Severity scale:  
  (80/100)

Windows Maintenance Suite. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as Windows Maintenance Suite | Type: Viruses
12

Windows Maintenance Suite is another rogue antispyware that was released by FakeVimes family. Just like its predecessors the program infiltrates into random computer systems using social networks, malicious websites, spam email attachments, etc. As soon as it gets inside the system, the application makes some changes in the Windows Registry which allows Windows Maintenance Suite to perform its further steps.

First of all, you will notice a scanner running on your system after each computer reboot. The program will warn that your system is infected and even show a list of threats that are supposedly harming your system. However, these files are either fake or they belong to your legitimate programs. Removing them can even harm proper functioning of your system. Besides none of the versions of Windows Maintenance Suite can detect or remove any real infections. So your PC is completely unprotected

Additionally, Windows Maintenance Suite uses fake pop up messages which appear on the system out of nowhere and warn about certain system problems. The purpose of these notifications is also to make computer user think that his system has certain security issues. This is a common way rogue programs promote them. You shouldn't take these notifications for real and you should never act they way they tell you. Here's how the look like:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

It is highly recommended to remove Windows Maintenance Suite using a reliable antispyware program. Just make sure you upgrade it to its newest version. If your Intenret Explorer is blocked, just keep trying again and eventually, you will be able to browse. Do not hesitate as this badware wishes no good for you and it only wants your money. In case you took this scam serious and paid for it, contact your credit card company and dispute the charges as soon as possible.

The latest parasite names used by FakeVimes:
[newest]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Maintenance Suite you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Maintenance Suite. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Maintenance Suite snapshot
Windows Maintenance Suite

Windows Maintenance Suite manual removal:

Kill processes:
Protector-[rnd].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe



Unregister DLLs:
npswf32.dll

Delete files:
%AppData%Protector-[rnd].exe

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions