Windows Salvor Tool is a malware program that is part of the infection called Fake Microsoft Security Essentials. Windows Salvor Tool basically acts as an anti-spyware program that gives false information about your system.
At first, Windows Salvor Tool will trigger a Fake Microsoft Security Essentials alert stating that an Unknown Win32/Trojan has been found on your machine. It then prompts you to perform a scan, which is also a fake, after which you will be informed that a particular file on your machine is infected with Trojan.Horse.Win32.PAV.64.a. You will then get a new fake alert suggesting that the only way to get rid of this infection is by downloading and installing Windows Salvor Tool on your system. Clicking the OK button will automatically download and install Windows Salvor Tool on your system, after which your computer will be rebooted.
How To: Remove Windows Salvor Tool Virus / Malware ( Removal Guide )
After the reboot you will notice that you are not able to access your regular desktop screen as usual, instead you are presented with a Windows Salvor Tool window, prompting you to perform another scan on your system. Performing this fake scan is the only way you can get past this Windows Salvor Tool window and access your regular desktop screen.
After the fake scan is completed you will be presented with a series of warning messages suggesting that numerous infections have been found on your computer. Windows Salvor Tool will then suggest that in order to get rid of these infections you will need to buy the full version of this so called “anti-spyware” program.
Do NOT give away your credit card information or your money. This so called full version is just another fake and it’s meant to get a hold on your money and personal information. Here’s what you need to do.
Windows Salvor Tool Removal Guide
First you need to download your tools that will rid your system of Windows Salvor Tool. You will need RKill, Shell.reg and Malwarebytes’ Anti-Malware (MBAM). Note that Windows Salvor Tool might not permit you to access the internet so you will not be able to download these files directly on your infected machine. If this is the case you will need to download these files on another working computer and transfer them via CD/DVD, USB flash drive or any other portable means.
- Run RKill in order to kill any processes related to Windows Salvor Tool. Keep in mind that the RKill scanning process might take a while so please be patient. If you get warning messages concerning RKill being a threat ignore them. After RKill finishes scanning and killing any unwanted processes keep in mind NOT to reboot your system. Also, if Windows Salvor Tool gives you a hard time and you can’t use RKill properly try downloading a renamed version like iExplore.exe from the download link provided above.
- Next step is restoring your Windows Registry Shell value. Do NOT skip this test else you will not be able to access your regular desktop screen once you remove Windows Salvor Tool. To restore your shell registry value you need to run Shell.reg and let it merge the data.
- Time to make use of MBAM and get rid of the infection on your machine. Install MBAM and make sure that during the installation process both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware buttons are checked. After the installation is complete, reboot your system if prompted to do so.
- After the reboot MBAM should launch and update itself automatically, after which you will see a message box. Press Ok and you will then be presented with the MBAM main screen. From there go to the Scanner Tab, check the Perform Full Scan option and then press on the Scan button below.
- Once the scanning is complete MBAM will show you a full list of threats found on your computer. Check all of these infections and press the Remove Selected button below, after which reboot your system if asked to do so.
If you followed this guide accordingly your computer should now be rid of Windows Salvor Tool. However, considering the fact that you’ve got this threat on your computer in the first place, it’s highly recommended that you follow this Secunia PSI guide.
