What is Windows Health Keeper?

Windows Health keeper is a malware that shares its graphical user interface to other related applications. Just like many other rogue applications, it also spreads through the Trojans and finds any leaks in your security systems to enter your system. If you have found this application running in your computer, remember this is a very hazardous application, so you must remove it immediately. It installs itself without the permission of the user, which proves that this is a malware created to harm your computer. The Windows health keeper shows that your computer is at security stake and you should remove the infected files and viruses as soon as possible to prevent any danger. For the cleaning and removal of infected files you need to buy the full version of the application. This is the main purpose of this rogue application; to gain money from the user by showing false facts and figures.

Instruction on how to remove Windows Health Keeper

You need detail instructions on how to remove the Windows health keeper. If you do not know what processes or files needs to be deleted you will end up either deleting the important files required to run the windows or not deleting the Windows health keeper files.

Remove Windows Health Keeper Processes

  1. To open task manager, press CTRL+ALT+DEL keys. If the task manager does not open go to Start and click on Run and type taskmgr and press Ok.
  2. When the task manger opens select the ‘processes’ tab and find the process ‘appdata%\Inspector-[rnd].exe’ and ‘%AppData%\Protector-[rnd].exe’. When you find the above mentioned processes right click on them and select ‘End processes’ to kill the harmful processes.

Remove Windows Health Keeper Registry values

  1. Click on Start then select Run.
  2. Type regedit in the tab named ‘open’ and click Ok. This command will open the registry editor.
  3. There are two panes in the registry editor use the left pane and click on Edit. Select the option Find and type the registry values in it.
  4. Right click on the found registry values and select Delete.
  5. The registry values that should be found and deleted are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-3-17_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rnkkhbcsqe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net”

Remove Windows Health Keeper DLL files

  1. Go to Start and click on Search.
  2. Check the option ‘For files and folders’.
  3. Type the file name ‘NPSWF32.dll’ in the search bar and do not forget to select the option ‘Local hard drives’ to fasten your search results.
  4. Right click on the found result and click on Delete.

Remove Windows Health Keeper Data files

  1. Click on Start then select the option Run from the menu.
  2. Type cmd and press Ok.
  3. Enter the full path of the file.
  4. To view the content of the file type dir command.
  5. Now type ‘regsvr32 /u [dll_file_name]’ and press enter.
  6. The files that you need to replace with the ‘dll_file_name’ are:

%AppData%\NPSWF32.dll

%AppData%\Protector-.exe

%AppData%\result.db

%CommonStartMenu%\Programs\Windows Health Keeper.lnk

%Desktop%\Windows Health Keeper.lnk

 

 

How to remove Windows Health Keeper?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>