Monday, May 9, 2011

Remove Windows Oversight Center virus

Windows Oversight Center is a new fake security program from the same family of malware as Windows Passport Utility, Windows Simple Protector, Windows Background Protector, Windows Lowlevel Solution, Windows Support System, Windows Emergency System, Windows Efficiency Magnifier, etc. The program created to make troubles for a computer user and does not protect your machine in any way! Thus, never trust anything relate to Windows Oversight Center and remove the fake antivirus as soon as possible.

What Windows Oversight Center does

The program is promoted and distributed with the help of Microsoft Security Essentials Alert trojan. When the rogue is installed, it will register itself in the Windows registry to run automatically.

The program will perform a system scan and list a lot of trojans, viruses and other malicious programs. Of course, the scan and its results are a fake. The rogue uses the false scan results as method to trick you into purchase its full version. Thus you can simply ignore the scan results.

While Windows Oversight Center is running, it will display various misleading notifications and fake security alerts from Windows taskbar. Some of the alerts are:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.
Name: taskmgr.exe
Name: C:\WINDOWS\taskmgr.exe

However, all of these alerts and notifications is a fake and like false scan result should be ignored.

As you can see, Windows Oversight Center is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it! Instead, please use the instructions below to remove Windows Oversight Center from your computer for free.

How to remove Windows Oversight Center

1. Reboot your computer. When Windows is loaded, you will see a Windows Oversight Center screen  instead your Windows desktop. Click OK and wait while it`s scanning your computer. Once the scan is complete click "Fix Errors" button. Now you can close the rogue. Press ATL+F4 or "X" button at the top-right of Windows Oversight Center.

2. Click Start, type in search field
Press Enter.

3. It will open a contents of ProgramData folder (Application Data for WINDOWS XP). Next, open Microsoft folder. Now look for randomly named files, e.g lklklka.exe or lklklka, and rename them. Reboot your computer.

4. Download Malwarebytes Anti-malware (direct link, review and comments). Double click mbam-setup-[version].exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

5. Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

6. Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

7. Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Your system should now be free of the Windows Oversight Center. If the instructions does not help you, then ask for help in the Spyware removal forum.

Windows Oversight Center associated files


Windows Oversight Center associated registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell = “%AppData%\Microsoft\[random].exe”

No comments:

Post a Comment