Tip 1: How to remove the verification program
Tip 1: How to remove the verification program
If among the set of updates from the siteMicrosoft was "lucky" to download and then install the update for KB905474 (Windows Genuine Advantage Notification), then every time you boot the system, you will most likely have to watch a beautiful tablet on the system tray "You may have purchased a counterfeit copy of the software. This copy of Windows has not been authenticated. "
Instructions
1
Windows Genuine Advantage - program Verification authenticity of Windows, which is installedinsidious service Microsoft Windows Update along with other updates. For permanent display of this plate meet two documents: WgaLogon.dll (size 231 KB) and WgaTray.exe (329 KB). To get rid of them, press Ctrl + Alt + Delete to open the "Task Manager". Find the WGALogon process, right-click the process, select "End the process" and confirm your action. This you have "killed" the process and can proceed to further action.
2
System folders are hidden by default, for theirdisplay the "Tools" tab in any window, then go to the "Folder Options" menu and click on the "View" item. In the window that opens, select the option "Show hidden files and folders" and tick "Apply".
3
Go to the Windows folder, open the directory in itsystem32, concentrate on the WgaTray.exe file. Feel free to move it to the basket. In the same folder, look for the WgaLogon.dll file and also delete it.
4
Again, open the system32 folder and navigate to the folderdllcache. This folder contains copies of all files of the installed system. Delete the copy of the WgaTray.exe and WgaLogon.dll files, otherwise Windows will restore them as before.
5
Open the Start menu and click on the "Run" button. As a result, a small window will open, in which enter regedit and press Ok. This starts the Registry Editor.
6
Remove all WGA files from the registry, for thisgo to the following addresses and delete the individual string parameters: [HKEY_LOCAL_MACHINE => SYSTEM => ControlSet001 => Services => Eventlog => System => WgaNotify] [HKEY_LOCAL_MACHINE => SOFTWARE => Microsoft => Windows NT => CurrentVersion => Winlogon = > Notify => WgaLogon] [HKEY_LOCAL_MACHINESYSTEM => ControlSet002 => Services => Eventlog => System => WgaNotify] [HKEY_LOCAL_MACHINE => SOFTWARE => Microsoft => Windows => CurrentVersion => App Management => ARPCache => WgaNotify]
7
After uninstalling, restart the computer, and the message about not passed verification will not disturb you more.
Tip 2: How to Remove Viruses After Validation
Scientists are working to create more and moresophisticated and versatile anti-virus software. Antivirus programs day and night detect and remove a variety of computer "evil spirits." But sometimes it happens that the antivirus program determines the virus, but does not delete it. In this case, it is worth doing it yourself.
You will need
- - a computer;
- - software.
Instructions
1
Open the menu of the antivirus program bymouse cursor and click on it. Typically, the antivirus icon is located on the right side of the taskbar of your operating system. Activate the virus scan in the main menu of the program. The antivirus program will prompt you to select scan objects. This can be a single folder, one or more disks, or the entire computer. Also, the antivirus can scan external devices connected to the computer. Tick the required objects and start the process.
2
Start the process Verification PC or laptop for viruses. Before you automatically open a window that will show the process Verification. Wait for it to finish. You can immediately find the event log, which, most often, will be at the bottom of the screen. If this is your first attempt to scan a computer, please note that in this case it may take a little longer than you expect.
3
Delete the detected viruses in several ways. When the antivirus program shows you the list of malicious programs, select the "Clear" or "Delete" action. After The system will start the processremoving trojans and viruses. However, it may happen that some malware remains in the operating system of the computer. There are several ways to solve them.
4
Clean the operating system of the computer. To do this, check the file names and their location in the antivirus. After find them in the computer's memory and proceed with the deletion. If you can not delete viruses, use the AVZ antivirus utility.
Tip 3: How to remove authentication
The Windows Genuine Advantage Validation Tool is the mandatory update for KB892130. It is intended for verification authenticity key. This file gets on your personal computer after visiting the WindowsUpdate page.
Instructions
1
This update is named on the sitethe manufacturer of the operating system as ActiveX in the LegitCheckControl.dll module. Has the nature of a spyware program. Gathers information about your OS. Checks if you are using a paid license.
2
To delete this file from your personalcomputer, you need to execute two commands. Go to the "Start" - "Run" - "cmd.exe". A dialog box opens with the command line. Type C:> regsvr32 -u LegitCheckControl.dll. The file search starts. When it is completed, you need to enter C:> del LegitCheckControl.dll and press Enter. File deleted.
3
If the command line displays the message "Error ..."then go to "My Computer", then go to the "Windows" folder and find "system32". In this system folder, find the LegitCheckControl.dll file and delete it manually.
4
But such a procedure does not guarantee a repeathit this update on your computer. If you go to the WindowsUpdate site, you will be forced to install this program. It is necessary to block communication channels with this site. Go to the firewall settings and block the connection to mpa.one.microsoft.com. For those who do not support the firewall, you need to go to the system32 folder. Open the hosts file using Notepad. In the last line, type: 127.0.0.1 mpa.one.microsoft.com and save the file.
5
Open a command prompt. Type the C:> ipconfig / flushdns command. The reset of the cache DNS will be started. Now when sending information WGA to the server Microsoft will use the IP address of your computer, and thus, communication with the real server will be unavailable, and verification authenticity will be disabled.
Tip 4: How to remove a fake antivirus
One of the new ideas of the creators of malicious programs was the writing of counterfeit antiviruses. The user is told that his computeris infected, and it is urgent to install a miracle program to eliminate the threat. After installing this "product", it becomes almost impossible to use a computer. In addition, the pseudo-virus attempts to steal user data, offering to buy the full version with a credit card or other payment systems.
Instructions
1
Disable the launch of a program that simulates the antivirus. Depending on which program your computer was struck with, different behaviors are possible. Some simply interfere with the use of the PC, block the removal of themselves from the system, display a lot of "warnings". There are other options, when you can not remove the fake antivirus with the built-in tools - the harmful program takes control of the system. Therefore, it is difficult to suggest a solution for all cases.
2
First, click the Start button, and then clickthe "Run" menu. Enter the msconfig command and go to the Startup tab. Uncheck all unknown programs, especially those whose startup folder looks like "C: UsersUserDocuments and SettingsTemp" or similar. This will disable the launch of programs when the computer is turned on. This is often enough to stop the malicious program from running. If this does not help, or the method causes difficulties, you can remove the fake antivirus in another way.
3
Use the comprehensive verification utilityand computer treatment. Almost all manufacturers of solid and well-known anti-virus solutions release free programs for cleaning computers in automatic mode. DrWeb CureIT is the best choice for Russian users! or its analog from the Kaspersky Lab. Open the browser and go to http://www.freedrweb.com/cureit/?lng=en to download CureIT. Or, go to Kaspersky website at http://www.kaspersky.com/antivirus-removal-tool, select the appropriate version in Russian and click the "Download" button.
4
You can do this procedure on any computer- this is suitable for those users who can not open the sites of anti-virus companies because of the actions of a fake antivirus. Run the downloaded file on the "infected" computer with a double click. Press the "Start" button in the program menu and wait. By default, CureIt blocks the ability to use the computer for the scan time - this maximizes the efficiency of the work. The check takes a lot of time, even on powerful machines.
5
After the initial scan is complete, you can start a deep scan of all partitions of the hard disk - as desired by the user. But usually the first run is enough to clean up harmful programs.