1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Windows Easy Supervisor

Despite the best efforts of the online security industry to secure the opposite, many PC owners continue to fall victim to rubbish rogue security applications like Windows Easy Supervisor. This rogue antispyware application in particular derives from a long line of rogue security applications such as the highly despised Windows Trouble Solver, Windows Protection Servant and Windows Attention Utility. It also forms part of the well-known fake Microsoft Security Essentials scam, and will stop at nothing to fleece its victims out of their hard earned money.

Download Spyware Removal Tool to Remove* Windows Easy Supervisor
  • Quick & tested solution for Windows Easy Supervisor removal.
  • 100% Free Scan for Windows

Windows Easy Supervisor makes use of established forms of infection, which includes using bogus online malware scanners and seditious browser hijacking websites. Other methods used as part of its online marketing campaign include the rogue using infected online flash ads to infiltrate and root its infection into its victims’ PCs.

Once the rogue roots itself in the system securely, it will start its attack against the PC. This will happen by Windows Easy Supervisor initiating a fake system scan which will invariably lead to false positives of dire threats on the PC. These fake scan results should not be trusted as it only forms part of Windows Easy Supervisor’s attack on the system in an effort to panic the user into paying for bogus and worthless software.

As a further attack, Windows Easy Supervisor will prevent the user from connecting to the Internet, and cause severe erratic system behavior. It will also not allow the user to launch applications on the infected PC, and will cause the extremely poor system performance. This is done in an effort to prevent the user from running or downloading an application which may be able to get rid of Windows Easy Supervisor. It will also spam the user with various fake security alerts in the form of annoying pop up messages. Some of the more popular pop up messages read as follows:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

When all is said and done you will need to destroy Windows Easy Supervisor in order to regain control of your PC. This is safest achieved by using a properly functioning security tool which will not only erase Windows Easy Supervisor but also adequately protect your PC against similar attacks in future.

Download Spyware Removal Tool to Remove* Windows Easy Supervisor
  • Quick & tested solution for Windows Easy Supervisor removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Easy Supervisor

Files associated with infection (Windows Easy Supervisor):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Easy Supervisor):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Easy Supervisor):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.