How to Remove Windows Ultra Antivirus?

Windows Ultra Antivirus is a fake antivirus program which is wild-spread recently. Once settled it pretends to be a legitimate antivirus program and scans your computer for dangerous virus or malware. It claims that your computer is infected with serious virus. If your computer gets infected with Windows Ultra Antivirus, you will see image below.

 

Windows Ultra Antivirus is unlike any other fake antivirus program, it provides short threat description for all infection detected during the scan which looks like professional. I guess the malware authors doing this to scam more victims into buying the fake antivirus program.

 

Win32/Agent.TMP threat description:

 

 

How Windows Ultra Antivirus spread?

 

Windows Ultra Antivirus is promoted through the use of fake online virus scanner. It is also promoted through fake Microsoft updates as well as other free program which masquerade as a legitimate update and program but actually they are Trojan virus.  What’s worse, Windows Ultra Antivirus brings rootkit virus. The malicious randomly named .sys file is dropped in C:\WINDOWS\system32\drivers folder. The file is locked so you can’t remove it manually.

 

Windows Ultra Antivirus Removal Guides:

 

1. Exit Windows Ultra Antivirus fake antivirus program.

 

2. Download and install Kaspersky Lab’s TDSSKiller

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

As we mentioned before, Windows Ultra Antivirus is bundled with a rootkit infection, so we need take TDSSKiller to kill it first. But sometimes, rootkits block this utility to avoid removal, If you are unable to run this utility, please just rename tdsskiller.exe to iexplore.exe and run it again.

 

3. Run TDSSKiller now.  When the scan is over, the utility will lists detected objects with description. You should see a locked service which is the actual rootkit we need to remove. If the utility does not offer you option to delete the indicated “Locked Service”, please change the attribute from “Skip” to “Delete” and click “Continue”.

 

Important note: You will be required to reboot your computer at the after you delete the “locked service”, please do not restart your computer at the moment.  Please continue following step.

 

4. Remove these Windows Ultra Antivirus registry entries:

Start -> Run -> regedit.exe -> find the following

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

“wazibtuqtugp”=”<rogue path>”

 

Delete this key.

 

5. After the procedure you should restart your computer to now to complete remove rootkit virus.

 

6. Download Anvi Smart Defender anti-malware program and run a full system scan to remove this virus and associated malware file from your computer by following link:

 

http://www.anvisoft.com/product/smartdefender.html

Please check carefully steps above to remove Windows Ultra Antivirus virus, if it’s too complicated to you, please post your problem in our official forum. We are glad to offer help.

 

Comments are closed.