Have you ever felt suspicious when online scanners report numerous viruses on your computer and state you are viewing illegal web pages so that you have been prevented from doing anything? Have you paid for it when this kind of fake anti-spyware software requests you to pay for the full version or the unlock code? Don’t fall for the trick that Windows Internet Booster has set up only in order to steal your money!
Windows Internet Booster is a well-known fake anti-spyware program that comes from the Rogue Security tool family. Just like other fake rogues, Windows Internet Booster scam has a nice and seem-to-be authentic look, which will make people easily fall for its trick—To make you believe from those fake popping up security alerts that your computer has been severely infected and you need to download fake Windows Internet Booster and purchase the full version to finally delete the non-existing viruses. It is actually a cyber criminal.
Windows Internet Booster spyware is spread via two major ways. A) When you visit the hacked webpages, this fake program will exploit the legitimate antivirus software in order to install itself without permission; B) When you open the websites that play the role of online scanner, this rogue will get into your system under the help of Trojans. Once being infected, Windows Internet Booster will come into effect as soon as you restart your computer. A lot of pop-up security alerts will keep annoy you stating that your computer has been infected according to its fake scanning results. But in fact, it is legitimate files that have been reported as viruses, Trojans, keyloggers and worms. If you buy its trick, you will be requested to download and install this fake anti-malware program to remove all the fake detected viruses and malwares. Usually its intention is going to achieved when coming to this part, because the next and final step is to make you pay for the full version of Windows Internet Booster malware so that it can remove all of the viruses and malwares, which it cannot. So when you come across this fake antivirus program, please ignore what it says and remove it out of your computer as soon as possible.
a. Continuous fake security alerts will interrupt the programs during running;
b. Other malwares might be installed without your permission;
c. It will affect other functions of computer such as halting automatically the programs you try to run;
d. Your personal information like bank account would be in high risk of exposure;
e. The browser you normally use and the search results may be redirected to another malware or websites containing more viruses and spywares;
f. It will also hijack the Windows Task Manager so as to open a fake screen created by itself without your recognition and then take an overall control of your computer.
Warning
Firewall has blocked a program from accessing the Internet.
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Since this rogue cannot be fully removed by any antivirus programs, so you need to manually delete it. And in case that any mistake might occur and cause more damages to the computer system, you will need to make a backup beforehand. Some simple steps have been given in the followings for your consideration:
1. As most of nasty rogues are inactivate in safe mode with networking, so reboot your computer and press F8 on your keyboard constantly until a black screen with several commands appears. Use the arrow key to select “Safe Mode with Networking” and press E/ENTER;
2. Press ctrl+alt+del to open the Windows Task Manager as below:
3. End the processes inspector-[rnd].exe and protector-[rnd].exe
4. Remove all these files:
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\Protector-.exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Internet Booster.lnk
%Desktop%\Windows Internet Booster.lnk
5. Remove all these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-5-1_4”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “quwohahesa”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
Note: Since the removal of this virus requests expertise, please feel no hesitation to contact YooCare professionals to fix your problem if you cannot completely remove it.
Published by on May 6, 2012 4:56 am, last updated on November 13, 2012 6:02 pm
Leave a Reply
You must be logged in to post a comment.