Remove Windows Threats Destroyer

Windows Threats Destroyer is a fake antivirus program that try to act like a legitimate antivirus such as Kaspersky Antivirus which can really protect our computer from viruses, malwares and torjan. However, Windows Threats Destroyer cannot detect and remove any kind of viruses, malwares and trojan. Windows Threats Destroyer will run automatically when Windows boot and will do a fake scan on the computer and will DEFINITELY state that the computer has been infected by many malwares, viruses and torjans. Then Windows Threats Destroyer will shows pop ups to urge the user to purchase the full version of Windows Threats Destroyer to remove all the detected threats. Do not buy Windows Threats Destroyer, as it can do nothing. Windows Threats Destroyer uses fake Microsoft Security Essentials Alerts to circulate.

Windows Threats Destroyer provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.


Windows Threats Destroyer can be removed by stopping the process [random].exe by Emsisoft HiJackFree and kill the file at the same time. Then, the user has to remove all the related files and registry entries added by Windows Threats Destroyer (see removal guide below).

Windows Threats Destroyer should be removed immediately!

Windows Threats Destroyer Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%ALLUSERSPROFILE%\Application Data\095a\sqlite3.dll
%ALLUSERSPROFILE%\Application Data\095a\mozcrt19.dll

Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "pewqnbuehd"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe
... and many more Image File Execution Options entries.


Remove Folders and Files

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Firewall Constructor.lnk
%Desktop%\Windows Firewall Constructor.lnk