Windows Examination Utility Removal Guide
Windows Examination Utility can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Examination Utility must be cleared by using Windows Registry Editor.
Windows Examination Utility uses the original name of Microsoft Windows and is delivered with the help of Microsoft Security Essentials Alert virus. Windows Examination Utility will show a fake Microsoft Security Essentials alert that claims an unknown Trojan was detected on the computer and then suggest the user to scan the computer. Once a fraudulent scan is executed, Windows Examination Utility will announce that a particular file is infected with a Trojan and then urge the user to download and install Windows Examination Utility to remove it. When installing, Windows Examination Utility will configure itself to run automatically every time when Windows starts. After a successful installation, Windows Examination Utility will restart the computer.
Windows Examination Utility should be removed immediately!
Windows Examination Utility Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[random].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
Remove Folders and Files
%UserProfile%\Application Data\[random].exe
%AppData%\Microsoft\[random].exe
%UserProfile% is current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.
Windows Examination Utility uses the original name of Microsoft Windows and is delivered with the help of Microsoft Security Essentials Alert virus. Windows Examination Utility will show a fake Microsoft Security Essentials alert that claims an unknown Trojan was detected on the computer and then suggest the user to scan the computer. Once a fraudulent scan is executed, Windows Examination Utility will announce that a particular file is infected with a Trojan and then urge the user to download and install Windows Examination Utility to remove it. When installing, Windows Examination Utility will configure itself to run automatically every time when Windows starts. After a successful installation, Windows Examination Utility will restart the computer.
Windows Examination Utility should be removed immediately!
Windows Examination Utility Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[random].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
Remove Folders and Files
%UserProfile%\Application Data\[random].exe
%AppData%\Microsoft\[random].exe
%UserProfile% is current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.
No comments:
Post a Comment