Windows Ultra Antivirus is a fake antivirus program that is distributed with the use of different Trojans. It belongs to the family of FakeVimes of rogue antivirus applications. This software takes control over internet browser, reports fake and bogus infections and shows fake security warnings that your computer has been damaged with many viruses and spywares. Normally, by showing all these viruses, the Windows Ultra Antivirus wants to trap you in buying the full version of this fake antivirus program. Do not fall in the trap, save your money for something worth rather than this worthless software. Windows Ultra Antivirus is distributed by hackers through the infected web sites. Your system may also infect with this virus while watching the videos or even downloading files from unreliable and unverified sources. In addition to the above mentioned things, you may also get infected by this virus even by clicking unreliable links, through some infected advertising pop-ups, visiting unsecured websites or by downloading attachments from spam emails. If this malware enters into your computer, it changes your system settings every time that it is launched, or when you restart your computer. It starts automatically and it scans the computer system processes. Also note that none of any highly regarded antivirus programs performs scans without seeking the permission of user. The Windows Ultra Antivirus does not give you any control of the computer system so you cannot even stop the dangerous Windows Ultra Antivirus from working. Remove Windows Ultra Antivirus processes

  1. Press ALT+CTRL+DEL or you can either press CTRL + Shift + ESC to speedily open the Windows task manager.
  2. Find the tab which is named ‘processes’ and select it.
  3. Look for the process [random].exe under ‘image name’.
  4. Select the process and then click on the button ‘End processes’ to remove the process.

Remove Windows Ultra Antivirus registry key entry values

  1. Click on Start > Run.
  2. Type regedit and click Ok.
  3. Click on Edit from the left section of the registry editor.
  4. Further select the option Find and enter the registry values in the given space.
  5. When the registry values are shown, delete them by selecting the process and pressing the key Delete.
  6. The Windows Ultra Antivirus registry key entry values which you will need to remove are:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2] HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\112da10e6b8dcd07 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random2] HKEY_CURRENT_USER\Software\WinUltraAntivirus HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector” HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6″ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “knwhxtvfmd” HKEY_CURRENT_USER\Software\ASProtect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe Remove Windows Ultra Antivirus other files

  1. Go to start > Search.
  2. Select ‘Files and folders’.
  3. Enter the following files; click on the file name and press Delete.

%System%\drivers\[random2].sys %System%\drivers\142da10e6b8dcd07.sys %Documents and Settings%\[UserName]\Desktop\[random].lnk %Program Files%\Windows Ultra Antivirus %AppData%\Protector-[rnd].exe %AppData%\Inspector-[rnd].exe %appdata%\[random].exe %Documents and Settings%\[UserName]\Application Data\[random].exe %Documents and Settings%\[UserName]\Local Settings\ Temporary Internet Files\Content.IE5\4SOEDFRR\setup.exe %Documents and Settings%\All Users\Start Menu\Programs\Windows Ultra Antivirus %UserProfile%\Desktop\Windows Ultra Antivirus.lnk %Documents and Settings%\All Users\Application Data\Windows Ultra Antivirus %AppData%\result.db %CommonStartMenu%\Programs\Windows Ultra Antivirus.lnk

How to remove Windows Ultra Antivirus?
Tagged on:                     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>