Windows Antivirus Machine. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as WindowsAntivirusMachine | Type: Malware
12

Windows Antivirus Machine is a serious threat that belongs to the category of rogue anti-spywares. The moment when this malware gets inside the system can usually be noticed by its fake alerts and scanners reporting about malware activity detected. In addition, Windows Antivirus Machine tries to control most of victim's activity on the Internet and disables legitimate programs found on the system. Besides, it is capable to hack the browser and start redirecting user to its commercial website offering to purchase licensed Windows Antivirus Machine version. We highly recommend to ignore such offers because they try only to swindle the money from unaware PC users. You must simply remove Windows Antivirus Machine from your computer and forget all issues caused by this rogue.

HOW WINDOWS ANTIVIRUS MACHINE INFECTS PC USERS?

Windows Antivirus Machine's intrusion is usually assisted by a trojan – this small threat plays a critical role in rogue distribution. Mostly, trojans come through security holes and then download all files needed for such scams as Windows Antivirus Machine. Besides, they modify registry so that this rogueware could launch everytime PC is rebooted. As a result, user received tons of alerts and scanners claiming that there are numerous viruses found on his computer that must be eliminated without any delay. Besides, victim received annouing system scanners also reporting about malware detected. However, you must keep in mind that all this is done only to scare you into purchasing licensed Windows Antivirus Machine version which is promised to be the only one capapble to fix the computer. That's a total lie that must be ignored. Here are some examples of Windows Antivirus Machine alerts:

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Recommended:
Please click “remove All” button to erase all infected files and protect your PC

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC

Be sure to ignore Windows Antivirus Machine recommendations to purchase licensed its version because this will lead you only to the loss of your money. In addition, never remove those 'viruses' that are reported by this rogue because most of them are reputable your system files. The only way to stop its alerts and scanners is to remove Windows Antivirus Machine, so do that without any delay.

HOW TO REMOVE WINDOWS ANTIVIRUS MACHINE?

In order to remove Windows Antivirus Machine, recommend running a full system scan with reputable anti-malware program, such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. Do that ASAP in order to avoid getting more malware on your computer. If you are disabled from using legitimate tools on your computer, enter this code to make Windows Antivirus Machine think that you have purchased its license: 0W000-000B0-00T00-E0020. Additionally, run a full system scan with Reimage to eliminate infected files from the system.

The latest parasite names used by FakeVimes:
[newest]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Antivirus Machine you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Antivirus Machine. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Antivirus Machine (2012-08-02)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Antivirus Machine (2012-08-02)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Antivirus Machine (2012-08-02)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Antivirus Machine (2012-08-02)
Windows Antivirus Machine snapshot
Windows Antivirus Machine

Windows Antivirus Machine manual removal:

Kill processes:
Protector-[rnd].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe

There are more similar entries, you should let spyware Doctor to identify them.

Delete files:
%AppData%Protector-[rnd].exe

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages