Windows Troublemakers Agent Adware Removal Instructions

[Christian Mairoll 236]

The Emsisoft malware research team has discovered a new outbreak of the Windows Troublemakers Agent adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsTroublemakersAgent.

Windows Troublemakers Agent is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

• Windows Servant System
• Windows Defence Center
• Windows Error Correction
• Windows Performance Manager
• Windows Troubles Analyzer
• Windows Processes Organizer
• Windows Optimal Tool
• Windows Express Settings
• Windows Safety Guarantee,
• Windows Express Help,
• Windows AV Software,
• Windows User Satellite,
• Windows Problems Solution,
• Windows Optimal Settings, 
• Windows Optimal Solution, 
• Windows Care Tool,
• Windows Software Guard,
• Windows Wise Protection,
• Windows Software Protection,
• Windows Problems Protector,
• Windows Shield Center,
• Windows Problems Remover,
• Windows Health Center, 
• Windows Antispyware Solution,
• Windows Universal Tools,
• Windows Risk Eliminator,
• Windows Security & Control,
• Windows Utility Tool,
• Windows Optimization & Security,
• Windows Optimization Center, 
• Privacy Guard 2010.

Create new file:

• %UserProfile%Application DataMicrosoft%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USERsoftwareMicrosoftWindows NTCurrentVersionWinlogon
  (String) Shell = %UserProfile%Application DataMicrosoft%random%.exe
• HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSystemRestore
  (DWORD) DisableSR = 0×00000001 (1)
• HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionPoliciesSystem
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsafwserv.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsavastsvc.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsavastui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsegui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsekrn.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsascui.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsmpeng.exe
  (String) Debugger = svchost.exe
• HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsseces.exe
  (String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Troublemakers Agent (Adware.Win32.WindowsTroublemakersAgent)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Related Posts:

• Windows Troubles Remover Adware Removal Instructions
• Windows Defence Center Adware Removal Instructions
• Windows Servant System Adware Removal Instructions
• Windows Performance Manager Adware Removal Instructions
• Windows Error Correction Adware Removal Instructions

View the full article