Thursday 20 January 2011

How to Remove Windows Security & Control (Uninstall Guide)

Windows Security & Control is a rogue application that runs its "scan" and then reports false system security threats or tells other lies about your computer. All the viruses and errors it reports are bogus. This rogue program provides no security, generates erroneous alerts and attempts to trick users into buying the product. Windows Security & Control is promoted through the use of Trojans. In this case, Trojan virus impersonates Microsoft Security Essentials software. It displays fake security warning saying that your computer is infected with unknown virus and then it prompts you to install Windows Security & Control to remove the virus. Very often scammers promote such bogus applications on social networks and send huge amount of spam emails. It has been said many times before but it bears repeating: do not click on suspicious links, even if you know the person who is sending them. If you got hit with this rogue program, please follow the removal instructions below to remove Windows Security & Control and related malware from your computer.



Windows Security & Control is a re-branded version of Windows Optimization & Security, Windows System Optimizator and Windows Optimization Center. As you can see, the same rogue program comes in several different names. Its graphical user interface is pretty much unique and doesn't change very often so if you'll end up with something similar please beware that it can be a fake application.

Fake Microsoft Security Essentials Alert:



Then you will see another one, saying that you need to install some sort of software to check your files:



If you click OK, installation process will begin. You will be prompted to restart your computer to finish the installation.



After restart, fake Windows Security & Control scanner will show up. It will hide your icons and task bar. Just click OK to allow it to run its fake scan. After the fake scan, it will report numerous system and registry errors and viruses. Click OK and then click on the X at the top right of the Windows Security & Control to close the program. Once you close the program, your Windows Desktop will load normally.



Windows Security & Control will block other programs on your computer. In order to disable the rogue program you can rename its main executable or download Process Explorer and end its process. Malware resides in Application Data folder. Full path to this folder is outlined in the removal guide below.

Windows Security & Control will also display fake security alerts. Here's an example of the fake notification you may see if you somehow ended up with this scareware:


Attention
Suspicious software activity is detected.
Please start system files scanning for details.
Windows Security & Control purchase page:


If you find that your computer is infected with Windows Security & Control, please do not purchase it. Instead, follow the removal instructions below to remove this rogue program from your computer. Usually, it comes bundled with other malware, that's why we strongly recommend you to scan your computer with anti-malware software. You will find a list of free and safe malware removal tools below. If you have any questions, please leave a comment. Good luck and be safe online!


Windows Security & Control removal instructions:

1. Rename the main executable of Windows Security & Control malware:

In Windows XP:
C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS].exe

In Windows Vista/7:
C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS].exe

Here's an example in Windows XP:


In our case, the file was pqespp. Look for similar file and rename it to malware. Then restart your computer. This should disable Windows Security & Control. After reboot, please continue with the rest of the removal process. NOTE: By default, Application Data folder is hidden. If you can find it, please read Show Hidden Files and Folders in Windows.

3. Download shell-fix.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Alternate Windows Security & Control removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Windows Security & Control associated files and registry values:

Files:

In Windows XP:
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS].exe
In Windows Vista/7:
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\[SET OF RANDOM CHARACTERS]"
Share this information with other people:

No comments:

Post a Comment