Windows Passport Utility
Windows Passport Utility is another variant of the rogue program that was made commercially and distributed by malicious means. The sad part is, Windows Passport Utility virus can only be recognized by user as fake right after a program was paid and certain amount was already deducted on the credit card account. This rogue program will reveal itself as part of the Microsoft Security Essentials Alert, in fact this alert is also fake. It will detect an Unknown Win32/Trojan and Trojan.Horse.Win32.PAV.64.a. A prompt to scan the computer follows and recommend to download a copy of Windows Passport Utility. This version is actually an unregistered one. When completely installed on the computer, it will alter registry and system files that will make itself to run automatically when Windows is started.
Automatic scan provided by Windows Passport Utility produces false information regarding computer security status. In fact, it will declare several irregularities even though computer is in good working condition. This was called scare tactics. It has been employed by rogue developers to persuade victims into obtaining the paid version of the endorsed application. Watch out for this rogue. If presence is identified, immediately scan the system with legitimate anti-malware application as stated below.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows Passport Utility Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Passport Utility”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Passport Utility Virus.
4. Registry entries created by Windows Passport Utility must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Passport Utility start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Windows Passport Utility Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Technical Details and Additional Information:
This rogue program will display various alert messages in order to persuade users into purchasing the licensed version of the program. One of the alert it will post contains these messages:
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
Malicious Files Added by Windows Passport Utility:
%UserProfile%\Application Data\[random].exe
Windows Passport Utility Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1?
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Passport Utility payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Windows Passport Utility.