1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Connects to the internet without permission
  • Shows commercial adverts
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsAvertingSystem

Windows Averting System

The creators of Windows Averting System are very persistent in achieving their goals, because this rogue antispyware is another addition to the big nest of rogues, which have been popping out of nowhere recently. The previous versions of this rogue include Windows Precautions Center, Windows Troubles Solver, Windows Necessary Firewall and many more. The fact that their interfaces look exactly the same also means that the things they do to your computer are exactly the same.

The first thing which the user should understand is that Windows Averting System is NOT an antivirus program. It does not matter that it looks like one. Pretending to be a legitimate program is one of Windows Averting System’s ways to attain its aims. The main goal of this rogue is to extort important personal and banking information from you, so that its creators could make easy money. Also, this rogue is not exactly capable of stealing the money unless the user allows this himself, because the first symptom of the infection is the alert message saying that you have been infected with Unknown Win32/Trojan. The full message is as follows:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Afterwards the program prompts you to perform the scan of the computer, and naturally, the rogue finds the Trojan detected before, at the same time urging the user to install Windows Averting System, which would take care of the infection. If the user presses “OK”, the infection connects to the internet, downloads and installs Windows Averting System, and then restarts the computer.

When the computer loads again the user is presented with Windows Averting System interface, and the program once again runs the fake system scan, finding over 17 viruses, 27 system errors, and more than 100 registry errors. Windows Averting System offers to update the software if user wants to fully cleanup the system. For that the user is required to buy the full version of the program, in order to get the serial number. And this is where we get the main objective of the rogue, because on the purchase page the user fills in the blanks with his personal and banking information. As a result his credit card number and other vital data is revealed to the third parties, and they can use it while performing illegal operations, putting the blame on the user only.

If one wants to avoid this, one must remove Windows Averting System before this rogue hindered the computer processes too much. The automatic removal is recommended, because it is efficient and easier than the manual one, but whatever the user chooses, the most important thing is to clean the computer off Windows Averting System immediately.

Download Spyware Removal Tool to Remove* Windows Averting System
  • Quick & tested solution for Windows Averting System removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Averting System

Files associated with Windows Averting System infection:

uddtpv.exe
%AppData%\Microsoft\[random].exe
uddtpv.exe

Windows Averting System processes to kill:

%AppData%\Microsoft\[random].exe
uddtpv.exe
uddtpv.exe

Remove Windows Averting System registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.