1 of 3
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsExaminationUtility

Windows Examination Utility

It would seem as though the developers behind rogue antispyware application Windows Examination Utility has been hard at work. This rogue, which emanates from the same despicable family of rogues as Windows Necessary Firewall, Windows Custom Settings and Windows Risks Preventions, has no affiliation with Microsoft Windows and is neither endorsed nor distributed by Microsoft. The rogue forms part of the now well-known and highly despised fake Microsoft Security Essentials scam, and will cause severe harm and damage to any infected PC.

Download Spyware Removal Tool to Remove* Windows Examination Utility
  • Quick & tested solution for Windows Examination Utility removal.
  • 100% Free Scan for Windows

Windows Examination Utility makes use of Windows icons and paraphernalia in its graphical user interfaces. This is done in a further attempt to convince users of its authenticity and legitimacy. The first clue as to the suspect nature of this rogue comes from its forceful infiltration of the system. The user does not allow or acknowledge Windows Examination Utility’s infiltration of the PC, and that alone should alert the PC owner to the rogue’s malicious intentions. Windows Examination Utility will use any tactic at its disposal to facilitate its infiltration of the PC, even using seditious browser hijackers which will forcefully redirect users’ browsing and search sessions to their compromised landing pages. If the user is not adequately protect, drive-by downloads will install the Windows Examination Utility infection into the PC. Other methods of infection include bogus online malware scanners, and infected online flash ads.

Once Windows Examination Utility manages to successfully root itself in the system, it will proceed to launch unwarranted fake system scans, which will warn the user of fake threats such as Unknown Win32/Trojan and Trojan.Horse.Win32.PAV.64.a. It will edit registry entries so that the rogue will launch each time the user logs on to Windows.

Because of its stealth infiltration of the system, the user will remain largely unaware of the rogue’s presence on the system. This will make it that much more difficult for the user to detect and remove Windows Examination Utility without the help of a genuine security tool. As a first line of attack against the system, Windows Examination Utility will spam the user with incessant fake security pop up messages. Some of the most popular to be on the lookout for include:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Of course none of these false alerts should be taken seriously, as it all forms part of Windows Examination Utility’s attack against the PC. Other reported symptoms associated with this rogue include users being unable to connect to the Internet, and not being able to launch any type of application on the system. These and other distressing symptoms are used to scare users into ultimately paying for the rubbish fake security software.

Restore your PC’s security and safety and get rid of Windows Examination Utility immediately. This will limit the damage the rogue will be able to cause your PC, and will protect against the devastating effects of the rogue. Do this by investing in a genuine security tool which will not only erase Windows Examination Utility but also protect against similar future attacks.

Download Spyware Removal Tool to Remove* Windows Examination Utility
  • Quick & tested solution for Windows Examination Utility removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Examination Utility

Files associated with infection (Windows Examination Utility):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Examination Utility):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Examination Utility):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.