• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware › Malware removal › How to remove pw.exe malware

How to remove pw.exe malware

Myantispyware team November 18, 2010     No Comment    

Pw.exe is the main file of each program from malware family, that includes the following programs: XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All of these programs are rogue antispyware. that uses misleading methods such false scan results and fake security warnings in order to trick you into purchasing their full version.

Pw.exe is installed onto your computer without your permission and knowledge with the help of trojans. Once the trojan is started, it will install pw.exe and configure it to run automatically when you start an application (files with “exe” extension). This malware also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.

When pw.exe is started, it will imitate a system scan. Once finished, this malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to detect any infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.

While pw.exe is running, it will flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:

Tracking software found!
Your PC activity is being monitored. Possible spyware
infection. Your data security may be compromised. Sensitive
data can be stolen. Prevent damage now by completing a
security scan.

Stealth intrusion!
Infection detected in the background. Your computer is now
attacked by spyware and rogue software. Eliminate the
infection safety, perform a security scan and deletion now.

However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!

As you can see pw.exe is very dangerous and can lead to a complete paralysis of your computer. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove pw.exe and any associated malware from your computer for free.

Use the following instructions to remove pw.exe

Step 1. Fix “.exe” file associations.

Method 1

Windows Vista/7
Click Start. Type in Search field command and press Enter.

Windows XP/2000
Click Start, Run. Type in Open field command and press Enter.

It will open the command prompt. Type into it notepad and press Enter. It will open Notepad. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.

Method 2

Windows Vista/7
Click Start. Type in Search field command and press Enter.

Windows XP/2000
Click Start, Run. Type in Open field command and press Enter.

It will open the command prompt. Type into it notepad and press Enter. It will open Notepad. Copy all the text below into Notepad.

[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command

[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.

Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.

Step 2. Remove pw.exe associated malware.

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for pw.exe infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.


Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove pw.exe. MalwareBytes Anti-malware will now remove all of associated pw.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Pw.exe removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Pw.exe malware creates the following files and folders

%AppData%\pw.exe

Pw.exe malware creates the following registry keys and values

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Malware Malware removal

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Gaming-trending-news.com Click Allow Scam
Gaming-trending-news.com Virus Removal Guide
Buymaxfield.com Click Allow Scam
Buymaxfield.com Virus Removal Guide
Sediny.shop Sedimy Tattoo Supply Store
Sedimy.com Review: Is Sedimy a Scam or Legitimate Tattoo Supply Store?
Ourcommonwords.com Press Allow Scam
Ourcommonwords.com Virus Removal Guide
Battlehammer.top Click Allow Scam
Battlehammer.top Virus Removal Guide

Follow Us

Search

Useful Guides

Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
Best free malware removal tools
Best Free Malware Removal Tools 2023

Recent Posts

How to remove Vista Antispyware 2011 virus/malware
How to remove ScanDisk and Scan Disk (Uninstall instructions)
How to remove Ultra Defragger (Uninstall instructions)
How to remove XP Antimalware 2011
How to remove XP Guard virus

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.