Windows Control Series Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Control Series is a bogus security program in the extensive malware family known as FakeVimes. These kinds of fake security programs are designed to convince computer users that they need to purchase expensive and useless fake security applications. To do this, Windows Control Series and its clones will use a variety of tactics which will usually involve malicious scripts and a coordinated multi-component malware attack on the victim’s computer. If Windows Control Series is installed on your PC or if you are receiving error messages claiming that your PC is corrupted by malware, it is advisable to use a good anti-malware tool to scan your hard drives. The presence of Windows Control Series on your computer system will usually be a sign of a dangerous malware infection.

How the Windows Control Series Scam Works

In order to steal your money, Windows Control Series will display numerous irritating error messages, many of these appearing to come from your operating system itself. Windows Control Series can also block access to certain applications (usually those associated with computer security) and cause browser redirects. All of these symptoms can persuade a PC user that his/her system has become severely infected with malware. However, trying to use Windows Control Series to fix these supposed problems on your computer system will invariably bring up a dialog claiming that you will need to purchase an expensive upgrade to Windows Control Series’ full version. Needless to say, since Windows Control Series is not really an anti-malware program, ESG malware researchers strongly discourage purchasing this supposed ‘full version.’

Windows Control Series Belongs to a Particularly Large Family of Malware

Windows Control Series’ family of malware, known as FakeVimes, has been around for a long time, at least since 2009. ESG malware analysts have been receiving reports of FakeVimes-related malware attacks since early 2012. However, this recent batch of malware in the FakeVimes family will usually include a ZeroAccess rootkit component that can make removal of Windows Control Series and its clones a serious headache. Other malware in the FakeVimes family also released in 2012 include Windows Advanced Toolkit, Windows Maintenance Guard and Windows Proactive Safety. To remove Windows Control Series or its clones, it is recommended to use an anti-malware program with anti-rootkit technology. The registration code 0W000-000B0-00T00-E0020 can also be helpful in temporarily stopping many of Windows Control Series’ irritating error messages, although it will not remove Windows Control Series itself.

Type: Spyware

How Can You Detect Windows Control Series?

Windows Control Series Technical Report

As new Windows Control Series details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Control Series:

The following fake error message(s) appears for Windows Control Series:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.

Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

‘How Windows Control Series Infects Your Computer’ Video

Windows Control Series Removal Details

Windows Control Series has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Control Series creates the following registry entries:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\”Debugger” = “svchost.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\”Debugger” = “svchost.exe”

Important Article Disclaimer