Remove Windows Warding System. Removal instructions
Windows Warding System is a rogue antispyware application that reports false computer threats and displays fake security alerts to convince you that your computer is infected with viruses and malicious software. Once installed, this rogue antispyware application will perform a fake system scan and report various malware infections including spyware, trojans and worms. In reality, the scan results from this rogue applicaiton are false and can be safely ignored. It displays the same scan results one each compromised computer, so obviously it’s not a program you may trust. The main purpose of Windows Warding System is to trick you into purchasing bogus security product. Of course, you shouldn’t buy it. Instead, remove Windows Warding System from your computer upon detection.
When running, Windows Warding System will modify Windows Hosts file and restrict access to the security websites mostly to protect itself from being uninstalled. It may also produce outbound traffic, open certain system ports and download other files from a remote servers controlled by malware authors. To make this scam even more effective, Windows Warding System will flood your computer with very annoying and of course fake security alerts and notifications about serious security problems and possible dentity theft. It impersonates the legitimate Windows Security Center as well.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
It uses Windows Genuine Advantage Notification image as Activation button to make it look more reliable and legitimate. And last but not least, Windows Warding System will disable Task Manager, Registry Editor, System Restore and block anti-virus software. If you are infected with this malicious software, please use the removal guide below to remove Windows Warding System from your PC manually for free. If you have already purchased it, you should contact your credit card company and dispute the charges.
Windows Warding System snapshot:
Automatic Windows Warding System removal:
(2012-04-02 03:38:18)
(2012-04-02 03:38:18)
(2012-04-02 03:38:18)
Windows Warding System manual removal:
Kill processes:
Protector-[rnd].exe
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegedit” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run “Inspector”
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings “net” = “2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings “UID” = “origkboryd”
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe
how to remove registry entries
Delete files:
%AppData%\NPSWF32.dll %AppData%\Protector-3 characters.exe %AppData%\result.db %CommonStartMenu%\Programs\Windows Warding System.lnk %Desktop%\Windows Warding System.lnk
how to remove harmful files
Information updated: 2012-04-02 03:38:43