Windows Interactive Security Description
Windows Interactive Security is one of the myriad variants of malware in the FakeVimes family of rogue anti-virus applications. This family of malware has seen a marked resurgence in 2012 due to the innovation of bundling these dangerous fake security applications with rootkits in the ZeroAccess family of malware. The rootkit component gives Windows Interactive Security, and other FakeVimes variants greater resilience to removal than ever before, often requiring the help of a specialized tool in order to deal with its associated rootkit infection. Like most rogue security programs, Windows Interactive Security will try to profit by convincing its victims that they must purchase a useless, and expensive, ‘full version’ of Windows Interactive Security in order to remove a nonexistent malware infection on their computer system. ESG security analysts consider that Windows Interactive Security and its clones pose a significant security risk and should be removed immediately with the assistance of an acclaimed anti-malware utility.
Windows Interactive Security and the FakeVimes Family of Rogue Security Software
Fake security applications in the FakeVimes family have been released continuously since 2009, meaning that as of July of 2012 there are dozens of variants of this fake security application. While the malware applications themselves have evolved little since 2009 and are quite easy to remove by most security programs, the means of delivery, social engineering tactics, and associated malware programs and malicious scripts have gotten increasingly more complex over time. This means that a modern FakeVimes-related malware infection will usually involve various components working together to install Windows Interactive Security and similar programs, other malware, and protecting these malware infections from removal. Since the beginning of 2012, new variants in the FakeVimes family have been released nearly daily, including such fake security programs as Windows Proprietary Advisor, Windows Privacy Extension and Windows Malware Firewall.
What to Do If Your Computer is Infected with Windows Interactive Security
First of all, it is pivotal to disregard all warnings coming from Windows Interactive Security, however alarming. This fake security program will urge you to purchase a ‘registration code’. Since Windows Interactive Security has no real anti-malware components, all this registration code will do is stop Windows Interactive Security from displaying irritating error messages. You can ‘register’ Windows Interactive Security by entering the code 0W000-000B0-00T00-E0020. It is important to remember, however, that this will not remove Windows Interactive Security or its associated malware from your computer system. To do that, you will require the help of a dependable anti-malware program with anti-rootkit capabilities.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Interactive Security?
Download SpyHunter’s Detection Scanner
to Detect Windows Interactive Security.
Windows Interactive Security Technical Report
As new Windows Interactive Security details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Windows Interactive Security:
The following fake error message(s) appears for Windows Interactive Security:
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Attempt to modify registry key entries detected. Registry entry analysis is recommended.
‘How Windows Interactive Security Infects Your Computer’ Video
Windows Interactive Security Removal Details
Windows Interactive Security has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Interactive Security creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe