Home Malware Programs Rogue Anti-Spyware Programs McAfee Enhanced Protection Mode

McAfee Enhanced Protection Mode

Posted: July 28, 2011

ScreenshotMcAfee Enhanced Protection Mode is a rogue anti-virus program that tries to hide itself as a part of McAfee anti-virus products. However, McAfee Enhanced Protection Mode isn't a legitimate McAfee program and will try to destroy your computer's security while displaying some information that makes it seem as though all is well. Like many rogue security programs and Trojans that are related to them, our SpywareRemove.com malware researchers have discovered that McAfee Enhanced Protection Mode infects computers by pretending to be a fake media update. Since McAfee Enhanced Protection Mode is an extreme security risk, you should delete McAfee Enhanced Protection Mode from your PC with an anti-virus program of good repute the very moment you spy McAfee Enhanced Protection Mode on your computer.

Tiptoeing Around McAfee Enhanced Protection Mode and Its Copycat Rogue Anti-Virus Programs

Even though McAfee Enhanced Protection Mode desperately wants you to think that McAfee Enhanced Protection Mode is just a normal part of McAfee-brand software, McAfee Enhanced Protection Mode is neither a real anti-virus program nor a program that has any real anti-virus features. Other rogue anti-virus programs that share their symptoms with McAfee Enhanced Protection Mode include Microsoft Security Essentials Enhanced Protection Mode, Microsoft Defender Enhanced Protection Mode, Dr.Web Enhanced Protection Mode, Comodo Enhanced Protection Mode, Avira Enhanced Protection Mode and ESET Smart Security Enhanced Protection Mode.

Our SpywareRemove.com research team has found that McAfee Enhanced Protection Mode and related rogue security programs tend to infect new PCs by using Flash update links; similar fake media updates are also used by Trojans, such as Zlob and Fake Microsoft Security Essentials Alert, to install other families of rogue security programs. To avoid ever needing to worry about how to remove McAfee Enhanced Protection Mode from your PC, obtain your Flash and other media-related updates from official and trustworthy websites.

Dispelling McAfee Enhanced Protection Mode's Shoddily-Crafted Illusion of Security

McAfee Enhanced Protection Mode can't detect viruses or other infections and doesn't even try to do so. However, what McAfee Enhanced Protection Mode does do an excellent job of is disabling your security programs to soften your PC up for other attacks. One major risk that our SpywareRemove.com malware analysts have found coinciding with McAfee Enhanced Protection Mode infections is the possibility of other rogue security programs being installed, although other attacks, such as the installation of spyware or recruitment of your PC into a botnet, are also possible.

To find McAfee Enhanced Protection Mode before it's too late, look out for two primary signs of infection that pertain to all rogue anti-virus programs in its subgroup:

  • Inaccurate update times for your threat definition databases. McAfee Enhanced Protection Mode will link the displayed update times to your login times so that it looks like you never need to update your virus protection.
  • McAfee Enhanced Protection Mode will also add an icon to your taskbar that displays an 'enhnaced protection mode' message and a virus warning. This pop-up exists just to give a false explanation about why your real McAfee software isn't working with the following message:

    "Attention! [Rogue security program name] operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

Only deleting McAfee Enhanced Protection Mode will allow you to use your McAfee anti-virus software normally once again. If McAfee Enhanced Protection Mode blocks any attempts to remove McAfee Enhanced Protection Mode with another form of security software, consider using Safe Mode to disable McAfee Enhanced Protection Mode.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Users%\[UserName]\Downloads\OTS.exe File name: %Users%\[UserName]\Downloads\OTS.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\l1rezerv.exe File name: %Windows%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe File name: %Windows%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\systemup.exe File name: %Windows%\systemup.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\McAfee Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "McAfee Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1McAfee ENHANCED PROTECTION MODE Attention! McAfee operates under enhanced protection mode. This is temporary measure necessary for immediate response to the threat from virus. No action is required from you.

3 Comments

  • Michael Hunter says:

    So you are saying this is NOT McAfee at all? You mean it is another program different from McAfee and does not do anything that McAfee does? Thank you much for letting me know. Now i will uninstall this mess.

  • Tyrell Mcconico says:

    I am new to this computer thing and I clicked on the Win 7 by accident and not sure how to go about getting rid of it.I have read the insturctions but not sure how to do or where to go to start the process of getting rid of this thing.

  • Brenda Bergquist says:

    I suddenly have Enhanced Media on my computer and I would like it removed. I use Norton and am happy with it at this time. Please remove this and all that goes with it. Thank you.

Loading...