Windows Privacy Module is scareware that uses misleading tactics to trick users into purchase completely bogus PC security product. This rogue anti-spyware program displays a list of predetermined malware infections on compromised computer to scare users into believing that their machines are indeed infected by malicious software. Windows Privacy Module also displays fake security alerts and pop-ups saying that your computer is infected or might be infected with some serious malware; let's say banking trojans or malware that steals personal information when visiting popular sites and entering your login credentials. While other pop-ups may claim that your computer is under attack from servers controlled by hackers or scammers. One way or another, this rogue program floods the compromised computer with many fake security alerts just to make the impression of badly infected computer.
Once installed, Windows Privacy Module will pretend to scan the compromised computer for viruses and spyware. In reality thought, the rogue program simply loads a list of infections and randomly lists them in order to fill in the table where supposedly found malware are being displayed. Just like all the fake security alerts, these fake scan results can be safely ignore. Do not follow its on screen instructions, do not pay for fake virus removal and do not attempt to uninstall reported files manually. First, you probably won't even find those files and secondly, you may remove genuine Windows files which may cause random system crashes.
When running, Windows Privacy Module will also block Windows task manager or simply replace with its own. You won't be able to run registry editor and some other Windows tools that might be useful when dealing with this virus. Hopefully, all these tools can be used without any restrictions in safe mode with networking or you can try to disable the rogue program manually which isn't that difficult because the malicious files is dropped in the Application Data folder and can be renamed very easily. See the list of malicious files below. Once you rename the file, restart your computer and the rogue program shouldn't start and as a result it won't block legitimate malware removal software. Also, it won't redirect your web browser to misleading sites or block security related web pages.
If your computer is infected with Windows Privacy Module, download an automatic removal tool give below and run a full scan. Even if you removed core files of this infection manually, you still need to scan your computer with legitimate malware removal software to remove associated malware from your computer and to ensure that your PC is completely clean.
Windows Privacy Module manual removal
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Comments on Windows Privacy Module
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.