Windows Care Taker is a rogue anti-spyware program that should be removed from the infected computer as soon as possible. This rogue anti-spyware program pretends to scan your computer for dangerous viruses and all sorts of malware. Once the scan is finished, Windows Care Taker states that it has found some serious malware infections on your computer that should be removed immediately; otherwise your computer might be infected with additional malware as well. What you should know is that this rogue anti-spyware program reports the same malware infections on every infected computer, so obviously you shouldn't trust it. The rogue program then prompts to pay for a full version of the program to remove supposedly found malware infections. Don't fall victim to to this scam and remove it from your computer as soon as possible. Please use the removal instructions outlined below. We strongly recommend you to use an automatic removal tool to remove Windows Care Taker but you can choose to remove the rogue manually as well.
While Windows Care Taker is running, it will display numerous fake security alerts about serious security problems and infections. It will also display fake notifications from your Windows taskbar and even change your Desktop background. However, the biggest problem is that it may actually bock legitimate antivirus programs and some antivirus related websites. Windows task manager and registry editor may be blocked as well to make the removal process a lot more complicated for end user. In such case, you should restart your computer in safe mode with networking and download an automatic removal tool. Some of the fake alerts read:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
As you can see, Windows Care Taker is a scam that tries to make you buy the rogue program. If you find that your computer is infected then please follow Windows Care Taker removal instructions below to remove the rogue program and any related malware from your computer.
The latest parasite names used by FakeVimes:
Windows Care Taker manual removal:
Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
%CommonStartMenu%ProgramsWindows Care Taker.lnk
%Desktop%Windows Care Taker.lnk