Windows Work Checker is a fake antivirus from the multi-name rogue family claiming to be an upgrade to Microsoft Security Essentials.
Typically, one gets infected after downloading an executable presented as video file, some sort of free codecs or by fake antivirus scan pages on infected websites. Typically, prior seeing main Windows Work Checker window, one sees a window mimicking Microsoft’s Security Essential – a legitimate antivirus. It claims that an unknown Win32/Trojan is detected and that one needs to find a better program to identify it and remove.Once user clicks on such message, the fake scanner will pretend to search for solution, and then suggest to install one of multi-named rogue skins like Windows Work Checker (they change daily).
Windows Work Checker will detect infections in completely harmless files. It will claim that your system is heavily infected, and will not allow uninstall it (no real antiviruses do that). Windows Work Checker will alert about various attacks to ones PC, even if the PC is disconnected from internet. It will try to disable and stop legitimate programs from launching, to prevent from removal. This fake antivirus will refuse to remove threats or even close its window without being paid. Thus it is very annoying.
Windows Work Checker will detect infections in completely harmless files. It will claim that your system is heavily infected, and will not allow uninstall it (no real antiviruses do that). Windows Work Checker will alert about various attacks to ones PC, even if the PC is disconnected from internet. It will try to disable and stop legitimate programs from launching, to prevent from removal. This fake antivirus will refuse to remove threats or even close its window without being paid. Thus it is very annoying.
Removal:
Kill malicious Processes from Task Manager:
- <random>.exe
Location of the infection:
- %UserProfile%\AppData\Microsoft\[random].exe
Registry Entries to be removed. (Take a backup of registry, before editing it)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Windows Work Checker, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend malware and spyware removal applications.
After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.
0 comments:
Post a Comment