1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Firewall Unit

It would seem as though developers of rogue antispyware applications have been hard at work, with the latest addition to the Fake Microsoft Security Essentials scam being released. Windows Firewall Unit, which derives from the same despicable family of rogues as Windows Profile System, Windows Attention Utility and Windows Inspection Utility, enters the system under suspicious circumstances without the user’s approval or knowledge. It makes use of genuine Windows icons, such as the famous Windows orb, in its GUIs to further gain the trust of the user. In truth, Windows Firewall Unit has no affiliation with Windows and is a fake, malicious rogue application.

Download Spyware Removal Tool to Remove* Windows Firewall Unit
  • Quick & tested solution for Windows Firewall Unit removal.
  • 100% Free Scan for Windows

Windows Firewall Unit makes use of various established forms of infection. These include using browser hijacking websites which forcefully redirect users to their compromised landing pages, and then use drive-by download tactics to drop the Windows Firewall Unit infection into the system. Other tactics include Windows Firewall Unit using bogus online malware scanners, as well as flash ads.

Because of its stealth infiltration of the system, the user will find it difficult to identify and remove Windows Firewall Unit from the system without some help. In fact, the rogue will hide its presence from the user until such time that it is ready to start its attack against the system. This will usually be heralded by Windows Firewall Unit initiating a fake system scan. Once the rogue securely roots itself in the system, it will also edit registry entries to ensure it is executed each time Windows runs.

The fake system scan will result in various false positives, warning the user on supposed severe threats such as Unknown Win32/Trojan and Backdoor.Win32.Rbot crippling his system. These are of course fake reports, and should be disregarded.

As a further attack on the system, Windows Firewall Unit will spam the user with various incessant fake security messages. These pop ups will harass the user until he either decides to get rid of Windows Firewall Unit or pay for it. Other symptoms include poor system performance, the inability to establish an Internet connection, block on running applications and increased erratic system behavior. Some of the more popular fake alerts to be on the lookout for reads as follows:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

At the end of the day the only way you will be able to restore your system’s security and take back control of your PC will be to utterly erase Windows Firewall Unit forever. This can safest be achieved by making use of a genuine and powerful security tool, which will eliminate Windows Firewall Unit but also protect against similar incurring infections in future.

Download Spyware Removal Tool to Remove* Windows Firewall Unit
  • Quick & tested solution for Windows Firewall Unit removal.
  • 100% Free Scan for Windows

How to manually remove Windows Firewall Unit

Files associated with Windows Firewall Unit infection:


Windows Firewall Unit processes to kill:


Remove Windows Firewall Unit registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.