Windows Advanced Security Center
Posted: May 22, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 72 |
| First Seen: | May 22, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Windows Advanced Security Center, rather than being the Microsoft product that Windows Advanced Security Center portrays itself as being, is a rogue anti-malware scanner that's based on a widely-reused template from FakeVimes. While Windows Advanced Security Center has the looks of a security program and can support that appearance with pop-up alerts and system scans, SpywareRemove.com malware analysts have verified Windows Advanced Security Center's shortcomings with respect to detecting, deleting or protecting your PC from any sort of malicious software or otherwise hostile activity. Unfortunately, fake security functions aren't the only problems you may need to worry about during a Windows Advanced Security Center infection, since Windows Advanced Security Center may also redirect you to hostile websites, hijack your online searches or try to block your security programs in-between its fake pop-ups and system scans. As a security risk and overall worthless scamware, Windows Advanced Security Center should be deleted immediately after you gain access to anti-malware programs that can do so safely.
Windows Advanced Security Center – At Best, Mildly Advanced Form of Online Fraud
Just one more resident of the widespread and many-named Win32/FakeVimes classification of fake anti-malware products, Windows Advanced Security Center doesn't have any ability to protect your PC from Trojans, keyloggers or any of the other PC threats that Windows Advanced Security Center mentions in its pop-ups. What Windows Advanced Security Center does have is the ability to create fraudulent security information as a way to encourage you to purchase its software – a move that SpywareRemove.com malware research team regards as ill-advised, since a registered version of Windows Advanced Security Center isn't any better than its 'free' version. This behavior is also standard for Windows Advanced Security Center's identical clones, including both recent FakeVimes-based scamware like Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
While spending money on Windows Advanced Security Center isn't a good idea, SpywareRemove.com malware experts note that using the registration key '0W000-000B0-00T00-E0020' can help to make it easy to remove Windows Advanced Security Center and identical types of rogue AV software from Win32/FakeVimes. However, under no circumstances should you entrust Windows Advanced Security Center's criminal company with money or personal information, since doing so is extremely likely to lead to future attacks against your financial accounts.
Being on Guard for the Rest of Windows Advanced Security Center's Bag of Tricks
While Windows Advanced Security Center's main purpose is to act as a faux anti-malware scanner, Windows Advanced Security Center may also be equipped with other attacks that are used to generate other types of illegal revenue, as well as harm your computer's security features. SpywareRemove.com malware researchers consider some of the most notable possibilities for Windows Advanced Security Center attacks to be as noted below:
- Browser redirects to hostile websites like securitysoftwarepayments.com, securesoftwarebill.com or getantivirusplusnow.com. Many of these sites have been known to use drive-by-download scripts to install PC threats onto your computer or otherwise harbor malicious content.
- Unusable security-related programs, from anti-virus products to basic Microsoft tools like the Task Manager. Although Windows Advanced Security Center may announce that these programs are damaged or are being blocked for your protection, these warnings are, naturally, fraudulent.
- Dysfunctional Windows security features such as the UAC and protection against improperly-identified files. SpywareRemove.com malware researchers have found that these attacks, particularly in conjunction with browser redirects, can cause your web-browsing experiences to place your PC in danger of other attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Protector-{RANDOM 3 CHARACTERS}.exe
File name: %AppData%\Protector-{RANDOM 3 CHARACTERS}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Protector-{RANDOM 4 CHARACTERS}.exe
File name: %AppData%\Protector-{RANDOM 4 CHARACTERS}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Windows Advanced Security Center.lnk
File name: %StartMenu%\Windows Advanced Security Center.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.