Windows Daily Advisor

By Domesticus in Rogue Anti-Virus Program

Translate To:

While Windows Daily Advisor has the external appearance of a generic anti-virus program, ESG malware analysts have identified no actual anti-virus components in this application. In fact, Windows Daily Advisor is a malware infection, a kind of malware classified as a rogue anti-virus application. Rogue anti-virus applications are used to scam computer users by convincing them that their PCs are infected with malware. Taking advantage of the induced panic, they will try to induce the victim into purchasing a useless 'full version' of the fake anti-virus product.

Windows Daily Advisor belongs to a large family of fake anti-virus programs known as FakeVimes. Malware in the FakeVimes family has been around since at least 2009 and malware researchers are familiar with the tactics and characteristics of most fake anti-virus programs in the FakeVimes family. While these bogus security programs were released regularly since 2009, malware released in 2012 has included a dangerous rootkit component that has given new life to this well-known family of malware. By using a version of the Sirefef or ZeroAccess rootkit, criminals can disable legitimate security programs and make the task of removing Windows Daily Advisor much more difficult than normal. Because of this, removal of Windows Daily Advisor will usually require an anti-rootkit utility apart from the usual anti-malware application.

Table of Contents

Protecting Yourself from Windows Daily Advisor and Its Clones

There are dozens of clones Windows Daily Advisor, even if we only count those released in 2012 (which include the rootkit component.) Examples of clones of Windows Daily Advisor include programs like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

All of these bogus anti-virus programs are virtually identical, with only very slight changes to each program's interface and file names. In every case, Windows Daily Advisor clones will demand that, to prove that you have paid for this fake anti-virus program, you enter a registration code. ESG malware analysts strongly advise against paying for Windows Daily Advisor or any of its clones. Instead, you can enter the registration code 0W000-000B0-00T00-E0020 as a way of stopping Windows Daily Advisor from displaying annoying bogus error messages, misleading fake system scans and causing browser redirects. This will not remove Windows Daily Advisor. To do that, it will still be essential to utilize a strong anti-malware program.

File System Details

Windows Daily Advisor may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%AppData%\NPSWF32.dll
Name: %AppData%\NPSWF32.dll Type: Dynamic link library Group: Malware file
2.	%AppData%\Protector-[random 4 characters].exe
Name: %AppData%\Protector-[random 4 characters].exe Type: Executable File Group: Malware file
3.	%AppData%\Protector-[random 3 characters].exe
Name: %AppData%\Protector-[random 3 characters].exe Type: Executable File Group: Malware file
4.	%Desktop%\Windows Daily Adviser.lnk
Name: %Desktop%\Windows Daily Adviser.lnk Type: Shortcut Group: Malware file
5.	%AppData%\W34r34mt5h21ef.dat
Name: %AppData%\W34r34mt5h21ef.dat Type: Data file Group: Malware file
6.	%AppData%\result.db
Name: %AppData%\result.db Group: Malware file
7.	%CommonStartMenu%\Programs\Windows Daily Adviser.lnk
Name: %CommonStartMenu%\Programs\Windows Daily Adviser.lnk Type: Shortcut Group: Malware file

Registry Details

Windows Daily Advisor may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [Date of Installation]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows Daily Advisor

Protecting Yourself from Windows Daily Advisor and Its Clones

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen