Home Malware Programs Rogue Anti-Spyware Programs Norton AntiVirus Enhanced Protection Mode

Norton AntiVirus Enhanced Protection Mode

Posted: July 26, 2011

Norton AntiVirus Enhanced Protection Mode ScreenshotNorton AntiVirus Enhanced Protection Mode is a fake Norton security program that capitalizes on a known anti-virus brand to oil up the gears for its own misdeeds. While Norton AntiVirus Enhanced Protection Mode pretends to be a Norton product, Norton AntiVirus Enhanced Protection Mode has no real security-related functions except for functions that attack your PC security and disable security applications. Our SpywareRemove.com malware team has found that Norton AntiVirus Enhanced Protection Mode is closely-related to two other rogue programs that use similar scams, all of which are propagated by fake media player updates. Be alert for Norton AntiVirus Enhanced Protection Mode warning signs and delete Norton AntiVirus Enhanced Protection Mode immediately with any anti-virus program that you consider worthy of your trust.

Why You Don't Want Norton AntiVirus Enhanced Protection Mode to Replace Your Real AV Software

Even though Norton AntiVirus Enhanced Protection Mode uses the Norton name and tries its hardest to make you think Norton AntiVirus Enhanced Protection Mode is part of your Norton security software, Norton AntiVirus Enhanced Protection Mode has neither threat-detection nor threat-removal features. Our SpywareRemove.com research team has even discovered that Norton AntiVirus Enhanced Protection Mode actively tries to disable anti-virus and security applications, including legitimate Norton products.

There are several ways to catch Norton AntiVirus Enhanced Protection Mode in the act, however, since its disguise isn't perfect. The first way to catch Norton AntiVirus Enhanced Protection Mode is to look for the date and time on your anti-virus databases update. A Norton AntiVirus Enhanced Protection Mode pop-up will always proclaim that your databases for Norton are updated according to your login time; for example, if you logged in to your PC at noon, your database update time will also appear to be at noon.

This is Norton AntiVirus Enhanced Protection Mode's simple way of tricking you into thinking that your PC is protected. In reality, your computer is more vulnerable to attack than it was before Norton AntiVirus Enhanced Protection Mode was installed!

A second symptom of Norton AntiVirus Enhanced Protection Mode infection is to look for an unusual taskbar icon. Once you click this Norton AntiVirus Enhanced Protection Mode icon, a pop-up with the following message will display:

"Attention! Norton AntiVirus operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

This so-called enhanced mode doesn't exist and is another one of Norton AntiVirus Enhanced Protection Mode's tricks to give you in a false sense of security.

Lastly, of course, since our malware experts have found that Norton AntiVirus Enhanced Protection Mode makes direct attacks on security software, you can also detect Norton AntiVirus Enhanced Protection Mode by checking to see if your real security programs are functional.

Avoiding Getting Sucked into Norton AntiVirus Enhanced Protection Mode's Fake Protection

To protect your PC from any possible Norton AntiVirus Enhanced Protection Mode infection, avoid downloading media updates from suspicious sources. In addition to fake codec updates being a primary source of rogue program-installing Trojans like Zlob and fake Microsoft Security Essentials Alert, Norton AntiVirus Enhanced Protection Mode itself has been seen to disguise itself as a Flash-related update.

Similar infections that are closely-related to Norton AntiVirus Enhanced Protection Mode can also be found using different brands. Examples that our SpywareRemove.com researchers have found include Eset Smart Security Enhanced Protection Mode, and Avira Enhanced Protection Mode, Avast Enhanced Protection Mode.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Windows%\l1rezerv.exe File name: %Windows%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\systemup.exe File name: %Windows%\systemup.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe File name: %Windows%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe
%Users%\[UserName]\Downloads\OTS.exe File name: %Users%\[UserName]\Downloads\OTS.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\Norton AntiVirus Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Norton AntiVirus Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1Attention! Norton AntiVirus operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you.

Loading...