Windows Trouble Taker

What is Windows Trouble Taker and how to remove it?

This another fake antivirus is a fake computer security program which comes from the same family of rogue anti-spyware software as Windows Defending Center, Windows No-Risk Agent, Windows Managing System and many other. This family of rogue programs is known for frequent changes of their names - while the core elements are left the same, Internet criminals are constantly changing names for their rogue programs. Most commonly these fake security scanners are spread using misleading online security scanners which forces unsuspecting computer users into downloading such bogus security programs as Windows Trouble Taker.

Every day new misleading websites appear on the Internet dedicated to distributing fake antivirus programs, to protect your computer you should use a legitimate security program with real time scanning features or you could easily become a victim of a rogue program such as Windows Trouble Taker. You shouldn't consider buying this program - it's a scam which imitates a real security program.

Examples of fake warning messages generated by Windows Trouble Taker:

"Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"

"Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites"

"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"

When installed on your computer Windows Trouble Taker will start imitating a security scan process which will end up in detection of multiple high risk infections found on your PC. In fact this program doesn't actually scan your computer, it imitates this process to scare you into thinking that you PC has serious security issues. Furthermore Windows Trouble Taker will display warning messages which states that your computer is under attack by various viruses and key-loggers. As the security scan these messages are only generated and are designed to scare you. To make the non-existent infections appear more realistic Windows Trouble Taker will block your Tasks Manager and execution of installed programs. To repair your computer this rogue program will offer you to activate it's full version and will ask you to purchase it's licence key. You shouldn't buy this program, remove Windows Trouble Taker from your computer as soon as you notice it's existence. Use the provided removal guide.

Screenshots of a rogue antivirus program "Windows Trouble Taker":

Windows Trouble Taker removal instructions:

Before downloading the remover for Windows Trouble Taker click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.

remover for Windows Trouble Taker

If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.

Manual Windows Trouble Taker removal instructions:

If you were unable to remove Windows Trouble Taker using removal tools, you can follow these removal instructions to do some steps manually and help the removal process. Note that Windows Trouble Taker modifies some system settings (Disables task manager, disables execution of some programs, disables editing of registry keys etc.) and to do some things you need to restart your computer in safe mode or use other techniques that requires a little experience.

Step 1
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Now we need to remove proxy settings. Windows Trouble Taker adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.

On "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK. Sometimes Windows Trouble Taker hides this settings from you, and you see that proxy setting is disabled, but really it could be enabled, but not shown up in these settings. If a "Use a proxy server for your LAN" is unchecked, It is recommended to check it then uncheck it and click OK.

Step 3
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):

O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.

Step 4
Download a legitimate anti-spyware software to fully remove Windows Trouble Taker from your computer. We recommend to use Spyware Doctor 2012 version

Step 5
After removing Windows Trouble Taker, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.

Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

Finish
After doing all these steps your computer should be clean. Windows Trouble Taker will be removed.

Other tools known to remove Windows Trouble Taker:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.

Manual Windows Trouble Taker removal for advanced users

If you were unable to remove Windows Trouble Taker using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Windows Trouble Taker processes:

random.exe
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

Remove these Windows Trouble Taker registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net

Delete these Windows Trouble Taker files:

%StartMenu%\Programs\Windows Trouble Taker.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name patern ad remove it)
%AppData%\result.db
%Desktop%\Windows Trouble Taker.lnk

Please note: as the malware constantly changes it's behaviour, these registry keys might be slightly different on your computer, depending on the Windows Trouble Taker version.

Other tips, that might help to remove Windows Trouble Taker

• If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
• If you have installed anti-spyware program but you can't run it do the following steps:
• Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe or other known executable file.
• If you can't access your anti-spyware software, try creating a new user account:
  Click Start -> Settings -> Control panel.
  Click User Accounts and create a new account.
  Reboot your computer and log in using a newly created user account.
  After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.

Windows Trouble Taker is a rogue anti-spyware program which shouldn't be trusted. All the information displayed by this program is generated and is false. This program was designed to scare you into thinking that your PC is infected with critical risk security threats and then selling you a licence key for a useless program. Use the provided removal instructions to get rid of this rogue program.