The Emsisoft malware research team has discovered a new outbreak of the Windows Optimal Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimalTool.

Windows Optimal Tool is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

• Windows Express Settings
• Windows Safety Guarantee,
• Windows Express Help,
• Windows AV Software,
• Windows User Satellite,
• Windows Problems Solution,
• Windows Optimal Settings, 
• Windows Optimal Solution, 
• Windows Care Tool,
• Windows Software Guard,
• Windows Wise Protection,
• Windows Software Protection,
• Windows Problems Protector,
• Windows Shield Center,
• Windows Problems Remover,
• Windows Health Center, 
• Windows Antispyware Solution,
• Windows Universal Tools,
• Windows Risk Eliminator,
• Windows Security & Control,
• Windows Utility Tool,
• Windows Optimization & Security,
• Windows Optimization Center, 
• Privacy Guard 2010.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Optimal Tool (Adware.Win32.WindowsOptimalTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the Windows Express Settings adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExpressSettings.

Windows Express Settings is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

• Windows Safety Guarantee,
• Windows Express Help,
• Windows AV Software,
• Windows User Satellite,
• Windows Problems Solution,
• Windows Optimal Settings, 
• Windows Optimal Solution, 
• Windows Care Tool,
• Windows Software Guard,
• Windows Wise Protection,
• Windows Software Protection,
• Windows Problems Protector,
• Windows Shield Center,
• Windows Problems Remover,
• Windows Health Center, 
• Windows Antispyware Solution,
• Windows Universal Tools,
• Windows Risk Eliminator,
• Windows Security & Control,
• Windows Utility Tool,
• Windows Optimization & Security,
• Windows Optimization Center, 
• Privacy Guard 2010.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Express Settings (Adware.Win32.WindowsExpressSettings)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the XP AntiSpyware 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.XPAntiSpyware2011.

XP AntiSpyware 2011 is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

• %AllUsersProfile%\Application Data\%random%
• %UserProfile%\Local Settings\Application Data\%random%
• %UserProfile%\Local Settings\Application Data\%random%.exe
• %UserProfile%\Local Settings\Temp\%random%
• %UserProfile%\Templates\%random%

Create/modify registry entries:

• KEY_CURRENT_USER\software\Clients\StartMenuInternet
  (String) (Default) = IEXPLORE.EXE

• HKEY_CURRENT_USER\software\Microsoft\Windows
  (DWORD) Identity = 0x3A37AD27 (976727335)

• HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
  (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe”

• HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
  (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe” -safe-mode

• HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
  (String) (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” /START “%ProgramFiles%\Internet Explorer\iexplore.exe”

• HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Toolbar\WebBrowser
  (DWORD) ITBar7Height = 0×00000000 (0)

Screenshots:

How to remove the infection of XP AntiSpyware 2011 (Adware.Win32.XPAntiSpyware2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Guarantee adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSafetyGuarantee.

Windows Safety Guarantee is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

• Windows Express Help,
• Windows AV Software,
• Windows User Satellite,
• Windows Problems Solution,
• Windows Optimal Settings, 
• Windows Optimal Solution, 
• Windows Care Tool,
• Windows Software Guard,
• Windows Wise Protection,
• Windows Software Protection,
• Windows Problems Protector,
• Windows Shield Center,
• Windows Problems Remover,
• Windows Health Center, 
• Windows Antispyware Solution,
• Windows Universal Tools,
• Windows Risk Eliminator,
• Windows Security & Control,
• Windows Utility Tool,
• Windows Optimization & Security,
• Windows Optimization Center, 
• Privacy Guard 2010.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Safety Guarantee (Adware.Win32.WindowsSafetyGuarantee)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discovered a new outbreak of the Windows Express Help adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExpressHelp.

Windows Express Help is a rogue application. Rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

• Windows AV Software,
• Windows User Satellite,
• Windows Problems Solution,
• Windows Optimal Settings, 
• Windows Optimal Solution, 
• Windows Care Tool,
• Windows Software Guard,
• Windows Wise Protection,
• Windows Software Protection,
• Windows Problems Protector,
• Windows Shield Center,
• Windows Problems Remover,
• Windows Health Center, 
• Windows Antispyware Solution,
• Windows Universal Tools,
• Windows Risk Eliminator,
• Windows Security & Control,
• Windows Utility Tool,
• Windows Optimization & Security,
• Windows Optimization Center, 
• Privacy Guard 2010.

Create new file:

• %UserProfile%\Application Data\%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (String) Shell = %UserProfile%\Application Data\%random%.exe
• HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Express Help (Adware.Win32.WindowsExpressHelp)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.