Windows security center fake alert is rogue security software or malware. This downloads on your systems through faulty websites, faulty software upgrades, and other means. This is a very nasty malware that keeps alerting very frequently to download some fake security soft-wares. These so called security software do not work but even damage your system seriously and you also lose some license fees if you pay online for the same.

One of the key features of this rogue malware is that it displays a fake windows security center alert, which looks almost similar to normal and legitimate windows security center alert. It will prompt you that virus protection on your computer is turned on and asks for some recommendations to follow. If you click on the recommendations or on any part of the alert window this nasty software starts running some programs that will disable your security software and other legitimate security programs. This way, this rogue software controls majority of your system resources and starts to pop you up for downloading some other fake software. The frequency of windows security center alert is very high and sometime computer operator clicks it to close the window; but with that click, the popup window will not close but will start downloading some other software. This is very nasty and rogue software and need to be removed as soon as possible. The procedure for removing windows security center fake alert is given below. It is a stepwise and need to be followed systematically to get this issue resolved.

Stepwise Procedure for Removal of windows Security Center Fake Alert

You can remove by two ways; either by automatic anti-virus software or through manual procedure. I am walking you through a manual procedure here.

  • First of all hit ALT+CTR+DEL to open task manager
  • Click on Process tab and select many processes [random].exe → right-click and click End processes
  • Once you stopped all the windows security center fake alert processes, now go to remove registry keys from your computer.
  • Click Start → Run → Type regedit → Hit Return
  • Chose following a huge number of registry files and keys:
    • HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%Local SettingsApplication Data[random 3 letters].exe” /START “%1? %*’
    • HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CURRENT_USERSoftwareClasses.exe “(Default)” = ‘exefile’
    • HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “(Default)” = ‘”%1? %*’
    • HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CURRENT_USERSoftwareClassesexefile “(Default)” = ‘Application’
    • HKEY_CURRENT_USERSoftwareClassesexefile “Content Type” = ‘application/x-msdownload’
    • HKEY_CURRENT_USERSoftwareClasses.exe “Content Type” = ‘application/x-msdownload’
    • HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon “(Default)” = ‘%1?
    • HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1? %*’
    • HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “IsolatedCommand” – ‘”%1? %*’
    • HKEY_CLASSES_ROOT.exeDefaultIcon “(Default)” = ‘%1?
    • HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1? %*’
    • HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand “(Default)” = ‘”%1? %*’
    • HKEY_CLASSES_ROOT.exeshellopencommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CLASSES_ROOT.exeshellrunascommand “(Default)” = ‘”%1? %*’
    • HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe”‘
    • HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
    • HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “C:Program FilesInternet Exploreriexplore.exe”‘
    • HKEY_CLASSES_ROOTexefileshellrunascommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CLASSES_ROOTexefileshellopencommand “(Default)” = ‘”%UserProfile%Local SettingsApplication Data.exe” /START “%1? %*’
    • HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = ‘”%1? %*’
    • HKEY_CLASSES_ROOTexefile “Content Type” = ‘application/x-msdownload’
    • HKEY_CLASSES_ROOTexefileshellopencommand “IsolatedCommand” = ‘”%1? %*’
    • Remove all these fake entries from registry.
    • Click Start → Search → Type following file names, search and locate these files; then remove them one by one.
      • %AppData%Local[random].exe
      • %AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
      • %AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
      • %Temp%t3e0ilfioi3684m2nt3ps2b6lru
      • %AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
      • Once all these files are removed you are done!

P.S. This is an expert level activity and should be carried out by an expert technician.

Windows Security Center Fake Alert Removal Procedure

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>