Sunday, April 1, 2012

Remove Windows Activity Debugger as another self-extolling counterfeit that claims to be award-winning security tool

Windows Activity Debugger finds its way onto computer system using a number of drive-by download routines. The routines offer both totally covert downloads, i.e. involving no user’s consent, as well as downloads based on obtaining the user’s agreement by scaring the user with misleading info on viruses detected and luring with self-assigned merits e.g. claims that the program is a number one choice of PC related magazine editors.
Whether you have been scared or lured or otherwise persuaded into infecting your PC with the fake or it has made its way into its target without asking any kind of permit obviously related to its download, the result is absolutely the same as you get your computer system badly infected and are going to experience endless notifications and nag screens produced by the counterfeit. Removal of Windows Activity Debugger is the only way to put an end to the scam.
Click here to let free scanner inspect your PC and remove Windows Activity Debugger in the course of overall computer memory cleanup.

Windows Activity Debugger screenshot:



Manual removal directions:
Delete infected files:
Inspector-[rnd].exe
Protector-[rnd].exe
%appdata%\npswf32.dll
%appdata%\npswf32.dll
%appdata%\Inspector-[3 random letters].exe
%desktopdir%\Windows Functionality Checker.lnk
%appdata%\result.db
Delete Windows Activity Debugger registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

No comments: