Windows Instant Scanner is a computer parasite “the son” of Rogue.FakeVimes family. This program is categorized as a rogue because its behavior on the computer is typical for rogues only, not for decent anti-viruses - it attempts to mislead you into thinking your computer is severely infected through the use of false scan results, fake security warnings, and not allowing you to run many valid programs on your computer. Windows Instant Scanner is distributed via on-line scanners, hacked web sites that attempt to exploit security vulnerabilities on your computer to install the program without your permissions and your knowledge. One can easily get the infection clicking on advertisements that flash on the Web. In a word be careful surfing on the Internet!
When Windows Instant Scanner is installed, it will configured the system to automatically start when you login to your OS. The virus adds some new registry entries to prevent you from running various Windows programs as well as most decent anti-virus programs. These tricks are implemented to guard itself from being removed manually or by means of anti-virus. When the program starts it will automatically launch a scan of your computer and state that it is infected with numerous malware. If you try to remove anything, though, it will state that you first need to purchase the program before being able to cope with the insecure objects spotted on your workstation. It ends up with invented scanning reports to completely mislead you.
While running, Windows Instant Scanner will also show fake security warnings from your Windows taskbar that are worded to make you think that your data is at risk or that you are under attack from a remote computer. Examples of some alerts you may see are:
ErrorAttempt to modify registry key entries detected. Registry entry analysis is recommended.
Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Just like the scan results, all of these warning notifications are false and shouldn`t be treated seriously.
It goes without saying that this program was fabricated to trick you into thinking your computer is infected so that you will then purchase the program. So for no reason should you purchase this program, and if you have, you should contact your credit card company and revoke the charges stating that the program is a scam and a computer virus. To remove this IT infection and other “invited” malware, please follow the milestones, put down in the sections below.
Windows Instant Scanner malware remover:
%AppData%\NPSWF32.dll
%AppData%\Protector-[rnd].exe
%AppData%\result.db
Delete Windows Instant Scanner registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
thank u .you did a good job . i was also infected with this virus ,i took online virus scanning support,now my PC is working well.
ReplyDelete