Remove Windows Malware Sleuth

Scaring people into thinking their computers are infected with severe computer viruses is a trick common for rogueware applications. This trick is also used by Windows Malware Sleuth. This tool is another fake security application that pretends to be a reliable and effective program. In fact, it is nothing, but another scam program that wants to mislead victims into believing that Windows Malware Sleuth can protect their computers from malicious software. To convince PC users that it is a trustworthy AV program, Windows Malware Sleuth will imitate the actions and layout of genuine security software. Windows Malware Sleuth will display warnings and pretend to scan the infected PC for compromised files and system threats. However, Windows Malware Sleuth cannot provide accurate information about the state of the computer system, and it cannot report about the presence of malicious programs and attackers. On the contrary, it even makes it possible for Trojan-based infections to sneak into targeted computers without any difficulties.

Figure 1. Windows Malware Sleuth screenshot

Windows Malware Sleuth is reported to be a part of the so-called Rogue.FakeVimes family. Similarly to other programs that belong to this rogueware family, Windows Malware Sleuth is a fake anti-spyware tool that pretends to be legitimate and reliable software, and thus wants to mislead unaware PC users into paying for its services. The attacker does not disclose its true intentions. It uses deceitful tricks to penetrate into targeted machines, and then roots itself deep into their systems. There are two ways of getting inside a targeted PC without the knowledge of its user. Windows Malware Sleuth uses malicious web pages that detect vulnerabilities in programs that are running on targeted computers. After that, the same vulnerabilities are used to transfer Windows Malware Sleuth to a targeted PC without the knowledge of its user. Moreover, Windows Malware Sleuth does not need the approval of the computer owner to be downloaded to the PC. Another way of transferring Windows Malware Sleuth to machines is via web pages that promote fake online scanners. The visitors of the site are offered to scan their computers using some unknown scan tool. However, if the computers are scanned, many infections are reported, and the user is told to download Windows Malware Sleuth to fix the machine. In this way, the victim voluntarily downloads Windows Malware Sleuth to his PC.

After Windows Malware Sleuth is transferred to the PC, the infection is ready to start its attacks. Windows Malware Sleuth hides itself in the system and creates many compromised files. To hide itself from security-related programs, Windows Malware Sleuth will stop any executable files that you are trying to launch. Another trick used by Windows Malware Sleuth is that when the PC user tries to start the Registry editor, the command is not executed. Instead, the Advanced Process Control screen of Windows Malware Sleuth is shown. The same happens if the victims wants to start the Task Manager.

Windows Malware Sleuth also displays annoying pop-up messages that warn the user about serious system errors. The pop-up messages will not stop even if the victim wants to close them. The following problems will be reported:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Windows Malware Sleuth will even make a fake scan of the system. The scan will detect only fake and nonexistent threats and infections.

Do not believe in any of the messages Windows Malware Sleuth shows. Remove the intruder as soon as you can and do not disclose personal or financial details.

Windows Malware Sleuth Manual Removal Instructions:

Stop These Windows Malware Sleuth Processes:
(Learn how to do this)

Inspector[random].exe
Protector-[3 random characters].exe
Find and Delete These Windows Malware Sleuth Files:
(Learn how to do this)
%AppData%\Inspector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\NPSWF32.dll
%AppData%\result.db
%UserProfile%\Desktop\Windows Protection Master.lnk
%StartMenu%\Programs\Windows Protection Master.lnk

Remove These Windows Malware Sleuth Registry Values:
(Learn how to do this)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe “Debugger”

Free Antispyware Scan

Tags: , , , ,

By

Trackbacks

  1. [...] the article here: Remove Windows Malware Sleuth | For XP/VistaAlso on this blogRemove Windows Risk Minimizer – Remove spyware, removal …Windows [...]

Speak Your Mind

*