Severity scale  
  (76/100)

Windows Performance Adviser. How to Remove? (Uninstall Guide)

removal by - -   Also known as WindowsPerformanceAdviser | Type: Rogue Antispyware
12

Windows Performance Adviser is a rogue antispyware program that is promoted via Trojans and fake online scanners that display alerts claiming that your computer is infected with spyware, trojans and other viruses. It can also be promoted through infected and malicious websites or via spam emails. Once installed, Windows Performance Adviser will pretend to scan your computer for viruses and then display results claiming that your computer is infected with password stealing trojan viruses and keyloggers. It also claims that your PC is under attack from a remote server controled by scammers. The found infected files will not be removed until you purchase the program since is a trial version and can only detect malware. But you shouldn't pay for it becauseWindows Performance Adviser reports false system security threats and non-existent malware files during the fake system scan. It just wants to scare you into thinking that your computer is infected and trick you into purchasing rogue anti-virus product. It goes without saying that you have to remove Windows Performance Adviser from your computer as soon as possible.


While this fake program is running, it will display fake security alerts and notifications from the Windows task manager. Some of those fake security alerts read:

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Windows Performance Adviser will also hijack Internet Explorer or any other web browser you useand block legitimate anti-spyware and anti-virus programs to protect itself from being uninstalled. As you can see, this program is nothing more but a scam. Remove Windows Performance Adviser virus from your computer upon detection using automatic removal tool give below. If it blocks malware removal tools and you can't run task manager or registry editor, restart your computer in safe mode with networking and run maware removal software once again.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Performance Adviser. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Performance Adviser. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2012-05-12 12:38)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-05-12 12:38)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Windows Performance Adviser manual removal

Kill processes:
Inspector-[rnd].exe
Protector-[rnd].exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Delete files:
%AppData%\Inspector-[rnd].exe
%AppData%\Protector-[rnd].exe

Information updated:

Comments on Windows Performance Adviser

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)