1. What is WinAntiSpyware?
Rogue AntiSpyware program called WinAntiSpyware is showing computer security alerts in purpose of advertising and persuading user to buy commercial program version. Aforesaid program is not protecting PC from spyware and viruses as expected and is spread by a trojan. Add/Remove Programs Windows tool is not completely removing WinAntiSpyware.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.
WinAntiSpyware other names: WinAntiSpyware 2005, WinAntiSpyware 2006, WinAntiSpyware 2007.
2. How to remove WinAntiSpyware:
- Internet connection might be disabled or Internet browser might be blocked by WinAntiSpyware, so it won't be possible to download any files to infected computer. In this case please download all files required for WinAntiSpyware removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
- To remove WinAntiSpyware download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
-
After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:
-
After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove WinAntiSpyware.
- Restart the computer to complete WinAntiSpyware removal procedure.
3. WinAntiSpyware files:
amcompatx.exe, autorun.exe is located in Startup Folder (C:\Documents and Settings\All Users\Start Menu\Programs\Startup), mav_startupmon.exe, printer.exe, uwas6cw.exe, uwas7cw.exe, uwasdc.exe, uwasers.exe, was5.exe, was6.exe, was7.exe, WinAvX.exe, WinAvXX.exe4. Hijackthis entries:
O4 Entries |
O4 - Global Startup: autorun.exe |
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c |
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c |
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" |
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" |
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe |
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min |
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min |
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvX.exe |
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe |
O23 Entries |
O23 - Service: Background Intelligent Transfer Service BITSUPS (BITSUPS) - Unknown owner - C:\WINDOWS\system32\amcompatx.exe |
F2 Entries |
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe |