Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Debugging Agent

For every legitimate security tool available online there are probably a dozen fake security tools like Windows Debugging Agent out to fleece honest consumers out of their money. This rogue antispyware was designed only to emulate the real workings of a genuine security tool, and never to protect PCs from any type of threat or infection. Through its sophisticated design and genuine looking graphical user interfaces, Windows Debugging Agent can trick inexperienced users into believing it is a real security tool and scam them out of their money.

What is worse, Windows Debugging Agent forms part of the notorious fake Microsoft Security Essentials scam, and emanates from a long line of rogue security applications including Windows Firewall Unit and Windows Process Inspector, among many others. It enters the system surreptitiously and will remain hidden in the system until the rogue is ready to start its attack against the system. Windows Debugging Agent uses browser hijacking websites and bogus online malware scanners to root its infection into the PC, among other infection methods.

Once Windows Debugging Agent is securely rooted in the system it will reveal its presence to the user by initiating a fake system scan which will invariably yield fake positives on the system of harmful threats, such as Unknown Win32/Trojan and : Backdoor.Win32.Rbot. These scan results are fake, and should receive no attention. As a further attack, Windows Debugging Agent will spam the user with various fake security alerts in the form of pop up messages. Some of the more popular fake alerts used by Windows Debugging Agent read as follows:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Users infected with Windows Debugging Agent reported on other distressing symptoms as well, namely the inability to launch any type of executable on the infected PC, as well as blocked Internet connections. Others reported on extremely poor system performance and increased erratic system behavior.

In order to regain full control of the infected PC and limit the damage this rogue will be able to cause you need to destroy Windows Debugging Agent straight away. This can best be achieved by using a proper functional security tool which will also protect the system against future attacks.

Download Spyware Removal Tool to Remove* Windows Debugging Agent
  • Quick & tested solution for Windows Debugging Agent removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Debugging Agent

Files associated with infection (Windows Debugging Agent):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Debugging Agent):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Debugging Agent):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.