Windows Activity Inspector removal instructions
Windows Activity Inspector is a fake computer scanner which comes from a big family of misleading software using fake Microsoft Security Essentials warning message to infiltrate computers. This fake program is distributed through Trojans. After a Trojan infects your computer it will show a fake warning message from MSE that your computer is infected with an Unknown Win32/Trojan.
You will be asked to start a security scan. After a fake security check-up Trojan will display a message that your computer is infected with Trojan.Horse.Win32.PAV.64.a. You will be asked to download and install Windows Activity Inspector to remove this infection. When you reboot your computer this fake program will set itself to start automatically on every system start-up. Fake scans and fake security messages will be displayed. This is done to scare you into thinking that your computer is highly infected. Needless to say that this program is a total scam. All the messages are only designed to trick you into purchasing a non existent full version of this bogus program. You should ignore the fake system scans and fake security warning messages. You should realize that Windows Activity Inspector has nothing in common with a real security program, this rogue software generates all the security scans and displays false detection list to scare you into buying it's licence key. None of the detected malware actually exist on your PC, Windows Activity Inspector wants you to think the opposite to force you into purchasing it's full version. You shouldn't even consider buying this fake program, use this step-by-step removal instructions to eliminate it from your PC.
Such fake security warning messages will be displayed:
"Microsoft Security Essentials Alert Potential Threat Details Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more"
"System Security Warning Attempt to modify register key entries is detected. Register entries analysis is recommended"
"Warning! Location: c:\windows\system32\taskmgr.exe Viruses: Backdoor.Win32.Rbot"
Ignore these fake messages. Remove Windows Activity Inspector from your computer.
Automatic Windows Activity Inspector removal:
Before Downloading Windows Activity Inspector Remover perform these steps On infected computer
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Windows Activity Inspector removal instructions (on infected computer):
2. Let Windows Activity Inspector run it's fake scan. After the fake scan, close the program by clicking on the X at the top right of the main window. After this procedure you should have access to your desktop.
3. Make your hidden files and folders visible:
How to unhide files in Windows 7:
Click "Start", Select "Control Panel", Click on "Appearance and Personalization", Click on "Folder Options", Go to the tab View,
Select "Show hidden files, folders and drives", Click “Apply” and then “OK”
How to unhide files in Windows XP:
Double-click "My Computer" on your desktop, Click "Tools", Choose "Folder Options", Click "View", select "Show hidden files and folders", click "Apply" then OK.
4. Go to Your roaming profile:
In Windows Xp:
click Start->Run->Type %APPDATA% in the opened window search for Microsoft folder, in this folder search for a file with random letters (example: gasdf.exe) rename it to abc.exe and restart your computer.
In Windows 7: Click Start->In the search tab type %APPDATA% in the opened window search for Microsoft folder, in this folder search for a file with random letters (example: gasdf.exe) rename it to abc.exe and restart your computer.
In Windows Vista: Click Start->In the search tab type %APPDATA% in the opened window look for Microsoft folder, in this folder search for a file with random letters (example: gasdf.exe) rename it to abc.exe and restart your computer.
Fig. 1 - Going to your roaming profile
Fig. 2 - Renaming infected file.
Fig. 3 - Restarting your computer.
5. When computer restarts Windows Activity Inspector should tbe disabled. Fix your Windows Registry Shell value so you could access desktop at the next system start-up. Download the file registyfix.reg then double-click it.
6. Now infection will be disabled but not removed. Download a legitimate anti-spyware software to fully remove Windows Activity Inspector from your computer.
Other tools known to remove Windows Activity Inspector:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.
If you are unable to remove Windows Activity Inspector, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Windows Activity Inspector processes:
Remove these Windows Activity Inspector entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ’svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = ‘%UserProfile%\Application Data\.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
“Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ’svchost.exe’.00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ’svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ’svchost.exe’
Delete these Windows Activity Inspector files:
%Documents and Settings%\[User Profile Name]\Application Data\[random].exe
Windows Activity Inspector.lnk
Uninstall Windows Activity Inspector.lnk
General tips on removing Windows Activity Inspector:
*If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
*If you have installed anti-spyware program but you can't run it: Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe ...
*If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and login using a newly created user account.
*After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program