Windows Advanced Toolkit. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as WindowsAdvancedToolkit | Type: Rogue Antispyware
12

Windows Advanced Toolkit is a rogue anti-spyware that has the one basic purpose – to rip its victims off. For that, it firstly creates a need of its license and reports users about numerous viruses detected. Of course, for their removal users are informed that they have to purchase licensed Windows Advanced Toolkit version. Under no circumstances you should do that and spend your money for this scam! Just like the trial its version, licensed version has an empty virus database, so it is useless in virus detection or removal. It's almost obvious that this rogue is just another product from FakeVimes family that distribute identical programs sharing the same GUI and misleading alerts. If you have also been suffering from those, remove Windows Advanced Toolkit from your computer without any delay.When it comes an infiltration moment, Windows Advanced Toolkit does not require any user's actions to get inside a PC. The most common way to get infected with it is downloading something insecure from the web resource that is compromised.

SYMPTOMS OF WINDOWS ADVANCED TOOLKIT

When running inside the machine, this rogueware additionally gets configured to launch once you log into Windows and starts its performance. Therefore, all your browsing sessions will be interrupted by the activity of this scareware: it will generate continuous pop-ups, alerts and notifications informing you that your system is infected with different kinds of viruses, like trojans, spyware, malware etc. Here are some of such alerts displayed by Windows Advanced Toolkit:

Torrent Alert

Recommended: Please use secure encrypted protocol for torrent links.Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.

Error

Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error

Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

It's natural that some of you have fallen for such viruses reported by Windows Advanced Toolkit and taken this sneaky program as a real anti-spyware. However, we hope you haven't paid for its licensed version because you may have also lost your credit card details in this way.

HOW TO REMOVE WINDOWS ADVANCED TOOLKIT

If you have paid for Windows Advanced Toolkit license, contact your credit card company to dispute the charges first of all. In addition, scan your infected machine with reputable anti-spyware and remove Windows Advanced Toolkit instead of keeping it on your computer. Letting this malware stay on your machine may result in finding more viruses on your computer because it tends to download additional malware after some time. We recommend running a full system scan with Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus in order to uninstall Windows Advanced Toolkit for good. If you are disabled and can't launch your anti-malware, enter this registration code that will make Windows Advanced Toolkit think that you have purchased the license: 0W000-000B0-00T00-E0020. Of course, now you must run a full system scan to remove infected files from your computer.

The latest parasite names used by FakeVimes:
[newest]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Advanced Toolkit you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Advanced Toolkit. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Advanced Toolkit (2012-06-22)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Advanced Toolkit (2012-06-22)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Advanced Toolkit (2012-06-22)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Advanced Toolkit (2012-06-22)
Windows Advanced Toolkit snapshot
Windows Advanced Toolkit

Windows Advanced Toolkit manual removal:

Kill processes:
Protector-[3 random characters].exe

Protector-[4 random characters].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsafwserv.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastsvc.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore "DisableSR " = '1'

Delete files:
%AppData%Protector-[rnd].exe

%AppData%NPSWF32.dll

%AppData%Protector-[3 random characters].exe

%AppData%Protector-[4 random characters].exe

%AppData%result.db

%AppData%1st$0l3th1s.cnf

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author