PWSTool.AdvancedPR!sd6 Trojan Virus Infection Removal

The PWSTool.AdvancedPR!sd6 trojan virus is a dangerous trojan virus infection affecting computer users worldwide. It also goes by the name PWSTool.AdvancedPR!sd6, Heuristic.ADH, not-a-virus:PSWTool.Win32.AdvancedPR.l and not-a-virus:PSWTool.Win32.AdvancedPR. This trojan was discovered on January 4th, 2012, by various trojan detection and prevention sources including Antivirus Help Center.

The PWSTool.AdvancedPR!sd6 trojan is extremely similar to other trojans in its method of operation. It can perform file system changes, memory modifications, registry value changes, and registry key changes. These types of trojan infections cause serious harm to your computer operating system as well as all files saved in your computer.

Trojans are also very popular for computer hackers due to their ability to install key loggers and other programs used for identity theft. A trojan can log the password to your online bank account and then forward it back to the trojan creator. The PWSTool.AdvancedPR!sd6 trojan virus may be capable of performing these malicious actions.

If you have been infected with PWSTool.AdvancedPR!sd6, or any other trojan virus, it is highly recommended that you scan your computer and remove any infections that are found immediately.

Our recommended virus removal program is called PC Tools Internet Security 2011. We have tested many different virus removal programs and after our testing we put our full 100% confidence with PC Tools for all trojan virus infections on your computer. PC Tools Internet Security 2011 will get rid of the virus on your computer!

Start Virus Removal Download

Did the download not start? Proceed to Step 2.

If you have tried to download the installation file and it will not start to download, keep clicking on the download link. Click on it at least 10 times until the download begins. If you continuously click and try to download the virus removal program, it will over-ride the infections attempt at stopping you.

Start Virus Removal Download

Still having trouble? Proceed to Step 3.

If you have tried both steps and it still hasn’t worked, please visit our Advanced Removal Page for advanced instructions and troubleshooting by clicking the button below.

Start Virus Removal Download

Modified System Files

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\Advanced Archive Password Recovery Help.lnk
File Size: 986 bytes
MD5: 0xB995CA7A5CA1AD9F954D86D570EFDA2F
SHA-1: 0x42762329A2BCC44A5245C255CFFD72D5B321860F
Alias: (not available)

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\Advanced Archive Password Recovery.lnk
File Size: 986 bytes
MD5: 0x3756482B79D483DE397E7D8C13AB0264
SHA-1: 0xA924507A3CD1C77BF6E25CAAC4C78037D07A8B21
Alias: (not available)

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\End-User License Agreement.lnk
File Size: 991 bytes
MD5: 0x8C543BE7F43AEB5DEDDDF4EFBECDA0A8
SHA-1: 0x6A334B3213007D779BB6E3E83A51093193B98E3B
Alias: (not available)

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\How to order.lnk
File Size: 979 bytes
MD5: 0x59ABF0C681DB03E2DF1A2A511E8C4A90
SHA-1: 0x9A893CE3C622F90398B53ECEFBB4201060195841
Alias: (not available)

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\Readme.lnk
File Size: 986 bytes
MD5: 0x4BC368F972A9FB17B2E726129FC9A7EE
SHA-1: 0xD53A0DC205ADB45D149239E2DF8EF7B808EBB8C9
Alias: (not available)

Filename(s): %Programs%\ElcomSoft\Advanced Archive Password Recovery\Uninstall ARCHPR.lnk
File Size: 815 bytes
MD5: 0x6A184CB72A8003CD5170588F15177AC0
SHA-1: 0x8C258A6B8238C35C082B8552599E5CEF824B31C6
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\archpr.chm
File Size: 112,840 bytes
MD5: 0x8A65E1E2F505C048C96C6F296B706F83
SHA-1: 0x46A81F9D4CA28D969D16086EFB4E1A4A6E9BB10A
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\ARCHPR.EXE
File Size: 908,288 bytes
MD5: 0x030FA065C370A2FEF5C4A6E1EB516DE7
SHA-1: 0x926CC9C6B1F06EBD02EC6B93CA91F4F3D127572E
Alias: PWSTool.AdvancedPR!sd6 Adware.Gen not-a-virus:PSWTool.Win32.AdvancedPR.l Generic PUP.z not-a-virus:PSWTool.Win32.AdvancedPR

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\archpr4.log
File Size: 198 bytes
MD5: 0x652AA7CD4AE4793DCAF17D9A7C29A60F
SHA-1: 0x66898F8874E2E92E82A1446751847C5AF785387A
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\digits.chr
File Size: 10 bytes
MD5: 0x781E5E245D69B566979B86E28D23F2C7
SHA-1: 0x87ACEC17CD9DCD20A716CC2CF67417B71C8A7016
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\english.chr
File Size: 52 bytes
MD5: 0xF72DCF91530EBE0E77808AFFA3DD0EE0
SHA-1: 0x669B371953DD54A8B5668B6806BEDCC79649E23C
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\english.dic
File Size: 2,789,052 bytes
MD5: 0x6A5AFF7BEC78DD1E4FC23E571B664B50
SHA-1: 0x70154DF7A2C71B3A78B7177487178633E89E1897
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\english.lng
File Size: 23,164 bytes
MD5: 0x498821F3A0864ADE27D828A6148FD2C4
SHA-1: 0x58B5149BB4D8F9508506EC03B6B1CDF1C4CBFBAD
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\file_id.diz
File Size: 497 bytes
MD5: 0x7278E14585A92913ADB75AB813ABACAB
SHA-1: 0x3747388C9ED93EB25AD19427328726A38EA69B25
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\german.chr
File Size: 7 bytes
MD5: 0x3996A260A8FBFB338DF2738B107F0055
SHA-1: 0xDD95CC4CFA978463C3F5EA340D5F86F6B6A82C85
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\german.dic
File Size: 1,086,662 bytes
MD5: 0xD05947B675C555547EBDEAF13499FD5E
SHA-1: 0x7CA3E6275B33D828A397A37C21ECFE66B46723B0
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\german.lng
File Size: 25,988 bytes
MD5: 0xC52A2981FAD5F73719B1C77AEE01A673
SHA-1: 0xE91C9628FEB8EE617C24E532B02CB207FCE1FC90
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\license.txt
File Size: 36,580 bytes
MD5: 0xF926B1B77C5EB51568AB2C7A02359130
SHA-1: 0x5795F53EC4BA867D7038E7762500A0487140ABE3
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\order.txt
File Size: 807 bytes
MD5: 0x82D479C5F1E9BCB5A1DB8E6C1693FC09
SHA-1: 0xF349E7E499445F2B6FAC9A7EE63201EA92A4DE34
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\readme.txt
File Size: 3,652 bytes
MD5: 0xB1277E422FCA65EF61F3C58805B88435
SHA-1: 0xE4F59C0465C70CB1EDD5B7352BF77BF2BEA06B5F
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\russian.chr
File Size: 66 bytes
MD5: 0x595A3058583C4AF86435B5521ECB32ED
SHA-1: 0x03EB4D7C6E2906D5AA3C8B280EC9EABD073071F7
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\russian.dic
File Size: 828,614 bytes
MD5: 0x4AECF5458E6CBDAD1BDFFF3A50CF2171
SHA-1: 0xD055D0881F22979AF7589CDB2C82DB9A654ED751
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\russian.lng
File Size: 23,556 bytes
MD5: 0xB2C836138B252C86D5EF8DE0AB4F2381
SHA-1: 0x96E3249C583D64190F0CDBDAB664A60FBD220DBE
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\special.chr
File Size: 33 bytes
MD5: 0xD4393310EA4FE93DB4D77D9759900E30
SHA-1: 0x5DFCC5BB912A6DC02BCDF0BC67F3E8E4B4D39A4B
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\Uninstall.exe
File Size: 62,354 bytes
MD5: 0x25B69CF8830C360FD7AF0F3660CCEB28
SHA-1: 0xE7759E428FDCA78783162F35A8A7D585AE4C7364
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Common Files\elcom_lang.xml
File Size: 52,260 bytes
MD5: 0xEC4DEB34713F8633D2831758A0C16E4F
SHA-1: 0xFE8824EAD009CCE9260D04ED318B761DAC6C177C
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Common Files\elcom_partners.exml
File Size: 19,182 bytes
MD5: 0xC5BA68EFD42CCBCD2F0B44AAF321BCF6
SHA-1: 0xD57C0E4CFC34F64B07C9A3F9C7179885B8BD39D0
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Common Files\elcom_reg.dll
File Size: 113,152 bytes
MD5: 0xD95EC75AB8231C88E652FA5E8F2875E8
SHA-1: 0x4CDBCD51ED01D50A297412A198ECF01B85D5BA68
Alias: (not available)

Filename(s): %ProgramFiles%\ElcomSoft\Common Files\elcom_xml.dll
File Size: 94,208 bytes
MD5: 0xE7DB6DAB05ED49AA7F3EC3322A42E68C
SHA-1: 0x898A9267E1AA780B9B315715D95D2C7ACDF3B14F
Alias: (not available)

Filename(s):
File Size: 2,332,976 bytes
MD5: 0xB09FF3AD4D592BAB75F7608AC62837B8
SHA-1: 0x4C524D019A3EB54938B4B720214AAC6495C8297A
Alias: PWSTool.AdvancedPR!sd6 Heuristic.ADH not-a-virus:PSWTool.Win32.AdvancedPR.l not-a-virus:PSWTool.Win32.AdvancedPR

Memory Modifications

Modified Registry Values

[HKEY_LOCAL_MACHINE\SOFTWARE\ElcomSoft\Common Files]

Location = “%ProgramFiles%\ElcomSoft\Common Files”

%ProgramFiles%\ElcomSoft\Common Files\elcom_lang.xml.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_partners.exml.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_reg.dll.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_xml.dll.counter = 0×00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery]

DisplayName = “Advanced Archive Password Recovery”

UninstallString = “%ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery\uninstall.exe”

DisplayIcon = “%ProgramFiles%\ARCHPR.exe”

InstallLocation = “%ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery”

Publisher = “ElcomSoft Co. Ltd.”

HelpLink = “http://www.elcomsoft.com/help/archpr/index.html”

HelpTelephone = “+1 866 448-2703 (US and Canada, toll-free)”

URLUpdateInfo = “http://www.elcomsoft.com/archpr.html”

URLInfoAbout = “http://www.elcomsoft.com”

DisplayVersion = “4.50″

VersionMajor = 0×00000004

VersionMinor = 0×00000032

NoModify = 0×00000001

NoRepair = 0×00000001
[HKEY_CURRENT_USER\Software\ElcomSoft\Advanced Archive Password Recovery\Stats]

StatParam1 = DC 07 01 00 03 00 04 00 12 00 15 00 18 00 C8 00

StatParam2 = 0×00000001
[HKEY_CURRENT_USER\Software\ElcomSoft\Advanced Archive Password Recovery\Language]

FileName = “english.lng”
[HKEY_CURRENT_USER\Software\ElcomSoft\Common Files]

Location = “%ProgramFiles%\ElcomSoft\Common Files”

%ProgramFiles%\ElcomSoft\Common Files\elcom_lang.xml.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_partners.exml.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_reg.dll.counter = 0×00000001

%ProgramFiles%\ElcomSoft\Common Files\elcom_xml.dll.counter = 0×00000001
[HKEY_CURRENT_USER\Software\ElcomSoft\Advanced Archive Password Recovery]

Start Menu Folder = “ElcomSoft\Advanced Archive Password Recovery”

InstallDir = “%ProgramFiles%\ElcomSoft\Advanced Archive Password Recovery”

CPUs/Threads don’t care = 0×00000000

Use # cpu(s) = 0×00000001

PWSTool.AdvancedPR!sd6 Trojan Virus Infection Removal

PWSTool.AdvancedPR!sd6 Trojan Virus Infection Removal

Leave a comment

Virus Removal Guides

Antivirus News

Help Center

Resources

PC Tools 2011

Safe Site

Antivirus Help Center Search