June 11, 2011

Windows Work Checker.

Windows Work Checker is a fake antivirus from the multi-name rogue family claiming to be an upgrade to Microsoft Security Essentials.
 Typically, one gets infected after downloading an executable presented as video file, some sort of free codecs or by fake antivirus scan pages on infected websites. Typically, prior seeing main Windows Work Checker window, one sees a window mimicking Microsoft’s Security Essential – a legitimate antivirus. It claims that an unknown Win32/Trojan is detected and that one needs to find a better program to identify it and remove.

Once user clicks on such message, the fake scanner will pretend to search for solution, and then suggest to install one of multi-named rogue skins like Windows Work Checker (they change daily).
Windows Work Checker will detect infections in completely harmless files. It will claim that your system is heavily infected, and will not allow uninstall it (no real antiviruses do that). Windows Work Checker will alert about various attacks to ones PC, even if the PC is disconnected from internet. It will try to disable and stop legitimate programs from launching, to prevent from removal. This fake antivirus will refuse to remove threats or even close its window without being paid. Thus it is very annoying.

Windows Work Checker was created to trick you into thinking that your computer has all sorts of malware so that you then purchase it. The reality is that Windows Work Checker is a scam. If you have already purchased the program, then you should contact your credit card company and dispute the charges.
Kill malicious Processes from Task Manager: 
  • <random>.exe
 Location of the infection:
  1. %UserProfile%\AppData\Microsoft\[random].exe
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Windows Work Checker, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



Twitter Delicious Facebook Digg Stumbleupon Favorites More