Saturday, February 18, 2012

Remove Windows Functionality CheckerRemove Windows Functionality Checker

Remove Windows Functionality Checker
Windows Functionality Checker is a fake antivirus program that looks like a legitimate antivirus and is made by Russian hackers, which invades your computer system via trojan infections and software vulnerabilities. In fact, Windows Functionality Checker cannot help protect your PC. Windows Functionality Checker is created to cheat the user to buy the full version of Windows Functionality Checker. When Windows Functionality Checker is accidentally installed in the computer, it will scan the computer automatically when Windows boot and it will surely produce fake report that the computer is infected by malwares. Do not believe the report as Windows Functionality Checker cannot detect and remove any malware.


Windows Functionality Checker can be removed by stopping all random name processes by using Emsisoft HiJackFree. After that, the user should delete the files of the processes. All registry settings modified by Windows Functionality Checker must be restored according to the removal guide below.


Windows Functionality Checker provide fake features such as antivirus,   firewall protection, update etc but all of them cannot protect the computer from any kind of malware. Do not trust it at all.

Windows Functionality Checker should be removed immediately!

Windows Functionality Checker Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Protector-hox.exe

Delete Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%StartMenu%\Programs\Windows Functionality Checker.lnk
%AppData%\NPSWF32.dll
%AppData%\Protector-hox.exe
%AppData%\result.db

Posted by Olzen at 8:42 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)