Severity scale:  

Windows Advanced Toolkit. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as WindowsAdvancedToolkit | Type: Rogue Antispyware

Windows Advanced Toolkit is a rogue anti-spyware that has the one basic purpose – to rip its victims off. For that, it firstly creates a need of its license and reports users about numerous viruses detected. Of course, for their removal users are informed that they have to purchase licensed Windows Advanced Toolkit version. Under no circumstances you should do that and spend your money for this scam! Just like the trial its version, licensed version has an empty virus database, so it is useless in virus detection or removal. It's almost obvious that this rogue is just another product from FakeVimes family that distribute identical programs sharing the same GUI and misleading alerts. If you have also been suffering from those, remove Windows Advanced Toolkit from your computer without any delay.When it comes an infiltration moment, Windows Advanced Toolkit does not require any user's actions to get inside a PC. The most common way to get infected with it is downloading something insecure from the web resource that is compromised.


When running inside the machine, this rogueware additionally gets configured to launch once you log into Windows and starts its performance. Therefore, all your browsing sessions will be interrupted by the activity of this scareware: it will generate continuous pop-ups, alerts and notifications informing you that your system is infected with different kinds of viruses, like trojans, spyware, malware etc. Here are some of such alerts displayed by Windows Advanced Toolkit:

Torrent Alert

Recommended: Please use secure encrypted protocol for torrent links.Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.


Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.


Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

It's natural that some of you have fallen for such viruses reported by Windows Advanced Toolkit and taken this sneaky program as a real anti-spyware. However, we hope you haven't paid for its licensed version because you may have also lost your credit card details in this way.


If you have paid for Windows Advanced Toolkit license, contact your credit card company to dispute the charges first of all. In addition, scan your infected machine with reputable anti-spyware and remove Windows Advanced Toolkit instead of keeping it on your computer. Letting this malware stay on your machine may result in finding more viruses on your computer because it tends to download additional malware after some time. We recommend running a full system scan with Reimage or Malwarebytes MalwarebytesCombo Cleaner in order to uninstall Windows Advanced Toolkit for good. If you are disabled and can't launch your anti-malware, enter this registration code that will make Windows Advanced Toolkit think that you have purchased the license: 0W000-000B0-00T00-E0020. Of course, now you must run a full system scan to remove infected files from your computer.

The latest parasite names used by FakeVimes:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.
Windows Advanced Toolkit snapshot
Windows Advanced Toolkit

Windows Advanced Toolkit manual removal:

Kill processes:
Protector-[3 random characters].exe

Protector-[4 random characters].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsafwserv.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastsvc.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavastui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore "DisableSR " = '1'

Delete files:


%AppData%Protector-[3 random characters].exe

%AppData%Protector-[4 random characters].exe



About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions