Home Malware Programs Rogue Anti-Spyware Programs Windows Virtual Firewall

Windows Virtual Firewall

Posted: July 16, 2012

Threat Metric

Ranking: 10,888
Threat Level: 2/10
Infected PCs: 18,521
First Seen: July 16, 2012
Last Seen: October 9, 2023
OS(es) Affected: Windows

Windows Virtual Firewall Screenshot 1Windows Virtual Firewall is a new variant of FakeVimes, a Trojan family that uses fake security scans and pop-ups warnings to present misleading information about your PC's status. Windows Virtual Firewall, like all of its ilk, pretends to be an anti-malware product with a generous assortment of other security features, such as a memory-monitoring utility, a firewall manager and, of course, an anti-virus scanner. Although Windows Virtual Firewall is a new arrival to the FakeVimes family of rogue anti-malware applications, its appearance and functions are identical to that of other recent members.

Why There Isn't Anything 'Virtual' About Windows Virtual Firewall's Real Features

Although Windows Virtual Firewall is a new arrival to the FakeVimes family of rogue anti-malware applications, its appearance and functions are identical to that of other recent members. PCs that are infected with Windows Virtual Firewall will be immediately detectable under most circumstances, since Windows Virtual Firewall will launch with Windows and proceed to display a range of inaccurate pop-up warnings. These are accompanied by system scans that include nonexistent (albeit accurately-defined) PC threats, including rootkits and advanced forms of spyware. Closely-related PC threats from Windows Virtual Firewall's family include examples such as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. All of them can be diagnosed by a shared interface and such fake features as the 'Advanced Process Control.' Although Windows Virtual Firewall is a recently-identified variant of FakeVimes that may require updates to your anti-malware software to detect Windows Virtual Firewall, in most respects, Windows Virtual Firewall is identical to other scamware from its family and can endanger your PC with browser redirects, unwarranted settings changes and malfunctioning security programs.

Fake security features may be Windows Virtual Firewall's quintessential characteristics, but SpywareRemove.com malware researchers have also acquired familiarity with other FakeVimes-based attacks that are more dangerous to your PC than pop-ups and fraudulent scans. Prominent risks that are possible with any FakeVimes infection, including Windows Virtual Firewall are noted below:

  • Browser redirects to harmful sites, including fake search engines, sites that conduct drive-by-download attacks and sites that promote fake security programs similar to Windows Virtual Firewall.
  • Deleted Registry entries that prevent unrelated programs, such as anti-virus scanners, from launching properly.
  • Programs that are blocked from memory – particularly Windows utilities such as the Task Manager and Registry Editor. SpywareRemove.com malware analysts note that unlike programs with deleted Registry components, programs that are blocked from memory should be accessible once you disable Windows Virtual Firewall.
  • Settings changes that disable default Windows security features, including the UAC and browser protection from malicious file downloads.

Toning Down the Heat of Windows Virtual Firewall's Assaults

Because Windows Virtual Firewall can be involved in blocking anti-malware scanners and other security programs, SpywareRemove.com malware researchers encourage you to deactivate Windows Virtual Firewall before you try to delete Windows Virtual Firewall with said software. Popular strategies for doing this include booting from a USB drive device or booting Windows into Safe Mode, although other techniques are also available if necessary. In the meantime, you should strive to avoid interaction with websites that are promoted in Windows Virtual Firewall's redirects and, in particular, be careful to avoid throwing away money on purchasing Windows Virtual Firewall.

After Windows Virtual Firewall is prevented from launching, Windows Virtual Firewall can be removed by any reasonably-accurate anti-malware product, although an updated database may be necessary to guarantee Windows Virtual Firewall's accurate identification. Related PC threats, such as Trojan downloaders, may also be on your hard drive, and a full system is also recommended by SpywareRemove.com malware experts.

Windows Virtual Firewall Screenshot 2Windows Virtual Firewall Screenshot 3Windows Virtual Firewall Screenshot 4Windows Virtual Firewall Screenshot 5Windows Virtual Firewall Screenshot 6Windows Virtual Firewall Screenshot 7Windows Virtual Firewall Screenshot 8Windows Virtual Firewall Screenshot 9Windows Virtual Firewall Screenshot 10Windows Virtual Firewall Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\Protector-[RANDOM CHARACTERS].exe File name: %AppData%\Protector-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Additional Information

The following URL's were detected:
virtuallylend.com
Loading...