How to Remove Windows Malware Sleuth Completely and Safely? (Rogue Program Removal)

Does Windows Malware Sleuth display a lot of warnings on your computer? Wondering if the program is legitimate? Read this post and you will learn what Windows Malware Sleuth is and how to get rid of it.

Information about Windows Malware Sleuth

Windows Malware Sleuth is classified as a rogue anti-spyware application which cannot protect computers from various infections. It has the ability to silently sneak into your computer system through exploiting its built-in Trojan which can help obtain the access to system authentication barriers. After the installation is completed on your computer, the undesirable malware immediately makes a free-of-charge scan for the system and shows you a list of bogus system scan reports and fake security warning pop-ups to convince you to pay for its licensed version. Even if it succeeds to swindle money out of you, it will never stop generating counterfeit system scan results and notifications on your poorly secured system.

Screenshot of the rogueware:

pic
The rogue program can run automatically when your Windows starts because it adds some registry entries to the system during installation. It not only shows you numerous fake security alerts, but also blocks some legitimate programs. Some programs installed on your PC cannot work properly because the rogue program stop them from running and often pop up some warnings. For instance, if you want to start the web browser to search for some security tools, the following messages will be displayed by the fake antivirus program:
“Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.”

Step- by- step instructions to remove Windows Malware Sleuth:

Step One: Reboot PC with Safe Mode with Networking.
1. Click Start, and then click Turn Off Computer.

start-b

2. Click Restart, and then click OK.

restart

3. As soon as the PC is restarted, press and hold the F8 key.

f8-k
4. Select Safe Mode with Networking.

safe-mode-with-networkking1

5. Press Enter to confirm the selection.

Step Two: Disable running processes of Windows Malware Sleuth from Windows Task Manager.
1. Press Ctrl + Alt + Delete to open Task Manager.

c-a-d
2. Click Processes tab.

3. Find out the process associated with the rogue program and select End Process option.

end-process
4. Click Yes when the Task Manager warning pops up.

t-m-w

Step Three: Remove related registry components.
1. Click Start, and then go to Run, and type REGEDIT. Click OK to enable Registry Editor.

start-regedit
2. Search for the registry entries below and delete them.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = 2012-3-4_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “wbukxhryfk”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe
… and many more Image File Execution Options entries.

Step Four: Show hidden files of the rogue spyware and delete them.
Run My Computer tab on Windows Desktop. Click Open. From Tools menu, go to Folder Options.
Click View, from Hidden files and folders, check show hidden files and folders option and uncheck Hide protected operating system files (Recommended). Click OK to confirm the modification.

f-o
Then find the following files and remove them.
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Malware Sleuth.lnk
%Desktop%\Windows Malware Sleuth.lnk

Automatic removal of Windows Malware Sleuth:

It is not recommended to remove Windows Malware Sleuth manually for the tasks are so complicated for computer novice to perform. If you don’t have enough computer expertise to handle with the associated program files, related registry files and executable files, please use a professional third-party tool like Mighty Uninstaller to help delete the malware. Since any problems during the manual removal can easily lead to extremely undesired system, you’d better use a reputable removal tool to delete the rogue program rather do it manually. Otherwise, problems like undesirable system pop-ups, software instability, unexpected Blue Screen of Death pops- up, sharp reduction of system performance and legal firewall download and install failure may show up. To remove Windows Malware Sleuth safely within minutes, you are highly suggested to follow the simple steps below to fix the problem.
Step1: Download and install Mighty Uninstaller.
Step2. Click Software Uninstall and search for the fake antivirus program.
Step3. Click Delete or Uninstall after highlighting the rogue program.
Step4. Exit the tool after the malware is removed.

Share

Comment is closed.