Few people would ever think a program with the Windows name could be a virus. Well, it is. But don’t go believing that Windows is sending out viruses to its customers; quite the contrary, the Windows Virtual Security is a third party virus designed to infect your computer with a variety of fake error notifications. It takes on the persona of an anti-virus program, but don’t be fooled; there is nothing anti about this virus.
As mentioned above, the Windows Virtual Security virus is set up to resemble a computer ant-virus program. Thus, many people accidentally download this program thinking that it is a genuine Windows product, and will help to protect their computer from harm. Nothing could be further from the truth. The Windows Virtual Security virus is an invasive program that imbeds itself in the registry of your computer and is extremely difficult to remove by traditional means. It cannot be removed with a real anti-virus such as Norton or Trend Micro because it reads as a similar program but how it acts is much different.
Windows Virtual Security will tell you that there is a problem with your hard disk drive. Consistently. Even with a brand new computer! This is because the errors are false. The Windows Virtual Security virus recodes your files and inhibits your usage of them, making it look as if your hard disk drive truly is malfunctioning or infected, when in reality the only infection is the Windows Virtual Security program itself. If you did not directly download this rogue virus program thinking it was safety software, chances are it was downloaded through a Trojan file or program. A Trojan simply means that the Windows Virtual Security virus was contained in another, different file. Once the file was downloaded, so was the rogue anti-virus program. From there, the program simply installed itself without your user permission. After it is installed, the Windows Virtual Security will run like a virus protection program.
It will diagnose the fake “errors,” then ask you to purchase a license in order to remove them. Doing this will result in identity theft and the fraud of your credit card information. Don’t pay for this bogus software as you’ll get nothing in return but just headaches and more tension towards your credit card information and identity. Here is a screenshot of Windows Virtual Security :
Windows Virtual Security shows these fake alerts :
Attempt to modify registry key entries detected.
Registry entry analysis is recommended.
Windows XP USER API Clien: DLL
User32.dll is suspended to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Don’t pay attention to any bogus alerts as they are just meant to scare you. Read the next part of this article to know how you can remove Windows Virtual Security easily and make your life easier again.
1. Remove Windows Virtual Security Automatically
There are several programs available on the internet that can help your get rid of this rogue infection. In our malware research lab, we’ve tested this and found that Spy Hunter removes this rogue antivirus software quite efficiently and quickly.
After downloading the installer file of Spy Hunter, please run the installer file and you’ll see that Windows Virtual Security will get terminated automatically by the installer file of Spy Hunter. This way, this rogue software won’t interfere anymore with the removal process..
After installing Spy Hunter, scan the whole computer for infections and this powerful anti-malware software will automatically detect the threats like Windows Virtual Security and possibly other harmful programs which might be residing in your computer without your knowledge. Once the scan is done, remove all the infections and that’s it. The rogue software is now out from your computer forever!
2. Remove Windows Virtual Security Manually
On the other hand, you can remove Windows Virtual Security manually but this method is risky, tedious and doesn’t guarantee complete removal of the rogue security software.
The only true way to remove the Windows Interactive Safety virus is automatic removal method but you can try your hands on manual removal method to see If you get some success.
One word of caution though, If you are not well versed with computers, we suggest that you follow this removal method carefully as removing wrong files from your computer can result in other unforeseen problems. Please follow these steps at your own risk :
1. First of all, you need to run the Registry Editor and remove these registry entries :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-8-9_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "cxqjcwgpve"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe
There are lots of other entries which you need to remove so that all programs can run in you computer. Above entries were added in the registry by the rogue software to block certain programs from running. You can search the internet to get a full list of associated registry entries.
2. After correcting the registry entries, remove the files associated with the rogue software. You need to delete these malicious files :
%AppData%\Protector-<random 3 chars>.exe
%AppData%\Protector-<random 4 chars>.exe
Please note that rogue security products usually makes several copies of their main files on your computer so that they can restore themselves on next reboot. The only professional way to remove the rogue software is automatic removal method which guarantees complete results.