Macatte Antivirus 2009 Removal

If some window just popped-up on your desktop with the header 'MaCatte Antivirus 2009', please be aware that is not an antivirus. This window is from a rogue program called MaCatte Antivirus 2009. Your computer is now infected with it, thus the reason you are seeing it. This document will help remove MaCatte Antivirus 2009 and help you understanding similar threats.

Macatte Antivirus 2009

Macatte Antivirus 2009

» Download Macatte Antivirus 2009 Removal Software

MaCatte Antivirus 2009 is a rogue program with two main purposes. The first one being to hurt your computer a lot. The second purpose being to try to steal your money. Once infected with it, the following can happen: it can and will disable many Windows features, like the Task Manager. It will control your Internet connection. You will not be able to access security related websites (you will be redirected), you will not be able to upgrade your own security program, neither to run it. MaCatte Antivirus 2009 can propagates itself in many ways: it could be part of some fake online scanner. Simply do not download anything from such sites.

They will claim to be a scanner and will ask you to download some piece of code. Whatever you will then download will but be the malware. In a similar way, this rogue software can disguise itself as being some codec. In others cases, some websites can force a download unto your computer (also called drive by download). Such sites were created or modified for that given purpose: to infect computers. If you do download the application without having a good security program installed or if the malware is a recent one, you will most likely become infected. Once on your system, the rogue program will create lots of fake files for later use. It will also modify the System Registry so it can run itself on each system reboot. After such a reboot, the malware will start scanning your computer.

It will report in a window similar to McAfee that you are infected with tons of threats, viruses and such. Your next step offered will be to buy the license of that malware to get rid of those infections. Do not buy anything from that malware. This is a fake program only looking to steal your money (the licensed version is also fake). At this point, you probably find your this application was designed to block lots of features. Including your antivirus program: you can run it, cannot update it and cannot access online security sites.

This malware will also hijack your browser: redirecting you to misleading websites. Your System Restore and Registry Editor will not work like before. You will get lots of threats, warnings besides ads to buy the licensed version. During the whole process, MaCatte Antivirus 2009 will stay in the background. Do not expect any real solutions coming from this malware.

Some symptoms of Macatte Antivirus 2009:

  • Bogus Scan results
  • Auto Scans on Start-up
  • Warning coming out of a fake shield in the system tray
  • pop-ups and re-directs to the fake software's website
  • constant warnings of being infected as well as false statements of other trojans

Manual removal instructions for Macatte Antivirus 2009 ( Please read our disclaimer below )

Kill Macatte Antivirus 2009 processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • msc.exe
  • mstdl.exe
  • mcull.exe
  • mac.exe
  • msca.exe

We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates. Delete Macatte Antivirus 2009 registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_CURRENT_USER\Software\msca
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{A73890FC-177F-4198-AE3D-C64F7D9E69D8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce “msca”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wsc”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “msc”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\msca
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost “0″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect “0″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving “0″

Delete files: ( Hint ) Most of these files will be in the %Program Files\Protection System\ directory.

  • WPtect.dll
  • %Program Files%\msca\msc.exe
  • %Program Files%\msca\msca.ico
  • %Program Files%\msca\mstdl.exe
  • %Program Files%\msca\Viruses.dat
  • C:\ProgramData\msca\ (in Windows Vista)
  • %Documents and Settings%\All Users\Application Data\msca\msca.ico
  • %Documents and Settings%\All Users\Application Data\msca\mcull.exe
  • %Documents and Settings%\All Users\Application Data\msca\msc.exe
  • %Documents and Settings%\All Users\Application Data\msca\Viruses.dat
  • %Documents and Settings%\All Users\Application Data\mcsa\mstdll.exe
  • %Documents and Settings%\All Users\Desktop\msca.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\msca\msca.lnk
  • C:\Users\%User name%\AppData\Local\Temp\[RANDOM CHARACTERS.tmp]\
  • C:\Documents and Settings\[User name]\Local Settings\Temp (delete only mac.exe file in this folder)

Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder 😉

  • %Program Files%\msca\
  • %Documents and Settings%\All Users\Application Data\msca
  • %Documents and Settings%\All Users\Start Menu\Programs\msca
  • C:\Documents and Settings\%User name%\Local Settings\Temp (delete only mac.exe file in this folder)
  • C:\Users\%User name%\AppData\Local\Temp\[RANDOM CHARACTERS.tmp]\

Outside Resources:

http://www.2-spyware.com/remove-macatte-antivirus-2009.html

http://www.enigmasoftware.com/macatteantivirus2009-removal/

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.