Wednesday, April 4, 2012

How to remove Windows Custodian Utility virus?

If you see such or similar alert, you may remove Windows Custodian Utility related notifier and thus avoid downloading of the main adware that will scare and annoy you into buying its full version (the same useless and annoying stuff). You also need to perform the removal of Windows Custodian Utility adware due to the damage it may produce. Get rid of Windows Custodian Utility adware, as well as related / unrelated trojans and other infections.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.

Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites
If you are going to remove Windows Custodian Utility automatically, the tool that has been previously recommended for the removal of Windows Custodian Utility clones works equally well. Click here to get rid of Windows Custodian Utility and any other infections having completed a free scan of your PC.

Windows Custodian Utility screenshot:



Manual removal directions:
 
Delete Windows Custodian Utility files:
%AppData%\NPSWF32.dll
%AppData%\Protector-3 characters.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Shielding Utility.lnk
%Desktop%\Windows Shielding Utility.lnk
Delete the following registry entries:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegedit” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run “Inspector”
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings “net” = “2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings “UID” = “origkboryd”
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\InternetExplorer\\Main\\FeatureControl\\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe



No comments: