1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Monitoring Utility

Developers of rogue antispyware applications have made it near to impossible for PC owners to protect their PCs against their malicious software without the help of powerful security tools. Windows Monitoring Utility is the perfect case in point – this rogue antispyware application forms part of the now infamous fake Microsoft Security Essentials scam, and emanates from a long line of similarly harmful and seditious rogue applications such as Windows Inspection Utility and Windows Oversight Center.

Windows Monitoring Utility will use any means at its disposal to facilitate its unwarranted infiltration of the system. It will exploit all known system and browser weaknesses and susceptibilities to achieve this, and make use of browser hijacking websites and bogus online malware scanners. Of late it has also been reported that Windows Monitoring Utility makes use of infected online flash ads to surreptitiously root its infection into its victims’ PCs.

Once the rogue securely infiltrates the PC, it will edit registry entries which in turn will allow it to launch each time the user logs on to Windows. Windows Monitoring Utility will then launch its fake system scan, which will report on various disturbing yet fake threats as being present on the system, including the well-known Backdoor.Win32.Rbot. Users are urged to never trust any correspondence received from this rogue, and to accept everything Windows Monitoring Utility has to say as extremely suspect.

As a further attack on the system Windows Monitoring Utility will block the user’s access to the Internet, and will not allow him to launch any application on the system. This is done largely to prevent the user from downloading or running an application which may be able to get rid of Windows Monitoring Utility, but also to add to his frustration and panic. It will also consume a lot of valuable system resources, which will invariably result in poor system performance and increased erratic system behavior. Windows Monitoring Utility will also spam the user with incessant pop up messages acting as fake security messages. Some of the most popular to be on the lookout for include the following:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

When all is said and done you will only regain full control of your PC and restore your system’s security and privacy once you delete Windows Monitoring Utility from the system for good. This can safest be achieved by making use of a properly functioning and powerful security tool.

Download Spyware Removal Tool to Remove* Windows Monitoring Utility
  • Quick & tested solution for Windows Monitoring Utility removal.
  • 100% Free Scan for Windows

How to manually remove Windows Monitoring Utility

Files associated with Windows Monitoring Utility infection:


Windows Monitoring Utility processes to kill:


Remove Windows Monitoring Utility registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.