Windows Web Watchdog is a malicious rogue anti-spyware, which belongs to the notorious family of rogues called FakeVimes. As soon as it infiltrates the system, it modifies some of its components and starts showing fake alerts that all report about tens of different viruses. Of course, this is done just for fooling unaware PC users and making them pay for a fake license. If you noticed continuous system scanners that check your computer each time you turn it on and pop-up ads that offer purchasing Windows Web Watchdog licensed version, you should waste no time and scan your PC with a reliable anti-spyware. This will help you to understand which programs are safe and which programs are malicious. Of course, you should remove this rogue ASAP because it may start collecting your personally identifiable information and download more malware on the system.
How can Windows Web Watchdog infiltrate my computer?
Windows Web Watchdog is spread by trojans that may hide either on infectected or legitimate but affected websites. In order to avoid downloading malicious programs from legitimate websites, you should avoid those banner ads and pop-up notifications that report about dangerous PC's situation and offer checking it with some reliable security app for free. Of course, after you click on the add, you download the trojan horse, which additionally downloads malicious files that belong to Windows Web Watchdog. The clearest sign showing that your computer has already been infected are these alerts:
C:\Windows\system32\iexplore.exe is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them to a remote server.
Potential malware detected. It is recommend to activate the protection and perform a thorough system scan to remove the malware.
System data security is at risk!
To prevent potential PC errors, run a full system scan.
If you are seeing such or similar ads when browsing on the web, it means that your machine is affected. Please, don't waste your time until Windows Web Watchdog downloads more viruses on your computer! Follow a guide below and remove this malicious program with has, let's face it, really silly name.
How to remove Windows Web Watchdog?
Please, stay away from Windows Web Watchdog because it's another rogue anti-spyware, which belongs to FakeVimes. If you think that you are infected, scan your PC with reliable anti-spyware. We recommend using Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage, Malwarebytes Anti Malware. If you can't launch any of these programs, follow these instructions:
- Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
- Loggin as the same user as you were in normal Windows mode.
- Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
- Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes and remove its files.
The latest parasite names used by FakeVimes:
Windows Web Watchdog manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = 1
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = "%AppData%svc-
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "MS-SEC" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "ZSFT" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "S_SC" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "ctfmon" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "SD-986-001" = %AppData%svc-
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMpCmdRun.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMpUXSrv.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMSASCui.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsconfig.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe
HKEY_LOCAL_MACHINESoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsk9filter.exe
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesbckd "ImagePath" = 22.sys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableLUA" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableVirtualization" = 0
%UserProfile%DesktopWindows Web Watchdog.lnk
%AllUsersProfile%Start MenuProgramsWindows Web Watchdog.lnk