Home Blog

Windows Malware Firewall Removal – How to Remove Windows Malware Firewall instantly

Posted by in Blog Rogue Program
on October 19th, 2012 | Leave a comment

Windows Malware Firewall is a fake security program similar to Total Security Protection Center. When the malware comes into your computer, it will pop ups a lot of advertisement which are all about tricking you that your computer is at a high security risk, and then it will redirect to a page that seems like going to do an online scan for your computer which actually is just an advertisement. After its “scanning”, it will offer a scan result with a lot of specific virus infections in your computer. All of this fake virus detection processes are mainly wants you to buy the whole version Windows Malware Firewall. In addition to its fake antivirus operation, Windows Malware Firewall can do more harm to your computer:

1. Slow down your system operation and Internet speed
2. Modify, delete and damage your system files
3. Create some strange phenomena in your computer
4. Invite other viruses’ coming such as Google Redirect Virus to your system

Though the above information, I think you have realized that being infected by Windows Malware Firewall is a very dangerous thing for our computers and money. You should instantly get rid of it if it is found in your computer.

In this article, I will explain how you can remove Windows Malware Firewall from PC.

Firstly, please set your computer into safe mode. To do this, reboot your computer, press and hold “F8 “Key which should bring up the “Windows Advanced Options Menu”. Use your arrow keys to move to “Safe Mode” and press your Enter key.

Secondly, kill malicious processes. Press CTRL+ALT+DELETE, and then click Task Manager. Click the Processes tab, find and end the following processes:

%AppData%\Protector-[RANDOM 4 CHARACTERS].exe
%AppData%\Protector-[RANDOM 3 CHARACTERS].exe

Thirdly, delete Windows Malware Firewall registry keys.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\aAvgApi.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\”Debugger” = “svchost.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\”Debugger” = “svchost.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\”Debugger” = “svchost.exe”

Lastly, locate and remove these related files from your computer:

%AppData%\result.db

Use a legitimate antispyware program
To easily and safely remove Windows Malware Firewall, we recommend you an effective antispyware program called Spyware Cease, which is new but outstanding in the market. Spyware Cease could remove most rogue software and latest pc threats.
1. Enter Safe Mode with Networking
2. Run IE, click on Tools, click Internet Options, click Connections tab, click LAN settings button. Uncheck the item Use a proxy server for your LAN.
3. Download Spyware Cease via IE
4. Install and run the software
5. Start an online scan to have Windows Malware Firewall removed automatically
6. Select all and click remove button

If you find you still could not access any file after removing Windows Malware Firewall, use Spyware Cease to repair windows registry.

Leave a Reply