Home Malware Programs Rogue Anti-Spyware Programs Windows Antivirus Release

Windows Antivirus Release

Posted: August 8, 2012

Threat Metric

Threat Level: 10/10
Infected PCs: 35
First Seen: August 8, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Antivirus Release Screenshot 1With pop-up alerts that display fraudulent warnings and system scans that are brimming over with inaccurate threat detections, Windows Antivirus Release's features and interface give Windows Antivirus Release every indicative trait of being a rogue anti-malware scanner that's cloned from other FakeVimes-based forms of scamware. Although Windows Antivirus Release may make a pretense of finding and trying to protect your machine from a variety of Trojans and other PC threats, SpywareRemove.com malware analysts are unable to verify any of Windows Antivirus Release's security features, and, in addition to this, note that Windows Antivirus Release may also block legitimate security programs or redirect your web browser. Rogue anti-malware products like Windows Antivirus Release should never be purchased, even to effect their removal, which can be expedited by using a secure means of booting Windows along with anti-malware scans from real anti-malware programs.

Windows Antivirus Release – a Bad Choice for Your AV Protection

Windows Antivirus Release is a member of the FakeVimes family of scamware such as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Distribution vectors for these PC threats often utilize fake media updates for codecs and streaming movie players, usually along with Trojan downloaders or Trojan droppers that install Windows Antivirus Release and its relatives without your permission. Having caution around sites that offer unusual software update links can, as SpywareRemove.com malware researchers note, be a good way to avoid probable Windows Antivirus Release infections.

After using another brand of software as Windows Antivirus Release's vehicle to get into your computer, Windows Antivirus Release will continue its farce by pretending to detect a colorful range of PC threats. These alerts will continue even if the only thing that's wrong with your PC is Windows Antivirus Release, and include such detections as:

Alerts from Windows Antivirus Release should always be ignored. While, in some cases, there may appear to be unusual files on your computer with randomly-generated names, Windows Antivirus Release's family of scamware has been known to generate these 'trash' files intentionally to encourage false positives.

Getting a Release from Windows Antivirus Release's False Security

Even if you're aware that Windows Antivirus Release is a rogue anti-malware product that doesn't need to be purchased for your PC's safety, Windows Antivirus Release is still capable of being a significant impediment to your virtual security. Symptoms of Windows Antivirus Release attacks often include Registry changes to disable baseline security features, attempts to redirect web browsers to unusual websites and attempts to block anti-virus and security programs either at the memory-level or the Registry-level. In cases of the latter, SpywareRemove.com malware analysts note that you may need to repair or restore your Registry before programs with deleted Registry entries will function again. Reinstalling these programs should also reintroduce the necessary entries to your Registry.

To stop Windows Antivirus Release from blocking the very programs that could delete Windows Antivirus Release, SpywareRemove.com malware analysts suggest booting into Safe Mode or booting from a USB flash drive. These system boot methods will disable Windows Antivirus Release and allow you to scan your computer at your leisure.

Windows Antivirus Release Screenshot 2Windows Antivirus Release Screenshot 3Windows Antivirus Release Screenshot 4Windows Antivirus Release Screenshot 5Windows Antivirus Release Screenshot 6Windows Antivirus Release Screenshot 7Windows Antivirus Release Screenshot 8Windows Antivirus Release Screenshot 9Windows Antivirus Release Screenshot 10Windows Antivirus Release Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Protector-afnq.exe File name: Protector-afnq.exe
Size: 2.4 MB (2405888 bytes)
MD5: 960f698531cd8d92298e4e61f1bd0e1b
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 8, 2020
%AppData%\Protector-[rnd].exe File name: %AppData%\Protector-[rnd].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Additional Information

The following messages's were detected:
# Message
1Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
2Firewall has blocked a program from accessing the Internet Internet Explorer C:program filesinternet exploreriexpolre.exe C:program filesinternet exploreriexpolre.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. Recommended: Please click "Prevent attack" button to prevent all attacks and protect your PC
3Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notifications means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
4Warning! Virus Detected Threat Detected: Trojan-Downloader.Win32.Agent Security Risk: Infected File: regedit.exe Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Recommended: Please click "remove All" button to erase all infected files and protect your PC
5Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Related Posts

One Comment

Loading...