Windows Daily Advisor Description
While Windows Daily Advisor has the external appearance of a generic anti-virus program, ESG malware analysts have identified no actual anti-virus components in this application. In fact, Windows Daily Advisor is a malware infection, a kind of malware classified as a rogue anti-virus application. Rogue anti-virus applications are used to scam computer users by convincing them that their PCs are infected with malware. Taking advantage of the induced panic, they will try to induce the victim into purchasing a useless ‘full version’ of the fake anti-virus product.
Windows Daily Advisor belongs to a large family of fake anti-virus programs known as FakeVimes. Malware in the FakeVimes family has been around since at least 2009 and malware researchers are familiar with the tactics and characteristics of most fake anti-virus programs in the FakeVimes family. While these bogus security programs were released regularly since 2009, malware released in 2012 has included a dangerous rootkit component that has given new life to this well-known family of malware. By using a version of the Sirefef or ZeroAccess rootkit, criminals can disable legitimate security programs and make the task of removing Windows Daily Advisor much more difficult than normal. Because of this, removal of Windows Daily Advisor will usually require an anti-rootkit utility apart from the usual anti-malware application.
Protecting Yourself from Windows Daily Advisor and Its Clones
There are dozens of clones Windows Daily Advisor, even if we only count those released in 2012 (which include the rootkit component.) Examples of clones of Windows Daily Advisor include programs like Windows Pro Web Helper, Windows Trojans Inspector and Windows Daily Adviser. All of these bogus anti-virus programs are virtually identical, with only very slight changes to each program’s interface and file names. In every case, Windows Daily Advisor clones will demand that, to prove that you have paid for this fake anti-virus program, you enter a registration code. ESG malware analysts strongly advise against paying for Windows Daily Advisor or any of its clones. Instead, you can enter the registration code 0W000-000B0-00T00-E0020 as a way of stopping Windows Daily Advisor from displaying annoying bogus error messages, misleading fake system scans and causing browser redirects. This will not remove Windows Daily Advisor. To do that, it will still be essential to utilize a strong anti-malware program.
Type: Rogue Anti-Virus Program
How Can You Detect Windows Daily Advisor?
Download SpyHunter’s Detection Scanner
to Detect Windows Daily Advisor.
Windows Daily Advisor Removal Details
Windows Daily Advisor has typically the following processes in memory:
- %AppData%\Protector-[random 4 characters].exe
- %AppData%\Protector-[random 3 characters].exe
Windows Daily Advisor creates the following files in the system:
- %Desktop%\Windows Daily Adviser.lnk
- %CommonStartMenu%\Programs\Windows Daily Adviser.lnk
Windows Daily Advisor creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [Date of Installation]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE