Recently we noticed a new threat called Windows Functionality Checker virus. Apparently, this virus has done much damage to PC users, just like Windows Protection Master or Home Safety Essentials, so we can only imagine how malicious this new virus is. Nevertheless, there’s always a way to remove viruses from computers and Windows Functionality Checker is not an exception. This article will show you detailed information about this virus and will show you a step-by-step guide on how to remove Windows Functionality Checker from your computer.
At the the first glance, Windows Functionality Checker virus may look like a good anti-virus program which will help you to protect your computer from malicious software. However, it is a virus that should belong to the category of rogue anti-spywares. In most of the cases, this sneaky malware gets inside the system without any permission of a user asked. That's because you should be very careful when visiting the web pages and downloading the files from external sources. If you have noticed Windows Functionality Checker on your PC, you must keep in mind that it must be eliminated as soon as it gets into your PC.
When Windows Functionality Checker rogue enters your PC, it starts to act as a anti-malware software. It runs fake system scans in order to show you fake reports about viruses and spyware that lives in PC. It doesn’t even care that you don’t want to see those reports. It automatically starts when computer is turned on and gets in front of your desktop to scare you with messages that your PC is infected. However, it doesn’t offer a free removal of the viruses that it “found” – it asks you to buy a full, commercial, registered version of Windows Functionality Checker. Without any doubt, you have to ignore every message that asks you to upgrade or buy this software – because it’s a fake and dangerous program. You won’t get anything when you buy it – you will just send money and your personal bank information to cyber criminals and it won’t take long for them to steal even more from your bank accounts.
In order to trich you into buying its license, Windows Functionality Checker claims:
Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmploc.dll
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Potential malware detected.
It is recommended to activate protection and perform a thorough system scan to remove the malware.
So, basically you should always avoid installing unidentified software that infects your PC with more malware and ignore the fake messages that Windows Functionality Checker virus sends you. It’s recommended to remove Windows Functionality Checker ASAP because it is a dangerous threat that will continue its malicious activity on your computer. We recommend using reputable anti-malware programs, Malwarebytes, Reimage or other that will help you to find all infected files and remove them.
The latest parasite names used by FakeVimes:
Windows Functionality Checker manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
%desktopdir%Windows Functionality Checker.lnk