Remove Windows Performance Adviser

If Windows Performance Adviser is now operating on your computer and is advising you to buy Windows Performance Adviser – full version, you should probably know a few things about this program fist. Windows Performance Adviser looks very much like a computer security program due to its sophisticated design, but, in reality, this is a virus, created by cyber criminals with the mere intention of tricking you into buying the nonexistent full version of the program. Not paying for, but removing Windows Performance Adviser is the best thing you can do to keep your computer safe.

Figure 1. Windows Performance Adviser screenshot

Windows Performance Adviser is part of the enormous FakeVimes family of rogues. Other representatives of the same family are Windows Efficiency Accelerator, Windows Safety Toolkit, Windows Safety Manager, etc. They all resemble each other in their manner of infecting computers and blackmailing their users.

Quite often Windows Performance Adviser sneaks into your system with the help of Trojans, which can infect your PC through hacked websites. You can also install Windows Performance Adviser accidentally, when you authorize one of its fake online scanners to perform a scan of your computer. However, it is not that important to know how Windows Performance Adviser has infected your system, but rather how you can recognize and remove it.

Windows Performance Adviser configures itself to start automatically on the infected machine. Thus, whenever you turn on your computer, the scanning window of the malware appears without your authorization and pretends to be looking for viruses. As a result, Windows Performance Adviser will also try to deceive you with false messages reporting various threats to your system, but you should be aware that the only intruder in your computer system is Windows Performance Adviser. After each scan, the malware prompts its victims to buy its so-called full version by filling in all their personal and credit card details on a fake webpage.

And if you have thought even for a minute that this software is trustworthy, you should also know that Windows Performance Adviser is the one to block your other applications from being launched. Though the fake software hints that the viruses it has “found” are responsible for the non-responding programs, the truth is that Windows Performance Adviser stops them in an attempt to dissuade you from trying to run a real anti-virus program.

Just like most other fake anti-virus programs, Windows Performance Adviser tries to scare you with the help of falsified security warnings, which frantically claim that your PC is at great risk. Some of them are:

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.

Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

In order to make things even worse for you and easier for itself, Windows Performance Adviser also blocks your Windows Task Manager and Registry editor and puts its own Advanced Process Control tool on charge. This tool pretends to be working as a task manager, but is actually under the management of the malware.

In case Windows Performance Adviser has managed to sneak inside your PC, one thing is certain: you need to scan your computer with a legitimate anti-virus program and remove Windows Performance Adviser now!

Windows Performance Adviser Manual Removal Instructions:

Stop These Windows Performance Adviser Processes:
(Learn how to do this)

Inspector-{random letters}.exe
Protector-{random letters}.exe
Find and Delete These Windows Performance Adviser Files:
(Learn how to do this)
%appdata%\npswf32.dll
%appdata%\Inspector-{random letters}.exe
%appdata%\Protector-{random letters}.exe
%appdata%\result.db
Remove These Windows Performance Adviser Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Free Antispyware Scan

Tags: , , , , ,

By

Trackbacks

  1. [...] fake anti-virus programs, called FakeVimes. Other viruses, which are part of the same family, are Windows Performance Adviser, Windows Premium Guard, Windows Pro Rescuer and many other. All of them manage to get inside the [...]

Speak Your Mind

*