Windows Activity Inspector

Updated: May 23, 2012 Rogue 0 Comment

You need to remove Windows Activity Inspector once you see its presence on the computer. This software is rogue and can do severe harm once it resides on the PC.

Windows Activity Inspector is a fake software for Windows that will disguise itself as a hard drive utility. It provides fake scan results about computer safety, network security, data protection and system performance. All of the findings you may see on those reports are fake. Usually, rogue programs like Windows Activity Inspector will attempt to persuade users into purchasing the registered version by showing up false alert and warning messages. It will aim to set the mind of the victim about errors on the system and push them to visit the online payment-processing web site to pay for the full version of Windows Activity Inspector.

Since Windows Activity Inspector falls under the category of rogue program, it must not stay on the computer for long. It belongs to a large family of counterfeit software where Windows Attention Utility and Windows Supervision Center also emerged. There are already a number of variants from this clan, which shares one interface. They are also using same Trojan to reach its victims.

Immediately get rid of this fake product by downloading real anti-malware program. Run a thorough scan on the infected PC. It is best to run another scan while the computer is running in safe mode to make sure that you will remove all related files and process.

Screenshot Image:

Fake Antivirus

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Windows Activity Inspector Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Activity Inspector”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Activity Inspector Virus.
4. Registry entries created by Windows Activity Inspector must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Activity Inspector start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Windows Activity Inspector Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

If Windows Activity Inspector is installed, it will begin to display fake alerts as an scare tactics to mislead victims:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.

Malicious Files Added by Windows Activity Inspector:
%UserProfile%\Application Data\Microsoft\.exe

Windows Activity Inspector Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
…and a lot more similar entries.

Alternative Removal Method for Windows Activity Inspector

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows Activity Inspector enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows Activity Inspector infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.