How to Beat Back the WinAvXX Scamware Virus

I've had this plague on my desktop PC for many, many months, and yet I didn't know how to shut it down and force it out. Thanks to this type of malware subcategory called "scamware", this type of program is disguised as a Microsoft application under the "WinAntiVirus 2007" name. Think of it this way: This application is like a gang of thugs in which does damage to your computer and offer their "insurance" as an anti-virus program. The damage being done to your computer is creating numerous applications (.exe) and application extensions (.dll). Also, the systray will popup that nasty little yellow sign with an exclamation mark (!) and a notice of your Windows program gets "infected", and a dialogue box will redirect you to their scamware site. Beware that this program will create pop-up nuisances that create new pages based on the website you've copied or opened a new page from the website you left from. This program also makes your taskbar disappear, and the only way to restore it is to open a new folder through your web browser. Luckily, this article guide can help you beat back this nasty little sucker, with some freeware tools to help you.

Freeware Tools you need:

1. Registrar Registry Manager, a registry editor that is still useful even without paying for registration.
2. Process Lasso, a Task Manager alternative that a fellow user of MyLot has shown me when my computer was suffering from "100% CPU Usage", every time I booted up my computer.

Here's the steps that can help you shut down the scamware virus:

1. Use Process Lasso to shut down "printer.exe". This will turn off the program and the pop-ups and dialogue programs that are annoying you.

2. Delete the originals in the System32 folder, as well as "gebcb.dll" and "efcdaba.dll". If you can't delete those .dll files, don't worry about it; they won't work unless the real programs are there.

3. Create a fake dummy application of the "Printer.exe" and "WinAvXX" program, substituting it for the real thing by doing these steps
1. Left click on any folder except for c:\windows\system32
2. Create a text file, and then as it is still in its "renaming" mode with the highlighted text, rename it to "printer.exe". Notice that this has 0 bytes. No bytes at all.
3. Copy it, and then do the same thing for "WinAvXX.exe"

3. Go to Start, Run, type in msconfig, and uncheck these marks:

-WinAvXX

-Autorun

-System

-Files with jumbled-up filenames like "neonco" or "okchec"

4. Next, repeat step three, but go to these folders, and delete these files:

C:\WINDOWS\system32
-Printer.exe
-WinAvXX.exe
-Gebcb.dll
-Efcdaba.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-Autorun.exe

C:\Documents and Settings\Your Name\Start Menu\Programs\Startup
-System.exe

5. The last thing that you have to do is open Registrar Registry Manager, copy these registry locations, and delete these registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
-WinAvX

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
-NoControlPanel
-NoWindowsUpdate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-DisableRegistryTools
-DisableTaskMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-WinAvX (x2)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
-DisableRegistryTools
-DisableTaskMgr

Voila! You're done! The WinAvXX Scamware virus is no more!

Now that you've eliminated the WinAvXX Scamware virus, you've regained back your regular Task Manager, your regular Registry Editor, your Control Panel, and your Time-Date Properties that allow you to edit your time for Daylight Savings Time clock changes. Because of WinAvXX, it wouldn't let you do that, even if you were the "Administrator" of your own computer! Hopefully this article guide can help you beat them at their own game! Happy computing!