It is currently Tue Aug 22, 2017 4:53 pm

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Mon Oct 13, 2014 8:53 am 
Offline
Site Admin

Joined: Fri Apr 26, 2013 8:49 am
Posts: 1243
KB20141013 Remove PerforMax Cleaner

Image

UPD 3 (1/27/2015): For experienced readers, follow the long-awaited manual uninstall steps (Part Two) below if you wanna manually get rid of PerforMax Cleaner virus (v1.0) from your computer. Additionally, can you use or install SpyHunter 4 so you can remove PerforMax Cleaner? As Enigma Software's program, you guys can learn something from the below content:
    1. SpyHunter has been classified as "Privacy Software", according to CNet (download.cnet.com/SpyHunter/3000-2144_4-10317254.html ; download.cnet.com › … › Privacy Software › SpyHunter). As you can see, it's earned 103 negative ratings now.
    2. Your careless click would save the so-called spyware-removal client instead. Yahoo or Google this telephone number "1-800-681-6492". See more details @ windowsuninstaller.org/forums/viewtopic.php?f=11&t=1633
    3. Review Antivirus Expert Mary Landesman's old story @ antivirus.about.com/b/2004/05/05/spyhunter-ad-campaign-an-enigma.htm

My words: Be wise: will such semi-malware remove its bro?! Try not to be fooled by another semi-scareware/ FakeAV.

Now, let's start the game, "Install" vs. "Un-install" or, "Remove". :ugeek: For those who are suffering PerforMax Cleaner software, please skip this section and follow the Part TWO below so you can perform PerforMax Cleaner uninstall w/ success.

PART ONE: How can you install PerforMax Cleaner "virus"?

NOTE: This is how to discover the Key to remove PerforMax Cleaner 1.0.0.0, fully. Meantime, typically, real virus just cannot be uninstalled via such conventional measures - keep this in mind: there's no such thing as "Performax Cleaner virus uninstaller" :idea: ...

Now, we all have chance to see what OneBit IT's PerforMax Cleaner looks like now: it can typically be installed via wild customized installer like the following ConnectClient's tb_Hotspot_Shield.exe (Note: it cannot be downloaded as a standalone installation package like other common apps.)
Attachment:
PerforMax Cleaner - 0.jpg
[ 83.64 KiB | Viewed 18686 times ]


And, the exe file just could be also located at its "Registration" page like "pi&subid=a9406aa2-1078-4cdd-a0f9-8a5fd1ab6dec&app=4", plus, its official download uses JavaScript. See the following codes:

function download() {
var url = "https://******.amazonaws.com/performax/installer/Setup.exe

";
var downloadWindow = window.open(url, "downloadWindow"); /* the "Download" */
document.location.href = "../performaxcleaner/ThankYou?" + querySt('ref'); /* the "Redirect" */
}

Hit here to learn how to keep your PC away from malware from legit cloud companies.

Quote:
Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services.


Read on and get more secrets...

Depending on my years' experiences of dealing with Internet PUPs ("Potentially Unwanted Programs" or, PUAs), I trusted my first instinct and I am correct: the mentioned PerforMax Cleaner by UA\rralfelt (according to this VT file) is just the variant of Speed Cleaner:
Attachment:
PerforMax Cleaner - 3.jpg
[ 57.84 KiB | Viewed 18686 times ]


1. Unfortunately, our upload is safe, now. Review related specs via the outlined VT documentation above.
2. As I've mentioned, such stubborn & sneaky annoyance usually comes with downware: the aforementioned tb_Hotspot_Shield.exe file recommended the potentially malicious fakealert, as so-called "SecondOffer2", to victims: according to Reason Company Software Inc's info (Note: for more info, plz copy and paste d following link into yr Web browser, herdprotect.com/setup.exe-6244508f761ee03341d363841cb28283efb02882.aspx ), the official installer was detected as "TROJ_FAKEAV.BMC". The above item clearly tells us that this Cleaner is Trojware or FakeAV (aka, fake antivirus, rogueware, ransomware and the likes.); once the installation is complete, the original installer will be deleted automatically! For example is this one, "C:\Users\TEST\AppData\Local\Temp\nsb7511.tmp\SecondOffer2".
Attachment:
Remove PerforMax Cleaner - 2.jpg
[ 41.77 KiB | Viewed 18684 times ]


If you too are not happy with PerforMax Cleaner... well, let's call a spade a spade: follow me and get the job done: permanently uninstall PerforMax Cleaner, wipe other junk you accidentally installed, for security.

Part TWO: How to forcefully remove PerforMax Cleaner?

Guess what? It seems that Windows' own uninstall utility also makes it impossible to delete PerforMax Cleaner from its programs list (NOTE: I will check it out again, later.): the wild "PM" did not write its into my program settings. Meantime, you need to clean the possibly unused .NET Framework 4 so you can fully get rid of PerforMax Cleaner.
Attachment:
Remove PerforMax Cleaner - 1.jpg
[ 27.79 KiB | Viewed 18686 times ]


Preparations (RECOMMENDED):

1. Hit the Close button on its platform.
2. Here, choose the 2nd option "Close application and leave all error unresolved. Bla bla..." and then, press the red "Do Not Repair Errors".
Attachment:
PerforMax Cleaner - 4.jpg
[ 64.33 KiB | Viewed 18686 times ]

3. Now, use Windows Task Manager to force the Cleaner to terminate as you're suffering high even 100% CPU usage. This is important!
Attachment:
PerforMax Cleaner - 5.jpg
[ 72.75 KiB | Viewed 18686 times ]

4. Open "My Computer", change Folder Options (e.g., "Show hidden files, folders, and drives") to make all hidden hives appear.
5. Clean all its software information, including its temporary install folder " C:\ProgramData\package cache\{2b19f2c7-53f4-45a0-8710-273390120ca1}" - remember to delete this folder later.

PerforMax Cleaner Removal Steps

Follow the following steps to remove PerforMax Cleaner:

1. Locate OneBit's project in the list and launch Uninstall.
Attachment:
PerforMax Cleaner - 6.jpg
[ 53.15 KiB | Viewed 18684 times ]

2. Now, choose the Uninstall option from the below PerforMax Cleaner Setup.
Attachment:
PerforMax Cleaner - 7.jpg
[ 30.81 KiB | Viewed 18684 times ]

3. Wait while the express un-install is in progress, exit the Setup when it completes the procedure. For more recent video guides, go to here.
Attachment:
PerforMax Cleaner - 8.jpg
[ 35.09 KiB | Viewed 18684 times ]

Attachment:
PerforMax Cleaner - 9.jpg
[ 31.49 KiB | Viewed 18684 times ]

Image


Top
 Profile  
 
PostPosted: Mon Oct 13, 2014 8:56 am 
Offline
Site Admin

Joined: Fri Apr 26, 2013 8:49 am
Posts: 1243
Associated reg hives contain:

HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\055111FA5E9E8C756A89357E86DF17EB
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05A27DBB2B696ED4A868CEE9937BF325
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\125230B31E9263B43A6CC5402AE62820
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BC94A6095F43D853A67D295C50FBBF4
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\396F803206BBA9753ABBAC851442D643

HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40E134C7033F525569EE2484668B6475
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\78B236C2696F7FE529D1F0F4A0775F75
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906232D5DBA35C95199B7B1D0A0F1A7E
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBA834CE827F0D05EAFA813874BD8E6A
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDEF8939693F8E95388C5B9F22AFF506

HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1AC25D66DBD60C5E841D61B29B96E4F
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9EEB8BE8A914245E85D8A5310D4F690
HKLM|SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCF8AC3EBA8F85F41B6F05647745E8E9
HKLM|SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3CA8FCF-F8AB-4F58-B1F6-504677548E9E}


Top
 Profile  
 
PostPosted: Fri Jan 16, 2015 10:13 am 
Offline
Site Admin

Joined: Fri Apr 26, 2013 8:49 am
Posts: 1243
My question is, where have those 1,000 + junk or errors gone? Or, What happened to 'em?

1st, I ran PerforMax Cleaner on a CLEAN PC: 1, 269 files
Attachment:
PerforMax-Cleaner---19.jpg
[ 164.27 KiB | Viewed 12011 times ]


2nd, I surfed Yahoo's homepage... ran PerforMax-Cleaner again... "junk files found: 0"
Attachment:
PerforMax-Cleaner---16.jpg
[ 160.59 KiB | Viewed 12011 times ]


Update (01/27/15): Here are some info I just learned from “Easy Disk Drive Repair” malware (See more original content @ softwarecrew.com/2015/01/inside-easy-disk-drive-repair-malware-with-vb-decompiler/):

Quote:
It’s not clear how the program generates its “number of errors” and similar figures (there’s a “Randomize” statement ...) ... absolutely nothing is happening on your drive.

* var_eax = call Proc_1_1_466590(“Checksum re-calculated on ” & CStr(call Proc_1_0_4664C0(2, 8, )) & ” clusters”, 0, )
* var_eax = call Proc_1_1_466590(“Dynamically indexed ” & CStr(call Proc_1_0_4664C0(2, 450, )) & ” lost sectors”, 0, )
* var_eax = call Proc_1_1_466590(“Resyncing ” & CStr(call Proc_1_0_4664C0(2, 512, )) & ” bytes of ECC data”, 0, )



3rd, I closed the client and then run it later... 1, 215 files...
Attachment:
PerforMax-Cleaner---18.jpg
[ 164.71 KiB | Viewed 12011 times ]


The reported "risks" included container.dat, so-called tracking cookies.
Attachment:
PerforMax-Cleaner---17.jpg
[ 216.18 KiB | Viewed 12011 times ]


Final words

Quote:
These programs intentionally misrepresent the security status of a computer by continually presenting fake scan dialog boxes and alert messages that prompt the user to buy the product.


(Find or review more original info at Symantec site)
Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group