Windows Virtual Security is a rogue anti-spyware that comes from FakeVimes malicious family. Scammers from this group of rogues have been releasing their parasites every day. However, they don't pay enough attention for giving specific looks for their threats, so every FakeVimes rogue, including Windows Virtual Security, looks identically. Besides, it also uses the same alerts and notifications that are expected to make users concerned about their PCs. Be sure that it will additionally be set to offer its licensed version and will present it as the only tool capable to remove those viruses for you. Just like always, we recommend to ignore Windows Virtual Security alerts because they report only about non-existent viruses. In reality, they are used only to swindle your money, so stay away from this rogueware first and remove Windows Virtual Security as soon as possible.
HOW CAN I GET INFECTED WITH WINDOWS VIRTUAL SECURITY?
According to 2spyware research center, Windows Virtual Security is capable to enter computers without user's permission asked. This unauthorized installation is done with a help of trojans that use security holes to enter their target PC undetected. As soon as they get into it, they download Windows Virtual Security files and modify the registry in order to help for this malware start as soon as victim reboots his machine. The basic patterns of Windows Virtual Security functioning result in annoying alerts and notifications reading mostly like that:
Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Please click “remove All” button to erase all infected files and protect your PC
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Please click “Prevent attack” button to prevent all attacks and protect your PC
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notifications means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Keep in mind that though all these alerts look trustworthy and good-looking, they are fake and used to make users scared about their computers. Besides, Windows Virtual Security displays the same alerts on all its infected computers what shows that its alerts are nothing but misleading campaign which should encourage you to purchase its license. If you don't want to lose your money, you should ignore them and remove Windows Virtual Security without any delay. If kept inside the computer, this rogue is expected to download more malware on PC, make it slow and laggy and cause browser redirections to suspicious commercial domains.
HOW TO REMOVE WINDOWS VIRTUAL SECURITY?
As soon as you find Windows Virtual Security in your computer, you must be aware that FakeVimes is trying to rip you off. In order to avoid their attack, we recommend to remove Windows Virtual Security as soon as possible. In order to avoid removing wrong files, you should use automate removal programs, like Reimage and PlumbytesWebroot SecureAnywhere AntiVirus. These tools will help you to eliminate all infections without any delay. Of course, they must be updated before the scan, so download the latest their versions. If you can't launch them, you can also disable Windows Virtual Security by using this code: 0W000-000B0-00T00-E0020. As soon as you enter it, run Reimage or other legitimate tool.
Windows Virtual Security manual removal
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
There are more similar entries...
Geolocation of Windows Virtual Security
Removal guides in other languages
Comments on Windows Virtual Security
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.