Instructions to remove Windows Privacy Module
Windows Privacy Module is a malicious application which is spread using fake online security pop-ups and other misleading messages. Internet criminals who are responsible for releasing this rogue software are setting up misleading websites which tricks unsuspecting PC users into downloading their bogus programs. Most commonly Windows Privacy Module is distributed using fake online security scans and fake security warning messages which indicates non existent security infections found on your computer.
You shouldn't trust any of such information, Internet criminals are using this method to spread their fake antivirus programs such as Windows Privacy Module. This fake program is just one of many which all comes from a rogue family called "FakeVimes", previous it's variants were called Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard and many other. If you notice an annoying security program on your desktop which constantly interrupts you by showing security warning pop-ups, asks you to activate it's ultimate protection and looks similar to the one in the provided screenshot you can be sure that you are dealing with a rogue antivirus software which should be eliminated from your PC.
Windows Privacy Module when installed on your computer will pretend to scan your computer for security infections and after a couple of moments will generate a big list of supposedly detected security threats. Don't trust this information, Windows Privacy Module is using generates detection lists and warning messages to scare you into thinking that your computer is at risk. This bogus software doesn't actually scan your computer, this process is imitated to scare you and to force you into purchasing a licence key for Windows Privacy Module in order to remove the imaginary security infections. Don't even consider purchasing this program, it's a scam created by Cyber criminals, they are making money from computer users who falls for the trickery shown by such rogue antivirus programs and purchases their licence keys. Use this step-by-step removal guide to eliminate Windows Privacy Module from your computer.
Windows Privacy Module generates such fake warning messages:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 126.96.36.199 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Viruses were found on your computer. You need to clean your computer to prevent the system crash"
Windows Privacy Module removal:
Before downloading the remover for Windows Privacy Module click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Manual Windows Privacy Module removal instructions:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Now we need to remove proxy settings. Windows Privacy Module adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.
In the "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK.
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):
O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.
Download a legitimate anti-spyware software to fully remove Windows Privacy Module from your computer.
After removing Windows Privacy Module, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.
Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After doing all these steps your computer should be clean. Windows Privacy Module will be removed.
Other tools known to remove Windows Privacy Module:
If you were unable to remove Windows Privacy Module using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Windows Privacy Module processes:
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
Remove these Windows Privacy Module registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Delete these Windows Privacy Module files:
%StartMenu%\Programs\Windows Privacy Module.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%Desktop%\Windows Privacy Module.lnk