Home Removal guides Windows Multi Control System

Windows Multi Control System

Wednesday, 23 May 2012 14:00 | Written by | Print

What is Windows Multi Control System and how to remove it?

Windows Multi Control System is a fake antivirus software which tries to trick unsuspecting PC users into buying it's licence key. To achieve it's rogue goals this bogus program will generate fake warning messages and will pretend to scan your computer for malware infections. After infecting your PC Windows Multi Control System will modify your operating system's registry keys and will set itself to start automatically on every system start-up.

You won't find it's entries in your Windows uninstall list, also you won't be able to end this program's process because your Task Manager will be changed to "Advanced Process Control" window. You should understand that Windows Multi Control System is rogue, all of these operating system modifications, security scans and warning messages are designed to scare you into believing that your PC is infected and then selling you a licence for a totally useless software. None of the high risk malware that is detected by Windows Multi Control System actually exist on your computer. This fake antivirus program is using the same misleading strategy to trick computer users as it's predecessors which were called Windows Private Shield, Windows Pro Safety Release and many other. If you notice a security program on your computer which has similar interface to the one shown in the screenshot of Windows Multi Control System you may be sure that you are dealing with a fake antivirus software which is trying to trick you. This user interface is used in all of the programs from the rogue family called "FakeVimes", there are around one hundred rogues which originates from this family.

Windows Multi Control System

Internet criminals who are responsible for creating Windows Multi Control System are using fake online security pop-ups and fake torrent alerts to spread their bogus program. The security pop-up states that your computer is infected with viruses and asks you to download this fake program to eliminate them and the torrent alert message states that a torrent link was detected and offers you to get anonymous connection. Both of these online messages leads to the installation of Windows Multi Control System. If you have already payed for this bogus program in order to remove the imaginary security infections you should contact your credit card company and dispute the charges explaining that you have been tricked into buying a fake antivirus program. Use this removal guide to eliminate Windows Multi Control System from your computer.

Windows Multi Control System generates such fake warning messages:

"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"

"Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites"

"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"

"Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash"

"Viruses were found on your computer. You need to clean your computer to prevent the system crash"

"Trojan-PSW.Win32.launch Hack Tool:Win32/Welevate.A Adware.Win32.Fraud"

Windows Multi Control System removal:

Before downloading the remover for Windows Multi Control System click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.

remover for Windows Multi Control System

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. We are affiliated with anti-virus and anti-spyware software listed on this site. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.

DOWNLOAD registryfix.reg

Manual Windows Multi Control System removal instructions:

Step 1
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Now we need to remove proxy settings. Windows Multi Control System adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.

internet-explorer-options internet explorer internet connections

 

In the "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK. Sometimes Windows Advanced Security Center could hide this setting from you, and you could see that proxy setting is disabled, while actually it could be enabled, but not shown up in these settings. If a "Use a proxy server for your LAN" is unchecked, It is recommended to check it then un-check it and then click OK.

internet options lan settings internet explorer proxy settings

 

Step 3
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):

O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.

Step 4
Download a legitimate anti-spyware software to fully remove Windows Multi Control System from your computer. We recommend using Spyware Doctor 2012 version

Step 5
After removing Windows Multi Control System, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.

Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

Download MicrosoftFixit.msi

Finish
After doing all these steps your computer should be clean. Windows Multi Control System will be removed.

Other tools known to remove Windows Multi Control System:

Manual Windows Multi Control System removal:

If you were unable to remove Windows Multi Control System using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Windows Multi Control System processes:

random.exe
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)

Remove these Windows Multi Control System registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net

Delete these Windows Multi Control System files:

%StartMenu%\Programs\Windows Multi Control System.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%AppData%\result.db
%Desktop%\Windows Multi Control System.lnk

 

Add comment

PCrisk.com is not responsible for the content of the comments.


Security code
Refresh


Was this helpful to you?
Recommend it!

Most downloaded Anti-Spyware

SH Box
SpyHunter
User rating: rating_starrating_starrating_starrating_starrating_star

Read full review

Download Now

New Virus Removal Guides

Subscribe to removal guides feedSubscribe to removal instructions feed

Global virus and spyware activity level today:

Medium threat activity
Medium

Increased attack rate of infections detected within the last 24 hours.


ABOUT SSL CERTIFICATES
Top Virus Removal Guides
Stay in touch with PCrisk
Top Anti-Spyware
Spyware forum

Spyware or virus infected your computer? Check out our spyware forum and discuss about removing spyware and viruses. Get help and help others to deal with spyware and virus infections.

Spyware Forum
Computer technician blog

Spyware infections scaring you? Don't have an idea how to protect your privacy? got infected and don't know what to do? This blog is just for you!

Computer Technician Blog
Newsletter
Subscribe to our newsletter and get the latest security news directly to your Inbox!
Internet threat news

Copyright © PCrisk.com, Any redistribution or reproduction of part or all of the contents in any form is prohibited.

Privacy policy | Site Disclaimer | Terms of use | Contact Us | Search this website