1 of 9
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Changes background
  • Shows commercial adverts
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Express Settings

Despite the best efforts of the online security industry to educate is consumers; many users still continue to fall for the sophisticated lies and clever online marketing campaigns employed by rogue antispyware applications such as Windows Express Settings. This rouge antispyware application was designed not to be of any benefit to a PC whatsoever, but solely to act as a vessel to rip honest consumers off. Windows Express Settings, which emanates from the exact same family as Windows System Optmizator and Windows Optimal Solution will enter the system under false pretenses and proceed to make the PC completely inoperable as part of its campaign to extort money out of the user.

This rogue makes use of established forms of infection including Trojans to deliver and root its infections in its host PCs. Windows Express Settings’s infiltration into the system is virtually undetectable, and this makes it that much harder for the user or any security application to identify and destroy Windows Express Settings from the system. The fake security software has also been known to bundle its malware together with genuine security updates and downloads obtainable from third party websites.

Users will remain largely unaware of Windows Express Settings’s presence on the system until such time that it deems it appropriate to start its attack on the system. This will happen through Windows Express Settings generating various false security alerts aimed at causing panic in the user and convincing him that his system is under attack. In reality these fake security messages are completely without merit, and the fake threats reported on do not even exist. Some of the more popular fake security alerts to be on the lookout for include the following:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Windows Safety Protection will then prompt the PC owner to scan his system. This will start a fake scan of the PC which ultimately states that a particular file is infected with Trojan.Horse.Win32.PAV.64.a. Windows Safety Protection then prompts the user to install Windows Safety Protection to remove the virus. The text of this prompt is:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Warning!
Name: firefox.exe
Name: c:\program files\firefox\firefox.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Users who did not manage to get rid of Windows Express Settings in time complained about various disturbing symptoms this rogue antispyware is well known for. These include being unable to access their Desktops as well as blocked Internet connections and the inability to execute any files on their systems. Windows Express Settings does this with the express intent to prevent the user from downloading or running any type of application which could not only identify it on the system but also permanently remove Windows Express Settings from the PC altogether. There does seem to be a way to circumvent these distressful and annoying symptoms. Follow these instructions in order to regain access to your Desktop and in so doing find a remedy for Windows Express Settings:

1. Reboot your system. You will find the Windows Express Settings startup screen blocking access to your Desktop. Click the “OK” button to make it go away. The malware will start a fake system scan.
2. Wait until the scan is done. Once the scan is finished you will see another fake security notice. Click “OK” one more time.
3. Make the notification go away by clicking on the red “X” at the right top of it.
4. It should now disappear and you will be able to access your desktop again.

Do not think by merely having followed the above instructions that you have now successfully neutralized the threat, as you still need to destroy Windows Express Settings in order to secure your system’s safety and security. Make use of a genuine security tool which will not only erase Windows Express Settings for good but also provide adequate protection against similar future threats.

Download Spyware Removal Tool to Remove* Windows Express Settings
  • Quick & tested solution for Windows Express Settings removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Express Settings

Files associated with Windows Express Settings infection:

rsjbtk.exe
%AppData%\[random].exe

Windows Express Settings processes to kill:

rsjbtk.exe
[random].exe

Remove Windows Express Settings registry entries:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell “%AppData%\[random].exe”
Disclaimer

Comments

  1. albert f morales Jul 2, 2015

    YOU HAVE MADE A GOOD PRESENTATION BUT TODAY I LUCKY TO RID MY # 1 PAIN IN THE LAPTOP....A BUISNESS SOLUTION CALLED "TECHNIC BUISNESS SOLUTION". A PAIN IN THE ARSS
    BUT FOUND IT LURKING TODO MORE (PIA), BUT I GOT BY NOT
    GOING AT IT DIRECLY???? I STARTED TO ELEMINATION BY ERACING FROM THE REAR..DAMED IF DIDN'T SEND IT AWAY.
    GOOD LUCK..IT TOOK TWO DAYS TO DO IT...AL MORALES CHINO,CA

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.