Windows Interactive Security

By ESGI Advisor in Rogue Anti-Spyware Program | 96 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

Windows Interactive Security Description

Image Screenshot

[+] Click Image to Enlarge

Windows Interactive Security is one of the myriad variants of malware in the FakeVimes family of rogue anti-virus applications. This family of malware has seen a marked resurgence in 2012 due to the innovation of bundling these dangerous fake security applications with rootkits in the ZeroAccess family of malware. The rootkit component gives Windows Interactive Security, and other FakeVimes variants greater resilience to removal than ever before, often requiring the help of a specialized tool in order to deal with its associated rootkit infection. Like most rogue security programs, Windows Interactive Security will try to profit by convincing its victims that they must purchase a useless, and expensive, ‘full version’ of Windows Interactive Security in order to remove a nonexistent malware infection on their computer system. ESG security analysts consider that Windows Interactive Security and its clones pose a significant security risk and should be removed immediately with the assistance of an acclaimed anti-malware utility.

Windows Interactive Security and the FakeVimes Family of Rogue Security Software

Fake security applications in the FakeVimes family have been released continuously since 2009, meaning that as of July of 2012 there are dozens of variants of this fake security application. While the malware applications themselves have evolved little since 2009 and are quite easy to remove by most security programs, the means of delivery, social engineering tactics, and associated malware programs and malicious scripts have gotten increasingly more complex over time. This means that a modern FakeVimes-related malware infection will usually involve various components working together to install Windows Interactive Security and similar programs, other malware, and protecting these malware infections from removal. Since the beginning of 2012, new variants in the FakeVimes family have been released nearly daily, including such fake security programs as Windows Proprietary Advisor, Windows Privacy Extension and Windows Malware Firewall.

What to Do If Your Computer is Infected with Windows Interactive Security

First of all, it is pivotal to disregard all warnings coming from Windows Interactive Security, however alarming. This fake security program will urge you to purchase a ‘registration code’. Since Windows Interactive Security has no real anti-malware components, all this registration code will do is stop Windows Interactive Security from displaying irritating error messages. You can ‘register’ Windows Interactive Security by entering the code 0W000-000B0-00T00-E0020. It is important to remember, however, that this will not remove Windows Interactive Security or its associated malware from your computer system. To do that, you will require the help of a dependable anti-malware program with anti-rootkit capabilities.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Interactive Security?

Download SpyHunter’s Detection Scanner
to Detect Windows Interactive Security.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Windows Interactive Security Technical Report

As new Windows Interactive Security details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Interactive Security:

The following fake error message(s) appears for Windows Interactive Security:

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.

Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.

‘How Windows Interactive Security Infects Your Computer’ Video

Windows Interactive Security Removal Details

Windows Interactive Security has typically the following processes in memory:

  • %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Interactive Security creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Important Article Disclaimer

ESG Support Center

This entry was last updated on 07/3/12 and posted on 07/2/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Windows Proprietary Advisor
W32.Shadesrat.C »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.