Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Tuesday, February 11, 2014

What is Windows Paramount Protection how to uninstall it?

Tell your friends:
Windows Paramount Protection rogue anti-virus software is an interface designed to look like genuine anti-virus software. It's from the Rogue:Win32/FakeVimes malware family, just like the previous variant called Windows Antivirus Master. If you've been infected, when rogue AV is running on your PC you'll find that pop up boxes will appear on your screen asking you if you want to scan for viruses or telling you that your PC is running slowly and needs to be cleaned. Very often a fake system scan starts immediately without even asking for you permission.

If you click 'yes' a fake scanner interface will launch, displaying a bogus scan in progress. And yes, you guessed it, once the scan is 'complete' you'll be told that your PC is loaded with viruses and urgently needs cleaning. Naturally the next step is to ask you if you want the software to delete the so-called viruses that are threatening your computer's security. The funny thing is that Windows Paramount Protection uses predefined list with only a few possible detection names. As a result, most victims will see the same scan results and it doesn't matter if it's an old PC or a brand new laptop.


Unscrupulous cyber criminals are of course playing on our insecurities here, knowing that many of us depend on our laptops for work, entertainment and more. And so, many of us will do what we think is the sensible thing and say 'Yes please (fake) anti-virus software, get rid of the viruses that are clogging up my machine!' But guess what? This is an old trick to scare users into paying for rogue anti-virus scanner. Don't pay for it. Better invest your money in reputable security product.

We’re worried, we trust the anti-virus and so we key in our credit card details. And what do you know; we've not only been billed for having absolutely nothing done to our computers but we've also made ourselves extremely vulnerable to having our identity stolen. Not only that but many rogue anti-virus programs also install more malware that have the potential to corrupt documents and steal data - which makes the whole identity theft problem even worse.

It seems that identity theft in some form is often in the news and this shocking crime can cause untold stress and upset for its victims. But did you know that dealing with the aftermath of identity theft often isn't as simple as calling your bank and cancelling your cards and then waiting for new ones to arrive in the post. No, at its worst identity theft may take weeks, months or even, years to recover from. To say it can be an emotional and finance nightmare is not an understatement.

Anti-virus software is supposed to protect us, right? Right. But Windows Paramount Protection does quite the opposite. You might not automatically think of identity theft when you think of rogue anti-viruses but doing something as innocent as opening an infected link or email attachment can have far reaching consequences. if you have already paid for this scam, then contact your credit card company immediately and dispute the charges. Maybe it's still not too late. Besides, if you already gave them your credit card details, there's not much else you can do. To remove Windows Paramount Protection from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!


Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Windows Paramount Protection removal using activation key:

1. Open Windows Paramount Protection scanner window. Click the "question mark button" (top right hand corner of the scanner window) and select "Register".



You should now see the registration form.

Enter one of the registration keys given below and click Register to activate this rogue security program. Don't worry, this is completely legal since it's not genuine software.

0W000-000B0-00T00-E0001
0W000-000B0-00T00-E0021 ← (new key)
0W000-000B0-00T00-E0002
0W000-000B0-00T00-E0003



Once this is done, you are free to install recommended anti-malware software and remove this malware from your computer.

2. Download recommended anti-malware software and run a full system scan to completely remove this rogue program and related malware from your computer.






Method 2: Windows Paramount Protection removal instructions (Safe Mode with Command Prompt):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Write the text in bold below to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GuardSoftware" =-

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"




6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)



7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.



NOTE: if you can't create the file as explained or you get an error, you can download the shellfix.reg file on a clean computer and burn it on to a CD or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your CD or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.

8. Please reboot your computer into the Normal Windows Mode and login as the infected user.

9. Now that you are at your normal Windows desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.






Method 3: Windows Paramount Protection removal instructions (System Restore):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Once in there, go to Start menu and search for "system restore". Or you can browse into the Windows Restore folder and run System Restore utility from there:

Win XP: C:\windows\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\windows\system32\rstrui.exe double-click or press Enter

6. Select Restore to an earlier time or Restore system files... and continue until you get into the System Restore utility.



7. Select a restore point from well before the Windows Paramount Protection appeared, two weeks should be enough.

8. Restore it. Please note, it can take a long time, so be patient.

9. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).

10. At this point, download recommended anti-malware software and run a full system scan to remove this malware from your computer.






Associated Windows Paramount Protection Files:
  • C:\Documents and Settings\[User]\Application Data\guard-[random].exe (Windows XP)
  • C:\Users\[User]\AppData\Roaming\guard-[random].exe (Windows 7)
Associated Windows Paramount Protection Keys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"

0 comments: