What is the Windows Movie Maker virus? And how does it function?
Windows Movie Maker is a legitimate program by Microsoft. It is a video editing program which was discontinued in January 2017. However, recently hackers were noticing a fake version of the program. Once users install the bogus application, it will deliver an alert that the program is only a trial version and that users must purchase the full version of the program for a “full-featured software and tech support”. Various security programs detect this malicious software under the name of Win32/Hoax.MovieMaker. Based on the ESET analysis, Windows Movie Maker virus is the third most detected malware globally on November 5, 2017. Majority of its victims are from Philippines, Israel, Denmark and Finland.
Obviously, the main goal of this malware is to convince users into buying the supposedly “full version” of the fake video editing software. After the installation, users will soon find out that they have downloaded the “trial version” of the program. This should have ring some warning bells as the legitimate Windows Movie Maker program was free of charge always. Users will also get a pop up that says:
“This feature is unavailable in Trial Version. Please buy full version software to use this feature.”
Or:
“This is Trial Version of Windows Movie Maker. Please buy full version for full-featured software and tech support.”
Moreover, the pop-up also includes buttons such as “Register”, Buy Now” and “Later”. Users who have no clue that the real Windows Movie Maker is free have fallen to the trap and purchased the license where they are redirected to the malware’s payment website and asked to pay $29.99 for the non-existing “Full version” of the program. The crooks behind the Windows Movie Maker virus even had the nerve to offer a 25% discount. Thankfully, security experts haven’t detected any malicious components f the program that could cause harm to the computer. The only thing it cause harm to is the pockets of the users. So if you are one of the users who was caught in the trap of the Windows Movie Maker virus, it’s best to uninstall it as soon as possible.
How does the fake version of Windows Movie Maker spread online?
The Windows Movie Maker virus spreads as a fake video editing software. It even has an official website at windows-movie-maker.org which might appear at the top of Google search results whenever users enter “movie maker” keyword. Thus, the similarities of the names have tricked a lot of users into downloading and installing the fake Windows Movie Maker. You should also be aware that this fake version could also spread on various file-sharing sites, P2P networks and torrents. It might also be distributed on freeware and shareware packages so you’ve got to be careful when installing these kinds of packages and that you must opt for the Advanced or Custom setup if you decide to install one.
The steps provided below will help you terminate Windows Movie Maker virus from your computer. Carefully follow each one of them for successful removal.
Step 1: Tap Ctrl + Shift + Esc keys to open Task Manager.
Step 2: Under Task Manager, look for Malware’s process and end it.
Step 3: Close the Task Manager and open Control Panel from your Start Menu or open it by tapping Win + R keys to open Run and then type in appwiz.cpl and tap Enter.
Step 4: After opening Control Panel, look for Windows Movie Maker under the list of programs and then uninstall it.
Step 5: Tap Win + E keys to open File Explorer. From there, navigate to the following locations and look for any suspicious files which Windows Movie Maker virus may have created as well as its installer and delete them.
- C:\Program Files\Common Files\System\symsrv.dll
- C:\Program Files (x86)\Malware
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 6: Close the File Explorer. Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, unlike Malware, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 7: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 8: Navigate to the following paths:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Step 9: Look for any registry keys and sub-keys that the Windows Movie Maker virus might have created under the path given above and delete them.
Step 10: Close the Registry Editor and empty your Recycle Bin.
To make sure that nothing is left behind and that the Windows Movie Maker virus is completely removed, use the following antivirus program. To use it, refer to the instructions below.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.