The Emsisoft malware research team has discovered a new outbreak of the  Windows Antispyware Solution adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntispywareSolution.

Windows Antispyware Solution is a rogue application. This is another variant of Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Antispyware Solution (Adware.Win32.WindowsAntispywareSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the  Windows Universal Tools adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUniversalTools.

Windows Universal Tools is a rogue application. This is another variant of Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Universal Tools (Adware.Win32.WindowsUniversalTools)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the  Windows Risk Eliminator adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRiskEliminator.

Windows Risk Eliminator is a rogue application. This is another variant of Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Risk Eliminator (Adware.Win32.WindowsRiskEliminator)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the  Windows Security & Control adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSecurityControl.

Windows Security & Control is a rogue application. This is another variant of Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Security & Control (Adware.Win32.WindowsSecurityControl)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the  Windows Utility Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsUtilityTool.

Windows Utility Tool is a rogue application. This is another variant of Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)

Screenshots:

How to remove the infection of Windows Utility Tool (Adware.Win32.Windows WindowsUtilityTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.