Windows Daily Advisor

By Domesticus in Rogue Anti-Virus Program | 27 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
 More... More

Windows Daily Advisor Description

While Windows Daily Advisor has the external appearance of a generic anti-virus program, ESG malware analysts have identified no actual anti-virus components in this application. In fact, Windows Daily Advisor is a malware infection, a kind of malware classified as a rogue anti-virus application. Rogue anti-virus applications are used to scam computer users by convincing them that their PCs are infected with malware. Taking advantage of the induced panic, they will try to induce the victim into purchasing a useless ‘full version’ of the fake anti-virus product.

Windows Daily Advisor belongs to a large family of fake anti-virus programs known as FakeVimes. Malware in the FakeVimes family has been around since at least 2009 and malware researchers are familiar with the tactics and characteristics of most fake anti-virus programs in the FakeVimes family. While these bogus security programs were released regularly since 2009, malware released in 2012 has included a dangerous rootkit component that has given new life to this well-known family of malware. By using a version of the Sirefef or ZeroAccess rootkit, criminals can disable legitimate security programs and make the task of removing Windows Daily Advisor much more difficult than normal. Because of this, removal of Windows Daily Advisor will usually require an anti-rootkit utility apart from the usual anti-malware application.

Protecting Yourself from Windows Daily Advisor and Its Clones

There are dozens of clones Windows Daily Advisor, even if we only count those released in 2012 (which include the rootkit component.) Examples of clones of Windows Daily Advisor include programs like Windows Pro Web Helper, Windows Trojans Inspector and Windows Daily Adviser. All of these bogus anti-virus programs are virtually identical, with only very slight changes to each program’s interface and file names. In every case, Windows Daily Advisor clones will demand that, to prove that you have paid for this fake anti-virus program, you enter a registration code. ESG malware analysts strongly advise against paying for Windows Daily Advisor or any of its clones. Instead, you can enter the registration code 0W000-000B0-00T00-E0020 as a way of stopping Windows Daily Advisor from displaying annoying bogus error messages, misleading fake system scans and causing browser redirects. This will not remove Windows Daily Advisor. To do that, it will still be essential to utilize a strong anti-malware program.

Type: Rogue Anti-Virus Program

How Can You Detect Windows Daily Advisor?

Download SpyHunter’s Detection Scanner
to Detect Windows Daily Advisor.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Windows Daily Advisor Removal Details

Windows Daily Advisor has typically the following processes in memory:

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[random 4 characters].exe
  • %AppData%\Protector-[random 3 characters].exe

Windows Daily Advisor creates the following files in the system:

  • %Desktop%\Windows Daily Adviser.lnk
  • %AppData%\W34r34mt5h21ef.dat
  • %AppData%\result.db
  • %CommonStartMenu%\Programs\Windows Daily Adviser.lnk

Windows Daily Advisor creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [Date of Installation]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

Important Article Disclaimer

ESG Support Center

This entry was last updated on 05/8/12 and posted on 05/4/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Troj/Zbot-BUS
Total Anti Malware Protection »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.