Windows Antivirus Machine is a false antivirus program which is created by the family of FakeVimes. This program aims to dodge owners of the infected computers to expend their money on buying the full version of this malicious program – which is worth nothing. Following is the format of Windows Antivirus Machine: once the rogue is in your system, it starts a whole system scan and obviously finds various types of viruses in it. The alert messages and warnings you get from your computer about the damage are actually to frighten you and to convince you to purchase full version of this fake antivirus program. Do not fall for this malware. Save your money instead for buying some legitimate antivirus software that might actually work.

By using some infected websites, scammers distribute the Windows Antivirus Machine. While watching videos or even downloading files the chances are that you may also get this rogue. When the fake antivirus is in your PC, in order to be initiated, every time your computer is booted, it makes changes to your system settings. The Windows Antivirus Machine will automatically scan the programs and your system processes. Always remember that not any reputable antivirus programs scans without a user’s permission or agreement. You have no control on the scanning process of windows ultimate safeguard and you cannot even stop them. Your work is constantly interrupted by the warnings and the security alerts and makes it troublesome.

Remove Windows Antivirus Machine Processes

  1. Windows Antivirus Machine processes can be stopped from working through the windows task manager.
  2. Press ALT+CTRL+DEL to directly open the Windows task manager.
  3. Or Go to start button > run > Type taskmgr > press enter.
  4. Find the tab ‘processes’ in the windows task manger.
  5. Find the Windows Antivirus Machine processes under the ‘image name’.
  6. The process which needs to be removed is :

[random].exe

Remove Windows Antivirus Machine Registry entry values

  1. To open the windows registry editor quickly; press the windows key with the key ‘R’ from your keyboard.
  2. Type regedit and press Ok.
  1. When the registry editor opens, select the left section and then click on Edit.
  2. Then click on Find and enter the Windows Antivirus Machine registry values.
  3. Now right click on the found registry values and press Delete.
  4. The Windows Antivirus Machine registry entry values that should be removed are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Remove Windows Antivirus Machine other files

  1. Go to the start menu and then select the option ‘all programs’ to display all the programs.
  2. Find out the option ‘accessories’ and click on it when all the programs are shown.
  3. After that click on the ‘Command prompt’.
  4. In the command prompt window enter the command‘regsvr32 /u [sample_file_name]’ and then press enter.
  5. Change the Sample_file_name with the following Windows Antivirus Machine files:

%AppData%\NPSWF32.dll

%AppData%\Protector-[random].exe

%AppData%\result.db

%CommonStartMenu%\Programs\Windows Antivirus Machine.lnk

%Desktop%\Windows Antivirus Machine.lnk

 

How to remove Windows Antivirus Machine?
Tagged on:                     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>