Avast Enhanced Protection Mode
Avast Enhanced Protection Mode is an insidious rogue security program that pretends to be part of a legitimate Avast-brand installation. Although Avast Enhanced Protection Mode creates fake pop-ups that indicate that your PC is protected, behind the scenes Avast Enhanced Protection Mode has disabled as much of your security software as Avast Enhanced Protection can manage. Avast Enhanced Protection Mode may also try to bully you into spending money on a similar rogue program or allow remote criminals to attack your PC. Our SpywareRemove.com malware researchers recommend that you identify and remove Avast Enhanced Protection Mode ASAP with a real anti-virus product.
Avast Enhanced Protection Mode: a Fake Avast Label Atop an Empty Promise of Protection
Although many rogue applications, such as Home Codec Pack, Windows Armature Master and Internet Protection 2011 pretend to be unique and individual products, Avast Enhanced Protection Mode is different. Instead of creating its own brand or product, Avast Enhanced Protection Mode will trick you into believing that Avast Enhanced Protection is part of a preexisting Avast anti-virus software installation (a legitimate software brand). Our SpywareRemove.com malware researchers have discovered that although Avast Enhanced Protection Mode keeps its visible changes restricted to a few unusual messages, Avast Enhanced Protection Mode also will secretly try to disable any real Avast security software.
You can spot an Avast Enhanced Protection Mode by watching out for two obvious signs that aren't shown by real Avast products:
- Firstly, Avast Enhanced Protection Mode will create a red icon on your Windows taskbar. When clicked, this icon creates the following pop-up:
"Attention! Avast operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."
This 'enhanced' mode that Avast Enhanced Protection Mode displays isn't real and doesn't offer you any extra protection.
- Avast Enhanced Protection Mode will also create a taskbar pop-up that tells you that Avast's anti-virus databases are fully up-to-date. You can differentiate between a real Avast update message and Avast Enhanced Protection Mode's fake one by checking the date – on a fake Avast Enhanced Protection Mode pop-up, the time of the update will match the time when you logged in to your PC.
Fighting the Good Fight Against Avast Enhanced Protection Mode's Brand-Stealing Tactics
Since Avast Enhanced Protection Mode is capable of infecting most modern versions of Windows, including XP, Vista, and Windows 7, you should have safeguards in place to prevent infection, such as an updated anti-virus program. Many rogue anti-spyware programs are installed by Trojans such as Fake Microsoft Security Essentials Alert and Zlob, which are installed, in turn, by pretending to be media updates.
Our SpywareRemove.com malware researchers have also found that Avast Enhanced Protection Mode is distributed specifically through fake Flash updates. All of these infection routes for Avast Enhanced Protection Mode can be avoided simply by installing updates only from official sources. Safe Mode may be necessary to launch the appropriate anti-malware software that can delete Avast Enhanced Protection Mode, since Avast Enhanced Protection Mode has been known to start itself automatically. Deleting Avast Enhanced Protection Mode manually has a high chance of leaving behind corrupted Registry entries and other components, and as such, should be avoided if possible. Close relatives of Avast Enhanced Protection Mode include Norton AntiVirus Enhanced Protection Mode, Avira Enhanced Protection Mode, and Eset Smart Security Enhanced Protection Mode, which try to use similar scams with different brands.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Users%\[UserName]\Downloads\OTS.exe
File name: %Users%\[UserName]\Downloads\OTS.exeFile type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe
File name: %Windows%\sysdriver32.exeFile type: Executable File
Mime Type: unknown/exe
%Windows%\systemup.exe
File name: %Windows%\systemup.exeFile type: Executable File
Mime Type: unknown/exe
%Windows%\l1rezerv.exe
File name: %Windows%\l1rezerv.exeFile type: Executable File
Mime Type: unknown/exe
Registry Modifications
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\Avast Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Avast Enhanced Protection Mode"
Additional Information
# | Message |
---|---|
1 | Attention! Avast operates under enhanced protection mode. This is a temporary measure necessary for immediate response to the threat from virus. No action is required from you. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.