Windows Antivirus Release Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Antivirus Release is a fake anti-spyware application that pretends to scan your computer and find viruses on your system that are absolutely false. Windows Antivirus Release attempts to persuade you into purchasing its ‘full version’ to remove these supposed malware infections. Windows Antivirus Release uses intentional false positives to scare affected PC users that their computers have been infected with numerous security threats. In some cases, the falsified threats are Trojan infections that advertise or even directly install Windows Antivirus Release. Windows Antivirus Release invades your computer system as a Trojan or a tricky download, and once installed it immediately starts displaying fake pop-up alerts to frighten you that your PC is at risk. The truth is that your computer has been compromised, but the main problem is Windows Antivirus Release itself. ESG’s malware analysts highly recommend you not to believe anything related to Windows Antivirus Release and purchase this malware application. It is highly recommended to remove Windows Antivirus Release scam program from the infected PC as quickly as possible after detection.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Antivirus Release?

Windows Antivirus Release Technical Report

As new Windows Antivirus Release details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Antivirus Release:

The following fake error message(s) appears for Windows Antivirus Release:

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Recommended:
Please click “remove All” button to erase all infected files and protect your PC

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:program filesinternet exploreriexpolre.exe
C:program filesinternet exploreriexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC

Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.

Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notifications means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.

‘How Windows Antivirus Release Infects Your Computer’ Video

Windows Antivirus Release Removal Details

Windows Antivirus Release has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Antivirus Release creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

Important Article Disclaimer