKCU\..\Run: [KB7154702] C:\Documents and Settings\[User Name]\Application data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\KB7154702.exe
O4 – Startup: Malware Destructor.lnk = C:\Documents and Settings\[User Name]\Application data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\KB7154702.exe



The process name will be different in your case KB[RANDOM NUMBERS].exe, located in C:\Documents and Settings\[User Name]\Application data\[RANDOM CHARACTERS]\KB[RANDOM NUMBERS].exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Go to Start -> Run (or WinKey+R). Type in: msconfig and press OK. Select Startup tab and disable the following startup items: KB7154702 and Malware Destructor. Click OK.



4. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Malware Destructor 2011 associated files and registry values:

Files:
In Windows XP:
  • C:\Documents and Settings\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\KB7154702.exe
  • C:\Documents and Settings\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\enemies-names.txt
  • C:\Documents and Settings\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\local.ini
In Windows Vista & 7:
  • C:\Users\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\KB7154702.exe
  • C:\Users\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\enemies-names.txt
  • C:\Users\[User Name]\Application Data\C4E2C1107E3AFA0D3D9EAA35A7E3A3BA\local.ini
Registry values:
  • HKEY_CURRENT_USER\Software\Malware Destructor Inc
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "KB7154702.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Destructor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache Data "KB7154702"
Share this information with other people:

No comments:

Post a Comment