1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Changes background
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsProtectionAlarm

Windows Protection Alarm

There is a new rogue antispyware program called Windows Protection Alarm. It is a direct clone of other similar rogues, such as Windows Troubles Solver, Windows Necessary Firewall, Windows Efficiency Analyzer and many more. It comes from the big cluster of rogues which belong to the Fake Microsoft Security Essentials scam. Windows Protection Alarm pretends to be reliable security application in order to rip the unsuspecting users off, and if you are not careful about what you click on the Internet, you might be next.

Download Spyware Removal Tool to Remove* Windows Protection Alarm
  • Quick & tested solution for Windows Protection Alarm removal.
  • 100% Free Scan for Windows

The reason why you should be careful about what you click on the Internet is that Windows Protection Alarm can be delivered via hijacked links and websites. Some innocent-looking websites are infected with Trojans which root in your system and then connect with remote servers over the network to download Windows Protection Alarm onto your computer. Actually, when the infection enters your system the rogue has not settled completely yet. At first you are only prompted by a message which states that Unknown Win32/Trojan has been detected and you will be asked to perform a quick system scan.

Afterwards, the fake computer scan results claim that that your system has been infected with Trojan.Horse.Win32.PAV.64.a and you simply must install Windows Protection Alarm to remove it. It should be noted that previous versions of rogue use the very same tactics and the same parasite names, and send the same message once the initial scanning is done:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Windows Protection Alarm is downloaded and installed once the user presses “OK”. Then the computer gets rebooted and once the system loads again the attractive-looking interface pops onto the screen, pretending to perform a full system scan again. After the scan Windows Protection Alarm urges the user to fix the errors that it has “found” in the system. However, that would lead only to the rogue’s purchase page, and from there it is obvious that Windows Protection Alarm is a scam which is created to allow hackers tap into the user’s bank account once he reveals his credit card information to the program.

One must try to avoid being robbed at all costs, so the user must remove Windows Protection Alarm, before the infection managed to cause an ultimate system crash. It might be hard to get rid of the rogue for someone who is not very computer-savvy; therefore the automatic removal option is always available. One only needs to acquire a good antimalware tool, which would effectively intercept and erase Windows Protection Alarm for good.

Download Spyware Removal Tool to Remove* Windows Protection Alarm
  • Quick & tested solution for Windows Protection Alarm removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Protection Alarm

Files associated with Windows Protection Alarm infection:

%AppData%\Microsoft\[random].exe
mwlhkc.exe

Windows Protection Alarm processes to kill:

%AppData%\Microsoft\[random].exe
mwlhkc.exe

Remove Windows Protection Alarm registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.