If you see annoying pop-up messages and a list of files that are infected with viruses, it is most likely that your computer system is infected with Windows Secure Workstation. Windows Secure Workstation enters into computer without your permission; this malicious tool acts to be a legitimate and trust worthy antivirus application which it is not. The Windows Secure Workstation targets your personal information like credit card number, passwords and IP address. It steals the information and uses it illegally for its business. If you come to know about the existence of the Windows Secure Workstation in your computer, delete it without any hesitation.

Manual removal of Windows Secure Workstation is a very hard task and you need to know windows operating system inside out, if you are planning to do it manually. However, with this article you will be able to remove the malicious tool effectively you just need to follow the steps written below.

Remove Windows Secure Workstation processes

  1. To quickly open the windows task manager press the keys CTRL + Shift + ESC.
  2. Find out the tab which is named ‘processes’ in the windows task manager.
  3. Under the column ‘image name’ find the process Protector-[rnd].exe.
  4. Click on it and then click on the button ‘End processes’ to kill the process.

Remove Windows Secure Workstation registry key values

  1. Press the windows key with the key ‘R’ from the key board to quickly open Run.
  2. Type regedit and click Ok.
  3. From the two sides of the registry editor select the left pane.
  4. Click on Edit and then on Find.
  5. Enter the Windows Secure Workstation registry values then press enter.
  6. Right click on the registry values and press Delete.
  7. The Windows Secure Workstation registry key values that should be removed instantly are:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeDebugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

HKEY_CURRENT_USER\Software\Windows Secure Workstation

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Secure Workstation

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe

Remove Windows Secure Workstation other files

  1. Go to Start button and then select the option ‘All programs’.
  2. Click on the ‘Accessories’.
  3. Now select the option ‘Command prompt’.
  4. Or you can open Run using the above mentioned process.
  5. Type cmd and press enter.
  6. Enter the complete path of the Windows Secure Workstation files.
  7. When the file appears; type ‘regsvr32 /u [file_name]’ and press enter.
  8. The actual file_name are:

%UserProfile%\Desktop\Windows Secure Workstation.lnk

%Documents and Settings%\[UserName]\Desktop\[random].lnk

%Program Files%\Windows Secure Workstation





%CommonStartMenu%\Programs\Windows Secure Workstation.lnk

%Documents and Settings%\[UserName]\Application Data\[random].exe

%Documents and Settings%\All Users\Application Data\Windows Secure Workstation

%Documents and Settings%\All Users\Start Menu\Programs\Windows Secure Workstation


How to remove Windows Secure Workstation?
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>