1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsActivityInspector

Windows Activity Inspector

There are many legitimate security applications on the market, but there are also equally many fake and malicious applications out to rip consumers off, like Windows Activity Inspector, the latest addition to the Fake Microsoft Security Essentials scam. This rogue also emanates from a long line of rogue security tools, including despised applications Windows Tweaking Utility and Windows Tasks Optimizer. As with its predecessors, Windows Activity Inspector uses surreptitious tactics to gain entry into vulnerable and susceptible PCs, and will remain undetected until it is ready to start its attack against the system.

Using popular forms of infection, including seditious browser hijackers and obviously fake online malware scanners to root its infection into PCs, Windows Activity Inspector will not hesitate to exploit any browser or system susceptibility to gain access to a computer.

Download Spyware Removal Tool to Remove* Windows Activity Inspector
  • Quick & tested solution for Windows Activity Inspector removal.
  • 100% Free Scan for Windows

Once Windows Activity Inspector securely roots itself in the system, it will edit registry entries to allow it to launch each time Windows starts up, and will start its attack against the PC. This will be heralded by the application initiating an unwarranted fake security scan of the system. This bogus scan will yield many fake results, including warning the user about fake threats such as Backdoor.Win32.Rbot and Unknown Win32/Trojan. Windows Activity Inspector will certainly not stop there, and will continue to harass its victim until it eventually succeeds in fleecing him out of his money.

As a further attack on the system, Windows Activity Inspector will spam the user with various fake security alerts. These falsely generated security messages are not to be trusted, as they are completely without basis and randomly generated. Some of the most popular fake alerts to be on the lookout for include the following:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

The truth is that Windows Activity Inspector is nothing more than a malicious infection, without the ability to detect or remove any type of threat from the system. It will never live up to any of its over embellished promises, and users will be much better off to simply delete Windows Activity Inspector from their systems the moment it is discovered.

This can easily and safely be achieved by using the removal power of a genuine security tool which will not only erase Windows Activity Inspector but also protect against similar future attacks.

Download Spyware Removal Tool to Remove* Windows Activity Inspector
  • Quick & tested solution for Windows Activity Inspector removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Activity Inspector

Files associated with infection (Windows Activity Inspector):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Activity Inspector):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Activity Inspector):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Comments

  1. TOM May 17, 2011

    This is a stupid antivirus i hate it..the given steps helped me to solve the

  2. James May 17, 2011

    Great information, thanks for providing such useful informative blog. After following all instruction, I have successfully removed virus from my computer system.

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.