Remove Windows Antivirus Adviser (Step-by-Step Removal)

remove windows antivirus adviser

Danger! Remove Windows Antivirus Adviser immediately!

Windows Antivirus Adviser is a rogue anti-spyware tool created by Rogue.VirusDoctor to receive money from unsuspecting users. The program is identical to other software from this group, such as Windows   Defending Center and Windows High-End Protection. If you are familiar with any of them and of the way they act, then you know what behavior you can expect from Windows Antivirus Adviser. All need to remember is not to fall for the program’s tricks and trust it with your virtual security. It is best if you delete Windows Antivirus Adviser as soon as you discover it on your system.

How did I get infected with Windows Antivirus Adviser?

Fake security applications like Windows Antivirus Adviser are no usually distributed through official websites. They enter the operating system without permission, hiding within the installers of some freeware programs. Thus, when you download such a program from an unknown source of software, it will not enter your computer on its own. During the installation process it will present you with some additional programs that will be set up automatically if you do not disable them. This is why you should complete each installation step carefully.

Why is Windows Antivirus Adviser dangerous?

As soon as Windows Antivirus Adviser gets installed on your PC, it will disable Windows Task Manager and will block some executable files that are able to detect infections on the system. Then, the program will start presenting you with fake scan results claiming that your computer is at risk because several threats have been detected. You will also be advised to activate Windows Antivirus Adviser in order to receive ultimate protection for your computer. Keep in mind that you must not let yourself be deceived and spend money on this useless application because you might end up having your credit card details stolen and your system will still remain unprotected.

Windows Antivirus Adviser removal instructions

STEP 1: Start Your Computer into Safe Mode with Networking

  • Make sure you do not have any floppy disks, CDs, and DVDs inserted in your computer
  • Restart the computer
  • When you see a table, start tapping the F8 key every second until you enter the Advanced Boot Options

kbd F8

  • in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.

safe-mode-with-networking

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

  • A dialog box should open. Type iexplore www.virusresearch.org/download-en

scanner

  • your browser will open and a professional scanner will start downloading
  • Follow the instruction and use the professional malware removal tool to detect the files of the virus.
  • After performing a full scan you will be asked to register the software. You can do that or perform a manual removal.

To perform Manual removal you need to:

  • Enable Hidden and System Files.
  • Delete the following files

%AppData%\NPSWF32.dll
%AppData%\Protector-<random 3 chars>.exe
%AppData%\Protector-<random 4 chars>.exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Antivirus Adviser.lnk
%Desktop%\Windows Antivirus Adviser.lnk

 

  • Delete the following registry keys.

HKEY_CURRENT_USER\Software\Windows Antivirus Adviser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “aoplgkvrhq”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe

Use your msconfig to disable the execution point of the virus. Please, have in mind that the names in your machine might be different as they are generated randomly, that’s why you run the professional scanner to identify the files.

Always double check with any reputable anti-malware program after manual removal.

Leave a Comment