Windows Pro Web Helper is a rogue anti-spyware program promoted via fake online virus scanners and and infected websites. Fake online virus scanners usually state that your computer is infected with trojans and other very dangerous malware. The fake scanner then prompts the user to download and run their malware removal tool to remove found malware. On the other hand, this rogue security program can come bundled with other malware or it can enter your computer through software vulnerabilities, mostly Java and Adobe. If you find that your computer is infected with this virus, please follow the removal instructions below and remove Windows Pro Web Helper from the system as soon as possible.
Once Windows Pro Web Helper is installed, it will be configured to start automatically when Windows starts. The rogue program will scan your computer and detect non-existent or fake files as infections, but won't let you remove them until you purchase the rogue program. This is obviously a scam because it asks you to pay for a license of a program that removes malware infections that do not even exist on your computer. Also, the rogue security program will display fake security alerts on your computer claiming that your PC is badly infected and needs to be cleaned. These alerts will range from warnings about your computer be hacked to active malware processes being detected. Some of the fake security alerts read:
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
When running, Windows Pro Web Helper may block legitimate anti-spyware programs, Task Manager, Registry Editor and other useful system tools to protect itself from being removed. It may also block certain websites, so that you couldn't download malware removal tools. It won't let you download malware removal tools that why you will have to end Windows Pro Web Helper processes first or reboot your computer is Safe Mode with Networking. As you can see, the main purpose of Windows Pro Web Helper is to trick you into purchasing the program. Don't purchase it. If you have already paid for it then contact your credit card company and dispute the charges. Then please use Windows Pro Web Helper removal instructions below to remove this malware from your computer as soon as possible.
The latest parasite names used by FakeVimes:
Windows Pro Web Helper manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe