Windows Malware Firewall

Windows Malware Firewall Description

ScreenshotDespite its name, Windows Malware Firewall is not an actual firewall and Windows Malware Firewall has no way of protecting you from malware. Basically, Windows Malware Firewall is a malware infection disguised as a legitimate security program. Applications like Windows Malware Firewall are known as rogue security programs, malicious applications designed to convince PC users that they need to waste their money purchasing fake security software. Windows Malware Firewall belongs to a particularly large family of these kinds of fake security programs known as the FakeVimes family of malware.

Windows Malware Firewall is Part of the FakeVimes Family of Fake Security Software

Malware in the FakeVimes family has been active for several years, at least since 2009. Windows Malware Firewall is a fairly typical example of malware in the FakeVimes family which means that most security programs have no problems removing Windows Malware Firewall. However, fake security software in the FakeVimes family released in 2012 will often include a rootkit component that can be quite hard to remove. Apart from Windows Malware Firewall, examples of fake anti-virus programs in the FakeVimes family released in 2012 include programs like Windows Component Protector, Windows Daily Adviser, Live Enterprise Suite, Windows AntiBreach Patrol, Fast Antivirus 2009, Personal Security Sentinel, Best Malware Protection, Smart Internet Protection 2011, Windows Efficiency Kit, Security Antivirus, Windows Antibreaking System, Windows Custom Safety, Windows Anti-Malware Patch, Windows Antivirus Tool, Windows Basic Antivirus, Fake Windows Antivirus 2012, Windows Control Series, Windows Antivirus Suite, Best Virus Protection, Windows Antivirus Patrol, Additional Guard, Windows Efficiency Console, Live PC Care, CleanUp Antivirus, PC Live Guard, Smart Anti-Malware Protection, Activate Ultimate Protection, My Security Engine, Windows Antivirus Machine, Windows Antivirus Release, Smart Engine, Home Malware Cleaner, Windows Custom Management, Antivirus Smart Protection, Windows Crucial Scanner, Windows Accelerator Pro, Windows Daily Advisor, Advanced Antispyware Solution, PC Security Guardian, Windows Activity Booster, Windows Antivirus Helper, Windows Active Guard, Windows Custodian Utility, Windows Advanced User Patch, Keep Center Keeper, Windows Antihazard Solution, Windows Advanced Security Center, Windows Defence Master, Windows Care Taker, Total Anti Malware Protection, Malware Protection, VirusSecurity, Anti-Malware Lab, Windows Cleaning Toolkit, Internet Security Suite, Windows Defending Center, Windows Antivirus Booster, Windows Activity Debugger, Smart PC Cleaner, Windows Defence Unit, Virus Doctor, Windows Advanced Toolkit, Best Antivirus Software, Windows AntiHazard Center, Windows Abnormality Checker, Windows Antibreach Tool, Smart Security, Home Safety Essentials, Windows Defence Counsel, Windows Antivirus Adviser, Windows Antibreach Module, Windows Antivirus Rampart, Enterprise Suite, Windows Antivirus Patch, Smart Internet Protection 2012, Windows Command Processor, My Security Wall, A-fast Antivirus, Smart Virus Eliminator, System Protection Tools, Security Master AV, Windows Efficiency Accelerator, Windows Cleaning Tools, My Security Shield, Windows Be-on-Guard Edition, Windows AntiBreach Helper, Extra Antivirus, Windows AntiBreach Suite, Volcano Security Suite, Internet Security Essentials, System Smart Security, Windows AntiHazard Helper, Personal Internet Security 2011, Windows Antivirus Care, Windows Debug Center, Presto TuneUp, Virus Melt and Windows Active HotSpot.

The Windows Malware Firewall scam is not particularly complicated. Basically, this fake security program will do everything in its power to convince its victim that their computer system is severely infected with various kinds of viruses and Trojans. However, trying to use Windows Malware Firewall to fix these problems only results in error messages and redirects claiming that the victim must purchase a 'full version' of Windows Malware Firewall in order to fix the supposed malware infection on their computer system. Of course, since Windows Malware Firewall has absolutely no real ant-virus capabilities, paying for this fake security program is a waste of money in addition to a severe security risk.

Dealing With a Windows Malware Firewall Infection

As was mentioned before, most legitimate security programs can deal with Windows Malware Firewall, provided that you first remove its associated rootkit infection. ESG security researchers have observed that this rootkit is a variant of the infamous ZeroAccess rootkit and that it can often be removed with a specialized anti-rootkit tool or with an advanced anti-malware application with integrated anti-rootkit technology. You can pretend to register Windows Malware Firewall with the registration code 0W000-000B0-00T00-E0020; this will stop many of Windows Malware Firewall's most irritating symptoms, although it will not remove Windows Malware Firewall from your computer system.

Infected with Windows Malware Firewall? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Malware Firewall

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Malware Firewall infects a computer.

How to Detect and Remove Windows Malware Firewall

Windows Malware Firewall Image 1 Windows Malware Firewall Image 2 Windows Malware Firewall Image 3 Windows Malware Firewall Image 4 Windows Malware Firewall Image 5 Windows Malware Firewall Image 6

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Windows Malware Firewall outbreaks and other threats from global to local level.

File System Details

Windows Malware Firewall creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Protector-ixlf.exe 2,250,752 e8efda901e1ee0c7b5af4a1bd27c2cea 65
2 %APPDATA%\Protector-dwyc.exe 2,003,456 1f6e6c2671e6dbed9a5a3bad3f7bc4ab 50
3 Windows Malware Firewall.lnk 40
4 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
5 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
6 %AppData%\result.db N/A

Registry Details

Windows Malware Firewall creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"

More Details on Windows Malware Firewall

The following messages associated with Windows Malware Firewall were found:
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Keylogger ativity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

One Comment

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 14 + 11 ?