Windows Scan is a fake computer optimization software. The program blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that the computer’s memory or hard drive is corrupt in order to trick you into thinking your computer has a lot of serious problems. The misleading program will state that all you have to do in order to fix these problems and errors is purchase its full version. Important to known, WindowsScan is unable to detect and fix any problems, so do not pay for the bogus software, simply ignore all that it will display you.
Windows Scan from same family of malware as Full Scan, Win Scanner, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, cyber criminals may also distribute WindowsScan via Twitter, My Space, Facebook and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC. Remember that the rogue is a highly dangerous application and you need remove Windows Scan as soon as possible!
Like other fake computer optimization programs, it will simulate a system scan and “detect” numerous critical errors, e.g. “Drive C initializing error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. Next, the rogue will ask you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. Thus, you can safety ignore the false scan results.
Windows Scan will block all Windows legitimate applications from running. Important to note, if you attempt to run a program enough times it will eventually work. The following warning will be shown when you attempt to run a program:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application
Moreover, this malware will display various fake alerts. The text of some of the alerts are:
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!
As you can see, all WindowsScan does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Windows Scan and any associated malware from your computer for free.
Automated Removal Instructions for Windows Scan
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Stop Windows Scan from running
Download HijackThis from here. Run HijackThis and click Scan button to perform a system scan. Place a checkmark against each of lines:
O4 – HKCU\..\Run: [{RANDOM}.exe] %CommonAppData%\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %CommonAppData%\{RANDOM}.exe
Example:
O4 – HKCU\..\Run: [CvdCEPoYRb.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CvdCEPoYRb.exe
O4 – HKCU\..\Run: [SaMFLunm] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SaMFLunm.exe
Note: list of infected items may be different. Template of the malicious entries:
Variant 1: O4 – HKCU\..\Run: [{random string}] %CommonAppData%\{random string}.exe;
Variant 2: O4 – HKCU\..\Run: [{random string}.exe] %CommonAppData%\{random string}.exe;
%CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista).
If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 3. Remove Windows Scan associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Scan infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Windows Scan. MalwareBytes Anti-malware will now remove all of associated WindowsScan files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Windows Scan removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Windows Scan creates the following files and folders
%UserProfile%\Desktop\Windows Scan.lnk
%UserProfile%\Start Menu\Programs\Windows Scan\Windows Scan.lnk
%UserProfile%\Start Menu\Programs\Windows Scan\Uninstall Windows Scan.lnk
%CommonAppData%\{RANDOM}.exe
%CommonAppData%\{RANDOM}
%CommonAppData%\{RANDOM}.dat
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
Windows Scan creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
thx a lot! 🙂
this works got rid off windows scan but was unsure about the hijackthis so left alone thank u my missus can go on working now lol
Thanks a lot, it was most helpful! I didn’t download any additional software though.
This nasty Windows Scan virus totally corrupted my computer and I really thought I would have to reinstall the OS and lose all my personal files. So, so happy that I was able to just delete the malware and keep everything else.
I only used the list of files to be removed at the very end of this article. So I ran my pc in Safe Mode, then deleted TWO files with random names in the Registry Key, and after that deleted ALL the files listed in the section “Windows Scan creates the following files and folders”. Running the pc in normal mode then showed that the malware was gone.
I was able to successfully remove windows scan by simply deleting it several times from my program files, until it disappeared. I knew it was a virus because I noticed it had been added to my computer in 2011, not 2008 when I purchased my computer.
thanks we may or may not also have picked up TDSS rootkit along with it causing the removal to fail to stop it coming right back. DO everything in safe mode. Downloaded the TDSS removal tool from Kaspersky used in safe mode, reboot then ran malawarebytes again – successful update. ALso had to clean out the temp folders with a fabulous little program that scrubs all of them and lastly hijack this again to get at all the registry entries taking IE8 back to the infected webpages. Look for registry entries specifying URLS
C:\Windows\system32\wdmaud.sys was a fake file hiding out that we also removed manually.
final step was to reset internet connection in control panel >internet options> connections>LAN settings – untick the proxy setting and retick automatic before we had a working internet connection outside of safe mode. click ok hurray
Hi i got duped into buying this window scan i thought it was some legit program and now i cant get it off it said my computer was effected all aboive i called this 1800 number and all i got was some garbled voice they told me they have a refund for 30 days i sent an email they told me i will get my money back in 10-14 day period hopefully i can get it back anyway i tried to get it off it said it my antivirus was not working and neither my saved archives was their i really thought my computer was messing up cant believe i bought this thing. It even installed something called antivirus 8 which something phony too so i turned it off and next few hours i cant get on windows at all i just get this start up screen and it just loads for hours on end i tried running windows in safe mode even safe mode with networking it wont let me brings a bunch of drivers up I was wondering can anyone help?
THANK SOOO MUCH , I was so worried :’c But you helped me solve it! Thanks a lot! 😀
I ran a system restore after i clicked on this popup and then i ran malwarebytes and i didnt have any viruses or infected items at all. I also ran windows security essentials and it is still running but there isnt any viruses so far. do i really have no viruses?