Windows Risks Preventions Adware Removal Instructions
The Emsisoft malware research team has discovered a new outbreak of the Windows Risks Preventions adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRisksPreventions.
Windows Risks Preventions is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Another variants:
- Windows Custom Settings
- Windows Firewall Unit
- Windows Safeguard Utility
- Windows Repairing System
- Windows Precautions Center
- Windows System Tasks
- Windows Protection Servant
- Windows Activity Inspector
- Windows Tweaking Utility
- Windows Inspection Utility
- Windows Supervision Center
- Windows Oversight Center
- Windows Passport Utility
- Windows Process Regulator
- Windows Simple Protector
- Windows Stability Center
- Windows Power Expansion
- Windows Expansion System
- Windows Background Protector
- Windows Lowlevel Solution
- Windows Support System
- Windows Emergency System
- Windows Threats Removing
- Windows Remedy
- Windows Troubles Remover
- Windows Troublemakers Agent
- Windows Servant System
- Windows Defence Center
- Windows Error Correction
- Windows Performance Manager
- Windows Troubles Analyzer
- Windows Processes Organizer
- Windows Optimal Tool
- Windows Express Settings
- Windows Safety Guarantee
- Windows Express Help
- Windows AV Software
- Windows User Satellite
- Windows Problems Solution
- Windows Optimal Settings
- Windows Optimal Solution
- Windows Care Tool
- Windows Software Guard
- Windows Wise Protection
- Windows Software Protection
- Windows Problems Protector
- Windows Shield Center
- Windows Problems Remover
- Windows Health Center
- Windows Antispyware Solution
- Windows Universal Tools
- Windows Risk Eliminator
- Windows Security & Control
- Windows Utility Tool
- Windows Optimization & Security
- Windows Optimization Center
- Privacy Guard 2010
Create new file:
- %UserProfile%\Application Data\Microsoft\%random%.exe
Create/modify registry entries:
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe - HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1) - HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0) - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe
Screenshots:
How to remove the infection of Windows Risks Preventions (Adware.Win32.WindowsRisksPreventions)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
