April 1, 2008

How to remove suspicious application PrivacyRedeemer?

PrivacyRedeemer removal tips ..


1. Follow standard procedure for virus removal

2. Delete these values and subkeys added to registry.

HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\Run\"wmsrc.exe" = "C:\Documents and Settings\Administrator\Application Data\Privacy Redeemer\wmsrc.exe"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"SaveMyAss"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"WindowsVersion" = "Major" =5 Minor" =1 Build" =2600 ServicePack" =2.0"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"AffiliateID" = "100"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"RegisterURL" = "http" =//privacyredeemer.com/order.php"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"CheckLicenseURL" = "https" =//secure.sweeptransact.com/Billing/API/CheckLicense.aspx"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"FirstLaunchURL" = ""

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"ActivationSuccessURL" = "http" =//privacyredeemer.com/activate-ok.php"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"FeedbackURL" = "http" =//privacyredeemer.com/bug-report.php"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"BuildVersion" = "8z s titlom"

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer\"isApplicationRunning" = "true"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"Inno Setup" = Setup Version" = "5.1.14"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"Inno Setup" = App Path" = "C" =\Documents and Settings\Administrator\Application Data\Privacy Redeemer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"InstallLocation" = "C" =\Documents and Settings\Administrator\Application Data\Privacy Redeemer\"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"Inno Setup" = Icon Group" = "Privacy Redeemer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"Inno Setup" = User" = "Administrator"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"DisplayName" = "Privacy Redeemer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"UninstallString" = ""C" =\Documents and Settings\Administrator\Application Data\Privacy Redeemer\unins000.exe""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"QuietUninstallString" = ""C" =\Documents and Settings\Administrator\Application Data\Privacy Redeemer\unins000.exe" /SILENT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"NoModify" = 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"NoRepair" = 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy RedeemerRedeemer_is1\"InstallDate" = "20080310"


HKEY_ALL_USERS\Software\PrivacyRedeemer

HKEY_ALL_USERS\Software\PrivacyRedeemer\PrivacyRedeemer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy Redeemer_is1


Restore registry entries under the following subkeys to their original values, if required

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85F6F2-101A-A3C9-08002B2F49FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}


Source: Symantec
Posted by Vidhu at 5:59 AM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)