Windows Security & Control is a re-branded version of Windows Optimization & Security, Windows System Optimizator and Windows Optimization Center. As you can see, the same rogue program comes in several different names. Its graphical user interface is pretty much unique and doesn't change very often so if you'll end up with something similar please beware that it can be a fake application.
Fake Microsoft Security Essentials Alert:
Then you will see another one, saying that you need to install some sort of software to check your files:
If you click OK, installation process will begin. You will be prompted to restart your computer to finish the installation.
After restart, fake Windows Security & Control scanner will show up. It will hide your icons and task bar. Just click OK to allow it to run its fake scan. After the fake scan, it will report numerous system and registry errors and viruses. Click OK and then click on the X at the top right of the Windows Security & Control to close the program. Once you close the program, your Windows Desktop will load normally.
Windows Security & Control will block other programs on your computer. In order to disable the rogue program you can rename its main executable or download Process Explorer and end its process. Malware resides in Application Data folder. Full path to this folder is outlined in the removal guide below.
Windows Security & Control will also display fake security alerts. Here's an example of the fake notification you may see if you somehow ended up with this scareware:
AttentionWindows Security & Control purchase page:
Suspicious software activity is detected.
Please start system files scanning for details.
If you find that your computer is infected with Windows Security & Control, please do not purchase it. Instead, follow the removal instructions below to remove this rogue program from your computer. Usually, it comes bundled with other malware, that's why we strongly recommend you to scan your computer with anti-malware software. You will find a list of free and safe malware removal tools below. If you have any questions, please leave a comment. Good luck and be safe online!
Windows Security & Control removal instructions:
1. Rename the main executable of Windows Security & Control malware:
In Windows XP:
C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS].exe
In Windows Vista/7:
C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS].exe
Here's an example in Windows XP:
In our case, the file was pqespp. Look for similar file and rename it to malware. Then restart your computer. This should disable Windows Security & Control. After reboot, please continue with the rest of the removal process. NOTE: By default, Application Data folder is hidden. If you can find it, please read Show Hidden Files and Folders in Windows.
3. Download shell-fix.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.
Alternate Windows Security & Control removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.
Windows Security & Control associated files and registry values:
Files:
In Windows XP:
- C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS].exe
- C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\[SET OF RANDOM CHARACTERS]"
No comments:
Post a Comment