July 7, 2015 at 23:31

Baidu anti-virus software removal procedure

    What a canoe!


    Chinese antivirus “Baidu” is spread by malware / adware virus methods, installed regardless of the operation of other antiviruses, as a result of a conflict of antiviruses it causes an excessive slowdown of the Windows OS.
    Uninstalling Baidu software is difficult due to the fact that regular uninstallation programs exist for only two components, they do not remove kernel-level drivers, moreover, this software is reinstalled the next time the computer boots. At the same time, it is difficult to remove driver bytes due to the fact that they block writing to “their” registry branches and block access to their files.

    I wrote a simple instruction for the complete removal of the harmful Baida from Windows 7 and 8 without using bootable media, it is intended for use by computer maintenance technicians ("enikeyschikami") and is suitable for any more or less experienced user.

    The instruction is especially relevant for 64-bit versions of Windows, since AVZ does not work in them (more precisely, there is no 64-bit AVZ Guard driver).


    Instruction manual


    First, the picture of the “button” that needs to be clicked in the uninstall programs:

    In uninstaller programs, the button is usually located on the left and is not selected by default.

    Sequencing.


    In the system snap-in for uninstalling programs (“Uninstall panel” - “Programs and components”) at the very bottom there are two items with inscriptions in hieroglyphs. The blue icon is “Browser Protection”, the green one is “Anti-Virus”.
    Mark the line with the green icon and click “Delete / Change”. A window with hieroglyphs appears, in it we press the left button, we wait for completion, we press confirmation.
    Mark the line with a blue icon and click “Delete / Change”. A window appears, in it we select the right cell with the trash can icon, press the left button below, wait for completion, press the left button.

    We reboot the computer into "safe mode".

    In safe mode:
    1. by the autoruns program from the “ Sysinternals Suite ” we delete all references to baidu, including: BBenhance, bd0001-bd0004, baiduhips, etc., and the bd0004 service is not deleted - the error message “The service is not installed” is displayed, therefore the registry editor or reg program delete the registry branch of this service: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ bd0004 ;
    2. Explorer, FAR or Total commander delete all files in the description or digital signature of which is the word Baidu.

    List of files.

    In the "% WINDIR% \ System32 \ drivers" directory (usually C: \ Windows \ System32 \ drivers):
    BBEnhance.sys
    bbrowserboost.sys
    bbrowserhlp.dll
    bd0001.sys
    bd0002.sys
    bd0003.sys
    bd0004.sys
    BDDefense.sys
    BDMNetMon.sys
    BDMWrench_x64.sys
    bduniptk.sys
    Fully directories:
    % ProgramFiles (x86)% \ Common Files \ Baidu
    % ProgramFiles (x86)% \ Baidu

    Screenshots of the properties of the "canoes" files:




    In addition to Baidu itself, Kingsoft Internet Security software is often installed at the same time. It is also impossible to completely remove it using a regular uninstall program; you have to manually remove the “Kingsoft Internet Security K Plus Driver” driver (file% WINDIR% \ system32 \ drivers \ ksapi64.sys) and the file "% WINDIR% \ system32 \ drivers \ kisknl_del.sys" .
    Tags:

    Also popular now: