This rogue is from the same family as Privacy Corrector.
Windows Optimization Center malware installs itself on the computer with the help of trojan downloader that impersonates Microsoft Security Essentials alert. Once installed, the trojan display a fake warning and states that your computer is infected with unknown trojan.
Then it displays another fake alert and prompts to install malware tool and restart your computer.
After reboot, you will see Windows Optimization Center installation wizard.
And finally, the fake Windows Optimization Center scanner will show up. As a typical rip-off rogue program, it displays fake security warnings and notifications. The fake program blocks other programs on the computer. You will lose around $80 if you choose to purchase this bogus programs. What is more, you will give your credit card details to scammers. If you were scammed by this scareware then please contact your credit card provider and dispute the charges. You can remove Windows Optimization Center manually but we recommend you to use anti-malware software because this virus may come bundled with rootkits and other malware. For more information, please follow Windows Optimization Center removal steps below. And, of course, if you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!
Windows Optimization Center removal instructions:
1. Click Start → Run (or WinKey+R).
2. Type in: cmd and click OK. Command prompt window will show up.
3. Type in: taskkill /f /im protect.exe and click Enter. This will stop Windows Optimization Center.
4. Download shell-fix.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry.
5. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
6. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Windows Optimization Center removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Windows Optimization Center associated files and registry values:
Files:
- %UserProfile%\Application Data\protect.exe
- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Optimization Center\
- C:\WINDOWS\Tasks\At1.job
C:\Documents and Settings\ for Windows XP,
C:\Users\ for Windows Vista and Windows 7
Registry values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\protect.exe"
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system EnableLUA = 0x00000000 ConsentPromptBehaviorAuto Info = 0x00000000 ConsentPromptBehaviorUser = 0x00000000
No comments:
Post a Comment