Windows ProSecure Scanner
Posted: May 11, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 78 |
| First Seen: | May 11, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Windows ProSecure Scanner is a clone of similar rogue anti-spyware scanners recently derived from Win32/FakeVimes. Like its relatives, Windows ProSecure Scanner may pretend to have security and anti-spyware features, but Windows ProSecure Scanner's system diagnostics are always fraudulent, its scans always filled with inaccurate results and its pop-ups always recommending self-destructive actions against nonexistent attacks. SpywareRemove.com malware researchers suggest that you delete Windows ProSecure Scanner just as any member of FakeVimes, should be deleted, via robust system scans from real anti-malware programs. While Windows ProSecure Scanner may attempt to convince you that its browser hijacks and software blockades are appearing for unrelated reasons, these symptoms are common to Windows ProSecure Scanner's family of scamware, regardless of where Windows ProSecure Scanner would like to place the blame.
Windows ProSecure Scanner – a Scanner without Any Scanning to Its Name
Windows ProSecure Scanner doesn't have any sort of genuine threat-detection or removal functions, but, despite this, does its best to imply otherwise with its ever-changing rotations of fake system alerts and scanner results. These fraudulent features will list highly-advanced PC threats by their technical names and can even pretend to detect direct attacks against your computer or the information stored therein, but, ultimately, all of this amounts to a cheap way to scam you out of your money. Like other rogue anti-spyware products from its family, all Windows ProSecure Scanner wants is to bully you into purchasing a software registration key, which is an act that SpywareRemove.com malware experts note to be self-destructive and pointlessly wasteful.
In spite of the lack of necessity for spending money on Windows ProSecure Scanner, you may wish to register Windows ProSecure Scanner anyway by using the code '0W000-000B0-00T00-E0020.' This code is accepted by many members of Win32/FakeVimes without purchase being required and can help to put a stop to Windows ProSecure Scanner's attacks prior to its proper removal. Other useful steps that SpywareRemove.com malware analysts can recommend when dealing with a Windows ProSecure Scanner infection include booting into Safe Mode or booting from network-shared hard drive or removable hard drive. This will simplify the process of scanning your PC to delete Windows ProSecure Scanner without any interference. The many FakeVimes family members include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
Why Windows ProSecure Scanner's Scam isn't Something to Ignore
After hearing that all of Windows ProSecure Scanner's security information is inaccurate, you might be tempted just to ignore Windows ProSecure Scanner and go about your business. Sadly, SpywareRemove.com malware research team is forced to discourage this, since Windows ProSecure Scanner belongs to a scamware family that's also noted for security-related attacks. Some of the most important issues that are symptomatic of a Windows ProSecure Scanner or other FakeVimes-based infection include:
- Browser redirects whenever you try to use a search engine.
- Problems with using legitimate security programs and Windows tools (prominently including Task Manager).
- Disabled Windows security settings that cause your PC to be vulnerable to improperly-identified files.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\Protector-{random 3 characters}.exe
File name: %AppData%\Protector-{random 3 characters}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Protector-{random 4 characters}.exe
File name: %AppData%\Protector-{random 4 characters}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\result.db
File name: %AppData%\result.dbMime Type: unknown/db
Group: Malware file
%Desktop%\Windows ProSecure Scanner.lnk
File name: %Desktop%\Windows ProSecure Scanner.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{random}.exe
I have some computer prlmoebs?My computer has been acting strange lately. Just yesterday (1/12/09), it started. Yesterday's symptoms: All three user passwords changed without human interaction. That's all.Yesterday's Human Interactions: Computer administrator (me) fixed password problem by going into safe mode and using Built-In Administrator account. Also performed a virus check, came up clean. Also did Disk Defrag and Disk Cleanup. Came out fine. Ran Chkdsk on boot, came up fine, no prlmoebs. Messed with the registry to change a company name I put on there, and I know I changed the right thing. Yes, I changed it and it was put on there by ME. Deleted all system restore points under Local Disk options except the most recent. That's all.Today's Symptoms: BitTorrent DNA downloaded somehow, tried to run on my Firefox, wasn't compatible, can't uninstall from Firefox. BitTorrent DNA tried to access the internet, but was stopped by Windows Firewall. Also, when I tried to log onto my username, it wasn't there. I had to use Ctrl + Alt + Del on the Windows login screen, logged in fine with password I set yesterday. That's all.Today's Human Interactions: None, except for logging in using Ctrl + Alt + Del and using Firefox to write this. That's all.Computer Stats:Running Windows XP Home Edition, SP3.Model Dimension B110 by DellTricked out to look like windows vista, about 1 or 2 months ago (November/December 2008), no prlmoebs since.Hacked uitheme.dll file, hacked by ME.I want to know what might be wrong with my computer, and how I might be able to fix it, and anything else helpful. Please tell me if I need to put more details, because I'll try. Thanks all!I forgot to add: I don't have an os diskSome more things going on with the computer: my official symantec virus scanner does not update anymore, and I cannot force update. Another thing: the registry returns an access denied error whenever I update a key. This never happened to me.Even more junk I forgot: two other people that use my computer use IE7 every day and I don't know what sites they access, although they both say they go on safe sites. Don't blame me for using IE either, I use Firefox and ipod touch's Safari.