Windows Shielding Utility

April 3rd, 2012
Home » Rogue Antispyware » Windows Shielding Utility
Repair and protect your computer easily. Download Windows Shielding Utility removal tool  

Windows Shielding Utility description

Windows Shielding Utility is a rogue anti-spyware application which spreads via trojan. With the aid of trojan infections, spam emails and various websites it tends to be affiliated one can easily fall victim to this dubious application.

Once active Windows Shielding Utility starts to imitate computer scans and displays numerous fake warning messages that state about computer infections:

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Software without a digital signature detected.

Your system files are at risk. We strongly advise you to activate your protection.

Do not fall for this scam because it can cause you serious trouble. Malware neither has the ability to detect nor remove computer threats therefore it is not being trusted. Ignore al notifications and rogue security alerts but choose reputable anti-spyware program and get rid of Windows Shielding Utility as soon as possible.

Manual Windows Shielding Utility Removal


Windows Shielding Utility processes:

Protector-.exe
Help: A Guideline of Killing Malicious Processes


Windows Shielding Utility registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-4-2_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "bavewnrpmb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe
Help: How to edit windows registry entries


Windows Shielding Utility DLLs:

NPSWF32.dll


Other malicious Windows Shielding Utility files:

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Warding System.lnk
%Desktop%\Windows Warding System.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Windows Shielding Utility, if you are not familiar with deleting malware manually.

Leave a Reply