Windows Profound Security. How to remove? (Uninstall guide)

removal by Lucia Danes - -   Also known as WindowsProfoundSecurity | Type: Malware
12

Windows Profound Security is the program that should never be trusted by any user. Though it looks like a normal PC security application, in reality it is a rogue program that belongs to FakeVimes. You must have heard about this group of hackers even if you have poor knowledge about malware threats. Just like its predecessors, Windows Profound Security tries to make a wrong image about its infected computer and for that it displays completely misleading alerts and scanners. All these notifications state that your Operating System is totally infected and that you must remove these threats with a help of licensed Windows Profound Security version. However, that's just a way how scammers try to swindle the money from PC users. It's highly recommended to ignore such alerts and remove Windows Profound Security without any delay.

HOW CAN YOU GET INFECTED WITH Windows Profound Security

Windows Profound Security is usually distributed with the help of trojans that come inside through the backdoors of the system. As soon as they enter it, they start working on modifying some system parameters and setting this scamware to launch as soon as PC is rebooted. In addition, Windows Profound Security starts working on what it was created for – it tries to give you the wrong impression that your computer is under numerous threats. For that it displays misleading alerts, fake system scanners and various popup ads reporting about hundreds of trojans, adware, malware and other non-existent threats. Be sure that you won't be capable to browse normally on your computer when having Windows Profound Security on board. Instead of getting on the Internet, you will be interrupted by such alerts:

Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

HOW CAN YOU REMOVE Windows Profound Security

Like any rogue anti-spyware, Windows Profound Security tries to rip its users of by 'recommending' them purchase its licensed version. However, you must keep in mind that this program has an empty virus database, so it is incapable to find or remove any threat from the computer. Windows Profound Security reports only about invented viruses and legitimate system files that are important to have on your computer, so you must never remove them. The only thing you must eliminate is the same rogueware that will do anything to get your money. If you have also been infected with this rogue, remove Windows Profound Security using reputable anti-malware programs, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Antimalware. We don't recommend manual removal if you don't have enough knowledge about computer and their system architecture.

The latest parasite names used by FakeVimes:
[newest]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Profound Security you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Profound Security. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Profound Security (2012-08-02)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Profound Security (2012-08-02)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Profound Security (2012-08-02)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Profound Security (2012-08-02)

Windows Profound Security manual removal:

Kill processes:
Protector-[3 random characters].exe

Protector-[4 random characters].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsafwserv.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastsvc.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore "DisableSR " = '1'

Delete files:
%AppData%Protector-[rnd].exe

%AppData%NPSWF32.dll

%AppData%Protector-[3 random characters].exe

%AppData%Protector-[4 random characters].exe

%AppData%result.db

%AppData%1st$0l3th1s.cnf

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages