Sysinternals Antivirus Removal

Sysinternals Antivirus is a malicious program that is related to the notorious rogue program Your PC Protector. It tries to trick users into paying for a license to its ‘full’ version. Sysinternals Antivirus gets installed on user systems via Trojan viruses that get downloaded from malicious websites which claim to contain malware scanning services. Once installed, it immediately blocks any legitimate security software that the user may have installed on their computer. Sysinternals Antivirus also runs endless fake virus scans and reports that the user’s system is infected with dangerous malicious software. It also displays fake warning pop-ups from the Windows taskbar. Meanwhile it constantly requests the user to upgrade to the ‘full’ version of Sysinternals Antivirus by paying for a software license, claiming that the currently installed ‘trial’ version is incapable of properly removing the detected false ‘threats’. However, no user should allow themselves to be tricked into buying this software, as the ‘full’ version of Sysinternals Antivirus is just as incapable of cleaning a computer system as the ‘trial’ version is.

Sysinternals Antivirus

As soon as you detect a copy of this rogue software on your computer, you should initiate the process of Sysinternals Antivirus removal. In order to delete Sysinternals Antivirus, you need to stop its processes, unregister its DLLS, delete its files and folders and remove its registry entries.

File Removal Procedures

The first step you need to take in order to remove Sysinternals Antivirus is to stop the following processes:

  • alggui.exe
  • svchost.exe
  • Sysinternals Antivirus.exe
  • dbsinit.exe
  • ccsmn.exe
  • ccsrr.exe

The 2nd step in Sysinternals Antivirus removal is the unregistration of the following DLL files:

  • adc32.dll
  • adc_w32.dll

Next, it is necessary to delete the following files and folders:

Windows XP:

  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\extra1.dat
  • c:\Program Files\extra2.dat
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\scdata
  • c:\Program Files\scdata\dbsinit.exe
  • c:\Program Files\scdata\wispex.html
  • c:\Program Files\scdata\images
  • c:\Program Files\scdata\images\i1.gif
  • c:\Program Files\scdata\images\i2.gif
  • c:\Program Files\scdata\images\i3.gif
  • c:\Program Files\scdata\images\j1.gif
  • c:\Program Files\scdata\images\j2.gif
  • c:\Program Files\scdata\images\j3.gif
  • c:\Program Files\scdata\images\jj1.gif
  • c:\Program Files\scdata\images\jj2.gif
  • c:\Program Files\scdata\images\jj3.gif
  • c:\Program Files\scdata\images\l1.gif
  • c:\Program Files\scdata\images\l2.gif
  • c:\Program Files\scdata\images\l3.gif
  • c:\Program Files\scdata\images\pix.gif
  • c:\Program Files\scdata\images\t1.gif
  • c:\Program Files\scdata\images\t2.gif
  • c:\Program Files\scdata\images\Thumbs.db
  • c:\Program Files\scdata\images\up1.gif
  • c:\Program Files\scdata\images\up2.gif
  • c:\Program Files\scdata\images\w1.gif
  • c:\Program Files\scdata\images\w11.gif
  • c:\Program Files\scdata\images\w2.gif
  • c:\Program Files\scdata\images\w3.jpg
  • c:\Program Files\scdata\images\word.doc
  • c:\Program Files\scdata\images\wt1.gif
  • c:\Program Files\scdata\images\wt2.gif
  • c:\Program Files\scdata\images\wt3.gif
  • c:\Program Files\Sysinternals Antivirus
  • c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk

Windows Vista / 7:

  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\extra1.dat
  • c:\Program Files\extra2.dat
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\scdata
  • c:\Program Files\scdata\dbsinit.exe
  • c:\Program Files\scdata\wispex.html
  • c:\Program Files\scdata\images
  • c:\Program Files\scdata\images\i1.gif
  • c:\Program Files\scdata\images\i2.gif
  • c:\Program Files\scdata\images\i3.gif
  • c:\Program Files\scdata\images\j1.gif
  • c:\Program Files\scdata\images\j2.gif
  • c:\Program Files\scdata\images\j3.gif
  • c:\Program Files\scdata\images\jj1.gif
  • c:\Program Files\scdata\images\jj2.gif
  • c:\Program Files\scdata\images\jj3.gif
  • c:\Program Files\scdata\images\l1.gif
  • c:\Program Files\scdata\images\l2.gif
  • c:\Program Files\scdata\images\l3.gif
  • c:\Program Files\scdata\images\pix.gif
  • c:\Program Files\scdata\images\t1.gif
  • c:\Program Files\scdata\images\t2.gif
  • c:\Program Files\scdata\images\Thumbs.db
  • c:\Program Files\scdata\images\up1.gif
  • c:\Program Files\scdata\images\up2.gif
  • c:\Program Files\scdata\images\w1.gif
  • c:\Program Files\scdata\images\w11.gif
  • c:\Program Files\scdata\images\w2.gif
  • c:\Program Files\scdata\images\w3.jpg
  • c:\Program Files\scdata\images\word.doc
  • c:\Program Files\scdata\images\wt1.gif
  • c:\Program Files\scdata\images\wt2.gif
  • c:\Program Files\scdata\images\wt3.gif
  • c:\Program Files\Sysinternals Antivirus
  • c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn.exe
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.acf
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.ltd
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151.lti
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.acb
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.aci
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\ccsmn151_0.mt
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
  • %UserProfile AppData \Microsoft\Internet Explorer\lleod150
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\wmharun.log
  • %UserProfile%\ AppData \Microsoft\Internet Explorer\wmrun.log
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk

Your computer’s hard disk no longer contains any files and folders belonging to Sysinternals Antivirus.

Registry Removal Procedures

File deletion alone is not sufficient to completely remove Sysinternals Antivirus. The following keys and settings should be removed from the registry for complete Sysinternals Antivirus removal:

  • HKCU\Software\Sysinternals Antivirus
  • HKCR\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
  • HKLM\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_CURRENT_USER\Software\Sysinternals Antivirus
  • HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “novavapp”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “novavappr”

Tips & Tricks

Manual Sysinternals Antivirus removal is not recommended for inexperienced users, as any mistake made during removal could potentially damage the operating system of the computer. Therefore inexperienced users are advised to use a legitimate antivirus program such as Spyware Doctor with Antivirus or a web-based system scanner such as www.onlinecomputerrepair.org to ensure safe Sysinternals Antivirus removal.