Home Malware Programs Rogue Anti-Spyware Programs Dr.Web Enhanced Protection Mode

Dr.Web Enhanced Protection Mode

Posted: July 28, 2011

ScreenshotDr.Web Enhanced Protection Mode is a rogue anti-virus application that pretends to be another component of a genuine Dr.Web AV product. Unfortunately, Dr.Web Enhanced Protection Mode isn't a legitimate program and attacks your computer's anti-virus functions instead of bolstering them. Our SpywareRemove.com malware research team has noticed that many Dr.Web Enhanced Protection Mode infections are acquired by accidentally downloading Dr.Web Enhanced Protection Mode from a fake media update link, and having additional wariness around media updates from unusual sources is advised. You can find a Dr.Web Enhanced Protection Mode infection by watching for the symptoms listed in the rest of this article. To remove Dr.Web Enhanced Protection Mode, all that's necessary is the application of a competent security program.

What's Really 'Enhanced' About Dr.Web Enhanced Protection Mode

Dr.Web Enhanced Protection Mode doesn't enhance your anti-virus features or anything else that's related to your computer's security, although Dr.Web Enhanced Protection Mode tries to convince you otherwise. Once Dr.Web Enhanced Protection Mode gets onto your PC, Dr.Web Enhanced Protection Mode will create a new icon for your taskbar that doesn't do anything, except display a simple pop-up once you've clicked it. The pop-up reads as follows:

"Attention! [Rogue security program name] operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

Our SpywareRemove.com research team hasn't found any sign of real virus-detection features in Dr.Web Enhanced Protection Mode, which appears to use this pop-up for the singular purpose of justifying other symptoms of a Dr.Web Enhanced Protection Mode infection. Dr.Web Enhanced Protection Mode will also alter the 'last updated' time that's displayed for your threat definition databases; although Dr.Web Enhanced Protection Mode doesn't update anything, your database will always appear to be updated according to your last login time.

These symptoms are used to cover up Dr.Web Enhanced Protection Mode's tracks while Dr.Web Enhanced Protection Mode disables various anti-virus and security programs that are on your computer. These attacks can, as our SpywareRemove.com malware experts have found, place your PC at risk for a number of other attacks, but Dr.Web Enhanced Protection Mode infections have been especially observed to help install other rogue anti-virus programs.

Knowing How to Keep Dr.Web Enhanced Protection Mode Away from Your Real Dr.Web Programs

The simplest way to keep Dr.Web Enhanced Protection Mode off of your PC is to avoid media update links from unofficial or suspicious sources. These links are known to propagate rogue security programs like Dr.Web Enhanced Protection Mode as well as Zlob and Fake Microsoft Security Essentials Alert Trojans that install such programs. Our SpywareRemove.com researchers have found that Dr.Web Enhanced Protection Mode and related rogue anti-virus applications are known to prefer fake Flash update-based disguises.

You should also be on the lookout for other rogue security programs that are in the same subgroup as Dr.Web Enhanced Protection Mode, which use identical symptoms and only vary the name of the brand. Examples of these Dr.Web Enhanced Protection Mode relatives include Avira Enhanced Protection Mode, Comodo Enhanced Protection Mode, McAfee Enhanced Protection Mode and Microsoft Defender Enhanced Protection Mode.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Windows%\systemup.exe File name: %Windows%\systemup.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\l1rezerv.exe File name: %Windows%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe File name: %Windows%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe
%Users%\[UserName]\Downloads\OTS.exe File name: %Users%\[UserName]\Downloads\OTS.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Dr.Web Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1Dr. Web ENHANCED PROTECTION MODE Attention! Dr. Web operates under enhanced protection mode. This is a temporary measure necessary for immediate response to the threat from a virus! No action is required from you.

Loading...