Remove Windows Care Taker. Removal instructions
Windows Care Taker is a rogue anti-spyware program that should be removed from the infected computer as soon as possible. This rogue anti-spyware program pretends to scan your computer for dangerous viruses and all sorts of malware. Once the scan is finished, Windows Care Taker states that it has found some serious malware infections on your computer that should be removed immediately; otherwise your computer might be infected with additional malware as well. What you should know is that this rogue anti-spyware program reports the same malware infections on every infected computer, so obviously you shouldn’t trust it. The rogue program then prompts to pay for a full version of the program to remove supposedly found malware infections. Don’t fall victim to to this scam and remove it from your computer as soon as possible. Please use the removal instructions outlined below. We strongly recommend you to use an automatic removal tool to remove Windows Care Taker but you can choose to remove the rogue manually as well.
While Windows Care Taker is running, it will display numerous fake security alerts about serious security problems and infections. It will also display fake notifications from your Windows taskbar and even change your Desktop background. However, the biggest problem is that it may actually bock legitimate antivirus programs and some antivirus related websites. Windows task manager and registry editor may be blocked as well to make the removal process a lot more complicated for end user. In such case, you should restart your computer in safe mode with networking and download an automatic removal tool. Some of the fake alerts read:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
As you can see, Windows Care Taker is a scam that tries to make you buy the rogue program. If you find that your computer is infected then please follow Windows Care Taker removal instructions below to remove the rogue program and any related malware from your computer.
Windows Care Taker snapshot:
Automatic Windows Care Taker removal:
(2012-04-05 04:33:13)
(2012-04-05 04:33:13)
(2012-04-05 04:33:13)
Windows Care Taker manual removal:
Kill processes:
Protector-[rnd].exe
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegedit” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run “Inspector”
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings “net” = “2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings “UID” = “origkboryd”
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe
how to remove registry entries
Delete files:
%AppData%\NPSWF32.dll %AppData%\Protector-3 characters.exe %AppData%\result.db %CommonStartMenu%\Programs\Windows Care Taker.lnk %Desktop%\Windows Care Taker.lnk
how to remove harmful files
Information updated: 2012-04-06 08:54:43