Windows Process Director. How to remove? (Uninstall guide)

removal by Alice Woods - -   Also known as WindowsProcessDirector | Type: Rogue Antispyware
12

Windows Process Director is a rogue antivirus program that was designed by computer hackers who are looking for easy ways to get money from random computer users. The program infiltrates into the system through malicious Internet websites which can infect any computer system quite easily by using fake scanners online. These scanners imitate checking your system for infections and warns about a bunch of dangerous threats detected. To remove them, it offers you to get a license of Windows Process Director. You have to understand that the files displayed by Windows Process Director are not even close to real infections. The program is only trying to convince you into purchasing a license of Windows Process Director and get your money this way. Easy as that the creators of this malware are collecting more and more money from random computer users.

If your system is infected with Windows Process Director you also won't be able to avoid numerous of security warnings that look just like the legitimate ones by Windows Security Center. Except that they insist purchasing Windows Process Director. Here's how they look like:

Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.

Warning! Identity theft attempt Detected
Hidden connection IP: xxxxxxxxx
Target: Your passwords for sites

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

In any case, every message related to Windows Process Director must be ignored. You must get rid of this program without any hesitation, right after its detection. We strongly recommend you downloading a reputable anti-spyware program, such as Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage or other. Even if you are not experienced computer user a reliable antispyware will do the task for you easily.

The latest parasite names used by FakeVimes:
[newest]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Process Director you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Process Director. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Process Director (2012-08-01)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Process Director (2012-08-01)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Process Director (2012-08-01)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Process Director (2012-08-01)
Windows Process Director snapshot
Windows Process Director

Windows Process Director manual removal:

Kill processes:
%appdata%Inspector-[rnd].exe

%AppData%Protector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe


Unregister DLLs:
%AppData%NPSWF32.dll

Delete files:
%AppData%NPSWF32.dll

%AppData%Protector-3 characters.exe

%AppData%result.db

%CommonStartMenu%ProgramsWindows Managing System.lnk

%Desktop%Windows Managing System.lnk

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author