Windows Antivirus Tool is a new threat from the FakeVimes malware family. This Windows Antivirus Tool threat is classified as virus because it inflicts and acts as a malicious virus into your computer system. Windows Antivirus Tool is known Rogueware which displays fake alerts, and locks your computer processes from opening. Each time you open your Internet Browser of software, it display a bogus alert that your computer is in danger and needs to be fixed. The problems persists in the fact that you need to pay in order to fix these problems. Windows Antivirus Tool is a virus which is spread through peer to peer, pirated software or video codec for sexual related websites and freeware. Most users have no idea how this Windows Antivirus Tool threat is installed on there computer and what it is. Follow our instruction to remove this Windows Antivirus Tool threat from your computer. Normally we are a adware related website. Either this Windows Antivirus Tool is found by one of our malware analysts and is widely spread. Why not build a removal instruction for you, enjoy.
It is advised to follow our simple removal instruction to remove Windows Antivirus Tool virus and all related malicious files from your computer. By using our simple removal instruction you make sure the Windows Antivirus Tool threat is fully removed from your computer and there is nothing left. This instruction will also speed up your computer and removes any possible other threats from your computer. Please note, all software we advise to remove Windows Antivirus Tool from your computer is free, no registration or license needs to be bought in order to remove Windows Antivirus Tool or any other possible threat from your computer. Follow all steps to remove this threat and prevent this threat from infecting your computer again. We also supply free tips to prevent infections on your computer. All tips are legal and known tips to protect your computer, FixYourBrowser.com and related malware researchers are not responsible for any problems that might inflict from using our tips.
|ESET-NOD32||a variant of Win32/AdWare.WindowsExpertConsole.AL||20140224|
Remove Windows Antivirus Tool
Follow all steps in correct order to completely and successfully remove Windows Antivirus Tool and protect your computer from possible future infections.
This is important: if you have any problem during this removal instruction in order to remove this threat, please stop.
Removal steps – Option 1
Removal steps – Option 2
Option 1: Register Windows Antivirus Tool
Once your computer is locked by Windows Antivirus Tool follow this instructions to register it with codes and remove it with Malwarebytes Anti-Malware.
- Goto the question mark, click Register button.
- Enter one of the following codes:
- Click Register button
- Click Close (red X in right corner) or reboot your computer.
Notice: Windows Antivirus Tool is NOT removed just deactivated!
Remove Windows Antivirus Tool using MalwareBytes (Click here!)
Option 2: Reboot your computer in Safe-Mode with Command-Prompt
- Reboot your computer
- Before the Windows loading screen press F8 key on your keyboard
Windows XP / Windows 7 users
- Select “Safe mode with Command-Prompt”
Windows 8 users
- Select Windows key + C
- click Settings.
- Click Power hold down Shift on your keyboard and click Restart
- click on Troubleshoot
- select Advanced options
- Select Startup Settings
- click on Restart.
- When done booting, click 6 on your keyboard or select Safe mode with Command prompt
- In command prompt type: explorer.exe
Fix Registry from FakeVimes infection
Download RegistryFix for FakeVimes virus (source Bleepingcomputer.com)
Important: Place this RemVimes.reg file on a USB Stick or CD using a clean non-infected computer.
We are going to import this in the registry of the infected computer.
Import RemVimes.reg in Safe-mode
Insert the USB Stick with RemVimes.reg on it in your usb drive, or place cd in cd player and open RemVimes.reg.
When prompt, if you really want to continue, of course..continue..
After importing: Reboot your computer into Windows Normal modus.
Perform a scan with MalwareBytes Anti-Malware as described below.
Remove Windows Antivirus Tool using MalwareBytes Anti-Malware
- Install MalwareBytes Anti-Malware
- Perform a Quick Scan
- when scan is done, right click in the results and select “Check all items“
- Click “Remove Selected” button
- See the example below “Trojan.FakeAlert” or “Rogue.Agent.WPSGen” is the detection of Windows Antivirus Tool.
- Reboot your computer
- Problem solved!!
MalwareBytes Anti-Malware Removal Log
Malwarebytes Anti-Malware 184.108.40.2060
Database version: v2014.02.24.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224837
Time elapsed: 2 minute(s), 33 second(s)
Memory Processes Detected: 1
C:\Users\SandBox\AppData\Roaming\svc-uxnf.exe (Rogue.FakeAV) -> 2916 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpcmdrun (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpsvc.dll (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpuxsrv.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSconfig.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSseces (Security.Hijack) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD (Trojan.Agent) -> No action taken.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZSFT (Rogue.FakeAV) -> Data: C:\Users\SandBox\AppData\Roaming\svc-uxnf.exe -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\bckd|ImagePath (Trojan.Agent) -> Data: 22.sys -> No action taken.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.EazelBar.A) -> Bad: (http://en.eazel.com/?id=AAA821dba7c0d643131fec8db592bd47b79&oid=7) Good: (http://www.google.com) -> No action taken.
Folders Detected: 1
C:\Program Files (x86)\AutoFree Weather (PUP.Optional.AutoFreeWeather.A) -> No action taken.
Files Detected: 3
C:\Users\SandBox\AppData\Roaming\svc-uxnf.exe (Rogue.FakeAV) -> No action taken.
C:\Users\SandBox\Desktop\Windows AntiVirus Tool.lnk (Rogue.WindowsAntiVirus) -> No action taken.
C:\Program Files (x86)\AutoFree Weather\winpos.pref (PUP.Optional.AutoFreeWeather.A) -> No action taken.
Use Windows Update to update Windows with latest security patches
If you enable automatic update for Windows you will be supplied with the latest security patches from Microsoft to make sure you are protected against the latest security bugs and threats.
Enable Windows Automatic update for Windows 8
If you didn’t turn on automatic updating when you first started using your PC, you can change your settings any time in Windows Update.
- Open Windows Update by swiping in from the right edge of the screen (or, if you’re using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
- Tap or click Choose how updates get installed.
- Under Important updates, choose the option that you want.
- Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box, and then click Apply.
Enable Windows Automatic update for Windows 7
- Open Windows Update by clicking the Start button . In the search box, type Update, and then, in the list of results, click Windows Update.
- In the left pane, click Change settings.
- Under Important updates, choose the option that you want.
- Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box, and then click OK . If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
Scan and update old outdated software using Secunia PSI
The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks.
Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC.
Using a scanner like Secunia PSI is complementary to antivirus software, and as a free computer security program, is essential for every home computer. (source)
For more information and how to use, please see this self explanatory video