1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer

Windows Salvage System

The Fake Microsoft Security Essentials is a very wide infection with many names and faces. Windows Salvage System is the newest addition to the nest of malicious rogues, which can do nothing else, but damage the computer system for good at the same time leaving the user absolutely penniless. Windows Salvage System can be caught through a Trojan infection, when the user clicks on a random infected link in the Internet. The Trojan gets downloaded automatically – the user is not even prompted about it.

Once the infection is in, a Fake Microsoft Security Essentials notification pops up on the screen, saying that the security program has detected an Unknown Win32/Trojan in the computer. It should be noted, that previous versions of this rogue (including Windows Rescue Center, Windows Necessary Firewall and many more) also use the same tactics to scare the user and make him download the rogue. That is why it is easy to recognize the malicious intention of the program if one has encountered the predecessors of this rogue before.

Windows Salvage System tries to make the user scan his computer to see if there are any other threats besides the “detected” Trojan. If the quick “scan” (which is fake) is performed, then Windows Salvage System declares that a certain system file is infected with Trojan.Horse.Win32.PAV.64.a. Also, previous versions of the rogue have used the very same name of the Trojan, along with the prompt which urges the user to install Windows Salvage System with this message:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

If the user presses “OK” Windows Salvage System is downloaded and certain changes in the system make sure that the rogue loads every time the user boots his computer. Once the operating system loads, Windows Salvage System window pops up and the program performs a fake system scan, “finding” numerous system errors. Then the user is urged to fix these errors by purchasing the full version of the program, but one should never do that, because then all of his important personal and banking information would be exposed to the cyber criminals behind Windows Salvage System.

Not to mention, that the rogue damages the computer system, while it tries to persuade the user to by this worthless product. The user should save himself the trouble and remove Windows Salvage System once and for all. It is recommended to invest in a good automatic malware removal program, which would do the job efficiently and would safeguard the system against future attacks.

Download Spyware Removal Tool to Remove* Windows Salvage System
  • Quick & tested solution for Windows Salvage System removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Salvage System

Files associated with infection (Windows Salvage System):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Salvage System):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Salvage System):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.