Baidu anti-virus software removal procedure

What a baida!

The Chinese Baidu antivirus is spread by virus malware / adware methods, is installed regardless of the operation of other antiviruses, and as a result, the antivirus conflict causes an excessive slowdown in Windows.
Removing Baidu software is difficult because regular uninstallation programs exist only for two components, they are not removed by kernel-level drivers; moreover, the next time the computer boots, this software is installed again. At the same time, it is difficult to remove drivers byda due to the fact that they block an entry in “their” registry branches and block access to their files.

I wrote a simple instruction on the complete removal of harmful Baida from Windows 7 and 8 without using bootable media, it is intended for use by computer maintenance technicians (“enikeyschiki”) and is suitable for any more or less experienced user.

The instruction is especially relevant for 64-bit versions of Windows, since AVZ does not work in them (more precisely, there is no 64-bit AVZ Guard driver).
')

Instruction

For a start, the picture of the “button” that needs to be clicked in the uninstall programs:

In uninstaller programs, the button is usually located on the left and is not selected by default.

Sequencing.

In the system snap-in for uninstalling programs (“Uninstall Panel” - “Programs and Features”), there are two items at the very bottom with hieroglyphic inscriptions. The blue icon is “Browser Protection”, the green icon is “Antivirus”.
Mark the line with the green icon and click “Delete / Change”. A window with hieroglyphs appears, in it we press the left button, we wait for completion, we press the confirmation.
Mark the line with the blue icon and click “Delete / Change”. A window appears, select the right cell in it with the trash can icon, press the left button at the bottom, wait for completion, press the left button.

Restart the computer to "safe mode".

In safe mode:

1. the autoruns program from the “ Sysinternals Suite ” package deletes all references to baidu, including: BBenhance, bd0001-bd0004, baiduhips, etc., and the bd0004 service is not deleted — the error message “Service not installed” is displayed, so the registry editor or the reg program delete the registry branch of this service: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ bd0004 ;
2. Explorer, FAR or Total commander delete all files in the description or digital signature of which is the word Baidu.

List of files Byda.

In the directory "% WINDIR% \ System32 \ drivers" (usually C: \ Windows \ System32 \ drivers):
BBEnhance.sys
bbrowserboost.sys
bbrowserhlp.dll
bd0001.sys
bd0002.sys
bd0003.sys
bd0004.sys
BDDefense.sys
BDMNetMon.sys
BDMWrench_x64.sys
bduniptk.sys
Fully catalogs:
% ProgramFiles (x86)% \ Common Files \ Baidu
% ProgramFiles (x86)% \ Baidu

Screenshots of the properties of the file “canoes”:

In addition to Baidu itself, the Kingsoft Internet Security software is also often installed at the same time. It is also impossible to completely remove it with a regular uninstall program, you have to manually delete the driver “Kingsoft Internet Security K Plus Driver” (% WINDIR% \ system32 \ drivers \ ksapi64.sys file) and the file "% WINDIR% \ system32 \ drivers \ kisknl_del.sys" .