OPA11.BACK

Malware removal
By Kristopher on May 28, 2008

OPA11.BACK is a “privacy violation” that appears in fake security scans from rogue antispyware software CrisysTec Sentry 3.0.

OPA11.BACK isn’t a privacy risk — just an annoyance. The only thing at risk is your sanity. All you need to do is remove CrisysTec Sentry 3.0 with the instructions below.

Remove OPA11.BACK Now

Download STOPzilla


Read our review
.

Stop OPA11.BACK processes:

%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryBSwap.exe
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentrySentry.exe
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryUninstall.exe

Remove files:

%UserProfile%DesktopCrisysTec Sentry 3.0.lnk
%UserProfile%Start MenuProgramsCrisysTec SentryCrisysTec Sentry Help file.lnk
%UserProfile%Start MenuProgramsCrisysTec SentryCrisysTec Sentry.lnk
%UserProfile%Start MenuProgramsCrisysTec SentryUninstall CrisysTec Sentry.lnk
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryINSTALL.LOG
%ProgramFiles%Critical Systems TechnologiesCrisysTec Sentryinstall.sss
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryPluginsExtensions.plugin_example
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryPluginsExtensions83.plugin
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentryRestoreRegistry.reg
%ProgramFiles%Critical Systems TechnologiesCrisysTec SentrySentry.chm

Remove registry keys:

HKEY_ALL_USERSSoftwareMicrosoftWindowsCurrentVersionRun”CrisysTec Sentry” = “C:Program FilesCritical Systems TechnologiesCrisysTec SentrySentry.exe -Minimized”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{645FF040-5081-101B-9F08-00AA002F954E}Shell
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{34BCE26E-D9F8-46CB-8A59-B473A14471F0}
HKEY_ALL_USERSSoftwareCritical Systems Technologies
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDllsC:Program
FilesCritical Systems TechnologiesCrisysTec SentryUninstall.exe
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{645FF040-5081-101B-9F08-00AA002F954E}”(Default)” = “CrisysTec Protected Recycle Bin”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{645FF040-5081-101B-9F08-00AA002F954E}LocalizedString”(Default)” = “CrisysTec Protected Recycle Bin”

DIY OPA11.BACK Removal Instructions

Start by removing the above files. If you're not sure how to do this, refer to the instructions below.

Note: In any files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. (Not an iEuphemism for muth@fugg@#*!@.) So if you’re using Windows NT/2000/XP/7, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\NoahFence”).

How to Manually Delete Badware Files

Need some removing badware files help? No biggie. While you should only manually delete badware files if you're comfy editing your system, you'll find it's pretty easy. And probably really satisfying.

How to delete badware files in Windows XP/Vista/7:

  1. Click your Windows Start menu, then click "Search."
  2. A pop up will ask, "What do you want to search for?" Click "All files and folders."
  3. Type a badware file in the search box, and select "Local Hard Drives."
  4. Click "Search." Once the badware file is found, delete it.

How to stop badware processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click "OK." You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find badware processes.
  4. Once you've found the badware processes, right-click them and select "End Process" to kill badware.

badware processes

How to remove badware registry keys:

Backup your registry before you edit it. Then...

  1. Click the Start menu, and click "Run." An "Open" field will appear. Type "regedit" and click "OK " to open up your Registry Editor. In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.
  2. Registry Editor opens as a two-paned window: the left side lets you select registry keys,the right side shows the values of any selected registry key.
  3. To find a badware registry key, select "Edit," then select "Find," and in the search bar type any of badware 's registry keys.
  4. When the badware registry key appears, to delete the badware registry key, right-click it, and select "Modify," then select "Delete."

Deleting badware Registry Keys

How to delete badware DLLs:

  1. Open the Start menu, and click "Run." Type "cmd" in Run, and click "OK." (In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.)
  2. To change your current directory, type "cd" in the command box, press "Space," and enter the full directory where the badware DLL is located. If you're not sure where the badware DLL is located, enter "dir" in the command box to display a directory's contents. To go one directory back, type "cd .." in the command box and press "Enter."
  3. When you've found a badware DLL, type "regsvr32 /u SampleDLLName.dll" (e.g., "regsvr32 /u jl27script.dll") and press "Enter."

That's it. If you want to restore any badware DLL you removed, type "regsvr32 DLLJustDeleted.dll" (e.g., "regsvr32 jl27script.dll") into your command box, and press "Enter."

Did badware change your homepage?

  1. Select Start menu > Control Panel > Internet Options > General.
  2. Type your preferred home page's URL.
  3. Click "Use Default," "Apply," and "OK."