• Download the archive [You must be registered and logged in to see this link.] and extract it into a folder on an infected (or potentially infected) computer using an archiver program (WinZip for example).
  
• Execute the file PMaxKiller.exe.
  
• Wait until the scan process is over. If an infection is detected, it is necessary to reboot the computer.
  

If run without any arguments, the utility will do the following:

• Runs a memory scan for a malicious driver, and disinfects it if detected in order to prevent termination of legal processes (and setting of blocking DACLs) attempting to access the registry.
  
• Runs a scan of system library files which may be infected with the malicious program. If detected, the utility will carry out disinfection upon reboot.
  
  
  
  Command line arguments for the utility PMaxKiller.exe:
  

-c - reset DACL on the indicated file (in order to eliminate blocking of execution of legal processes by the malware).
-d - dump malicious driver into the file.
-l - write utility runtime log into the file.
-v - output a detailed log (of used with key -l).

• Antivirus processes randomly stop during antivirus scan. Moreover, a prohibiting DACL (Discretionary Access Control List) set for executable files is blocking restart of such processes. An attempt of execution will display a message warning about insufficient privileges.
  

• [You must be registered and logged in to see this link.] detects hidden modules with paths containing "__max++>".