1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video Windows Attacks Preventor

Windows Attacks Preventor

There is sure no end to the Rogue.VirusDoctor family – Windows Attacks Preventor is yet another rogue antispyware application in the long line of such computer threats like Windows Firewall Constructor, Windows Threats Destroyer, Windows Stability Guard and many others. The creators Windows Attacks Preventor were in such a hurry to release the new rogue that they obviously didn’t even bother with proper grammar and spelling. The perfunctory title of the rogue says it all – Windows Attacks Preventor is a total fake.

This means that the program cannot protect you from malicious computer software even though it might tell you otherwise. Windows Attacks Preventor slithers into your system via fake online malware scanners or infected websites that have the rogue’s installer file, and once you open the rogue-related website, you automatically initiate the download of Windows Attacks Preventor, without even realizing it.

When Windows Attacks Preventor settles down in your system, it performs a fake scan, “finding” various infections, such as Trojan.Win32.Agent, Trojan-DDoS.Win32 or Trojan-DDoS. These are the names of really generic infections, and Windows Attack Preventor only makes use of them in order to convince you to activate the full version of the program, because, according to Windows Attacks Preventor, only the full version can delete the infections and secure your computer against future attacks.

These claims are reinforced by fake security notifications that Windows Attack Preventor sends you. For example:

Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Just as the scan results, these notifications are false and should be ignored altogether. You must terminate Windows Attacks Preventor immediately, because the longer it stays in your system, the more damage it makes. Eventually, Windows Attacks Preventor can block Windows Task Manager and the Registry Editor, to prevent you from removing it manually.

If you want to be sure that you terminate Windows Attacks Preventor for good, you are recommended to acquire a reliable computer security tool that would erase the rogue automatically for you, at the same time scanning your system for any other malware. Do not forget to check your system again once you have got ridden of Windows Attacks Preventor, because rogues like that seldom come alone.

Download Spyware Removal Tool to Remove* Windows Attacks Preventor
  • Quick & tested solution for Windows Attacks Preventor removal.
  • 100% Free Scan for Windows

How to manually remove Windows Attacks Preventor

Files associated with Windows Attacks Preventor infection:

%Desktop%\Windows Attacks Preventor.lnk
%CommonStartMenu%\Programs\Windows Attacks Preventor.lnk

Windows Attacks Preventor DLL's to remove:


Windows Attacks Preventor processes to kill:


Remove Windows Attacks Preventor registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.