- Block exe files from running
- Installs itself without permissions
- Connects to the internet without permission
- Slow internet connection
- System crashes
- Annoying Pop-up's
- Slow Computer
Windows Examination Utility
It would seem as though the developers behind rogue antispyware application Windows Examination Utility has been hard at work. This rogue, which emanates from the same despicable family of rogues as Windows Necessary Firewall, Windows Custom Settings and Windows Risks Preventions, has no affiliation with Microsoft Windows and is neither endorsed nor distributed by Microsoft. The rogue forms part of the now well-known and highly despised fake Microsoft Security Essentials scam, and will cause severe harm and damage to any infected PC.
Windows Examination Utility makes use of Windows icons and paraphernalia in its graphical user interfaces. This is done in a further attempt to convince users of its authenticity and legitimacy. The first clue as to the suspect nature of this rogue comes from its forceful infiltration of the system. The user does not allow or acknowledge Windows Examination Utility’s infiltration of the PC, and that alone should alert the PC owner to the rogue’s malicious intentions. Windows Examination Utility will use any tactic at its disposal to facilitate its infiltration of the PC, even using seditious browser hijackers which will forcefully redirect users’ browsing and search sessions to their compromised landing pages. If the user is not adequately protect, drive-by downloads will install the Windows Examination Utility infection into the PC. Other methods of infection include bogus online malware scanners, and infected online flash ads.
Once Windows Examination Utility manages to successfully root itself in the system, it will proceed to launch unwarranted fake system scans, which will warn the user of fake threats such as Unknown Win32/Trojan and Trojan.Horse.Win32.PAV.64.a. It will edit registry entries so that the rogue will launch each time the user logs on to Windows.
Because of its stealth infiltration of the system, the user will remain largely unaware of the rogue’s presence on the system. This will make it that much more difficult for the user to detect and remove Windows Examination Utility without the help of a genuine security tool. As a first line of attack against the system, Windows Examination Utility will spam the user with incessant fake security pop up messages. Some of the most popular to be on the lookout for include:
System Security Warning
Of course none of these false alerts should be taken seriously, as it all forms part of Windows Examination Utility’s attack against the PC. Other reported symptoms associated with this rogue include users being unable to connect to the Internet, and not being able to launch any type of application on the system. These and other distressing symptoms are used to scare users into ultimately paying for the rubbish fake security software.
Restore your PC’s security and safety and get rid of Windows Examination Utility immediately. This will limit the damage the rogue will be able to cause your PC, and will protect against the devastating effects of the rogue. Do this by investing in a genuine security tool which will not only erase Windows Examination Utility but also protect against similar future attacks.
How to manually remove Windows Examination Utility
Files associated with Windows Examination Utility infection:
Windows Examination Utility processes to kill:
Remove Windows Examination Utility registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'