Wednesday, February 22, 2012

Remove Windows Telemetry Center malware that destroys rather than fakes

Windows Telemetry Center is a desperate detector of phantom threats. Whenever you install the program it will readily notify you of the same set of threats. Naturally there is no threat recognition performed in the wild as a user is provided with a showcase called computer scan.
Removal of Windows Telemetry Center is not available by mere uninstalling using tools for installations management available for Windows and other operating systems. Furthermore, the fake tends to escape prosecution of security solutions capable of identifying counterfeits. Important to note, the fake utility in question is found malicious due to the execution of its destructive payload in most of the instances of behavioral detection rather than because of faking as such. Hence, even if I had been a true system utility in the sense of corresponding to its declared features, it would be good to remove Windows Telemetry Center to prevent damages occurring during its activities unrelated to faking the application described by its vendor.
Click here to successfully delete the virus which carries both destructive and misleading payloads. The extermination starts with download and installation of free scanner.

Windows Telemetry Center screenshot:




Manual removal guide:
Delete the following files:
:\DOCUMENTS AND SETTINGS\\APPLICATION DATA\Protector-.exe

Delete the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 5
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-21_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: