Monday, April 6, 2009

Remove WinPC Antivirus rogue anti-spyware

WinPC Antivirus (WinPCAntivirus) is a continuation of Wind PC Defender malware. The latter is known as a fake computer security tool designed as a destructive and advertising solution that pretends to be a sort of antivirus. The former does not differ much or at all from its predecessor, and inherited its advertisement websites and download links, so the same trojans, instead of installing malware of Wind PC Defender, now are downloading and installing WinPC Antivirus malware.It is strongly recommended to remove WinPC Antivirus malware as the program includes dll files disordering OS and legitimate software, which are at the dormant state for certain pre-planned period or before the attack on the malware is detected. It is also important to get rid of WinPC Antivirus with due precautions, or better use professional solution to remove WinPC Antivirus in a safe and reliable way. WinPC Antivirus is annoying program normally detectable by its repeated scans and fake alerts. Its activities cannot be interrupted by mere disabling of the program, all the more WinPC Antivirus often hides its files to prevent their deletion, as well as it is not necessarily registered in the lists of programs powered by your OS (if Windows, such list is represented at the Add/Remove Programs of Start Menu).
Click here and initiate free scan using Spyware Doctor with antivirus to reveal the infections at your computer and get rid of WinPC Antivirus malware, as well as remove any related or independent rogue programs.

WinPC Antivirus screenshot:

WinPC Antivirus automatical removal tool:


WinPC Antivirus manual removal guide
Delete WinPC Antivirus files:
winav.exe
WinPC Antivirus.LNK

Delete WinPC Antivirus registry entries:
HKEY_CURRENT_USER\Software\WinPC Antivirus
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" => 1

7 comments:

Eddie said...

This worked OK for me, whereas SpyDoctor etc all failed.
Although it's worth noting that these instructions should be run in SAFE MODE
Thanks!
Eddie

Anonymous said...

Hi

I have followed the instructions with apart from the last 3 parts as below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" => 1

Can get to the security center in registry but don't understand the next part. Help please!

John Conley said...

Anonymous!
delete those entries by right clicking and selecting delete ;)

All Better?

Barry said...

That worked great!
One question...When I rebooted It came back and I had to do the process all over again...Is their anything I can do so when I reboot it does not come back?
Thanks

Anonymous said...

=> means set to this value

e.g. UpdatesDisableNotify should be set to 1. (It is probably 0 right now.)

John Conley said...

d deleted everything, it went away. apparenty there is a carrier virus that downloaded it again, so i did what every good programmer does.

when in doubt, REFORMAT!

you will need an XP or Vista recovery disk/partition.

Anonymous said...

Miller Time -
You may need to turn off System Restore to delete the restore files. Some malware hides itself in those files and will re-install itself after reboot.
10