Windows Virtual Security. How to remove? (Uninstall guide)

removal by Julie Splinters - -   Also known as WindowsVirtualSecurity | Type: Rogue Antispyware
12

Windows Virtual Security is a rogue anti-spyware that comes from FakeVimes malicious family. Scammers from this group of rogues have been releasing their parasites every day. However, they don't pay enough attention for giving specific looks for their threats, so every FakeVimes rogue, including Windows Virtual Security, looks identically. Besides, it also uses the same alerts and notifications that are expected to make users concerned about their PCs. Be sure that it will additionally be set to offer its licensed version and will present it as the only tool capable to remove those viruses for you. Just like always, we recommend to ignore Windows Virtual Security alerts because they report only about non-existent viruses. In reality, they are used only to swindle your money, so stay away from this rogueware first and remove Windows Virtual Security as soon as possible.

HOW CAN I GET INFECTED WITH WINDOWS VIRTUAL SECURITY?

According to 2spyware research center, Windows Virtual Security is capable to enter computers without user's permission asked. This unauthorized installation is done with a help of trojans that use security holes to enter their target PC undetected. As soon as they get into it, they download Windows Virtual Security files and modify the registry in order to help for this malware start as soon as victim reboots his machine. The basic patterns of Windows Virtual Security functioning result in annoying alerts and notifications reading mostly like that:

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Recommended:
Please click “remove All” button to erase all infected files and protect your PC

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC

Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notifications means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.

Keep in mind that though all these alerts look trustworthy and good-looking, they are fake and used to make users scared about their computers. Besides, Windows Virtual Security displays the same alerts on all its infected computers what shows that its alerts are nothing but misleading campaign which should encourage you to purchase its license. If you don't want to lose your money, you should ignore them and remove Windows Virtual Security without any delay. If kept inside the computer, this rogue is expected to download more malware on PC, make it slow and laggy and cause browser redirections to suspicious commercial domains.

HOW TO REMOVE WINDOWS VIRTUAL SECURITY?

As soon as you find Windows Virtual Security in your computer, you must be aware that FakeVimes is trying to rip you off. In order to avoid their attack, we recommend to remove Windows Virtual Security as soon as possible. In order to avoid removing wrong files, you should use automate removal programs, like Reimage and Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. These tools will help you to eliminate all infections without any delay. Of course, they must be updated before the scan, so download the latest their versions. If you can't launch them, you can also disable Windows Virtual Security by using this code: 0W000-000B0-00T00-E0020. As soon as you enter it, run Reimage or other legitimate tool.

The latest parasite names used by FakeVimes:
[newest id=”fakevimes”]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Virtual Security you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows Virtual Security. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Virtual Security (2012-08-09)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Virtual Security (2012-08-09)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Virtual Security (2012-08-09)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Virtual Security (2012-08-09)
Windows Virtual Security snapshot
Windows Virtual Security

Windows Virtual Security manual removal:

Kill processes:
%AppData%Protector-[rnd].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe

There are more similar entries...

Delete files:
%AppData%Protector-[rnd].exe

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages