1 of 4
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsProtectionServant

Windows Protection Servant

With rogue security applications becoming more and more prevalent, and continually more sophisticated, even experienced users are finding it difficult to distinguish between genuine and bogus security tools, as in the case of Windows Protection Servant. This rogue antispyware application is the latest addition to the Fake Microsoft Security Essentials scam, and derives from the same family of rogues as Windows Activity Inspector.

It enters the system with the help of seditious browser hijacking websites, as well as through other methods such as rubbish online malware scanners. Because its infiltration is done so clandestinely, users will find it difficult to identify and remove Windows Protection Servant in time. In fact, the first clue the user will have as to the presence of Windows Protection Servant on the system will appear as it starts its attack against the PC.

This will happen by Windows Protection Servant initiating a fake security scan of the system, and will report on various false security threats supposedly crippling the system. These reports are all fake, and should not be trusted. Windows Protection Servant will use the names of genuine threats in order to further confuse its victims. Some of the threats reported on include the well-known Unknown Win32/Trojan and Backdoor.Win32.Rbot. Users are warned never to believe any correspondence received from Windows Protection Servant.

As a further attack on the system, the rogue will plague the user with other annoying symptoms in an effort to force him to pay for its worthless products. These symptoms include harassing pop up messages acting as fake security notifications, blocked Internet connections, the inability to launch any files and programs as well as poor system performance. Some of the most popular fake alerts generated by Windows Protection Servant reads as follows:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Protect your system against infection by continually keeping your firewall activated, and by always updating your security software with the latest definitions. If you fear infection, destroy Windows Protection Servant immediately in order to limit the damage this rogue will cause to your PC.

Download Spyware Removal Tool to Remove* Windows Protection Servant
  • Quick & tested solution for Windows Protection Servant removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Protection Servant

Files associated with infection (Windows Protection Servant):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Protection Servant):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Protection Servant):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.