Windows tools patch is a bogus antivirus that belongs to the Rogue FakeVimes family. It claims that different malwares have been detected on your computer system, shows professional created pop ups, and when you click on them, it will ask you to purchase the Windows tools patch in order to remove the infection from your computer. In fact, none of these infected files and viruses is real. It is a mean trick played by the rogue application to make you panic and ask you to buy the Windows tools patch. This application has also stolen many users’ financial information.

While this application is running you will receive many security alerts like these:

  1. Error

Software without a digital signature detected.

Your system files are at risk. We strongly advise you to activate your protection.

  1. Error

Serious slowdown in system performance. To eliminate the causes, full check is recommended.

These error or messages will tell you that something is wrong in your computer and you must buy the Windows tools patch to clean your computer form all the viruses and infections.

Removing Windows tools patch completely

There are two ways to remove the windows tools patch. You can either download a reliable software and leave the removal of rouge application on it, or you can do it manually. This article will tell you how you can remove Windows tools patch manually.

Remove Windows Tools Patch processes

  1. Press the CTRL+ALT+DEL keys to directly open the Windows task manager or you can do it manually by clicking on Start and further clicking on Run.
  2. Now type taskmgr in the empty space and press Ok.
  3. When the task manger opens you will see many tabs, select the one which is named ‘Processes’ and click on it. Now find your required process under the field named image name right click on it and select the option Delete.
  4. The process you need to stop is ‘Protector-[rnd].exe’.

Remove Windows Tools Patch DLL files

  1. Go to Start and click on the Search.
  2. Find the option ‘For files and folders’ and click on it.
  3. Type the file name ‘npswf32.dll’ to get the fast results select the option Local hard drives.
  4. When the result is found right click on it and click on the Delete option.

Remove Windows Tools Patch Registry Entries

  1. To open the registry editor click on Start then find the option Run and click on it.
  2. Type regedit there and click Ok.
  3. In left pane of the registry editor and click on Edit. Now form the drop down menu click on Find and type in the following registry values.
  4. Right click on the registry values and select Delete.
  5. The registry values that should be deleted are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Remove Windows Tools Patch files

  1. Click on Start then select the option ‘All programs’.
  2. Go to ‘Accessories’.
  3. Click on the ‘Command prompt’.
  4. Type the complete path of the Windows tools patch files.
  5. Now type ‘regsvr32 /u [dll_file_name]’ and press enter.

The files you need to replace with the ‘dll_file_name’ are as:

%AppData%\Protector-[rnd].exe

 

How to remove Windows Tools Patch?
Tagged on:                         

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>