Windows Attacks Preventor

Posted: March 2, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	6

First Seen:	March 2, 2012
OS(es) Affected:	Windows

Windows Attacks Preventor may have mastered the outer looks of an anti-malware scanner, but with regards to its actual features, Windows Attacks Preventor is no better than a Trojan or virus, and alerts and scan results from Windows Attacks Preventor are always inaccurate. Since Windows Attacks Preventor doesn't have any real security features, Windows Attacks Preventor creates fake threat information to persuade you to spend money in a fraudulent registration process – a process that SpywareRemove.com malware researchers discourage in favor of deleting Windows Attacks Preventor with a system scan from legitimate anti-malware software. As a rogue anti-virus scanner with plenty of tricks up its sleeve, Windows Attacks Preventor may also be a source of web-browsing redirect attacks or malfunctions in your security software until Windows Attacks Preventor is completely removed.

Windows Attacks Preventor: A Fraud That's Newly Stamped Out from an Oft-Used Mold

Windows Attacks Preventor markets itself as an independent and reputable product that can guard your PC against phishing attacks and other PC threats, but SpywareRemove.com malware analysts have lined Windows Attacks Preventor up as just another clone from the WinWeb Security family of fake anti-virus scanners. As if its misspelled name weren't enough, Windows Attacks Preventor is visually identical to well-known PC threats like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. Infection vectors such as Trojan droppers that are capable of installing Windows Attacks Preventor may also install related PC threats from the same family, and you should scan your entire computer while removing Windows Attacks Preventor to make sure that fresh attacks from the same sources will not reoccur.

Many of Windows Attacks Preventor's fake alerts and other pop-ups are also borrowed from previous members of its family, and, as such, are completely ignorable as sources of information on PC threats or other issues that may be troubling your computer. Since Windows Attacks Preventor is unable to detect legitimate problems with your PC, viruses and other threats that Windows Attacks Preventor digs up are all illusionary issues that Windows Attacks Preventor creates to deceive you with messages like the following:

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Win64.BIT.Looker.exe
Risk: High

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Attempt to run a potentially dangerous script detected.
Full system is highly recommended.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Overcoming Windows Attacks Preventor's Passive-Aggressive 'Security'

Because Windows Attacks Preventor will launch itself automatically and avoid being closed or removed by normal methods, you'll also be under attack by other Windows Attacks Preventor-related functions besides its pop-ups and system scans – without any obvious way to turn them off. SpywareRemove.com malware research team recommends that you combat the symptoms noted below by booting from a USB device or switching to Safe Mode (to suggest two common methods of disabling Windows Attacks Preventor) before you remove Windows Attacks Preventor with an appropriate anti-malware program.

Other symptoms that can be a result of a Windows Attacks Preventor infection include:

Browser redirect attacks. Redirects may display fake warning screens, block your ability to access certain websites, change your search results or redirect you to Windows Attacks Preventor's own site.
Problems accessing Windows utilities such as the Registry Editor or Task Manager that are replaced by fake Windows Attacks Preventor features.
Problems accessing other programs, which Windows Attacks Preventor may block under the pretense that they're infected.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Windows Attacks Preventor may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\Protector-grd.exe

File name: Protector-grd.exe
Size: 1.89 MB (1894912 bytes)
MD5: d8bd1894b3f5ad2daf8499a6136f2c98
Detection count: 18
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 2, 2012

%CommonStartMenu%\Programs\Windows Attacks Preventor.lnk

File name: %CommonStartMenu%\Programs\Windows Attacks Preventor.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%Desktop%\Windows Attacks Preventor.lnk

File name: %Desktop%\Windows Attacks Preventor.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%AppData%\result.db

File name: %AppData%\result.db
Mime Type: unknown/db
Group: Malware file

%AppData%\NPSWF32.dll

File name: %AppData%\NPSWF32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%AppData%\Protector-<RANDOM 3 CHARACTERS>.exe

File name: %AppData%\Protector-<RANDOM 3 CHARACTERS>.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe

Additional Information

The following messages's were detected:

#	Message
1	Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
2	Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
3	Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmpshell.dll

One Comment

Carl says:

May 31, 2012 at 5:47 pm

1) dunno2) get antivirus sorfwate. Good one. Like avira, kaspersky, ect.3) get good AV sorfwate4) All you needed was cheap antivirus sorfwate that will protect you from other crap aswellAVS doesnt always do the trick but 95% of the time it will.