Windows Antihazard Center Removal Report

Windows AntiHazard Center

By ZulaZuza in Rogue Anti-Spyware Program | 61 views

Rate it:

(No Ratings Yet)

Loading ...

[+] Click Image to Enlarge

Windows AntiHazard Center belongs to a large batch of rogue security programs belonging to the FakeVimes family of malware that were released in early 2012. According to ESG security analysts, FakeVimes clones have been around for a couple of years, but this recent batch of rogue security programs is particularly dangerous because they tend to be bundled along with a devastating rootkit component. Windows AntiHazard Center has dozens of clones, including such fake security programs as Windows Trojans Sleuth and Windows Trojans Inspector. File names associated with Windows AntiHazard Center’s clones tend to be made up of the prefix “protector-” followed with three random characters. If you find that Windows AntiHazard Center installed on your computer, this means that your computer has become infected with dangerous malware. However, the malware that Windows AntiHazard Center will claim is on your computer is not the infection, but rather Windows AntiHazard Center itself. Because of this, ESG malware analysts recommend removing Windows AntiHazard Center and its associated malware with a real, reliable and fully-updated anti-malware program.

How Windows AntiHazard Center and Its Clones Try to Steal Your Money

The Windows AntiHazard Center scam is not particularly sophisticated and is a rehash of hundreds of fake anti-virus programs that have been online for several years. Basically, Windows AntiHazard Center is designed to display multiple alarming error messages and fake system alerts. These are all designed to make its victims believe that their computers are severely infected with numerous malware and virus attackers as well as presenting severe hard drive problems. Then, Windows AntiHazard Center will prompt the victim to purchase a “full version” of Windows AntiHazard Center in order to fix these nonexistent problems.

Of course, paying for Windows AntiHazard Center does absolutely nothing to remove problems from your computer system. Because of this, ESG malware analysts strongly advise against handing over your money to the criminals behind Windows AntiHazard Center. If you have already done so, it may still be possible to contact your credit card company and to report the Windows AntiHazard Center charges as fraudulent. In the future, it is also advisable to remember that security software that appears on your computer without your authorization is most likely part of an online scam. Anti-virus programs should only be downloaded from legitimate, well-known software manufacturers and not from free online malware scans or error messages alerting you of virus problems on your computer.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Antihazard Center?

Download SpyHunter’s Detection Scanner
to Detect Windows Antihazard Center.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Antihazard Center Infects Your Computer’ Video

Windows Antihazard Center Removal Details

Windows Antihazard Center has typically the following processes in memory:

%AppData%NPSWF32.dll
%AppData%Protector-.exe

Windows Antihazard Center creates the following files in the system:

%Desktop%Windows AntiHazard Center.lnk
%CommonStartMenu%ProgramsWindows AntiHazard Center.lnk
%AppData%
esult.db

Windows Antihazard Center creates the following registry entries:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “UID” = “okanrqfdwk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsesafe.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionspcip10117_0.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorUser” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “net” = “2012-3-22_1″
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmssmmc32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsutpost.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegedit” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorAdmin” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Inspector”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatro55en.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall[4].exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsscrscan.exe

Important Article Disclaimer

This entry was last updated on 03/22/12 and posted on 03/22/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.