Windows Antivirus Machine Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

The FakeVimes family of rogue security programs has been responsible for numerous infections. Windows Antivirus Machine is one of multiple fake security applications belonging to this family of malware. It is important to remember that Windows Antivirus Machine and its many clones are not real anti-malware programs, despite the fact that they use an interface that seems to indicate that they are. This is because Windows Antivirus Machine carries out a scam that involves convincing its victims to purchase a useless upgrade for this bogus security application. Rather than paying for Windows Antivirus Machine, the recommended course of action is to remove this program with a real anti-virus application.

Windows Antivirus Machine and Other 2012 FakeVimes Variants Are Particularly Nasty

Although fake security programs in the FakeVimes family have been around since 2009, the variants released in 2012 are particularly difficult to remove. This is because these variants, which include Windows Antivirus Machine, will often be bundled with a rootkit component from the Sirefef family of malware. This rootkit component makes Windows Antivirus Machine and other malware on the victim’s computer quite difficult to detect and remove with ordinary anti-malware software, and may require a more specialized anti-rootkit utility in order to be removed effectively. Other FakeVimes variants that tend to include the Sirefef rootkit include Windows Premium Console, Windows Active Defender and Windows Trojans Inspector.

Protecting Yourself from the Windows Antivirus Machine Scam

Fake security software scams are not new and have been used to prey on inexperienced computer users for many years. In fact, ESG security researchers note that the rogue security software scam is a simple variation of similar scams that dishonest repairmen and mechanics have been running for generations. Basically, Windows Antivirus Machine will claim that the victim’s computer is severely infected through alarming error messages and fake system scans. Windows Antivirus Machine also causes other problems, such as web browser redirects and issues accessing files on the infected machine. Windows Antivirus Machine will suggest that the victim purchase an expensive upgrade for this supposed anti-malware program. However, ESG security analysts have observed that Windows Antivirus Machine has no way of removing or detecting malware. You can stop many of Windows Antivirus Machine’s fake security notifications with the registration code 0W000-000B0-00T00-E0020. Although this will ‘register’ Windows Antivirus Machine, you will still need to annihilate this fraudulent security program from your machine with the help of a strong, fully-updated anti-malware solution.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Antivirus Machine?

‘How Windows Antivirus Machine Infects Your Computer’ Video

Windows Antivirus Machine Removal Details

Windows Antivirus Machine has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Antivirus Machine creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Important Article Disclaimer