Windows Care Taker. How to remove? (Uninstall guide)

removal by Linas Kiguolis - -   Also known as WindowsCareTaker | Type: Rogue Antispyware
12

Windows Care Taker is a rogue anti-spyware program that should be removed from the infected computer as soon as possible. This rogue anti-spyware program pretends to scan your computer for dangerous viruses and all sorts of malware. Once the scan is finished, Windows Care Taker states that it has found some serious malware infections on your computer that should be removed immediately; otherwise your computer might be infected with additional malware as well. What you should know is that this rogue anti-spyware program reports the same malware infections on every infected computer, so obviously you shouldn't trust it. The rogue program then prompts to pay for a full version of the program to remove supposedly found malware infections. Don't fall victim to to this scam and remove it from your computer as soon as possible. Please use the removal instructions outlined below. We strongly recommend you to use an automatic removal tool to remove Windows Care Taker but you can choose to remove the rogue manually as well.

While Windows Care Taker is running, it will display numerous fake security alerts about serious security problems and infections. It will also display fake notifications from your Windows taskbar and even change your Desktop background. However, the biggest problem is that it may actually bock legitimate antivirus programs and some antivirus related websites. Windows task manager and registry editor may be blocked as well to make the removal process a lot more complicated for end user. In such case, you should restart your computer in safe mode with networking and download an automatic removal tool. Some of the fake alerts read:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

As you can see, Windows Care Taker is a scam that tries to make you buy the rogue program. If you find that your computer is infected then please follow Windows Care Taker removal instructions below to remove the rogue program and any related malware from your computer.

The latest parasite names used by FakeVimes:
[newest]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Care Taker you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Care Taker. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Care Taker (2012-08-02)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Care Taker (2012-08-02)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Care Taker (2012-08-02)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Care Taker (2012-08-02)
Windows Care Taker snapshot
Windows Care Taker

Windows Care Taker manual removal:

Kill processes:
Protector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe

Delete files:
%AppData%NPSWF32.dll

%AppData%Protector-3 characters.exe

%AppData%result.db

%CommonStartMenu%ProgramsWindows Care Taker.lnk

%Desktop%Windows Care Taker.lnk

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author