Monday, March 31, 2014

How to Remove Windows Antivirus Patrol? – Rogue Program Uninstall

Windows Antivirus Patrol is a fake anti-virus program that uses intentional false positives to trick computer users into believing that their PCs have been infected by numerous cyber threats. If you want to remove the infections, it will suggest you to purchase its product to get full protections. Don’t be deceived by the scam. Once you see this application appear on the PC, follow the instructions in this post to get rid of it completely.

What is Windows Antivirus Patrol?

Windows Antivirus Patrol is a rogue anti-spyware program that is created by cybercriminals to cheat computer users and rip off their money.  It is distributed through various ways involving unsafe downloads and malicious websites with the help of Trojans. It usually gets into the computer secretly without permission when you surf the Web. Once your PC gets infected, many pop-up alerts from that program will occur on the screen. It automatically checks the PC for malware infections by running repeated faux system scans and then displays numerous false malware threats supposedly found on the computer system in its search results.
A screenshot of the rouge program:
Windows- Antivirus- Patrol
Don’t be taken in by what are reported in the scan results given by this fake antivirus program. The fake antivirus program aims to fooling you into thinking that your machine has been infected by a number of dangerous PC infections so that you will spend money on its fictitious software. Keep calm when you see those bogus security alerts. What you first need to do is to find out effective ways to uninstall Windows Antivirus Patrol thoroughly.

How did the rogue program get into your PC?

Sometimes, the malware sneaks into your computer as drive-by downloads which exploit security vulnerabilities in web browsers, PDF viewers, or email clients to install themselves without any manual interaction. Commonly, it has a Trojan horse component which can be disguised as a harmless program, such as a browser toolbar or a free online malware scanning service. In this way, you may be misled into installing the rogue security software.

Instructions to get rid of the rogue program from your PC:

Option1: Uninstall Windows Antivirus Patrol manually

If you want to remove the malware by yourself, follow the steps below and you can clear the threat.
Step1. Go to Control Panel and uninstall the rogue program.
For Windows XP, click Start and click Control Panel.
Double click Add/Remove Programs.
In the Currently installed programs list, search for the fake antivirus program and click Remove button.
remove-p-xp
For Windows 7, click Start and go to Control Panel.
Click Uninstall a program under Programs.
Find the rogue program and click Uninstall to delete the threat.
uninstall-p-vista
For Windows 8, Hover the cursor in the bottom-left corner of the screen until a small image of the Start Screen appears, then right-click on the icon to open the Start Context Menu. Select Programs and Features.
Select the fake security application and click Uninstall to remove it.
remove8
If the rogue program doesn’t provide uninstall feature, you need to delete the files and registry entries of it manually from the PC.
Step2. Remove the files created by the threat.
Click Start, go to Control Panel and double click on Folder Options (For Windows XP) or click Appearance and Personalization and then open Folder Options (Windows 7). Select Show protected files and folders and uncheck Hide protected operating system files (Recommended). Click OK to confirm the changes.
folder-options-vista
Search for the files below and erase them.
%APPDATA%\svc-wrho.exe
%AppData%\data.sec
%UserProfile%\Desktop\[rogue program name].lnk
%AllUsersProfile%\Start Menu\Programs\[rogue program name].lnk
Step3. Delete the registry entries of the malware.
Click Start button and go to Run. Type regedit in the box and click OK to open Windows Registry Editor.
type-regedit7
Search for the following registry entries and delete them.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “MS-SEC” = %AppData%\svc-<random>.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ZSFT” = %AppData%\svc-<random>.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd “ImagePath” = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%AppData%\svc-<random>.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableVirtualization” = 0
Warning: It is risky to modify system registry for any wrong deletion of registry information can lead to serious computer damages. It is suggested that you back up the related registry data before deleting them.

Option2: Delete Windows Antivirus Patrol Automatically

Step1. Restart your computer in Safe Mode with Networking.
Restart the PC and keep pressing F8 before Windows launches. In the Windows Advanced Options menu screen, use the up and down arrow keys to move to Safe Mode with Networking and then press Enter key.
Step2. Download a malware removal tool on your computer.
A reputable and professional removal tool that is designed to delete computer viruses, malware and other unwanted programs and files forcibly and completely without harming PC is the best choice for those regular users to deal with such malware programs. It can keep the computer away from various stubborn and malicious programs.
Step3. Install the removal tool and perform a scan of the computer.
After the removal tool is saved in your PC, install it. Then start the tool to scan your computer. Search for the rogue program and delete it.
Step4. Delete the malicious program automatically.
You will be able to uninstall Windows Antivirus Patrol fully within minutes. Restart your computer to normal mode and the threat will be gone.

No comments:

Post a Comment