Tuesday, July 17, 2012

Windows Virtual Firewall malware removal

Windows Virtual Firewall is a computer threat that has been released by FakeVimes family of rogues to get some computer users fooled and rip of their money. It’s a program that pretends being a reputable antivirus stating that can solve your security issues. In fact it has nothing useful to offer and it works just by imitating actions of antiviruses. The parasite employs Trojans in for infiltration purposes and you may get your system infected while watching some videos online or downloading something.
The program imitates all functions of a security tool, for example, runs a system scan. However, you should know that this scanner is fake and it only simulates looking for threats. By the end of the scan, it displays falsified scan results. The application claims that your system is infected. These claims do not bring any important information. This outrageous lie is generated to push you into purchasing this scam. Do not jump at this bait. The only thing you should do is to remove this parasite.
To fix your computer, you should remove Windows Virtual Firewall as soon as you notice its activity on your PC. We recommend using reputable anti-spyware GridinSoft Trojan Killer. Perform a full system scan and clean your computer from all viruses. Using automated programs will help to restore your regular antivirus which might be disabled by Windows Virtual Firewall.


malware removal tool

Delete Windows Virtual Firewall files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[rnd].exe
%AppData%\result.db
Delete Windows Virtual Firewall registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)