Severity scale  

Windows Advanced Toolkit. How to Remove? (Uninstall Guide)

removal by - -   Also known as WindowsAdvancedToolkit | Type: Rogue Antispyware

Windows Advanced Toolkit is a rogue anti-spyware that has the one basic purpose – to rip its victims off. For that, it firstly creates a need of its license and reports users about numerous viruses detected. Of course, for their removal users are informed that they have to purchase licensed Windows Advanced Toolkit version. Under no circumstances you should do that and spend your money for this scam! Just like the trial its version, licensed version has an empty virus database, so it is useless in virus detection or removal. It's almost obvious that this rogue is just another product from FakeVimes family that distribute identical programs sharing the same GUI and misleading alerts. If you have also been suffering from those, remove Windows Advanced Toolkit from your computer without any delay.When it comes an infiltration moment, Windows Advanced Toolkit does not require any user's actions to get inside a PC. The most common way to get infected with it is downloading something insecure from the web resource that is compromised.


When running inside the machine, this rogueware additionally gets configured to launch once you log into Windows and starts its performance. Therefore, all your browsing sessions will be interrupted by the activity of this scareware: it will generate continuous pop-ups, alerts and notifications informing you that your system is infected with different kinds of viruses, like trojans, spyware, malware etc. Here are some of such alerts displayed by Windows Advanced Toolkit:

Torrent Alert

Recommended: Please use secure encrypted protocol for torrent links.Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.


Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.


Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

It's natural that some of you have fallen for such viruses reported by Windows Advanced Toolkit and taken this sneaky program as a real anti-spyware. However, we hope you haven't paid for its licensed version because you may have also lost your credit card details in this way.


If you have paid for Windows Advanced Toolkit license, contact your credit card company to dispute the charges first of all. In addition, scan your infected machine with reputable anti-spyware and remove Windows Advanced Toolkit instead of keeping it on your computer. Letting this malware stay on your machine may result in finding more viruses on your computer because it tends to download additional malware after some time. We recommend running a full system scan with Reimage or PlumbytesWebroot SecureAnywhere AntiVirus in order to uninstall Windows Advanced Toolkit for good. If you are disabled and can't launch your anti-malware, enter this registration code that will make Windows Advanced Toolkit think that you have purchased the license: 0W000-000B0-00T00-E0020. Of course, now you must run a full system scan to remove infected files from your computer.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Advanced Toolkit. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Advanced Toolkit. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
We are testing Plumbytes's efficiency (2012-06-22 05:36)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-06-22 05:36)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Advanced Toolkit screenshot
Windows Advanced Toolkit snapshot

Windows Advanced Toolkit manual removal

Kill processes:
Protector-[3 random characters].exe
Protector-[4 random characters].exe
Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsafwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore "DisableSR " = '1'
Delete files:
%AppData%\Protector-[3 random characters].exe
%AppData%\Protector-[4 random characters].exe

Information updated:

Comments on Windows Advanced Toolkit

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)