Windows Performance Adviser is a rogue antispyware program that is promoted via Trojans and fake online scanners that display alerts claiming that your computer is infected with spyware, trojans and other viruses. It can also be promoted through infected and malicious websites or via spam emails. Once installed, Windows Performance Adviser will pretend to scan your computer for viruses and then display results claiming that your computer is infected with password stealing trojan viruses and keyloggers. It also claims that your PC is under attack from a remote server controled by scammers. The found infected files will not be removed until you purchase the program since is a trial version and can only detect malware. But you shouldn't pay for it becauseWindows Performance Adviser reports false system security threats and non-existent malware files during the fake system scan. It just wants to scare you into thinking that your computer is infected and trick you into purchasing rogue anti-virus product. It goes without saying that you have to remove Windows Performance Adviser from your computer as soon as possible.
While this fake program is running, it will display fake security alerts and notifications from the Windows task manager. Some of those fake security alerts read:
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Windows Performance Adviser will also hijack Internet Explorer or any other web browser you useand block legitimate anti-spyware and anti-virus programs to protect itself from being uninstalled. As you can see, this program is nothing more but a scam. Remove Windows Performance Adviser virus from your computer upon detection using automatic removal tool give below. If it blocks malware removal tools and you can't run task manager or registry editor, restart your computer in safe mode with networking and run maware removal software once again.
The latest parasite names used by FakeVimes:
Windows Performance Adviser manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe