Wednesday, March 23, 2016

Remove PWS:HTML/Phish.GM Virus from Windows

"Windows Defender has told me I have a virus and removed it, but have scanned 5 times over the last couple of days and each time it finds it again.   Can someone tell me the best way to remove it-my daughter said I might need to do a Recovery.   We tried doing a Restore to before I got the virus, but that didn't work.
PWS:HTML/Phish.GM is the virus Defender tells me."

What is PWS:HTML/Phish.GM?


PWS:HTML/Phish.GM is a malicious PC threat that can steal users' personal information, such as their user names and passwords once infected. It is often promoted via spam email attachments, free downloads from the Internet, corrupted websites, bogus pop-ups and malicious links.

After infiltrating your PC, PWS:HTML/Phish.GM will show quite a lot of vicious characteristics. For example, this infection not only drags down your PC performance and internet speed, but also opens a backdoor to allow a malicious hacker to steal your personal data and sensitive information in the compromised PC without awareness.

The sooner you take actions to remove PWS:HTML/Phish.GM, the safer your PC will be. Therefore, you are strongly advised to delete PWS:HTML/Phish.GM and its malicious files as soon as possible to avoid severe damages.


How to get rid of PWS:HTML/Phish.GM?



Option One: PWS:HTML/Phish.GM Manual Removal Instruction


Step 1. Restart the computer and put it in Safe mode with Networking

Restart the computer and start hitting F8 key repeatedly when PC is booting up again; if successfully, Safe mode options will show up on the screen for you to select. Please use arrow keys to highlight Safe mode with Networking option and hit enter key. System will be loading files into this mode afterward.


Step 2. End all the harmful running processes

Open task manager by pressing Alt+Ctrl+Del keys at the same time. Another way is to click on the Start button and choose Run option, then type taskmgr into and press OK. Stop all the suspicious running processes.


Step 3. Disable any suspicious startup items that are made by PWS:HTML/Phish.GM

Click Start menu; click Run; type: msconfig in the Run box; click OK to open the System Configuration Utility; Disable all possible startup items generated.


Step 4. Delete malicious files generated by PWS:HTML/Phish.GM

1. Go to Disk C, click Organize, and then select  Folder and search options. When Folder Options dialog box pops up, click the View tab. In the Advanced settings, tick "Show hidden files, folders and drives", untick "Hide extensions for known file types", and then click "OK".


When the hidden folder shows, look for the following files and delete them all.

C:\DOCUME~1\{username}\LOCALS~1\Temp\fileen-US
C:\DOCUME~1\{username}\LOCALS~1\Temp\fileen
C:\DOCUME~1\{username}\LOCALS~1\Temp\fileENU
C:\DOCUME~1\{username}\LOCALS~1\Temp\fileEN
C:\WINDOWS\system32\msctfime.ime

Step 5. Delete the following registry entries created by PWS:HTML/Phish.GM

Open Registry Editor to delete all the registries as below Guide: open Registry Editor by pressing Window+R keys together.(another way is clicking on the Start button and choosing Run option, then typing into Regedit and pressing Enter.)


HKEY_CURRENT_USER\Software\Embarcadero\Locales
HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales
HKEY_CURRENT_USER\Software\CodeGear\Locales
HKEY_LOCAL_MACHINE\Software\CodeGear\Locales
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-507921405-1343024091-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

Step 6. Reset your web browsers to clear your internet history records, internet temp files and cookies.

Internet Explorer:
Open Internet Explorer, click the Gear icon or Tools > Internet options. Here, go to the Advanced tab and click the Reset button. Go to the Reset Internet Explorer settings > Delete personal settings and click on Reset option. Finally, click Close and OK to save the changes.

Mozilla Firefox:
Open Mozilla Firefox, go to the Help section > Troubleshooting Information. Here, select Reset Firefox and click Finish.

Google Chrome:
Open Google Chrome, click the Chrome menu button, select Tools > Extensions, find unknown extension and remove them by clicking Recycle bin. Now click Settings > Show Advanced settings > Reset browser settings and click Reset.

There may be some other issues such as windows registry errors in your system. To avoid potential risk and to delete junk files, we recommended RegCure Pro.

Step 7. Optimize your PC using RegCure Pro

Note: You can download and use RegCure Pro with confidence for it doesn't contain any additional items or conflict with your current used antivirus program.

RegCure Pro is an advanced optimizer which is able to solve your computer system problems, remove your privacy items produced by online searches, delete junk files, uninstall malware and fix performance problems.

1. Click the below button to download RegCure Pro to your PC.

 RegCure Pro download button

2. Click the Run button to enter in installation process and then follow the instruction to install the program step by step.


3. When the program is successfully installed, double click on its desktop shortcut to open it. On the Overview tab, check all the scan settings and then click on the Click to Start Scan button to run a system scan on your computer.


4. The first system scan will take some time, please be patient. The screenshot of the system scan progress is shown below.


5. When the system scan is done, click on Fix All button to completely remove all the performance problems in your computer.



Option Two: PWS:HTML/Phish.GM Automatic Removal Instruction Using SpyHunter


SpyHunter is a powerful, real-time anti-spyware application that designed to assist the average computer user in protecting their PC from malicious threats like worms, Trojans, rootkits, rogues, dialers, spyware, etc.

Step 1. Click on the below button to free download SpyHunter on your PC.

 SpyHunter download button

Step 2. Click the Run button to enter the setup program and follow the installation steps until setup is complete.

Step 3. When the installation is complete, click the Finish button to exit the installation.


Step 4. If SpyHunter does not automatically start, click the icon on your desktop or Start menu to open it.

      

Step 5. Allow the program to scan by clicking the Scan Computer Now! button. If you would like to have a quick scan on your PC, please check the Quick Scan box; otherwise, untick it.


Step 6. The first scan will take some time, please be patient while waiting for the scanning result.


Step 7. After the scan is done, you can see that all threats are successfully detected. Check the Select All box and then click the Remove button to fix all threats in your PC.


In Conclusion:
PWS:HTML/Phish.GM is really a malicious computer threat that can perform many evil tasks on the infected PC. It is advised to remove this risky Trojan immediately.

Download SpyHunter to delete PWS:HTML/Phish.GM completely.

Download RegCure Pro to fix slow PC performance easily.

Note: The free versions of SypHunter and RegCure Pro are only for detection. If they detect malware or junk files on your PC, you will need to purchase the removal tool to remove the malware or junk files.

No comments:

Post a Comment