WiniBlueSoft is a rogue antispyware program that uses fake alerts and false positives to trick you into buying the software. The rogue is distributed through the use trojans.
During installation, WiniBlueSoft configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and reports false or exaggerated system security threats on the computer that cannot be removed unless you first purchase the software. In addition the program creates many files in the C:\Windows and C:\Windows\System32 folders. These files during the scan will determine as trojans and spyware.
While WiniBlueSoft is running your computer will display fake Windows Security Center that will recommend you register WiniBlueSoft and fake security alerts from your Windows taskbar. Please ignore these alerts. Use the free instructions below to remove WiniBlueSoft and any associated malware from your computer.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 – HKCU\..\Run: [setup2.exe] C:\WINDOWS\System32\setup2.exe
Use the following instructions to remove WiniBlueSoft (Uninstall instructions)
Download Avenger from here and unzip to your desktop.
Run Avenger, make sure that the box next to “Scan for rootkits” and “Automatically disable any rootkits found” has a tick in it, copy,then paste the following text in Input script Box:
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WiniBlueSoft
Files to delete:
%programfiles%\WiniBlueSoft Software
%windir%\system32\setup2.exe
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
WiniBlueSoft creates the following files and folders
C:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft
C:\Program Files\WiniBlueSoft Software
C:\Program Files\WiniBlueSoft Software\WiniBlueSoft
C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe
C:\WINDOWS\system32\setup2.exe
%UserProfile%\Local Settings\Temp\setup.exe
%UserProfile%\Local Settings\Temp\setup2.exe
C:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\WiniBlueSoft.lnk
C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\data.bin
C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\License.txt
C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\uninstall.exe
C:\Documents and Settings\All Users\Desktop\WiniBlueSoft.lnk
This was the best solution. I searched everywhere and this finally worked, for real. Thank you so much, that Winbluesoft was really making me mad.