• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove pw.exe malware

Myantispyware team November 18, 2010    

Pw.exe is the main file of each program from malware family, that includes the following programs: XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All of these programs are rogue antispyware. that uses misleading methods such false scan results and fake security warnings in order to trick you into purchasing their full version.

Pw.exe is installed onto your computer without your permission and knowledge with the help of trojans. Once the trojan is started, it will install pw.exe and configure it to run automatically when you start an application (files with “exe” extension). This malware also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.

When pw.exe is started, it will imitate a system scan. Once finished, this malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to detect any infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.

While pw.exe is running, it will flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:

Tracking software found!
Your PC activity is being monitored. Possible spyware
infection. Your data security may be compromised. Sensitive
data can be stolen. Prevent damage now by completing a
security scan.

Stealth intrusion!
Infection detected in the background. Your computer is now
attacked by spyware and rogue software. Eliminate the
infection safety, perform a security scan and deletion now.

However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!

As you can see pw.exe is very dangerous and can lead to a complete paralysis of your computer. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove pw.exe and any associated malware from your computer for free.

Use the following instructions to remove pw.exe

Step 1. Fix “.exe” file associations.

Method 1

Windows Vista/7
Click Start. Type in Search field command and press Enter.

Windows XP/2000
Click Start, Run. Type in Open field command and press Enter.

It will open the command prompt. Type into it notepad and press Enter. It will open Notepad. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.

Method 2

Windows Vista/7
Click Start. Type in Search field command and press Enter.

Windows XP/2000
Click Start, Run. Type in Open field command and press Enter.

It will open the command prompt. Type into it notepad and press Enter. It will open Notepad. Copy all the text below into Notepad.

[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command

[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.

Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.

Step 2. Remove pw.exe associated malware.

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for pw.exe infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.


Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove pw.exe. MalwareBytes Anti-malware will now remove all of associated pw.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Pw.exe removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Pw.exe malware creates the following files and folders

%AppData%\pw.exe

Pw.exe malware creates the following registry keys and values

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Malware Malware removal

 Previous Post

How to remove Vista Antispyware 2011 virus/malware

Next Post 

How to remove Check Disk and CheckDisk (Uninstall instructions)

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Jezidexp.com MrBeast $1111? Fake Promo Code Scams Exposed
scam alert
Feastax.com Review, FREE $3,000 Scam, Fake MrBeast Promo Codes
Anchomoross.com Virus Removal Guide
scam alert
Fake or Real? You Visited Some Hacked Websites With Exploit Email Scam Explained
scam alert
Spotify Can’t Process Your Payment Scam Alert: A Phishing Email to Avoid

Follow Us

Search

Useful Guides

Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
This setting is enforced by your administrator (Removal guide)

Recent Guides

How to remove Vista Antispyware 2011 virus/malware
How to remove ScanDisk and Scan Disk (Uninstall instructions)
How to remove Ultra Defragger (Uninstall instructions)
How to remove XP Antimalware 2011
How to remove XP Guard virus

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.