Win32 Virus Removal

Windows Vulnerabilities Rescuer is a fake anti-spyware program that infects your system as any other rogue program from the Fake Microsoft Security Essentials family.

Frist, the infection starts showing warning messages suggesting that one of the files from the computer is infected with an Unknown.Win32/Trojan. Next step is a fake scan on your computer after which the infection suggest that your system is infected with Trojan.Horse.Win32.PAV.64.a and that the only way to remove it is to download and install Windows Vulnerabilities Rescuer on your computer. Once you press OK, Windows Vulnerabilities Rescuer automatically downloads and installs on the machine after which it triggers a reboot.

After the reboot you will be presented with a Windows Vulnerabilities Rescuer screen instead of the usual desktop. Windows Vulnerabilities Rescuer will then perform a fake scan on your system, at the end of which it will alert the user that the only way to get rid of all the threats found on the computer is by purchasing the full version of Windows Vulnerabilities Rescuer.

Do Not give away your credit card information as this so called “full version” is nothing more than a way to get a hold of your money in exchange for nothing more than another malware.

How To: Remove Windows Vulnerabilities Rescuer Virus / Malware ( Removal Guide )

Before we start with the disinfection process, you need to keep in mind that:

1. The only way to access your regular desktop screen is to go through the fake scan process after each reboot.
2. In order to disinfect your computer you will need to download the following programs: RKill, Shell.reg and Malwarebytes’ Anti-Malware (MBAM)
3. Windows Vulnerabilities Rescuer might prevent you from accessing the internet. If that is the case you will need to get the above mentioned programs via another working computer and transfer the files to the infected machine by CD/DVD or any other portable means.

Windows Vulnerabilities Rescuer Removal Guide

1. The first thing that needs to be done is to kill any Windows Vulnerabilities Rescuer related processes. To do this you will need to run RKill and let it scan your computer. Ignore any warnings that come from Windows Vulnerabilities Rescuer suggesting that RKill is a threat to your computer. Also if RKill won’t do the trick, download another renamed version (e.g. iExplore.exe) from the RKill link provided above. Do Not restart your computer after this step else you will need to start all over again after reboot.
2. Another vital step is to restore your Windows Shell Registry value before you get rid of Windows Vulnerabilities Rescuer from your computer. Do not skip this step else you will not be able to access your regular windows desktop again once you get rid of the malware. Execute Shell.reg and let it merge the data.
3. The disinfection starts here, with MBAM. Start the MBAM installation process by double-clicking on mbam-setup.exe and make sure that both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware buttons are checked during the installation. After clicking on the Finish button, MBAM should ask for a reboot. If so, please reboot your computer.
4. Once your computer reboots you will be presented with the main MBAM window where you should go to the Scanner tab, check the Perform Full Scan option then click on the Scan button below. Once the scanning is complete you will see a full list of threats found on your computer. Make sure every one of these threats are checked and then press the Remove Selected button. After MBAM finishes removing the threats reboot your computer if MBAM prompts you to do so.

If you have followed these steps accordingly your computer should now be clean. It is strongly advised that you follow this Secunia PSI guide in order to determine whether your computer has other vulnerabilities and prevent future threats to get on your machine.