Windows Threats Destroyer

Windows Threats Destroyer - how to remove?

Windows Threats Destroyer is another fake computer security scanner that was recently discovered infecting computers. This program comes from a big family of misleading security applications, previous it's versions were called Windows Firewall Constructor, Windows Stability Guard etc. Cybercriminals are changing the names of their bogus programs to evade detection by legitimate security suites, the core elements of Windows Threats Destroyer is left similar to it's predecessors.

As the previous versions Windows Threats Destroyer is distributed using fake Flash player updates. Other methods of spreading fake antivirus programs include infected email messages, fake online security scanner pop-ups, legitimate website hijacking etc. You shouldn't blame yourself for getting your PC infected with Windows Threats Destroyer, Cybercriminals are continuing to use sophisticated methods of injecting their rogue program in unsuspecting computer users machines. When Windows Threats Destroyer installs itself on your computer using security vulnerabilities it will begin imitating a security scan. This scan will end up in detection of various security threats found on your computer, the generated detection list will consist of critical and high risk infections. The security scan will be followed by a massive amount of pop-up messages stating about security threats and advises to activate Windows Threats Destroyer. If you click on such message or click "Remove All" button in the main window of this program you will be asked to purchase a licence in order to remove the detected security issues. Needless to say that you shouldn't buy Windows Threats Destroyer - it's a fake antivirus program that is designed to scare you into thinking that your computer is at risk. The truth is that this rogue program doesn't actually scan your computer for security threats, this process is only imitated. You should remove Windows Threats Destroyer from your computer as soon as you notice it's main window on your desktop.

Windows Threats Destroyer displays such fake warning messages:

"Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection"

"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"

"Error Potential malware detected. It is recommended to activate protection and perform a thorough system scan to remove the malware"

Windows Threats Destroyer removal:

Before downloading the remover for Windows Threats Destroyer click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.

remover for Windows Threats Destroyer

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. We are affiliated with anti-virus and anti-spyware software listed on this site. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.

Windows Threats Destroyer removal instructions (on infected computer):

If you were unable to remove Windows Threats Destroyer using removal tools, you can follow these removal instructions to do some steps manually and help the removal process. Note that Windows Threats Destroyer modifies some system settings (Disables task manager, disables execution of some programs, disables editing of registry keys etc.) and to do some things you need to restart your computer in safe mode or use other techniques that requires a little experience.

1. Start your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

2. Open Internet explorer, click Tools and select Internet Options. Select "Connections".

internet-explorer-options internet explorer internet connections

3.Click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.

internet options lan settings internet explorer proxy settings

4. Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):

O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

After selecting required entries, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.

5. Download a legitimate anti-spyware software to fully remove Windows Threats Destroyer from your computer.

remover for Windows Threats Destroyer

6. After removing Windows Threats Destroyer reset your Hosts files. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems.

Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft FixIt tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

Other tools known to remove Windows Threats Destroyer:

Additional information, related to WIndows Threats Destoryer:

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.

Manual Windows Threats Destroyer removal

If you are unable to remove Windows Threats Destroyer using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Windows Threats Destroyer processes:

random.exe
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

Remove these Windows Threats Destroyer registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net

Delete these Windows Threats Destroyer files:

%StartMenu%\Programs\Windows Threats Destroyer.lnk
%AppData%\Protector.exe
%AppData%\result.db
%Desktop%\Windows Threats Destroyer.lnk

Please note: as the malware constantly changes it's behaviour, these registry keys might be slightly different on your computer, depending on the Windows Threats Destroyer version.

Other tips, that might help to remove Windows Threats Destroyer

If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
If you have installed anti-spyware program but you can't run it do the following steps:
Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe or other known executable file.
If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and log in using a newly created user account.
After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.

Windows Threats Destroyer is only a new name for a same rogue programs that were previously named Windows Firewall Constructor, Windows Basic Antivirus etc. Neither the distribution channels (fake Flash player updates) nor the core elements has changed when comparing it to it's previous versions. The time frame before legitimate antispyware programs begin to detect such newly spread rogue programs are usually a couple of days. Before scanning your computer always update your security program.