Windows Remedy is a fake antivirus tool from the same family of malware as Windows Troubles Remover, Windows Debug System, Windows Express Settings, Windows AV Software, Windows User Satellite, Windows Optimal Settings, etc. The rogue similarly to other malware, may enter onto your computer with the help of Microsoft Security Essentials Alert trojan. Remember, this software really look realistic and you might even think that WindowsRemedy is related to Microsoft Windows, but you should never trust this fake antivirus! Windows Remedy is designed to look legitimate, but it is neither able to detect, nor to remove any infections from the PC. The program is a total scam!
On first start, Windows Remedy malware creates an entry named Shell in the HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon key of Windows registry, thus creating a possibility to start automatically every time you start Windows. Then, the malicious software will reboot your PC.
Once computer is loaded, you will see a Windows Remedy screen instead of your Windows desktop. It will suggest to perform a scan of your computer. During the scan the fake antivirus will detect numerous false infections. Once the scan is done, WindowsRemedy will say that was able to clean the majority of infected files, but was not able to cure a few important Windows files and prompt you to purchase its full version to clean them. Of course, the results of the scan as well as the scan process is a fake, so you can freely ignore all that this malicious program gives you.
To further scare the user, Windows Remedy will block the Windows Task Manager and legitimate Windows application from running. Moreover, while this malware is running, it will display also a lot of various fake security alerts and warnings. Some of the fake alerts are:
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
It hopes to force you to believe that your computer is infected. Of course, all of the security alerts are a fake and like false scan results should be ignored.
From the above, obviously, Windows Remedy is a dangerous program, whose presence on your computer is absolutely undesirable. You need as quickly as possible to remove this fake antivirus. To do this, use the instructions below to help you remove Windows Remedy and trojans that can infiltrate your computer with this malware.
Automatic removal instructions for Windows Remedy malware
1. When Windows is loaded and you see a WindowsRemedy screen, Click OK button. Once a fake scan is done, click “OK, Open the license manager” button. Now you can close the rogue by clicking to “X” button at the top-right of Windows Remedy. After that your desktop will be available.
a) For Windows XP/2000 users
Click Start, Run. Type in Open field the text below:
Press Enter. It will open a contents of “Application Data” folder.
b) For Windows Vista/7 users
Click Start, type in Search field the text below:
Press Enter. It will open a contents of “Roaming” folder.
3. Open Microsoft folder. Locate randomly named files (e.g. seqsodt.exe, seqsodt) and rename them.
4. Reboot your computer.
6. Perform a full scan. The scan may take some time to finish,so please be patient.
7. Remove what it found and reboot your computer.
If you need a help with the instructions, ask a question in the Spyware removal forum.
Associated Windows Remedy files and registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[RANDOM CHARACTERS].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.