Instructions to remove Windows TurnKey Console
Windows Turnkey Console is another fake antivirus program from FakeVimes family of rogue applications. Cyber criminals who are responsible for creating this family of misleading security programs are adding new rogue programs to it daily. This particular rogue family is know of having over one hundred members, all of the fake antivirus programs shares the same user interface and are distributed using similar methods.
Most commonly your computer could have got infected with Windows TurnKey Console after you clicked on a fake online security warning message or you might have been tricked into downloading this rogue by fake online security scanners. Other known method of spreading this fake security scanner is using misleading anonymous torrent connection proposals which eventually installs a fake antivirus program on your computer. When surfing the Internet you shouldn't trust any of the online security warning pop-ups which states that your PC is infected and asks you to download software to eliminate the detected security threats. Such messages are designed to trick you into downloading and installing rogue program such as Windows TurnKey Console.
After Windows TurnKey Console infiltrates your PC it will make various modifications to your operating system's registry which will lead to blocked execution of your installed programs and changed Task Manager. All of these modifications combined with fake security scans and false warning messages are used to trick unsuspecting PC users into believing that their computers has severe security infections. Windows TurnKey Console is trying to scare you in order to eventually sell you it's licence key - after you click "Remove All" button in this rogue program you will be asked to purchase it's full version in order to remove the supposedly detected malware from your PC. Don't even consider buying this program, it's a scam created by Internet criminals, ignore all the information shown by this rogue software and eliminate it from your computer. Previous versions of this rogue program were called Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch.
Windows TurnKey Console generates such fake warning messages:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 18.104.22.168 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
Windows TurnKey Console removal:
Before downloading the remover for Windows TurnKey Console click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Manual Windows TurnKey Console removal instructions:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Now we need to remove proxy settings. Windows TurnKey Console adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.
In the "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK. In some cases Windows TurnKey Console could hide this setting from you, and you will see that proxy setting is disabled, while actually it could be enabled, but not shown up in these settings. If a "Use a proxy server for your LAN" is unchecked, It is recommended to check it, then un-check it and then click OK.
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):
O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.
Download a legitimate anti-spyware software to fully remove Windows TurnKey Console from your computer. We recommend using Spyware Doctor 2012 version
After removing Windows TurnKey Console, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.
Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After doing all these steps your computer should be clean. Windows TurnKey Console will be removed.
Other tools known to remove Windows TurnKey Console:
Manual Windows TurnKey Console removal:
If you were unable to remove Windows TurnKey Console using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Windows TurnKey Console processes:
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
Remove these Windows TurnKey Console registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Delete these Windows TurnKey Console files:
%StartMenu%\Programs\Windows TurnKey Console.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%Desktop%\Windows TurnKey Console.lnk