There are many fake antivirus applications in the market that claim to be legitimate applications, but they are not. Windows Trojans Sleuth is one of them. It shows the user a list of infected files and asks the user to buy the full version, if they want their computer to be virus free. These kinds of rogue applications usually spread through Trojans and spam email attachments. Once it enters the system, it installs itself without asking the permission of the user. It takes control of your computer so you cannot detect thatsomething is wrong with your computer. You cannot either access the Windows task manager and internet to remove the Windows Trojans sleuth.

You need to restart the computer and select the option ‘safe mood with networking’to avoid the continuously security alerts. These security alerts will not allow you to do the work with full concentration. When the computer is started in the safe mood, you will be able to access the internet and windows task manger, and thus, remove the Windows Trojans sleuth completely.You can also remove the fake antivirus tool by downloading any reliable tool.

Remove Windows Trojans Sleuth processes

  1. Click on Start then select the option Run from the menu.
  2. In the given space type taskmgr and press Ok.
  3. When the Windows task manager opens note that there are many tabs.
  4. Find out the tab named ‘processes’ and click on it. All the processes which are working right now are showed there, there will be windows Trojans sleuth processes.
  5. Look for the process named‘Inspector[random].exe’ and ‘Protector-[3 randomcharacters].exe’and then right click on the above process select the option End process.

Remove Windows Trojans Sleuth Registry Entries

You can only remove windows Trojans sleuth registry values by locating them in registry editor.

  1. To open the registry editor Click on Start then click on the option Run.
  2. Type regedit in there and click Ok. This will open the registry editor.
  3. From the two panes in the registry editor, use the left pane and click on the option edit from the menu. Then click on Find type in the registry values.
  4. Right click on the registry values and select the option Delete.

The registry values that should be located and then deleted are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe “Debugger”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe “Debugger”

Remove Windows Trojans Sleuth files

After deleting the registry values you will need to remove the other data files also, these files can also be found using the registry editor.

In the left pane of registry editor find out the following processes and then press Del.

%AppData%\Inspector-[random].exe

%AppData%\Protector-[random].exe

%AppData%\NPSWF32.dll

%AppData%\result.db

%UserProfile%\Desktop\Windows Protection Master.lnk

Remove Windows Trojans Sleuth DLL files

  1. Go to Start and select the option Search.
  2. Select ‘For files and folders’.
  3. Type the file name ‘NPSWF32.dll’ and select the option Local hard drives.
  4. Right click on the found result and select Delete.

 

How to remove Windows Trojans Sleuth?
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>