Windows Functionality Checker Removal Guide
The fact that there is a particular family of rogues growing by day shows that a lot of users still get tricked by this classic fraud. Windows Functionality Checker is a direct clone of Internet Security Essentials, Home Safe Essentials, Anti-Malware Lab and other rogues that make you think your computer is infected with countless viruses, and then you are forced to purchase the full version of Windows Functionality Checker in order to delete the said infections. However, if there is anything that requires removal, it is Windows Functionality Checker, and the sooner you do it, the better.
Do not be fooled by its nice name – Windows Functionality Checker. Windows Functionality Demolisher is more likely, because this rogue can easily block your access to various programs and even Windows Task Manager, which essential prevents Windows Functionality Checker from being removed altogether. Clever indeed, but you should not succumb to this terror. The thing you have to understand is that the scan performed by Windows Functionality Checker is not real and no Trojan or worm reported by the rogue exists in your computer. Also, you should pay no heed to the fake security notifications received from this threat:
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmploc.dll
They are there only to baffle you and push you into paying for the worthless program. If you do, you will reveal your credit card information to a third party and later on the information can be use while performing various illegal operations. You certainly do not wish to lose your money, not to mention that besides robbing you, Windows Functionality Checker also damages your system, so you have to erase Windows Functionality Checker from your computer immediately.
Manual removal requires deleting all the rogue-related files, and if you are not sure of your computing skills, it is better to leave the Windows Functional Checker removal for a reliable antimalware program that will eradicate this rogue at once.
Windows Functionality Checker Screenshots:
Windows Functionality Checker technical info for manual removal:
Files Modified/Created on the system:
| # | File Name | File Size (Bytes) | File Hash |
|---|---|---|---|
| 1 | Windows Functionality Checker.lnk | ||
| 2 | Protector-gqm.exe | 1994752 bytes | MD5: 9874377f3464e692bf0ccf043149639a |
| 3 | Protector-okv.exe | 1996288 bytes | MD5: f8c41a6dcfb38a3cb28a74ba5a8430b0 |
| 4 | %StartMenu%\Programs\Windows Functionality Checker.lnk | ||
| 5 | Protector-rng.exe | 1996288 bytes | MD5: c6200cf2220feb8fef9e2112496d1378 |
| 6 | Protector-pma.exe | 1994240 bytes | MD5: f049dfdbecd316dd36d970cb9568cb8c |
| 7 | %AppData%\NPSWF32.dll | ||
| 8 | %AppData%\Protector-hox.exe | ||
| 9 | %AppData%\result.db | ||
| 10 | Protector-bth.exe | 1993728 bytes | MD5: 19faf3d1d044bffd46a220a928d4ac00 |
Files in the following directories were modified:
- %StartMenu%\Programs
- %AppData%
Memory Processes Created:
| # | Process Name | Process Filename | Main module size |
|---|---|---|---|
| 1 | Protector-gqm.exe | Protector-gqm.exe | 1994752 bytes |
| 2 | Protector-okv.exe | Protector-okv.exe | 1996288 bytes |
| 3 | Protector-rng.exe | Protector-rng.exe | 1996288 bytes |
| 4 | Protector-pma.exe | Protector-pma.exe | 1994240 bytes |
| 5 | Protector-hox.exe | Protector-hox.exe | |
| 6 | Protector-bth.exe | Protector-bth.exe | 1993728 bytes |
Registry Modifications:
The following Registry Keys were created:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- ... and many more Image File Execution Options entries.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0