Tuesday, April 24, 2012

Remove Windows Performance Adviser fake antivirus (malware)

Windows Performance Adviser is designed to burden users with its popups. Those popups are a sort of advertisement. The advertisements is totally misleading as it features the application as a security suite for computer system, which it is not. On the contrary, it is a security threat.
Some security experts classify the program as merely a potentially unwanted item. That does not correspond to the severity of the case. In fact, while pretending to run after viruses, the misleading adware runs after security tools. That is how the hackers try to prevent removal of Windows Performance Adviser. Such tactics are inherent to advanced kernel more infections, rootkits.
After all, classification hardly matters, as the ability to exterminate the malware is at stake. That is where the problem lies. A good many malware removers are banned or deleted by the aggressive counterfeit.
Free scanner available here knows its job well. It is able to remove Windows Performance Adviser taking into account that the adware proactively safeguards its components; the solution will also find and delete true viruses.

Windows Performance Adviser screenshot:




Windows Performance Adviser manual removal directions:



Delete Windows Performance Adviser files:
%AppData%\Inspector-[rnd].exe
 %AppData%\Protector-[rnd].exe

Delete registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
 

No comments: