Home Malware Programs Rogue Anti-Spyware Programs Windows Firewall Unit

Windows Firewall Unit

Posted: May 25, 2011

ScreenshotWindows Firewall Unit is a new version of rogue security programs like Windows Oversight Center and Windows Tweaking Utility. The Windows Firewall Unit program tries to look like an unrelated and trustworthy security program, but all of Windows Firewall Unit's infection warnings and system analysis results are full of deceitful negativity. Windows Firewall Unit may also be accompanied by Trojans and can cripple your ability to use other programs or browse websites. For these reasons, Windows Firewall Unit is considered a high-level security threat that should be removed with a good anti-malware product.

Windows Firewall Unit: An Unoriginal but Still Deadly PC Threat

Windows Firewall Unit strongly resembles other rogue security programs in Windows Firewall Unit's family, including the use of the Windows OS symbol and a pretense of 'scoring' various aspects of your computer security. Don't worry if you see horrible scores or ratings from Windows Firewall Unit, since Windows Firewall Unit isn't really analyzing your system in the first place.

Some of Windows Firewall Unit's close relatives include Windows Tasks Optimizer, Windows Virtual Firewall, Windows Profile System, Windows Precautions Center, Windows Oversight Center and Windows Tweaking Utility. Despite the different names, these rogue security programs all attack your PC in similar ways.

However, you shouldn't assume that your security application can detect Windows Firewall Unit just because it can detect some of Windows Firewall Unit's clones. Keeping your threat databases updated is essential for detecting new threats like Windows Firewall Unit.

Along with creating a fake system analysis display, Windows Firewall Unit will create pop-up alerts like the following:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

These warnings are dangerous in that they can convince you that threats like Rbot viruses exist when they're really not present at all. Not only can Windows Firewall Unit not do anything Windows Firewall Unit says it can do, but purchasing Windows Firewall Unit will endanger your credit card with the possibility of repetitive fraudulent charges.

A Threat to Your Other Programs as Well as to Your Wallet

Windows Firewall Unit may interfere with your other applications in various ways. Some of the most likely Windows Firewall Unit attacks include:

  • Web browser hijacks that display fake errors, add links or advertisements, change your homepage or redirect you away from one website to a different (and most likely malicious) one.
  • Blocked applications, with or without the use of fake errors that make it look like these programs are infected. Windows Firewall Unit may not let you use any anti-malware application at all until you use Safe Mode or another method of disabling Windows Firewall Unit.

Threats in the Windows Firewall Unit subgroup are often distributed by the Fake Microsoft Security Essentials Alert. Because of this and other factors (like the presence of corrupt Registry entries) that complicate removal, you should delete Windows Firewall Unit by using appropriate security programs instead of trying to remove Windows Firewall Unit by yourself.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Microsoft\[RANDOM CHRACATERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

Additional Information on Windows Firewall Unit

  • The following messages's were detected:
    # Message
    1 Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    2 Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
    3 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    4 Warning!
    Location: c:\windows\system32\taskmgr.exe
    Viruses: Backdoor.Win32.Rbot
Loading...