Friday, June 10, 2011

Windows Examination Utility Removal Guide

Windows Examination Utility Removal Guide
Windows Examination Utility is a program that is used to cheat the money of people by showing error message in the computer such as the computer has been infected by malwares. Windows Examination Utility adds a registry entries to make itself to start automatically when Windows boot. After that, Windows Examination Utility will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the computer has been infected by malwares which can only be removed by the full version of Windows Examination Utility. Thus, the user is urged to purchase it. Do not believe any report given by Windows Examination Utility even the warning look so real. In fact, Windows Examination Utility cannot detect and remove any error or malware on computer.

Windows Examination Utility can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Examination Utility must be cleared by using Windows Registry Editor.

Windows Examination Utility uses the original name of Microsoft Windows and is delivered with the help of Microsoft Security Essentials Alert virus. Windows Examination Utility will show a fake Microsoft Security Essentials alert that claims an unknown Trojan was detected on the computer and then suggest the user to scan the computer. Once a fraudulent scan is executed, Windows Examination Utility will announce that a particular file is infected with a Trojan and then urge the user to download and install Windows Examination Utility to remove it. When installing, Windows Examination Utility will configure itself to run automatically every time when Windows starts. After a successful installation, Windows Examination Utility will restart the computer.

Windows Examination Utility should be removed immediately!


Windows Examination Utility Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[random].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe

Remove Folders and Files
%UserProfile%\Application Data\[random].exe
%AppData%\Microsoft\[random].exe

%UserProfile% is current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

No comments:

Post a Comment