Thursday, June 28, 2012

Removal of Windows Privacy Extension capable of detecting inexistent viruses

Windows Privacy Extension has a capacity to detect viruses that do not exist. This remarkable ability makes of it a program classified as a piece of rogue antispyware. Such programs by definition are meant to cheat people.
In this case, apart from misinforming users of threats to their computer system, the program harms PCs it is installed on. Internet connection is blocked, lots of programs fail to run or operate as appropriate, blue screen of death appear every and then - these are all pranks of the fake antivirus in question.
Hence there are two reasons to get rid of Windows Privacy Extension fake antivirus. The first one is evident as the program is a fake. However, there is another one as the fake appears to harm host computer system.
Free scanner available here is a selected by malware experts security suite to remove Windows Privacy Extension; in the meantime, it is a multifunctional antivirus that ensures overall memory cleanup.

Windows Privacy Extension screenshots:



Windows Privacy Extension activation code (helps removal):


0W000-000B0-00T00-E0020
NOTE: "Activating" Windows Privacy Extension is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows Privacy Extension malware removal using safe registry cleaner software.

Windows Privacy Extension manual removal guide:
Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Privacy Extension.lnk
%Desktop%\Windows Privacy Extension.lnk
Delete Windows Privacy Extension registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: