Severity scale  
  (73/100)

Windows Care Taker. How to Remove? (Uninstall Guide)

removal by - -   Also known as WindowsCareTaker | Type: Rogue Antispyware
12

Windows Care Taker is a rogue anti-spyware program that should be removed from the infected computer as soon as possible. This rogue anti-spyware program pretends to scan your computer for dangerous viruses and all sorts of malware. Once the scan is finished, Windows Care Taker states that it has found some serious malware infections on your computer that should be removed immediately; otherwise your computer might be infected with additional malware as well. What you should know is that this rogue anti-spyware program reports the same malware infections on every infected computer, so obviously you shouldn't trust it. The rogue program then prompts to pay for a full version of the program to remove supposedly found malware infections. Don't fall victim to to this scam and remove it from your computer as soon as possible. Please use the removal instructions outlined below. We strongly recommend you to use an automatic removal tool to remove Windows Care Taker but you can choose to remove the rogue manually as well.

While Windows Care Taker is running, it will display numerous fake security alerts about serious security problems and infections. It will also display fake notifications from your Windows taskbar and even change your Desktop background. However, the biggest problem is that it may actually bock legitimate antivirus programs and some antivirus related websites. Windows task manager and registry editor may be blocked as well to make the removal process a lot more complicated for end user. In such case, you should restart your computer in safe mode with networking and download an automatic removal tool. Some of the fake alerts read:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

As you can see, Windows Care Taker is a scam that tries to make you buy the rogue program. If you find that your computer is infected then please follow Windows Care Taker removal instructions below to remove the rogue program and any related malware from your computer.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Care Taker. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Care Taker. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2012-08-02 02:00)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-08-02 02:00)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Care Taker screenshot
Windows Care Taker snapshot

Windows Care Taker manual removal

Kill processes:
Protector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableRegedit" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run "Inspector"
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\InternetExplorer\\Main\\FeatureControl\\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe
Delete files:
%AppData%\NPSWF32.dll
%AppData%\Protector-3 characters.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Care Taker.lnk
%Desktop%\Windows Care Taker.lnk

Information updated:

Comments on Windows Care Taker

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)