We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Kundenbetreuung

Wir sind rund um die Uhr 24/7 verfügbar.


Senden Sie uns eine E-Mail und wir werden innerhalb von 24 Stunden antworten.


 

 

How to remove Adware.Spywad.I



THREAT NAME

Adware.Spywad.I

CLEAN INSTRUCTIONS
1. Restart the computer in Safe mode.

 

2. Open Windows Explorer, navigate to C:\Windows\ directory and delete the file xpupdate.exe.

 

3.Go to Start, Run, type regedit and press OK.

 

4. Delete the following keys:


NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.


HKCR\Software\Microsoft\Windows\CurrentVersion\Run\Windows update loader
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

5. From the HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer delete the following keys:

NoActiveDesktop
NoDesktop
ClassicShell
ForceActiveDesktopOn

6. After that you will need to set a new wallpaper for your Desktop.

 

7. This adware may download and install the MalwareAlarm application into your computer, so you need to remove it. In order to do this, go to Control Panel, Add or Remove Programs, locate the MalwareAlarm program and remove it.


SYMPTOMS
1. Notifications may appear that your computer is infected with spyware.

e.g:
Windows Security Center has detected spyware/adware infection!
Your computer is in Danger!


2. Your wallpaper is modified and you can't restore it.

 

3. A program called MalwareAlarm is installed on your computer.


DESCRIPTION
1. When it is run it will copy itself in the C:\Windows directory under the name xpupdate.exe

2. It will add a key in:

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

with the name "Windows update loader" that will point to the xpupdate.exe so it can run at startup.

 

3. It will try to see if the MalwareAlarm program is installed by checking the existence and the size of the file:


C:\Program Files\MalwareAlarm\MalwareAlarm.exe

4. It will answer automatically to Windows Firewall queries in order to get access to the Internet
so it can download the MalwareAlarm program.

 

5. MalwareAlarm is a fake antispyware that is designed to trick the user that it it infected and he need to purchase the full version the program to get rid of infections.

 

6. It will change the background, it will remove icons, shortcuts, and other default or user-defined items from the Desktop.

 

7. It disables all options on the Background tab of Display in Control Panel. As a result, users cannot add or change the background design of the Desktop.


8. It will show messages that the system is infected with spyware/adware.

 

9. It will create/modify the following registry keys:

HKCR\Software\Microsoft\Windows\CurrentVersion\Run\Windows update loader
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoComponents
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper

HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn

HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper

HKCR\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperStyle
HKCR\Software\Microsoft\Internet Explorer\Desktop\General\TileWallpaper
HKCR\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperFileTime
HKCR\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperLocalFileTime
HKCR\Software\Microsoft\Internet Explorer\Desktop\General\ComponentsPositioned

 

 

Learn more about antispyware


Author:
The BullGuard Team