Windows High-End Protection Removal Report

Windows High-End Protection

By ZulaZuza in Rogue Anti-Spyware Program | 78 views

Rate it:

(No Ratings Yet)

Loading ...

[+] Click Image to Enlarge

Windows High-End Protection Does Not Offer Any Protection for Your Computer System

Windows High-End Protection is a bogus anti-virus program that is part of a recognized online scam. Basically, Windows High-End Protection pretends to be a legitimate security application despite not having any anti-virus or anti-malware capabilities. The main goal of the Windows High-End Protection scam is to convince computer users to purchase useless, fake security programs. These kinds of malware infections as known as rogue anti-virus or rogue anti-malware programs. Windows High-End Protection belongs to a common family of rogue security programs known as Rogue:Win32/FakeVimes.

FakeVimes bogus security programs have been active for several years. ESG malware analysts have been tracking the activities of fake security software in the FakeVimes family since 2009. Because of this, dealing with a Windows High-End Protection infection is not particularly difficult for most security programs. However, Windows High-End Protection belongs to a group of FakeVimes anti-viruses released in 2012 that often include an associated rootkit that is installed along with the rogue security program. The presence of this rootkit component, often some version of the ZeroAccess rootkit, greatly complicates removal of Windows High-End Protection and its clones. There are numerous malicious programs like Windows High-End Protection, including such rogue anti-virus applications as Windows Pro Rescuer, Windows Recovery Series and Windows Safety Checkpoint.

Do Not Become a Victim of the Windows High-End Protection Scam!

Malware like Windows High-End Protection is often known as scareware because of its main tactic: scaring its victims. Windows High-End Protection is designed to display numerous error messages and bogus security warnings in order to make its victims panic, scaring them into believing that their computer system has been attacked by several viruses and Trojans. Then, Windows High-End Protection will offer to fix these nonexistent problems provided that the victim is willing to spend money on a “full version” of Windows High-End Protection. Of course, since Windows High-End Protection has no real anti-virus capabilities, paying for its “full version” is not a good idea.

You can trick Windows High-End Protection into thinking that you have paid for its “full version” by entering the registration code the 0W000-000B0-00T00-E0020. ESG malware analysts have identified this registration code as an effective way to stop Windows High-End Protection from displaying its alarming error messages. However, this registration code will not remove Windows High-End Protection from your computer system. To remove Windows High-End Protection completely, it is recommended to use a reliable, fully up to date anti-malware application.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows High-End Protection?

Download SpyHunter’s Detection Scanner
to Detect Windows High-End Protection.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows High-End Protection Infects Your Computer’ Video

Windows High-End Protection Removal Details

Windows High-End Protection has typically the following processes in memory:

%AppData%\NPSWF32.dll
%AppData%\Protector-[RANDOM CHARACTERS].exe

Windows High-End Protection creates the following files in the system:

%AppData%\result.db

Windows High-End Protection creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger

Important Article Disclaimer

This entry was last updated on 04/30/12 and posted on 04/30/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.