How to get rid of Windows Accelerator Pro; clean up an infected PC

Windows Accelerator Pro is a rogue anti-virus program that will display fake security alerts and block you from accessing certain programs claiming that they are infected by malware. It belongs to fakeAV families, in this case the FakeVimes scareware family. Obviously, it's not the first piece of malicious code from this family, just a few days ago I wrote about Windows Premium Shield which is basically the same malware with a different name. If you happen to be infected, please follow the steps in the removal guide below. Listen up. This rogue antivirus program is designed to scare you onto buying it, cyber crooks simply want to extort money from you, so DO NOT buy it!

Cyber crooks are using social engineering to trick victims and infected them with Windows Accelerator Pro. They post malicious URLs on popular social networks and if you happen to click on one of these links you will be redirected to a fake page which claims that "Microsoft Antivirus has found critical process activity on your PC." Then it will send you to another page that mimics "security alerts" displayed by brand-name products, in this case Microsoft Security Essentials. As you can see, scammers use existing detection names (Trojan-PSW.Win32.launch, HackTool:Win32/Welevate.A, Adware.Win32.Fraud) to confuse you and make it look completely official. Don't be fooled! The malicious URLs are not the same for everyone, cyber crooks change them very often to avoid detected, even by buy virustotal.com URL scanner.

Windows Accelerator Pro may be also distributed using drive-by downloads to distribute malware without you knowing something bad has just landed on your computer.

Once installed, Windows Accelerator Pro will be configured to automatically start when you login to Windows. The bad news is that it won't let you use any program at all. It will hide your desktop and disable Task Manager, registry and other tools that are usually useful when dealing with such malware. What is more, it will display a bunch of fake security alerts and notifications about dangerous Trojans and possible data lost due to malware activity on your computer. Just like the scan results, these warnings are fake and can be ignored. If you can't run your antivirus program, please follow the steps in the removal guide below. To remove Windows Accelerator Pro virus you will have to restart your computer in Safe Mode with Command Prompt and make a few changes to Windows registry either manually or using the registry fix file given below. Either way, it's not very difficult.

Most importantly, do not purchase Windows Accelerator Pro. Do not follow the on screen instructions and do not purchase it "to protect your system." If you have purchased it, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus. If you have any questions, please leave a comment below.

Written by Michael Kaur, http://deletemalware.blogspot.com

---

Windows Accelerator Pro removal instructions:

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Write the text in bold below to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GuardSoftware" =-

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"



6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)



7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.



NOTE: if you can't create the file as explained or you get an error, you can download the shellfix.reg file on a clean computer and burn it on to a CD or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your CD or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.

8. Please reboot your computer into the Normal Windows Mode and login as the infected user.

9. Now that you are at your normal Windows desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.

---

Associated Windows Accelerator Pro Files:

• C:\Documents and Settings\[User]\Application Data\guard-[random].exe (Windows XP)
• C:\Users\[User]\AppData\Roaming\guard-[random].exe (Windows 7)

Associated Windows Accelerator Pro Keys:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware"
• HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"