MaCatte Antivirus 2009 Removal Software
»Download
You booted up your system and some scan is going on. Then you’re getting a window similar to Windows Security Center with ‘MaCatte Antivirus 2009′ on it… so what is it ?
This is a rogueware called MaCatte Antivirus 2009. It is a bad program designed to steal your money and damaging your system. This is not a real antivirus, it is a fake program trying to let you believe it is legit.
If you did hit a fake online scanner, downloaded anything from such a website and if your system was not equipped with a recent antivirus program, or if the malware was a new one, you might most likely become infected with it. The same thing does happen with fake codecs. Be sure to be fully aware what you are downloading and installing.
Hackers can either create such sites or modify existing ones to put malware like MaCatte Antivirus 2009 on them. So when you will browse such a website, it will try to make you download the fake application trying to make you believe it is something else. Usually making you believe it is some good programs. Such a site can also force a download onto your computer, it is also called a drive by download. The result being that without a good antivirus program or if the threat is a new one, you will most like become infected.
Once downloaded and installed, the malware will modify the registry to run itself on each boot. It will also create lots of fake files. Upon rebooting, MaCatte Antivirus 2009 will do a fake system scan and will display that window saying you have tons of infections, threats and more. Simply do not believe it. This is a fake report in order to let you believe you are infected and to try to scare you enough so you will buy the licensed version. The program did compromise your computer in many ways.
Here are some examples:
Your browser has been hijacked. You cannot access most antivirus pages, neither update your own antivirus program. You will get redirected to various misleading websites including the malware homepage wwwDOTmacatteDOTcom . Your antivirus will not function neither.
Many windows features like System Restore and the Reg Editor will not work anymore.
Keep in mind that the report shown in that window is but a fake one. MaCatte Antivirus 2009 created fake files. It is now trying to convince you to buy the fake licensed program.
Your next step should be to delete MaCatte Antivirus 2009 . To help you with that, let me recommend the best software around : Spyware Doctor with Antivirus. Simply run a full and in-depth system scan of your computer with it. You will then be able to delete MaCatte Antivirus 2009 and any threats found.
If you feel uncomfortable with security programs, then let expert people help you. Check out this website : Online PC Repair company . It is an online service that will help you delete MaCatte Antivirus 2009 . It is fast, reliable and I do think it costs less than your local computer guy.
To manually remove MaCatte Antivirus 2009 do the following:
Kill Processes:
msc.exe
mstdl.exe
mcull.exe
mac.exe
msca.exe
Delete Registry Values:
HKEY_CURRENT_USER\Software\msca
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A73890FC-177F-4198-AE3D-C64F7D9E69D8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce “msca”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wsc”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “msc”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\msca
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving “0″
Delete Files:
WPtect.dll
%Program Files%\msca\msc.exe
%Program Files%\msca\msca.ico
%Program Files%\msca\mstdl.exe
%Program Files%\msca\Viruses.dat
C:\ProgramData\msca\ (in Windows Vista)
%Documents and Settings%\All Users\Application Data\msca\msca.ico
%Documents and Settings%\All Users\Application Data\msca\mcull.exe
%Documents and Settings%\All Users\Application Data\msca\msc.exe
%Documents and Settings%\All Users\Application Data\msca\Viruses.dat
%Documents and Settings%\All Users\Application Data\mcsa\mstdll.exe
%Documents and Settings%\All Users\Desktop\msca.lnk
%Documents and Settings%\All Users\Start Menu\Programs\msca\msca.lnk
C:\Users\%User name%\AppData\Local\Temp\[RANDOM CHARACTERS.tmp]\
C:\Documents and Settings\[User name]\Local Settings\Temp (delete only mac.exe file in this folder)
Delete Directories:
%Program Files%\msca\
%Documents and Settings%\All Users\Application Data\msca
%Documents and Settings%\All Users\Start Menu\Programs\msca
C:\Documents and Settings\%User name%\Local Settings\Temp (delete only mac.exe file in this folder)
C:\Users\%User name%\AppData\Local\Temp\[RANDOM CHARACTERS.tmp]\