The Emsisoft malware research team has discovered a new outbreak of the Windows Antispyware Solution adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntispywareSolution.
Windows Antispyware Solution is a rogue application. This is another variant of Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe
Screenshots:







How to remove the infection of Windows Antispyware Solution (Adware.Win32.WindowsAntispywareSolution)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Universal Tools adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUniversalTools.
Windows Universal Tools is a rogue application. This is another variant of Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
Screenshots:









How to remove the infection of Windows Universal Tools (Adware.Win32.WindowsUniversalTools)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Risk Eliminator adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRiskEliminator.
Windows Risk Eliminator is a rogue application. This is another variant of Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
Screenshots:









How to remove the infection of Windows Risk Eliminator (Adware.Win32.WindowsRiskEliminator)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Security & Control adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSecurityControl.
Windows Security & Control is a rogue application. This is another variant of Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
Screenshots:








How to remove the infection of Windows Security & Control (Adware.Win32.WindowsSecurityControl)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Utility Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUtilityTool.
Windows Utility Tool is a rogue application. This is another variant of Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
Screenshots:








How to remove the infection of Windows Utility Tool (Adware.Win32.Windows WindowsUtilityTool)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Scan adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsScan.
Windows Scan is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Variants of the rogue defragmenter:
Create new files:
- %AllUsersProfile%\Application Data\~%random%
- %AllUsersProfile%\Application Data\~%random%r
- %AllUsersProfile%\Application Data\%random%
- %AllUsersProfile%\Application Data\%random%.exe
- %AllUsersProfile%\Application Data\%random%.dll
- %AllUsersProfile%\Application Data\%random%.exe
- %UserProfile%\Desktop\Windows Scan.lnk
- %UserProfile%\Local Settings\Temp\tmp1.tmp
- %UserProfile%\Start Menu\Programs\Windows Scan\
- %UserProfile%\Start Menu\Programs\Windows Scan\Windows Scan.lnk
- %UserProfile%\Start Menu\Programs\Windows Scan\Uninstall Windows Scan.lnk
Create/modify registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
.mpeg;.mov;.mp3;.m3u;.wav;.scr;”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”
Screenshots:






How to remove the infection of Windows Scan (Adware.Win32.WindowsScan)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Windows Optimization & Security adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimizationSecurity.
Windows Optimization & Security is a rogue application. This is another variant of Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Create new file:
- %UserProfile%\Application Data\%random%.exe
Create/modify registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\%random%.exe
- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
Screenshots:









How to remove the infection of Windows Optimization & Security (Adware.Win32.Windows OptimizationSecurity)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Memory Optimizer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.MemoryOptimizer.
Memory Optimizer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Variants of the rogue defragmenter:
Create new files:
- %AllUsersProfile%\Application Data\~%random%
- %AllUsersProfile%\Application Data\~%random%r
- %AllUsersProfile%\Application Data\%random%
- %AllUsersProfile%\Application Data\%random%.exe
- %AllUsersProfile%\Application Data\%random%.dll
- %AllUsersProfile%\Application Data\%random%.exe
- %UserProfile%\Desktop\Memory Optimizer.lnk
- %UserProfile%\Local Settings\Temp\tmp1.tmp
- %UserProfile%\Start Menu\Programs\Memory Optimizer\
- %UserProfile%\Start Menu\Programs\Memory Optimizer\Memory Optimizer.lnk
- %UserProfile%\Start Menu\Programs\Memory Optimizer\Uninstall Memory Optimizer.lnk
Create/modify registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
.mpeg;.mov;.mp3;.m3u;.wav;.scr;”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”
Screenshots:






How to remove the infection of Memory Optimizer (Adware.Win32.MemoryOptimizer)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Disk Optimizer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DiskOptimizer.
Disk Optimizer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Variants of the rogue defragmenter:
Create new files:
- %AllUsersProfile%\Application Data\~%random%
- %AllUsersProfile%\Application Data\~%random%r
- %AllUsersProfile%\Application Data\%random%
- %AllUsersProfile%\Application Data\%random%.exe
- %AllUsersProfile%\Application Data\%random%.dll
- %AllUsersProfile%\Application Data\%random%.exe
- %UserProfile%\Desktop\Disk Optimizer.lnk
- %UserProfile%\Local Settings\Temp\tmp1.tmp
- %UserProfile%\Start Menu\Programs\Disk Optimizer\
- %UserProfile%\Start Menu\Programs\Disk Optimizer\Disk Optimizer.lnk
- %UserProfile%\Start Menu\Programs\Disk Optimizer\Uninstall Disk Optimizer.lnk
Create/modify registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes:”.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;
.mpeg;.mov;.mp3;.m3u;.wav;.scr;”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”
Screenshots:






How to remove the infection of Disk Optimizer (Adware.Win32.DiskOptimizer)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
The Emsisoft malware research team has discovered a new outbreak of the Easy Scan adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.EasyScan.
Easy Scan is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Variants of the rogue defragmenter:
Create new files:
- %AllUsersProfile%\Application Data\%random%.exe
- %AllUsersProfile%\Application Data\%random%
- %UserProfile%\Desktop\Easy Scan.lnk
- %UserProfile%\Start Menu\Programs\Easy Scan\
- %UserProfile%\Start Menu\Programs\Easy Scan\Uninstall Easy Scan.lnk
- %UserProfile%\Start Menu\Programs\Easy Scan\Easy Scan.lnk
Create new registry entry:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”
Screenshots:





How to remove the infection of Easy Scan (Adware.Win32.EasyScan)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.