Home Malware Programs Rogue Anti-Spyware Programs Windows Easy Supervisor

Windows Easy Supervisor

Posted: July 5, 2011

ScreenshotWindows Easy Supervisor is a rogue application that creates a shallow pretense of serving useful security-related functions. Along with fake infection alerts and imitations of system scans, Windows Easy Supervisor will also pretend to monitor your PC for overall security and updates. Every tidbit of info that Windows Easy Supervisor provides is poisoned with false information, however, and Windows Easy Supervisor may also attack other programs, to prevent them from launching or to control your web-browsing behavior. Removing Windows Easy Supervisor is a task best left to an anti-virus application, if you have any available, but even manually deleting Windows Easy Supervisor is preferable than letting Windows Easy Supervisor stay on your computer.

How Windows Easy Supervisor Gets Installed Without Asking for Permission

The majority of Windows Easy Supervisor infections are caused by Trojans. Zlob is one popular scamware-delivering Trojan, but the Windows Easy Supervisor family of rogue programs usually prefers to be delivered by Fake Microsoft Security Essentials Alert. Fake Microsoft Security Essentials Alert uses error messages similar to the following to make it look like it's not a bad idea to have Windows Easy Supervisor on your PC:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

These fake errors are just the beginning to Windows Easy Supervisor's threat to your PC. After being installed, Windows Easy Supervisor will launch itself whenever Windows starts and plague you with many varieties of alerts, scanner results and other informative displays that supposedly announce a wide range of infections on your PC.

Just a few of Windows Easy Supervisor's fake error possibilities can include:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Warning!
Name: [Application file name]
Name: [Application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

The Worst of Windows Easy Supervisor's Scare Tactics

Although Windows Easy Supervisor's error messages are easily ignored, Windows Easy Supervisor may also launch other attacks on your PC that aren't as simple to dismiss. Windows Easy Supervisor can prevent programs from executing, typically with a few more bad error pop-ups that make it seem as though Windows Easy Supervisor isn't the real reason why these programs aren't working.

Windows Easy Supervisor and related rogue applications have also been known to take over web browsers using hijack attacks, either via proxy server settings or by abusing the Windows Registry. If you find your homepage changed to the Windows Easy Supervisor website, see unusual pop-ups or error screens, notice strange results in search engines or are redirected to the Windows Easy Supervisor website at random moments, your browser is being hijacked.

Windows Easy Supervisor infections are identical to those of Windows Easy Supervisor's clones, such as Windows Debugging Center, Windows Vulnerabilities Rescuer, Windows Antivirus System, Windows Inviolability System and Windows Necessary Firewall, to name a few recent examples. However, you still may need to update your anti-virus software to detect and remove Windows Easy Supervisor.

Keep in mind that purchasing Windows Easy Supervisor will never fix any of the fake problems that are noted above and, in fact, this will simply cause you to become the latest victim of credit card fraud in the Windows Easy Supervisor's scam.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
Loading...