Windows Command Processor is one more member of Rogue.FakeVimes family. Just like its predecessors the program tries to trick you into thinking that your system is badly infected and then make you purchase something completely useless. The application uses tricky methods to get access to systems. It employs trojan viruses and may use some Internet websites and display its fake scanners online that only pretend scanning your computer. Then it definitely states that your system is infected and recommends downloading and installing a full version of Windows Command Processor in order to clean all infections.
Windows Command Processor displays various security notifications which also warn about some suspicious items detected on your machine. That is just a kind of tactics that rogue programs use in order to gain trust and convince computer users into purchasing something fake. Needless to say that Windows Command Processor will not detect or remove anything at all. Have a look at some pop up messages that you can receive if you are infected with Windows Command Processor:
Warning! Identity theft attempt Detected
Hidden connection IP: 18.104.22.168
Target: Your passwords for sites
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Beware of such program and be very careful about downloading anything without making a small research about the program first. You cannot pay for it under any circumstances. If by any reason you have done that already, contact your credit card company and dispute the charges in order to avoid making any benefits for the cyber criminals. Remove Windows Command Processor using a reputable antispyware program as soon as possible.
Windows Command Processor manual removal
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Geolocation of Windows Command Processor
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.