1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
Fake Microsoft Security Essentials , WindowsCustomSettings

Windows Custom Settings

Due to all the sophistication invested in its design and cosmetic appeal, you can be forgiven for considering Windows Custom Settings to be a genuine security tool. The fact is Windows Custom Settings is a rogue antispyware application originating from a long and illustrious line of other rogue applications, including Windows Oversight Center, Windows Inspection Utility and Windows Attention Utility, and forms part of the Fake Microsoft Security Essentials scam. To make things worse, Windows Custom Settings enters the system without the approval of the user, and patiently lies dormant until it is ready to start its attack.

Windows Custom Settings gains surreptitious entry to the system through among other avenues browser hijacking websites which uses drive-by download tactics to forcefully root the Windows Custom Settings infection into prospective host PCs. Other tactics used include flash online ads and bogus online malware scanners, all popular routes of infection utilized by Windows Custom Settings.

Once Windows Custom Settings firmly roots itself in the system it will edit the registry entries so as to allow itself to execute each time Windows starts. It will then on each occasion necessitate the execution of a fake system scan, which inevitably yields false results informing the user that his system is under attack. Some of the fake threats Windows Custom Settings will report on include Unknown Win32/Trojan and Backdoor.Win32.Rbot.

As a further attack on the system Windows Custom Settings will cause various other annoying and distressing symptoms on the infected system. These include being unable to connect to the Internet, or running any type of legitimate executable on the system. This is done in an effort to prevent the user from running or downloading an application which might be able to detect and remove Windows Custom Settings from the system. It will also spam the user with various incessant pop up messages, including the following:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

In order to regain control of your system and restore the PC’s security and privacy, get rid of Windows Custom Settings immediately. This can best be achieved by making use of a properly functioning and powerful security tool which will also provide adequate protection against similar threats in future.

Download Spyware Removal Tool to Remove* Windows Custom Settings
  • Quick & tested solution for Windows Custom Settings removal.
  • 100% Free Scan for Windows

How to manually remove Windows Custom Settings

Files associated with Windows Custom Settings infection:


Windows Custom Settings processes to kill:


Remove Windows Custom Settings registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.