Christian Mairoll 237 Posted March 14, 2011 Report Share Posted March 14, 2011 The Emsisoft malware research team has discovered a new outbreak of the Windows Troublemakers Agent adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsTroublemakersAgent. Windows Troublemakers Agent is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Another variants: Windows Servant System Windows Defence Center Windows Error Correction Windows Performance Manager Windows Troubles Analyzer Windows Processes Organizer Windows Optimal Tool Windows Express Settings Windows Safety Guarantee, Windows Express Help, Windows AV Software, Windows User Satellite, Windows Problems Solution, Windows Optimal Settings, Windows Optimal Solution, Windows Care Tool, Windows Software Guard, Windows Wise Protection, Windows Software Protection, Windows Problems Protector, Windows Shield Center, Windows Problems Remover, Windows Health Center, Windows Antispyware Solution, Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center, Privacy Guard 2010. Create new file: %UserProfile%Application DataMicrosoft%random%.exe Create/modify registry entries: HKEY_CURRENT_USERsoftwareMicrosoftWindows NTCurrentVersionWinlogon(String) Shell = %UserProfile%Application DataMicrosoft%random%.exe HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSystemRestore(DWORD) DisableSR = 0×00000001 (1) HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionPoliciesSystem(DWORD) EnableLUA = 0×00000000 (0)(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0) HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsafwserv.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsavastsvc.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsavastui.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsegui.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsekrn.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsascui.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsmpeng.exe(String) Debugger = svchost.exe HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsseces.exe(String) Debugger = svchost.exe Screenshots: How to remove the infection of Windows Troublemakers Agent (Adware.Win32.WindowsTroublemakersAgent)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Windows Troubles Remover Adware Removal Instructions Windows Defence Center Adware Removal Instructions Windows Servant System Adware Removal Instructions Windows Performance Manager Adware Removal Instructions Windows Error Correction Adware Removal Instructions View the full article Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.