Windows Functionality Checker – Removal Guide

Posted by on February 22, 2012 Leave a comment (0) Go to comments

Windows Functionality Checker is replica of Windows Smart Warden with a different name.  This bogus software is from Rogue.VirusDoctor family and they have created at least 10 similar products with different names in the last few days. All their products have different names but similar malicious features. These products are created only for scamming unsuspecting consumers.  Lots of people buy fake products like Windows Functionality checker without a second thought but in good faith. Be informed that Windows Functionality Checker virus is a fake software and can’t help you with anything.

This security software uses misleading marketing tactics to fool consumers and motivates them to buy full version of rogue software. This software spreads via Trojans and blocks everything on your computer. Once you install this software unknowingly, It will close down everything and won’t let you run anything and ask you to pay for the software gain and again.  It will literally bug you and show fake pop-up alerts, warnings and other similar security warnings. You should ignore all these warnings as they are fabricated by this malware. This software is also called ransom ware as It literally forces you to purchase the software.

This software will show fake warnings like :

System Alert
Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Strong Malware Defender.

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.

Above security warnings are a part of Windows Functionality Checker’s misleading tactics. Now If you get worried and purchase full version of this bogus software, your money is gone and you won’t get anything in return. This is why we suggest that don’t pay attention to what this software says and remove it asap from your PC.  Here is a screenshot of Windows Functionality Checker doing fake scans (You can see more images below which we’ve captured in our malware research lab) :

How To Remove Windows Functionality Checker

You can get rid of Windows Functionality Checker virus easily with right removal steps. We’ve tested this infection on your computers and we’ve successfully removed this infection. Based on our research, we recommend these removal methods :

A) Automatic Removal

Automatic Removal method is the safest and surest way to remove rogue software without losing any data from your computer. You just need to use a genuine antimalware application and remove the infections with a single click.  Automatic removal is painless and guarantees complete removal of rogue software. Here is what you need to do :

1. Run Internet Explorer and download Process Explorer and save it as “explorer.exe” on your computer. Process Explorer is a free utility from Microsoft which will help you in closing Windows Functionality Checker forcefully.

2. After downloading, double click over “explorer.exe” and run it.  Now see the current processes list and right click with mouse over a process named “protector-.exe” and select “End Process Tree”. Click “Yes” on the next dialog box.  This command will terminate Windows Functionality Checker so that It can’t interfere with removal process.

3. Still you should not restart your computer! Now Download Spy Hunter and conduct a full scan of your computer to remove this infection completely from your computer. It will take less than 5 minutes.

This video shows how we removed Windows Functionality checker using Spy Hunter :

If you’re having hard time dealing with this rogue software, just follow the automatic removal method and you can remove this rogue software easily. Internet is no longer a safe place and If you’re still not serious about purchasing a genuine Spyware Remover, think again because new threats are emerging everyday and some threats won’t give you a second chance.

B) Manual Removal

Manual Removal is a difficult as well as risky way to remove Windows Functionality Checker virus. If you’re not a computer geek, you’ll not be able to remove the rogue software. At worst, you could damage your computer and worsen your problems even further. If you’re confident that you can conduct manual removal steps, please follow these steps :

1. Correct Startup Registry Entry of Rogue Software

Run Registry editor by clicking on Start—>Run, type “regedit” and click OK button. Now you need to remove this registry entries so that malware can’t load at startup. (Learn How To Edit Registry)

You need to correct some registry entries while remove others. Don’t mess up with registry editor If you are not sure how to do that.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

2. Remove Windows Functionality Checker files from your computer

After correcting the registry, please remove files associated with this rogue. Find these files and delete them. (Learn How To Search and Delete Files)

%appdata%\npswf32.dll
%appdata%\protector-[3 random letters].exe

Please note that manual removal method may not work for everything and If the virus has changed its way of working, these steps will no longer help you. If you’re unable to remove the rogue software manually, you can always opt for automatic removal method instead.

Be Sociable, Share!
Tutorials

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Web Analytics