Total Anti Malware Protection

Malware removal
By Kristopher on May 5, 2012

If you ever want to sabotage someone’s computer, giving them a junky piece of software like Total Anti Malware Protection would be a pretty quick way to do it. These programs pretend to be useful system tools that can eradicate all badware on your PC, but they’re actually trojans designed to take over your PC from the inside while trying to scam a little money out of you.

Once Total Anti Malware Protection gets on your PC, it’s most obvious tactic is to send lots and lots of popups your way in the hopes that one will convince you to turn over your credit card info. They show all sorts of fake alerts and warnings designed to make your brain shut down, and that’s when they spring the trap.

Want to make sure these guys can’t bother you anymore? Follow these steps to remove Total Anti Malware Protection for free.

Remove Total Anti Malware Protection Now

Download Spyware Doctor


Read our review
.

Stop Total Anti Malware Protection processes:

ScanDisk_.exe
BVa76.exe
cid.exe
PE.exe
sld.exe

Delete DLLs:

mozcrt19.dll
sqlite3.dll
cb.dll
DBOLE.dll
PE.dll

Delete Total Anti Malware Protection files:

%AppData%Best Virus Protection
%AppData%Best Virus Protectioncookies.sqlite
%AppData%Best Virus ProtectionInstructions.ini
%AppData%Best Virus ProtectionScanDisk_.exe
%AppData%MicrosoftInternet ExplorerQuick LaunchBest Virus Protection.lnk
%CommonAppData%79b35
%CommonAppData%79b35BVa76.exe
%CommonAppData%79b35BVP.ico
%CommonAppData%79b356543.mof
%CommonAppData%79b35mozcrt19.dll
%CommonAppData%79b35sqlite3.dll
%CommonAppData%79b35BackUp
%CommonAppData%79b35BVPSys
%CommonAppData%79b35Quarantine Items
%CommonAppData%BVWALGP
%CommonAppData%BVWALGPBVGGLRJVOAP.cfg
%StartMenu%Best Virus Protection.lnk
%StartMenu%ProgramsBest Virus Protection.lnk
%UserProfile%DesktopBest Virus Protection.lnk
%UserProfile%Recentcb.dll
%UserProfile%Recentcid.exe
%UserProfile%RecentDBOLE.dll
%UserProfile%RecentDBOLE.tmp
%UserProfile%Recentexec.drv
%UserProfile%Recentkernel32.drv
%UserProfile%Recentpal.sys
%UserProfile%RecentPE.dll
%UserProfile%RecentPE.exe
%UserProfile%RecentPE.tmp
%UserProfile%Recentrunddl.sys
%UserProfile%Recentrunddlkey.sys
%UserProfile%Recentsld.exe
%UserProfile%Recentsnl2w.sys

Delete Registry entries:

HKEY_CURRENT_USERSoftware3
HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOTdumped_patched.DocHostUIHandler
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “IIL” = 0
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “ltHI” = 0
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “ltTST”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “RunInvalidSignatures” = 1
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “UID” = 8010
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform “runtime 13.00007″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer “DisallowRun” = 1
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “0″ = “msseces.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “1″ = “MSASCui.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “2″ = “ekrn.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “3″ = “egui.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “4″ = “avgnt.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “5″ = “avcenter.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “6″ = “avscan.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “7″ = “avgfrw.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “8″ = “avgui.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “9″ = “avgtray.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “10″ = “avgscanx.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “11″ = “avgcfgex.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “12″ = “avgemc.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “13″ = “avgchsvx.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “14″ = “avgcmgr.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun “15″ = “avgwdsvc.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Best Virus Protection”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “CheckExeSignatures” = “no”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconfig.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrw.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsintren.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionspavsched.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsspywarexpguard.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvsmon.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswscfxfw.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszatutor.exe

DIY Total Anti Malware Protection Removal Instructions

Start by removing the above files. If you're not sure how to do this, refer to the instructions below.

Note: In any files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. (Not an iEuphemism for muth@fugg@#*!@.) So if you’re using Windows NT/2000/XP/7, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\NoahFence”).

How to Manually Delete Badware Files

Need some removing badware files help? No biggie. While you should only manually delete badware files if you're comfy editing your system, you'll find it's pretty easy. And probably really satisfying.

How to delete badware files in Windows XP/Vista/7:

  1. Click your Windows Start menu, then click "Search."
  2. A pop up will ask, "What do you want to search for?" Click "All files and folders."
  3. Type a badware file in the search box, and select "Local Hard Drives."
  4. Click "Search." Once the badware file is found, delete it.

How to stop badware processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click "OK." You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find badware processes.
  4. Once you've found the badware processes, right-click them and select "End Process" to kill badware.

badware processes

How to remove badware registry keys:

Backup your registry before you edit it. Then...

  1. Click the Start menu, and click "Run." An "Open" field will appear. Type "regedit" and click "OK " to open up your Registry Editor. In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.
  2. Registry Editor opens as a two-paned window: the left side lets you select registry keys,the right side shows the values of any selected registry key.
  3. To find a badware registry key, select "Edit," then select "Find," and in the search bar type any of badware 's registry keys.
  4. When the badware registry key appears, to delete the badware registry key, right-click it, and select "Modify," then select "Delete."

Deleting badware Registry Keys

How to delete badware DLLs:

  1. Open the Start menu, and click "Run." Type "cmd" in Run, and click "OK." (In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.)
  2. To change your current directory, type "cd" in the command box, press "Space," and enter the full directory where the badware DLL is located. If you're not sure where the badware DLL is located, enter "dir" in the command box to display a directory's contents. To go one directory back, type "cd .." in the command box and press "Enter."
  3. When you've found a badware DLL, type "regsvr32 /u SampleDLLName.dll" (e.g., "regsvr32 /u jl27script.dll") and press "Enter."

That's it. If you want to restore any badware DLL you removed, type "regsvr32 DLLJustDeleted.dll" (e.g., "regsvr32 jl27script.dll") into your command box, and press "Enter."

Did badware change your homepage?

  1. Select Start menu > Control Panel > Internet Options > General.
  2. Type your preferred home page's URL.
  3. Click "Use Default," "Apply," and "OK."