Saturday, 23 January 2010

How to get rid of APcSafe virus? (Uninstall guide)

APcSafe is a rogue anti-spyware application or just simply a virus that usually comes from fake online scanners and various bogus websites. This fake program imitates legitimate anti-spyware software and displays fake security alerts to make you think that your computer is infected with viruses that in reality don't even exist. People who created APcSafe have only one goal - to steal money from you. The fake program displays false scan results and claims that you must buy a full version of the program to remove the infections. As you can imagine, this scam might actually work out, especially if the user of the compromised PC doesn't know much about computers.

Another trick used by APc Safe is fake Security Center windows (see image below) that looks like the legitimate Windows Security Center except that the legitimate one doesn't promote any anti-virus software. Whereas the fake one states that your computer is not protected and recommends buying APcSafe. Everything else is almost identical. Inexperienced users probably won't even notice the difference. We also have to say, that this virus may block anti-virus software and hijack your web browser (usually Internet Explorer). Most of the time it will take you to fake websites or to the home page of this virus: (don't open that website, it contains viruses).

The most important question of course is how to remove APcSafe? That can be done either manully or with an anti-spyware application. However, note that this virus will likely install additional malware such as Trojans and rootkits. That's why we strongly recommend you to use at least one of these legitimate anti-spyware applications listed bellow:
If you can't downlaod or install any of the above applications do this:

Method #1
Download HijackThis tool. (NOTE: before saving it to your dekstop, rename HijackThis.exe to explorer.exe)
Launch HijackThis and click 'Do a system scan only' button. Select the following entries from the scan results:

O4 – HKLM\..\Run: [APcSafe] C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe -min
O4 – HKCU\..\Run: [[random].exe] C:\WINDOWS\system32\[random].exe

Close all open programs and click "Fix Checked" button. Exit HijackThis.
Then download TDSSKiller and save it to your desktop. Extract archive and launch TDSSKiller tool. Follow the prompts. This tool will remove Trojans that block legitimate software.

Method #2
Reboot your computer in "Safe Mode with Networking" and run them from there. How to do that:

Manual APcSafe removal: 

1. Open Task Manager and terminate these procsses: APcSafe.exe, [random].exe
2. Delete the following files and folders:
C:\Program Files\APcSafe Software
  • C:\Documents and Settings\All Users\Start Menu\Programs\APcSafe
  • C:\WINDOWS\system32\[random].exe
  • C:\Documents and Settings\comp\Local Settings\temp\00002e99
  • C:\Documents and Settings\All Users\Start Menu\Programs\APcSafe\
3.Open Regedit and remove these registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APcSafe
  • HKEY_CURRENT_USER\Software\APcSafe
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe

No comments:

Post a Comment