Windows personal detective is a rogue anti-spyware that is developed by the same scammers who have developed various other anti spywares in the past. Windows personal detective is a shame on the name of security. People who expect that it would keep their system clean and will fight with the malwares are innocent. With the graphical user interface, it looks like a real software to protect the computer from all the malicious spywares, but in reality, it does no such thing. Like other anti spyware tools, it runs a false complete scan of the computer, and in the result of which, it shows a large number of infections and security alerts. Like the tool, these infections and security alerts are all bogus and do not exist in your computer.

Once you come to know about the presence of Windows personal detective in our computer, you should delete it as soon as possible to prevent your computer from more virus attacks. You need to know complete details about the tool with the processes and DLL file names it uses, in order to remove the malicious tool completely and efficiently. With this article, you will be able to remove Windows personal detective effectively by yourself.

Remove Windows Personal Detective processes

  1. Restart your computer and press F8 many times until you see a menu.
  2. Select the option ‘Safe mood with networking’ and press enter.
  3. When the computer starts; click on start button and then click on run.
  4. Type taskmgr and click ok.
  5. In the processes tab find the process named [random symbols].exe and click on the button ‘End processes’.

Remove Windows Personal Detective registry entries

  1. In order to remove the window personal detective registry entries you need to open the registry editor.
  2. Click on Start then select the option Run.
  3. Type regedit in the tab named ‘open’ and click Ok.
  4. Select the left and click on Edit then from the drop down menu select the option Find.
  5. Type the registry values there and press enter.
  6. Right click on the registry values and click Delete.

The registry values that should be found and then deleted are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-3-6_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “pyeoxpswrs”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe

Remove Windows Personal Detective files

  1. Click on Start then select the option Run from the menu.
  2. Type cmd in the tab and press Ok.
  3. Now type ‘regsvr32 /u [dll_file_name]’ do not forget to replace ‘dll_file_name’ with the actual file names and press enter.

The windows personal detective file names are:

%AppData%\NPSWF32.dll

%AppData%\result.db

%CommonStartMenu%\Programs\Windows Personal Detective.lnk

%Desktop%\Windows Personal Detective.lnk

%AppData%\Protector-[random symbols].exe

Remove Windows Personal Detective DLL libraries

  1. 1. Open the task manger by following the same steps mentioned above and under the processes tab now find the process named ‘NPSWF32.dll’.
  2. Right click on the process and select the option delete.
How to remove Windows Personal Detective?
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>