Windows Cleaning Tools is a rogue antispyware program that spreads on computer systems through Trojan viruses and infiltrates into computers without permission of the users. It pretends to be an antispyware program but in fact is an infection itself that must be removed as soon as detected.
Windows Cleaning Tools can block most of reputable antivirus tools and regular computer programs so basically your system becomes unprotected. The program displays numerous security notifications stating that your system is infected. Once you try to launch some program you will be asked to activate Windows Cleaning Tool.
Moreover, Windows Cleaning Tools blocks your Internet Explorer and every time you try to visit some website, it generates a warning claiming that the website is infected and it may harm your computer. This and any other security alerts by Windows Cleaning Tools must be ignored as it is a malicious program only seeking to make you purchase its license and receive your money. Here's how they look like to make it easier for you to recognize them:
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 220.127.116.11
Target: Your passwords for sites
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Besides it may run its scanner and pretend it to be a trial version that can detect infections. Then Windows Cleaning Tools makes a list of supposedly infected files and asks to purchase its full version in order to remove infections. Beware that it doesn't detect any real threats and only displays a fake infection list to make you purchase its license.
We strongly advice removing Windows Cleaning Tools right after noticing it running on your system. You have to scan your system with a reputable antispyware program. Follow the removal instructions below to eliminate this badware from your system quickly and easily.
The latest parasite names used by FakeVimes:
Windows Cleaning Tools manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe