Home Malware Programs Rogue Anti-Spyware Programs Avast Enhanced Protection Mode

Avast Enhanced Protection Mode

Posted: July 26, 2011

Avast Enhanced Protection Mode ScreenshotAvast Enhanced Protection Mode is an insidious rogue security program that pretends to be part of a legitimate Avast-brand installation. Although Avast Enhanced Protection Mode creates fake pop-ups that indicate that your PC is protected, behind the scenes Avast Enhanced Protection Mode has disabled as much of your security software as Avast Enhanced Protection can manage. Avast Enhanced Protection Mode may also try to bully you into spending money on a similar rogue program or allow remote criminals to attack your PC. Our SpywareRemove.com malware researchers recommend that you identify and remove Avast Enhanced Protection Mode ASAP with a real anti-virus product.

Avast Enhanced Protection Mode: a Fake Avast Label Atop an Empty Promise of Protection

Although many rogue applications, such as Home Codec Pack, Windows Armature Master and Internet Protection 2011 pretend to be unique and individual products, Avast Enhanced Protection Mode is different. Instead of creating its own brand or product, Avast Enhanced Protection Mode will trick you into believing that Avast Enhanced Protection is part of a preexisting Avast anti-virus software installation (a legitimate software brand). Our SpywareRemove.com malware researchers have discovered that although Avast Enhanced Protection Mode keeps its visible changes restricted to a few unusual messages, Avast Enhanced Protection Mode also will secretly try to disable any real Avast security software.

You can spot an Avast Enhanced Protection Mode by watching out for two obvious signs that aren't shown by real Avast products:

  • Firstly, Avast Enhanced Protection Mode will create a red icon on your Windows taskbar. When clicked, this icon creates the following pop-up:

    "Attention! Avast operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

    This 'enhanced' mode that Avast Enhanced Protection Mode displays isn't real and doesn't offer you any extra protection.

  • Avast Enhanced Protection Mode will also create a taskbar pop-up that tells you that Avast's anti-virus databases are fully up-to-date. You can differentiate between a real Avast update message and Avast Enhanced Protection Mode's fake one by checking the date – on a fake Avast Enhanced Protection Mode pop-up, the time of the update will match the time when you logged in to your PC.

Fighting the Good Fight Against Avast Enhanced Protection Mode's Brand-Stealing Tactics

Since Avast Enhanced Protection Mode is capable of infecting most modern versions of Windows, including XP, Vista, and Windows 7, you should have safeguards in place to prevent infection, such as an updated anti-virus program. Many rogue anti-spyware programs are installed by Trojans such as Fake Microsoft Security Essentials Alert and Zlob, which are installed, in turn, by pretending to be media updates.

Our SpywareRemove.com malware researchers have also found that Avast Enhanced Protection Mode is distributed specifically through fake Flash updates. All of these infection routes for Avast Enhanced Protection Mode can be avoided simply by installing updates only from official sources. Safe Mode may be necessary to launch the appropriate anti-malware software that can delete Avast Enhanced Protection Mode, since Avast Enhanced Protection Mode has been known to start itself automatically. Deleting Avast Enhanced Protection Mode manually has a high chance of leaving behind corrupted Registry entries and other components, and as such, should be avoided if possible. Close relatives of Avast Enhanced Protection Mode include Norton AntiVirus Enhanced Protection Mode, Avira Enhanced Protection Mode, and Eset Smart Security Enhanced Protection Mode, which try to use similar scams with different brands.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Users%\[UserName]\Downloads\OTS.exe File name: %Users%\[UserName]\Downloads\OTS.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe File name: %Windows%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\systemup.exe File name: %Windows%\systemup.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\l1rezerv.exe File name: %Windows%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\Avast Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Avast Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1Attention! Avast operates under enhanced protection mode. This is a temporary measure necessary for immediate response to the threat from virus. No action is required from you.

Loading...