Loading ...|
|
Tweet |  More |
Windows Antivirus Rampart Description
Windows Antivirus Rampart is one of the many fake security applications in the FakeVimes family of rogue security programs. Such malware infections mimic legitimate security programs while not having any legitimate anti-malware capabilities. Rather, Windows Antivirus Rampart and its clones are designed to carry out a scam consisting in convincing computer users that they need to purchase useless, bogus security programs. With this in mind, ESG malware analysts highly advise removing Windows Antivirus Rampart immediately with a real anti-malware application.
Windows Antivirus Rampart’s Large Family of Rogue Security Programs
Windows Antivirus Rampart’s family of malware has been active since 2009, which means that most legitimate security programs can deal easily with FakeVimes fake security programs. Unfortunately, ESG malware researchers have detected that malware in the FakeVimes family released in 2012 will often be accompanied with a ZeroAccess rootkit infection. This associated malware infection makes this newest generation of malware in the FakeVimes family considerably more difficult to remove. Other examples of fake security software in the FakeVimes family of malware also released in 2012 include Windows Recovery Series, Windows Pro Rescuer and Windows Safety Checkpoint.
To steal your money, Windows Antivirus Rampart will try to persuade you that your PC is dangerously infected with malware. To do this Windows Antivirus Rampart uses numerous bogus error messages, both in the form of pop-up notifications and system alerts from the Task Bar. All of these messages will claim that your computer system is under attack or vulnerable in various ways. However, trying to use Windows Antivirus Rampart to remove these supposed malware problems results in more error messages claiming that you need to purchase a ‘complete version’ of Windows Antivirus Rampart to be able to deal with these nonexistent malware problems. Since Windows Antivirus Rampart has no real anti-malware capabilities, ESG security analysts strongly advise against purchasing this bogus security program.
Dealing with a Windows Antivirus Rampart Infection
Instead of paying for Windows Antivirus Rampart’s ‘full version’, it is important to remove this fake security program with the help of an anti-malware application with anti-rootkit technology. However, it is not necessary to purchase Windows Antivirus Rampart in order to obtain a serial number. The registration code 0W000-000B0-00T00-E0020 can be used to ‘unlock’ Windows Antivirus Rampart. While this will not remove Windows Antivirus Rampart (it still needs to be removed with a reliable anti-malware tool), entering that registration number can help stop most of Windows Antivirus Rampart’s irritating error messages.
Type: Rogue Anti-Virus Program
How Can You Detect Windows Antivirus Rampart?
Download SpyHunter’s Detection Scanner
to Detect Windows Antivirus Rampart.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
‘How Windows Antivirus Rampart Infects Your Computer’ Video
Windows Antivirus Rampart Removal Details
Windows Antivirus Rampart has typically the following processes in memory:
- %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
- %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
- %AppData%\NPSWF32.dll
Windows Antivirus Rampart creates the following files in the system:
- %CommonStartMenu%\Programs\Windows Antivirus Rampart.lnk
- %AppData%\result.db
- %AppData%\1st$0l3th1s.cnf
- %Desktop%\Windows Antivirus Rampart.lnk
Windows Antivirus Rampart creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-5-29_7″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_CURRENT_USER\Software\ASProtect
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “yurrockari”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe
Important Article Disclaimer
Windows Antivirus Rampart
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.