Home Malware Programs Rogue Anti-Spyware Programs Windows Averting System

Windows Averting System

Posted: May 31, 2011

ScreenshotWindows Averting System is one of many rogue security programs that use Trojans to infect your PC under the guise of being a Microsoft Security Essentials download. Windows Averting System may look like an anti-virus and security utility, but Windows Averting System's true functions will steal control of your web browser, block applications and create fake alerts about infections that aren't on your PC. You should handle removal of Windows Averting System with the help of from an anti-malware program, since Windows Averting System is often accompanied by Trojans and will make Registry changes that are difficult to undo manually.

Top-Priority Security Threats Related to Windows Averting System Infections

Windows Averting System infects your computer by being dropped as the payload of a Fake Microsoft Security Essentials Alert Trojan. Fake Microsoft Security Essentials Alert Trojans are also capable of installing other rogue security programs that are closely related to Windows Averting System – Windows Anticrashes Utility, Windows Safeguard Utility, Windows Firewall Unit and Windows Troubles Solver are some of the other threats that may be installed this way.

The interface that Windows Averting System uses is reminiscent of these other rogue security programs, containing a similar categorization scheme of system aspects like 'hard disk optimization,' 'memory & devices' and 'network security.' Most or all of these categories will be automatically graded poorly, but this is simply a cheap scaremongering tactic. Windows Averting System doesn't attempt to monitor your PC security in any way, other than to try to disable parts of it, as seen below:

  • Windows Averting System will change your Registry to attach Windows Averting System to the basic Windows startup routine. This lets Windows Averting System run by default unless you take special measures (like Safe Mode) to avoid triggering the startup Registry entries.
  • Attempts to launch your web browser while Windows Averting System is active will result in Windows Averting System hijacking the application. This can cause your homepage to change, create links or advertisements where they don't belong and even redirect you to malicious websites.
  • Different programs may crash or otherwise not work properly while Windows Averting System is active. Windows Averting System may use errors like the ones below to pretend that the program is infected:

    Warning!
    Location: [application file path]
    Viruses: Backdoor.Win32.Rbot

    Warning!
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

The Rest of Windows Averting System's Fake Anti-Virus Scam

Windows Averting System will also create other fake alerts on a more random basis:

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Besides blocking programs, these alerts may be used to redirect you to the Windows Averting System website. Visiting the Windows Averting System website, even by accident, can result in other Trojan attacks. Purchasing Windows Averting System or giving away personal information to its website is as good as giving money and information directly to criminal hands. If you've made this mistake already, talk to your credit card company and have the relevant charges revoked.

Because of the high chance of Trojans being present and the generally complex nature of Windows Averting System infections, you should resort to manual removal techniques only as a final resort. To delete Windows Averting System with minimal side effects, use proven anti-malware tool whenever it's available.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

Additional Information on Windows Averting System

  • The following messages's were detected:
    # Message
    1 Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
    2 Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    3 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    4 Warning!
    Location: c:\windows\system32\taskmgr.exe
    Viruses: Backdoor.Win32.Rbot
Loading...