May

30

Windows Antivirus Rampart Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Antivirus Rampart. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntivirusRampart.

Windows Antivirus Rampart is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Antivirus Rampart.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Antivirus Rampart.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsAntivirusRampart

Rogue.Win32.WindowsAntivirusRampart

Rogue.Win32.WindowsAntivirusRampart

Rogue.Win32.WindowsAntivirusRampart

Rogue.Win32.WindowsAntivirusRampart

Rogue.Win32.WindowsAntivirusRampart

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Antivirus Rampart (Rogue.Win32.WindowsAntivirusRampart)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

30

Windows Ultimate Security Patch Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Ultimate Security Patch. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsUltimateSecurityPatch.

Windows Ultimate Security Patch is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Ultimate Security Patch.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Ultimate Security Patch.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsUltimateSecurityPatch

Rogue.Win32.WindowsUltimateSecurityPatch

Rogue.Win32.WindowsUltimateSecurityPatch

Rogue.Win32.WindowsUltimateSecurityPatch

Rogue.Win32.WindowsUltimateSecurityPatch

Rogue.Win32.WindowsUltimateSecurityPatch

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Ultimate Security Patch (Rogue.Win32.WindowsUltimateSecurityPatch)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

30

Windows Defence Counsel Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Defence Counsel. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsDefenceCounsel.

Windows Defence Counsel is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Defence Counsel.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Defence Counsel.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsDefenceCounsel

Rogue.Win32.WindowsDefenceCounsel

Rogue.Win32.WindowsDefenceCounsel

Rogue.Win32.WindowsDefenceCounsel

Rogue.Win32.WindowsDefenceCounsel

Rogue.Win32.WindowsDefenceCounsel

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Defence Counsel (Rogue.Win32.WindowsDefenceCounsel)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

25

Windows Guard Tools Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Guard Tools. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsGuardTools.

Windows Guard Tools is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Guard Tools.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Guard Tools.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsGuardTools

Rogue.Win32.WindowsGuardTools

Rogue.Win32.WindowsGuardTools

Rogue.Win32.WindowsGuardTools

Rogue.Win32.WindowsGuardTools

Rogue.Win32.WindowsGuardTools

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Guard Tools (Rogue.Win32.WindowsGuardTools)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

24

Windows Safety Maintenance Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Maintenance. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafetyMaintenance.

Windows Safety Maintenance is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Safety Maintenance.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Safety Maintenance.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsSafetyMaintenance

Rogue.Win32.WindowsSafetyMaintenance

Rogue.Win32.WindowsSafetyMaintenance

Rogue.Win32.WindowsSafetyMaintenance

Rogue.Win32.WindowsSafetyMaintenance

Rogue.Win32.WindowsSafetyMaintenance

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safety Maintenance (Rogue.Win32.WindowsSafetyMaintenance)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

23

Windows Multi Control System Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Multi Control System. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsMultiControlSystem.

Windows Multi Control System is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Multi Control System.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Multi Control System.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsMultiControlSystem

Rogue.Win32.WindowsMultiControlSystem

Rogue.Win32.WindowsMultiControlSystem

Rogue.Win32.WindowsMultiControlSystem

Rogue.Win32.WindowsMultiControlSystem

Rogue.Win32.WindowsMultiControlSystem

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Multi Control System (Rogue.Win32.WindowsMultiControlSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

22

Windows Pro Safety Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Safety. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProSafety.

Windows Pro Safety is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Pro Safety.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Pro Safety.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsProSafety

Rogue.Win32.WindowsProSafety

Rogue.Win32.WindowsProSafety

Rogue.Win32.WindowsProSafety

Rogue.Win32.WindowsProSafety

Rogue.Win32.WindowsProSafety

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Pro Safety (Rogue.Win32.WindowsProSafety)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

20

Windows Private Shield Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Private Shield. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsPrivateShield.

Windows Private Shield is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Private Shield.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Private Shield.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsPrivateShield

Rogue.Win32.WindowsPrivateShield

Rogue.Win32.WindowsPrivateShield

Rogue.Win32.WindowsPrivateShield

Rogue.Win32.WindowsPrivateShield

Rogue.Win32.WindowsPrivateShield

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Private Shield (Rogue.Win32.WindowsPrivateShield)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

18

Windows Pro Safety Release Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Safety Release. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProSafetyRelease.

Windows Pro Safety Release is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Pro Safety Release.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Pro Safety Release.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsProSafetyRelease

Rogue.Win32.WindowsProSafetyRelease

Rogue.Win32.WindowsProSafetyRelease

Rogue.Win32.WindowsProSafetyRelease

Rogue.Win32.WindowsProSafetyRelease

Rogue.Win32.WindowsProSafetyRelease

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Pro Safety Release (Rogue.Win32.WindowsProSafetyRelease)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

May

17

Windows Safeguard Upgrade Rogue Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Windows Safeguard Upgrade. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafeguardUpgrade.

Windows Safeguard Upgrade is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Safeguard Upgrade.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Safeguard Upgrade.lnk

Create new registry entry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • many similar entries…

Screenshots:

Rogue.Win32.WindowsSafeguardUpgrade

Rogue.Win32.WindowsSafeguardUpgrade

Rogue.Win32.WindowsSafeguardUpgrade

Rogue.Win32.WindowsSafeguardUpgrade

Rogue.Win32.WindowsSafeguardUpgrade

Rogue.Win32.WindowsSafeguardUpgrade

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safeguard Upgrade (Rogue.Win32.WindowsSafeguardUpgrade)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.