Monday, July 2, 2012

Appropriate way to remove Windows Interactive Security

Windows Interactive Security is another skullduggery by notorious black hats. The swindlers are headquartered in Eastern Europe countries, which public security bodies do not prosecute the hackers as hard as in Western Europe and USA.
The program is concocted to impersonate security solution for computer system. It is distributed through websites with malicious scripts that download the rogue without requesting user’s agreement, trojan droppers technologies are used to install the malware surreptitiously. In the meantime, scaring tactics are applied to make users download and install the malicious software with their own hands. There is a network of fake online scanners featuring the counterfeit. Those fake online virus detectors readily report a number of threats for any computer and request user to install its resident version, which turns to be the rogue antispyware.
Removal of Windows Interactive Security is not available with standard procedures for programs uninstalling. Do not waste your time trying to delete through Windows Control Panel. Follow the free scan link to get rid of Windows Interactive Security as appropriate. 

Windows Interactive Security screenshot:


 
Windows Interactive Security activation code (helps removal):
0W000-000B0-00T00-E0020
NOTE: "Activating" Windows Interactive Security is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows Interactive Security malware removal using safe registry cleaner software.

Windows Interactive Security manual removal guide:
Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Interactive Security.lnk
%Desktop%\Windows Interactive Security.lnk
Delete Windows Interactive Security registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: