Windows Tweaking Utility


Call Toll Free in the US and Canada!


Remove Windows Tweaking Utility. Description and removal instructions

 
Title: Windows Tweaking Utility Also known as: WindowsTweakingUtility
Type: Spyware
Severity scale:  (64 / 100)
 

Windows Tweaking Utility is a rogue anti-spyware program that displays fake security alerts and non-existent infections. This rogue is typically installed through the use of Trojans that come from fake online scanners and infected websites. Instead of allowing the video to be shown, the Trojan will instead download and install Windows Tweaking Utility. The rogue program  will pretend to scan your computer and detect malicious files but not allow them to be removed until the program is purchased. It wants to scare you into purchasing it. If you find that your computer is infected then use our removal instructions below to remove Windows Tweaking Utility and related malware automatically using the removal tool given below.

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.


While Windows Tweaking Utility is running it will also display fake security warnings and alerts on your computer. These alerts will state that an active infection has been found and that you should purchase Windows Tweaking Utility to remove found viruses and to protect your computer against other malware. Windows Tweaking Utility will also block certain programs saying that they are infected. It may hijack your web browser as well.  You shouldn’t download anything from that website.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot


Windows Tweaking Utility was created to trick you into thinking that your computer has all sorts of malware so that you then purchase it. The reality is that Windows Tweaking Utility is a scam. If you have already purchased the program, then you should contact your credit card company and dispute the charges. To remove Windows Tweaking Utility and the related Trojans, please use the removal guide below.

FORUM:
Discuss Windows Tweaking Utility in
spyware removal forum

Windows Tweaking Utility snapshot:

Automatic Windows Tweaking Utility removal:

remover for Windows Tweaking Utility

Windows Tweaking Utility manual removal:

Kill processes:
[random].exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ‘1’

HELP:
how to remove registry entries

Delete files:
%UserProfile%\Application Data\Microsoft\[random].exe

HELP:
how to remove harmful files