1 of 2
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
Infection Video Antimalware PC Safety

Antimalware PC Safety

Antimalware PC Safety is not a new player in the field, because we have definitely seen this interface before. Sure enough, this rogue antispyware application is a new clone of such notorious malware programs like AV Security Essentials, Antivirus Smart Protection, Malware Protection Center and the rest that belong to the Rogue.FakeVimes family.

This rogue usually enters your computer through fake online advertisements that offer you to perform a free system scan online. Unfortunately, anything that is related to Antimalware PC Satefy cannot contribute to your system’s security, and so the moment you enter this trap, you are bound to download and install Antimalware PC Safety without even realizing it. The first thing you have to remember when you are infected with a rogue – everything it says is a pure lie!

Since Antimalware PC Safety poses as a legitimate antivirus tool it surely needs to justify its name and find some “viruses” in your system. When it comes to detections, the rogue already arrives prepared for it, because Antimalware PC Safety drops random files in your system directories that are absolutely harmless, but even so the rogue later on blames them for the erratic system behavior. Some of those files include ANTIGEN.dll, ddv.exe, energy.tmp and so on.

The files usually appear in the fake system scan performed by Antimalware PC Safety, or in the fake system security messages, that pop up onto your screen every other minute. You will definitely be spammed by the following notifications if you are infected by Antimalware PC Safety:

Warning! Access conflict detected!
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:\Windows\...\taskmgr.exe

Warning! Identity theft attempt detected

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.

System Alert
Antimalware PC Safety has detected pontentially harmful software in your system. It is strongly recommended that you register Antimalware PC Safety to remove all found threats immediately.

The reason why Antimalware PC Safety exhibits such behavior is money – it wants to rip you off, as the rogue promises to “remove” the threats if you pay for the full version of the program. Do NOT do that if you don’t want to lose your money. Use this activation code instead:

U2FD-S2LA-H4KA-UEPB

It DOES NOT remove the rogue, but fools it into “thinking” that you have purchased the program. This wins you some time to deal with Antimalware PC Safety without any interference. If you are not a computer expert you are advised to remove Antimalware PC Safety with a reliable computer safeguard tool. This way you will not inflict any negative changes on your system, and you will get rid of Antimalware PC Safety in no time.

Download Spyware Removal Tool to Remove* Antimalware PC Safety
  • Quick & tested solution for Antimalware PC Safety removal.
  • 100% Free Scan for Windows

How to renew your internet connection:

This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
  1. Open Internet Explorer and go to >Tools< select >Internet Options<

  2. Select >Connections<

  3. Select >LAN Settings<

  4. Now you need to uncheck the checkbox labeled >Use a proxy server for your LAN< in Proxy Server section. Then press the >OK< button to close this screen and press the >OK< button to close the Internet Options screen.

  5. Now you can download the SpyHunter scanner and remove the infection.

Download Spyware Removal Tool to Remove* Antimalware PC Safety
  • Quick & tested solution for Antimalware PC Safety removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Antimalware PC Safety

Files associated with Antimalware PC Safety infection:

%UserProfile%\Recent\SM.exe
%UserProfile%\Recent\runddlkey.exe
%UserProfile%\Recent\runddl.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\pal.exe
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\ddv.exe
%UserProfile%\Recent\DBOLE.drv
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Desktop\Antimalware PC Safety.lnk
%StartMenu%\Programs\Antimalware PC Safety.lnk
%StartMenu%\Antimalware PC Safety.lnk
%CommonAppData%\APRFIENRRQCS\APBLIPLCS.cfg
%CommonAppData%\79b35\Quarantine Items\
%CommonAppData%\79b35\HMCSys\
%CommonAppData%\79b35\BackUp\
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\mozcrt19.dll
%CommonAppData%\79b35\6543.mof
%CommonAppData%\79b35\HMC.ico
%CommonAppData%\79b35\HMa76.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antimalware PC Safety.lnk
%AppData%\Antimalware PC Safety\ScanDisk_.exe
%AppData%\Antimalware PC Safety\Instructions.ini
%AppData%\Antimalware PC Safety\cookies.sqlite

Antimalware PC Safety DLL's to remove:

%UserProfile%\Recent\ANTIGEN.dll
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\mozcrt19.dll

Antimalware PC Safety processes to kill:

%UserProfile%\Recent\SM.exe
%UserProfile%\Recent\runddlkey.exe
%UserProfile%\Recent\pal.exe
%UserProfile%\Recent\ddv.exe
%CommonAppData%\79b35\HMa76.exe

Remove Antimalware PC Safety registry entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 8010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "runtime 13.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antimalware PC Safety"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
Disclaimer

Comments

  1. MC djole 087 Apr 3, 2012

    this is crazy!!!I don't know what to do?WTF?

  2. Pcthreat Apr 5, 2012

    MC djole 087
    Did You try our offered software?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.