Thursday, June 9, 2011

Windows Monitoring Utility Removal Guide

Windows Monitoring Utility Removal Guide
Windows Monitoring Utility is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Windows Monitoring Utility CANNOT detect and remove any kind of malware, trojan and virus. Windows Monitoring Utility can only cheat the user to purchase the full version of Windows Monitoring Utility so that to removed the detected threats. Do not believe any pop ups or report shown by Windows Monitoring Utility. All of them is a lie. We should also be watchful for potential browser hijack attempts, since Windows Monitoring Utility is based on malware known for abusing proxy servers.

Windows Monitoring Utility scare the user will many virus name such as Downloader.JS.Small, Sality AN, GameThief.Win32, WinWebSecurity2008 etc. Windows Monitoring Utility can be removed by using Emsisoft HiJackFree to stop the process of Windows Monitoring Utility and remove the files. Then the user should remove the registries entries added and modified by Windows Monitoring Utility according to the removal guide stated below.

Windows Monitoring Utility should be removed immediately!


Windows Monitoring Utility Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%Temp%\[random]
%UserProfile%\Application Data\Microsoft\[random].exe

No comments:

Post a Comment