Windows Rescue Center
If you are infected with Windows Rescue Center, follow the guide on this page to remove this malware. You don’t have to buy the fake program as what it tells you to do.
Windows Rescue Center is a rogue software that mimics other programs from the same clan. Internet is the primary means to spread this malware to computers worldwide. Initially, fake Microsoft Security Essentials Alert will introduce Windows Rescue Center as the key software to remove Trojans and viruses on your computer. Users may encounter the said alert when they visit a malicious web page disguising as online virus scanner. It will scan the computer and produce false results that may lead to convince visitors to download a trial version of Windows Rescue Center.
Once Windows Rescue Center is installed on victim’s PC, it will modify settings, which will allow itself to load when Windows starts. User may also suffer from a barrage of fake alerts and warning messages. It attempts to deceive users about the present security condition of the computer. Very timely, it will show an advice to purchase the registered version of Windows Rescue Center in order to fix computer problems. With rogue software such as this, never expect that it will remove viruses neither protect a computer from virus attack. Rogue programs are developed only to scam victims and earn money from this fraudulent online activities. Remove Windows Rescue Center virus as soon as it is spotted on the computer. Follow the removal procedure below to get rid of this malware.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows Rescue Center Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Rescue Center”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Rescue Center Virus.
4. Registry entries created by Windows Rescue Center must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Rescue Center start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Windows Rescue Center Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.
Technical Details and Additional Information:
If Windows Rescue Center is installed, it will begin to display fake alerts as an scare tactics to mislead victims:
System Security Warning
Attempt to modify register key is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
Malicious Files Added by Windows Rescue Center:
%UserProfile%\Application Data\Microsoft\[random].exe
Windows Rescue Center Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
myboonx
Jun 04, 2011 @ 12:11:41
Very easy and quick…thank you so much, I was about to go to Best Buy and have them fix it. Saved the money.
myboonx
Jun 04, 2011 @ 13:24:04
This works great..!!!! Thank you very much. I’ll recommend it to every body.