What is Windows Advanced Toolkit and how to remove it?
Windows Advanced Toolkit is a malicious program which imitates a real antivirus software and tries to trick PC users into believing that their computers are infected with spyware, malware and viruses. This bogus program is designed by Internet criminals with a sole purpose of scaring you and then forcing you to purchase a licence key for Windows Advanced Toolkit in order to remove supposedly detected security threats.
This fake security scanner is just one of many from the family of rogue antivurses called "FakeVimes". Previous variants which originates from this family were called Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch and many other. All of the mentioned programs are malicious - if you notice one of these programs on your desktop (or similar looking ones which asks you to activate ultimate protection to remove security infections) you shouldn't follow their guidelines and you should remove them from your PC. When Windows Advanced Toolkit infiltrates your PC you will notice various security warning messages and proposals to buy a licence key for this program, you shouldn't buy this program, it's a scam - you will send your money to Internet criminals who are responsible for releasing this fake antivirus program and your PC will still be infected. When dealing with a fake antivirus program like Windows Advanced Toolkit you should ignore all the processes that this program generates and you should focus on the removal of this malicious software.
Windows Advanced Toolkit is distributed through misleading websites which tricks PC users into downloading this bogus program using fake online security warning pop-ups or anonymous torrent connection proposals. Other method of spreading this fake security scanner is using security vulnerabilities in your computer, in this case Windows Advanced Toolkit is installed on your PC without your knowledge. To prevent such rogue programs from entering your computer you should always use a legitimate antivirus and antispyware programs, also update your operating system and all of your installed programs. You should realize that all the security scans and warning messages that are shown by this program are fake, this malicious software shows generates windows to scare you. Internet criminals are hoping that you will fall for the trickery shown by this rogue and you will purchase it's licence key. Ignore all the information shown by Windows Advanced Toolkit and eliminate it from your PC.
Windows Advanced Toolkit generates such fake warning messages:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 22.214.171.124 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
Windows Advanced Toolkit removal:
Before downloading the remover for Windows Advanced Toolkit click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
After removing Windows Advanced Toolkit, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.
Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After doing all these steps your computer should be clean. Windows Advanced Toolkit will be removed.
If you can't use Internet or your browser is closed after a few moments when you open it (Internet explorer, Firefox, Opera, Chrome)
Depending on the version of this infection, Windows Advanced Toolkit may close your browser when you open it and you can't download removal software. If you have this problem, you may try to do the following:
Click Start then click Run. (Windows logo button on Win7/Vista)
In Windows XP, When the Run dialog appears enter this text: www.pcrisk.com/download-spyware-remover and then press ENTER. In Windows 7 and Vista you can just type this text directly in search field and press ENTER (when pressed Windows logo button)
After pressing enter, Download file dialog will appear. Click Run and follow the on-screen instructions to scan your computer. If you can't run the downloaded file, try renaming it to iexplore.exe
By renaming this file, you will trick Windows Advanced Toolkit and it will think, that you are trying to run Internet Explorer.
Manual Windows Advanced Toolkit removal:
If you were unable to remove Windows Advanced Toolkit using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Windows Advanced Toolkit processes:
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
Remove these Windows Advanced Toolkit registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Delete these Windows Advanced Toolkit files:
%StartMenu%\Programs\Windows Advanced Toolkit.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%Desktop%\Windows Advanced Toolkit.lnk
Other tools known to remove Windows Advanced Toolkit:
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program