Windows Accidents Prevention
You should not trust the program Windows Accidents Prevention. This is a virus that hides in a well-designed Graphical User Interface (GUI). It will also pretend as a real security program.
Windows Accidents Prevention is a counterfeit security application that will be introduce by a fake Microsoft Security Essentials Alert. Commonly, fake online virus scanner web will present this fake alert when user pays a visit to corrupt web sites. It will disguise as a local Windows alert and state that there are Trojan infections on the computer. Next, it will advice to remove the infection by downloading a trial version of Windows Accidents Prevention. This method will require user to download and install a copy of the rogue program manually. Another technique is via drive-by-download method, which does not require user’s intervention for this fake antivirus to get installed on victim’s computer. Trojan that will exploit system vulnerabilities are used to execute this kind of method.
Once Windows Accidents Prevention is installed on the PC, it will alter system settings and create an entry on the Windows registry. This action will allow the potentially unwanted program to run on start-up. When loaded, Windows Accidents Prevention may prevent execution of any installed software and declare that it is infected with a virus. Installed anti-virus software will be disabled and Internet browser is destined to get redirected to other malicious web sites. It is necessary to remove Windows Accidents Prevention as soon as it gets inside the computer. Follow the procedure on this page to get rid of this harmful program.
Screenshot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows Accidents Prevention Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Accidents Prevention”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Accidents Prevention Virus.
4. Registry entries created by Windows Accidents Prevention must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Accidents Prevention start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Windows Accidents Prevention Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Malicious Files Added by Windows Accidents Prevention:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?
Windows Accidents Prevention Registry Entries:
%UserProfile%\Application Data\Microsoft\[random].exe
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Accidents Prevention payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Windows Accidents Prevention.