How to remove Windows Wise Protection virus

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Windows Wise Protection is a program that hides under the name of Microsoft Windows and pretends to be a legitimate malware removal tool. In reality this software is a complete scam that uses Microsoft Security Essentials Alert trojan to distribute itself. The misleading application will display false information that states “Unknown Win32/Trojan was detected on your computer” and then suggest you to perform a scan of your PC. It will report that a program is infected with Trojan.Horse.Win32.PAV.64.a. Remember, the fake antivirus is unable to detect or rid your system of parasites nor will be protect you from legitimate future threats, so you should never trust in anything related to this application! You need to remove Windows Wise Protection from your computer as quickly as possible!

During installation, this malware configures itself to start automatically every time, when your computer loads. Once the installation is complete, it will reboot your computer. When Windows is loaded, you will be shown the Windows Wise Protection prompt instead of Windows desktop. But there is no any choice, only “OK” button is active. After click to it, Windows Wise Protection will perform a fake scan of your computer and list a lot of infections to trick you into thinking your PC in danger. It will report that was able to clean the majority of infected files, but was not able to cure a few important Windows files and offer to purchase its full version to clean them. However, the scan results is a scam, because the program can`t detect any infections. So, do not pay for the bogus software, simply ignore all that Windows Wise Protection will display you.

While the rogue is running, it will display numerous fake warnings and block legitimate Windows applications on your computer. The following warning will be shown when you attempt to run Task Manager:

Warning!
Name: taskmgr.exe
Name: C:WINDOWStaskmgr.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!

As you can see, Windows Wise Protection is a totally scam that hides your desktop, displays false information and detects fake infections. The program created with one purpose to trick you into purchasing so-called “full” version of the program. Please use the removal guide below in order to remove Windows Wise Protection and any associated malware from your computer for free.

Step 1. Stop Windows Wise Protection from “autorunning”

Once Windows loaded you will see the Windows Wise Protection prompt. Click OK button. Once fake scan is complete, it will state you need to open the License Manager. Press the OK, Open the license manager button. Now you can close the program. Click “X” button at the top-right of Windows Software Guard or press ALT + F4. After that your Windows Desktop will be available.

Click Start, Type in search field (if you use Windows XP, then Click Start, Run and type in Open field):

%APPDATA%

Press Enter. It will open the contents of Application Data folder (for Windows XP) or the contents of Roaming folder (for Windows Vista, Windows 7) as shown in the screen below.

Contents of Application Data folder

Locate randomly named file (e.g. lqsjkw.exe or lqcjkw, look the example above), right click to it and select Rename. Type any new name (123.exe) and press Enter. Reboot your computer.

Step 2. Remove Windows Wise Protection associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Wise Protection infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Windows Wise Protection. MalwareBytes Anti-malware will now remove all of associated Windows Wise Protection files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

%AppData%\{RANDOM}.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\{random}.exe”

February 9, 2011 on 10:43 am | In Malware removal, Rogue Anti Spyware | No Comments |

Bookmarks this web HOW TO REMOVE COMPUTER VIRUS

How to remove Winhound [del.icio.us]

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Winhound is a anti-spyware/antivirus program that is know to issue fake alerts on your computer in order to manipulate you into buying its full commercial version. If you are infected with this program you may receive virus alerts in your task bar that appear to be from Microsoft Security Center stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of Winhound. These alerts are fake and are a goad to have you buy the commercial version of this software. It will also hijack your desktop to show the following fake message: Warning Spyware Detected on Your System: Install an antivirus or spyware software to clean your computer.

1. print out these instructions before starting, because you will not be able to connect to the internet during most of this fix.
2. Download smitRem.exe and save to your desktop. Double- click it to extract it to it’s own folder on the desktop.
3. Download and Install Ad-aware SE. If you have a previous version of Ad-Aware installed during, the installation of the new version, you will be prompted to uninstall the older version – be sure to uninstall the previous version.
Run Ad-Aware. Click on the world icon at the top right of the Ad-Aware window and let AdAware update the reference list for the adware and malware. Close Ad-Aware.
4. Download and Install Ewido Security Suite. When installing, under “Additional Options” uncheck :
- “Install background guard”
- “Install scan via context menu”
Launch Ewido, there should be an icon on your desktop double-click it. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.

It`s all programs.

Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again — this is normal.
Wait for the tool to complete and Disk Cleanup to finish — this may take a while; please be patient.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido: Click on scanner. Click on Complete System Scan and the scan will begin. NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select “Perform action on all infections”
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck “Security Info” if present.

Restart your computer in normal mode.

Run the Panda online virus scan.

- Once you are on the Panda site click the Scan your PC button
- A new window will open…click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, restart your computer.

December 26, 2005 on 9:38 am | In Malware removal, Rogue Anti Spyware, Tips, Tutorials - HowTo | No Comments |

Bookmarks this web HOW TO REMOVE COMPUTER VIRUS

Mozilla released Firefox 1.5.0.1 to fix several vulnerabilities [del.icio.us]

MyAntiSpyware needs your support. Please make a link from your site to us.
Use the button:
My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.

Bookmarks this web HOW TO REMOVE COMPUTER VIRUS

New rogue anti spyware - AlfaCleaner [del.icio.us]

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Sunbelt and Spyware Warrior reports about new rogue anti spyware AlfaCleaner.

AlfaCleaner is a variant of the Anti Virus Pro, Winhound Spyware Remover, & XSRemover
Downloadable from alfacleaner.com, innovagest2000.com

We recommend to blocking specific domains and IP address:

x-stories.org – 69.50.187.19
zlex.org – 85.255.115.227, 85.255.116.213, 85.255.117.51
Noi.themovie.com that calls the x-stories.org – 69.50.187.19
Cleanchan.net – (formally fullchain.net) -195.255.177.21

If your PC don`t have WMF patch, please patch now. The Alfa Cleaner using wmf exploit for install.

Update: read How to remove AlfaCleaner

February 2, 2006 on 6:51 am | In Rogue Anti Spyware | 3 Comments |

RSS feed for comments on this post. TrackBack URI

My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.

Bookmarks this web HOW TO REMOVE COMPUTER VIRUS

Remove Win32/Mywife.E@mm BlackWorm, W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi now [del.icio.us]

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

On systems that are infected by Win32/Mywife@E.mm, BlackWorm, W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts.

Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.

Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1 may be at reduced risk from this malware; if the account password is blank, the account is not valid as a network credential. In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password. By default, blank passwords can only be used locally in Windows XP and Windows Server 2003.

Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.

Customers who believe that they are infected with the Mywife malware, or who are not sure whether they are infected, should contact their antivirus vendor. Alternatively, Windows Live Safety Center Beta Web site provides the ability to choose “Protection Scan” to ensure that systems are free of infection. Additionally, the Windows OneCare Live Beta, which is available for English language systems, provides detection for and protection against the Mywife malware and its known variants.

Also you can try the how to for remove Win32/Mywife.E@mm malware

February 2, 2006 on 8:58 am | In Tips, Virus | No Comments |

Bookmarks this web HOW TO REMOVE COMPUTER VIRUS