Keep annoyed by lots of pop-up security alerts? Have been asked for money by Windows Pro Web Helper scam? Be cautious! You may fall into a cyber crime.
Windows Pro Web Helper, also known as a fake anti-malware program, is a rogue. Coming from the Rogue.FakeVimes family which includes Windows High-End Protection, Windows Safety Module and Windows Recovery Series, this scam has a nice trustworthy appearance in order to fool with PC users. The fact is, all these fake antivirus programs sharing the one big family have no difference from each other except for their names. Changing names constantly is very helpful to avoid the detection of legitimate antivirus applications.
Windows Pro Web Helper spyware is attempting to mislead users and get their money. Ways to be infected with this fake program can be submitted to two most common ones, i.e. 1) When you visit the hacked webpages, it will get into your computer under the help of Trojans and then exploit the authentic antivirus software in order to install itself without permission; 2) When you click some unknown links from the social networks or contained in spam e-mails, the coming out websites will display online scanner, and trick you into downloading its fake anti-spyware program by stating the situation of your computer system is really bad. Once you have downloaded and installed, Windows Pro Web Helper will start to infect all over your system as soon as you reboot your computer. No matter what you are doing with this infected computer, numerous security alerts will keep annoying and interrupting you. It says your computer has been badly infected according to its fake scanning result that contains many viruses and malware such as Trojans, keyloggers and worms. Results tend to be more dangerous so as to make more users believe. Some people are going to fall into its trap and willing to pay for the requested amount of money to purchase the full version of Windows Pro Web Helper malware, as it states only the licensed version can help you remove completely all the viruses and malware that have been detected. Since the scanning results are nonsense and the program itself is a fake, it is suggested to ignore and remove it out of your computer as soon as possible.
Firewall has blocked a program from accessing the Internet.
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Attention! A spambot sending viruses from your email has been detected on your computer.
a. Other malwares will be installed without your permission;
b. Other functions of computer can be affect;
c. Your personal information like bank account and passwords would be in high risk of exposure to the open;
d. It may redirect the browser you often use for searching and the searching results to another browser and websites that contain more viruses and spywares;
e. It will also hijack the Windows Task Manager and control of computer.
Since this rogue cannot be 100% removed by antivirus programs, you need to manually delete it. In case that any mistake might occur and cause more damages to the computer system or hard drives, please spend time on making a backup beforehand.
1. Reboot the infected computer and press F8 on your keyboard constantly until a black screen with several commands appears. Use the arrow key to select “Safe Mode with Networking” and press E/ENTER;
2. Press ctrl+alt+del to open the Windows Task Manager;
3. End these processes: Random.exe and Protector.exe
4. Delete all the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
5. Remove all these associating files:
%StartMenu%\Programs\Windows Pro Web Helper.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it’s name. Look for the similar file name pattern and remove it)
%Desktop%\Windows Pro Web Helper.lnk
Note: If you don’t have much computer knowledge and are not able to remove it using the steps mentioned above, please contact YooCare Expert for a fast and immediate help.
Published by & last updated on November 13, 2012 6:04 pm