Wednesday, June 27, 2012

Windows Custom Management virus removal tutorial

Windows Custom Management is the fake anti-spyware app. It is not new one
,it merely changes its name almost every day. It is from FakeVimes rogue family. We been received numerous enquiries from our customers with the requests to help to remove this unwanted tool from their computers. We have made some researches on this matter and prepared easy and effective removal guide.


Windows Custom Management virus claims to be decent anti-malware scanner, which is able to remove all actual computer threats. The pest is generally installed to a system via Trojans, or when a user clicks unsafe links, watches videos or uploads music from occasional resources. Do not hit advertisements claiming to be some on-line anti-malware scanner. In case if Windows Custom Management is launched on the compromised machine, it will display various types of error notifications. If you click to launch some programs you wish, you will prevented from doing this. If you notice pop-ups “informing“ you that some insecure file is detected on your computer and your system requires scanning without postponing, do not take this i notice at its face value. The virus tries to deceive you in such way. If you click on the above-mentioned message, you will be asked to pay for the registered version first.We warn you not to buy this malware because it cannot bring anything good to your system.

If you run into this threat, do not panic. We will help you to cure your PC. If you have already effected the payment for this virus, contact your bank and dispute charges. GridinSoft Trojan Killer antimalware Lab has prepared up-to-date removal tips, actual for the modified version of FakeVimes rogue. Automatic and manual removal options are available for you.If you have any questions please do not hesitate to contact us at any time http://trojan-killer.net/support/

Files

In the process of the installation, Windows Custom Management copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

4. System registry

Windows Custom Management creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

Windows Custom Management malware remover:

malware removal tool

1 comment: