Windows Web Commander virus hep – how to get rid manually

July 5, 2012 By

Windows Web Commander is another misleading software which is created to raise funds for hackers by selling useless security products online. This malware pretends to be a legitimate professional tool to help you protect your computer from internet threats. but infact “Windows Web Commander” is a rogue virus itself that makes some false promises and uses malicious tactics and tricks to convince you believe it.

There are several badware containing websites that use Trojans to install the Windows Web Commander virus into a computer which is security vulnerable. these domains that distribute malware are mostly hacked. Once your browser has accessed such sites, the malware will be downloaded to your computer without your permission. Most common source of these infections is online virus scanners. Once your computer is infected with Windows Web Commander help, it will make some configuration changes into your machine. It is commanded to block your access to windows Task manager, registry editing tool and it may also disable your current anti-spyware program. Soon after, you will see some irritating popups appearing in your screen frequently. These continuous popping up windows will alert you of virus threats. Windows Web Commander will display fake warning like it has found some dangerous malwares on your computer, it will also mention that it has blocked some hacker`s IP address for trying to access your system.
Fake alerts of Windows Web Commander may look like this one:
Warning
Firewall has blocked a program from accessing
the Internet
Windows XP USER API Clien: DLL
User32.dll
User32.dll is suspended to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC.

You can see in the message copied above that windowswebCommander offers the user to use its services, click the Prevent attack button and it will fix your PC Please remember, this tricky button is the hell, it will lead you to a page where you,ll be asked to pay the registration fee for full version of Windows WebCommander software to prevent attacks and remove viruses threats. You should not buy this nasty thing as it is fake. We recommend you to take an immediate action to remove this virus.

How to uninstall Windows Web Commander virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.
To prform manual removal steps, you may need to learn,
How to stop a process
How to delete registry entries

Stop Windows Web Commander processes:
Protector.exe

Disable Windows Web Commander DLL files:
npswf32.dll

Remove Windows Web Commander Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Delete Windows Web Commander files:
%AppData%\Protector.exe

Auto Removal

To remove this virus Automatically, We suggest following tools:


Malware Bytes Anti-Malware (Download)


HitMan Pro Anti-Malware (Download)


Filed Under: 1: Spyware Removal Tagged With: