Windows Antivirus Rampart

What is Windows Antivirus Rampart?

Windows Antivirus Rampart is not a program to keep on the computer. Remove this deceitful application, because it is a clone of Windows Defence Counsel, Windows Guard Tools and other rogues. This rogue, as well as its predecessors, belongs to Rogue.VirusDoctor family, where all the members of the family are closely related because they have the same characteristics – they are created to deceive people, and Windows Antivirus Rampart is one of them.This malware bluffs users into believing that the system is a magnet for various infections, because annoying messages, which are difficult to get rid of, appear on the screen time after time. See how this headache might intimidate you:

Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.

Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.

Forget what these bogus notifications say. Also ignore the scans of the system and such imaginary threats as Server-Web, Trojan-Spy or Trojan-Malifinder. These names are rather generic and they do not mean anything. However, Windows Antivirus Rampart uses names of dangerous infections. For example, the names of Virus.Win32.Sality or P2P-Worm.Win32 might appear among the bogus infections. Do not worry; the infections presented do not exist in the system, and you should not struggle to remove them, because you might delete files with are relevant to the system.

Warning, this parasite will block your Internet connection. Click here for instructions how to renew your Internet access.

Additionally, the malware deliberately simulates malfunctioning of the system. Absence of the Internet connection is impossible not to notice. The connection is disabled in order to scare users into assuming that the reason of this impairment is the infections found on the computer. This malfunction is also very convenient for the rogue, because users cannot gather information on the removal of Windows Antivirus Rampart. Moreover, the malware hides Task Manager, and if users know the files of the rogue, a chance to check whether they are running in the system is lost. The removal of the rogue becomes even trickier, because it disables Registry Editor and certain executable files.

Nonetheless, computer security experts did a good deed and found the way to delete Windows Antivirus Rampart without paying money for the imaginary full version. Follow the instructions for the removal of Windows Antivirus Rampart provided below. 100% FREE spyware scan and
tested removal of Windows Antivirus Rampart*
testtesttesttesttest

Automatic Windows Antivirus Rampart Removal

If you want to get rid of the rogue at once, remove it automatically. You will need a legitimate antispyware application which will delete the rogue and protect the system against infection. The antispyware will not cause damage to the system, because only the malicious files will be removed. To delete the malware automatically, you have to restore the Internet connection first.

1) The Internet connection is restored after the activation of the rogue. Use this key to activate the malware: 0W000-000B0-00T00-E0020. Download and install SpyHunter onto the infected computer and launch so that it can detect and remove the infection.

2) If you do not want to download the antispyware onto the infected computer, use another machine to get the installation package. Transfer it on to your computer by using a removable drive. Install the software and launch it.

100% FREE spyware scan and
tested removal of Windows Antivirus Rampart*

Manual Windows Antivirus Rampart Removal

Manual removal of a rogue is not recommended for everyone, because it is a cumbersome operation, which has to be performed carefully. If you are inexperienced Windows users, it might be difficult to terminate the infection completely. However, you know best whether you are able to remove the malware on your own or not. In any case, we provide the instructions for the deletion of Windows Antivirus Rampart:

1) Stop the following processes:
%AppData%\Protector-[Random].exe
%AppData%\Protector-[Random].exe
2) Open Registry Editor. Find and delete the registry entries given:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "whecqycyiq"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-27_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe
HKEY_CURRENT_USER\Software\ASProtect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
_HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "yurrockari"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-29_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
3) Remove the files related to the malware:

%AppData%\result.db
%AppData%\1st$0l3th1s.cnf
%AppData%\result.db
%AppData%\NPSWF32.dll
%CommonStartMenu%\Programs\Windows Antivirus Rampart.lnk
%Desktop%\Windows Antivirus Rampart.lnk
Windows Antivirus Rampart.lnk
%AppData%\NPSWF32.dll
%AppData%\Protector-[Random].exe
%AppData%\Protector-[Random].exe
Disclaimer
Disclaimer
  1. nice post about this Scared Virus

Leave a Comment

Enter the numbers in the box to the right *