Remove Windows Attacks Preventor

Another malicious program is trying to infect more and more computers. Windows Attacks Preventor is reported to use all malicious tricks common for rogueware programs to find a way and sneak into targeted computers without the knowledge of their users. Although the name of this program misleads PC users into thinking this application is a legitimate anti-malware tool, the truth is that Windows Attacks Preventor is a creation of hackers. They have developed this program with the only intention to deceive victims into believing that Windows Attacks Preventor can protect their computers from malicious software. In fact, Windows Attacks Preventor is a scam tool that only imitates the layout and actions of trustworthy security programs. It is unable to detect system threats, as well as infected files. If you allow Windows Attacks Preventor to be installed on your computer, it will put it in danger and try to take control over the system. Not only that, but Windows Attacks Preventor will cause a real mess.

Figure 1. Windows Attack Preventor GUI

Windows Attacks Preventor is a malicious application that belongs to the same rogueware family as Windows Firewall Constructor and Windows Stability Guard. All of these fraudulent creations of cyber criminals are aimed at tricking unsuspecting users into paying for the full versions of these applications. Windows Attacks Preventor is transferred to targeted computers via compromised web links. If a person is tricked into clicking on an infected link, Windows Attacks Preventor is automatically downloaded to his computer. Another way of getting infected with this malicious attacker is through fake program updates. The computer user is misled into thinking he has to download and install some program update. However, the person is not aware that he is going to download not a legitimate and trustworthy update, but the scam tool Windows Attacks Preventor. Then, there are no obstacles for the attacker to root itself deep into the targeted computer. Windows Attacks Preventor is ready to start its plan.

First, Windows Attacks Preventor creates many infected files in some hidden directory of the compromised computer. After that, the fake security program starts showing annoying messages. These warnings pop up again and again, and they cannot be stopped even if the PC user tries to close them. They warn the PC owner about serious system problems and threats. Windows Attacks Preventor tells the user that the system is at risk, and something has to be done immediately to protect the computer. The messages show the following information:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!

Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.

Windows Attacks Preventor does not stop there. It will even make a fake scan of the system. The scan will pretend to have detected many infected files. The truth is that Windows Attacks Preventor reports the files it has created itself. Windows Attacks Preventor is the only intruder, and it has to be stopped.

The next step of Windows Attacks Preventor is to tell you that if you do not remove these malicious files, your computer may crash. However, you will not be able to delete the files manually. Windows Attacks Preventor will take you to its billing page, and will try to mislead you into paying for its useless services.

Do not be tricked. Windows Attacks Preventor is not a genuine security program. It is a bogus tool aimed at taking your money. Remove the intruder as soon as you can and use a reliable AV program.

Windows Attacks Preventor Manual Removal Instructions:

Stop These Windows Attacks Preventor Processes:
(Learn how to do this)

Inspector[random].exe
Protector-[3 random characters].exe
Find and Delete These Windows Attacks Preventor Files:
(Learn how to do this)
%AppData%\Inspector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\NPSWF32.dll
%AppData%\result.db
%UserProfile%\Desktop\Windows Protection Master.lnk
%StartMenu%\Programs\Windows Protection Master.lnk
Remove These Windows Attacks Preventor Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe “Debugger”

Free Antispyware Scan

Tags: , , , , , ,

By

Speak Your Mind

*