Windows Malware Firewall

Windows Malware Firewall Description

ScreenshotDespite its name, Windows Malware Firewall is not an actual firewall and Windows Malware Firewall has no way of protecting you from malware. Basically, Windows Malware Firewall is a malware infection disguised as a legitimate security program. Applications like Windows Malware Firewall are known as rogue security programs, malicious applications designed to convince PC users that they need to waste their money purchasing fake security software. Windows Malware Firewall belongs to a particularly large family of these kinds of fake security programs known as the FakeVimes family of malware.

Windows Malware Firewall is Part of the FakeVimes Family of Fake Security Software

Malware in the FakeVimes family has been active for several years, at least since 2009. Windows Malware Firewall is a fairly typical example of malware in the FakeVimes family which means that most security programs have no problems removing Windows Malware Firewall. However, fake security software in the FakeVimes family released in 2012 will often include a rootkit component that can be quite hard to remove. Apart from Windows Malware Firewall, examples of fake anti-virus programs in the FakeVimes family released in 2012 include programs like Windows Control Series, Windows Daily Advisor, Live PC Care, Windows AntiBreach Suite, Presto TuneUp, Home Malware Cleaner, Best Malware Protection, Smart Internet Protection 2012, Windows Efficiency Master, Security Master AV, Windows Basic Antivirus, Windows AntiHazard Center, Windows Daily Adviser, Windows AntiBreach Helper, Fast Antivirus 2009, Windows Be-on-Guard Edition, Windows Crucial Scanner, Windows Antivirus Tool, CleanUp Antivirus, Windows Antivirus Rampart, Additional Guard, Windows Efficiency Kit, Enterprise Suite, Malware Protection, Smart Engine, PC Security Guardian, Activate Ultimate Protection, My Security Shield, Windows Antivirus Patch, Windows Antivirus Suite, Smart Internet Protection 2011, Home Safety Essentials, Windows Custom Safety, Antivirus Smart Protection, Windows Debug Center, Windows Custodian Utility, Windows Active Guard, Advanced Antispyware Solution, Personal Internet Security 2011, Windows Activity Debugger, Windows Antivirus Machine, Windows Active HotSpot, Live Enterprise Suite, Windows Custom Management, Windows Anti-Malware Patch, Windows Antivirus Adviser, Windows Advanced Toolkit, Windows Defence Unit, Virus Doctor, Windows Cleaning Toolkit, My Security Engine, Volcano Security Suite, Anti-Malware Lab, Windows Cleaning Tools, Keep Center Keeper, Windows Efficiency Accelerator, Windows Antivirus Care, Smart Security, Windows Defending Center, Windows Advanced Security Center, Virus Melt, Windows Advanced User Patch, Best Antivirus Software, Windows AntiHazard Helper, Windows Accelerator Pro, Windows Antibreaking System, Smart Virus Eliminator, Internet Security Essentials, Windows Defence Master, Windows Antivirus Booster, Windows AntiBreach Patrol, Windows Antivirus Release, Extra Antivirus, Smart PC Cleaner, Windows Antivirus Patrol, Windows Component Protector, PC Live Guard, A-fast Antivirus, System Protection Tools, System Smart Security, Smart Anti-Malware Protection, Windows Efficiency Console, Windows Command Processor, My Security Wall, Windows Care Taker, Windows Antibreach Module, Fake Windows Antivirus 2012, Windows Antibreach Tool, Internet Security Suite, Windows Abnormality Checker, Windows Antihazard Solution, Total Anti Malware Protection, Personal Security Sentinel, Windows Antivirus Helper, Windows Defence Counsel, Security Antivirus, VirusSecurity and Windows Activity Booster.

The Windows Malware Firewall scam is not particularly complicated. Basically, this fake security program will do everything in its power to convince its victim that their computer system is severely infected with various kinds of viruses and Trojans. However, trying to use Windows Malware Firewall to fix these problems only results in error messages and redirects claiming that the victim must purchase a 'full version' of Windows Malware Firewall in order to fix the supposed malware infection on their computer system. Of course, since Windows Malware Firewall has absolutely no real ant-virus capabilities, paying for this fake security program is a waste of money in addition to a severe security risk.

Dealing With a Windows Malware Firewall Infection

As was mentioned before, most legitimate security programs can deal with Windows Malware Firewall, provided that you first remove its associated rootkit infection. ESG security researchers have observed that this rootkit is a variant of the infamous ZeroAccess rootkit and that it can often be removed with a specialized anti-rootkit tool or with an advanced anti-malware application with integrated anti-rootkit technology. You can pretend to register Windows Malware Firewall with the registration code 0W000-000B0-00T00-E0020; this will stop many of Windows Malware Firewall's most irritating symptoms, although it will not remove Windows Malware Firewall from your computer system.

Infected with Windows Malware Firewall? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Malware Firewall

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Malware Firewall infects a computer.

How to Detect and Remove Windows Malware Firewall

Windows Malware Firewall Image 1 Windows Malware Firewall Image 2 Windows Malware Firewall Image 3 Windows Malware Firewall Image 4 Windows Malware Firewall Image 5 Windows Malware Firewall Image 6

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Windows Malware Firewall outbreaks and other threats from global to local level.

File System Details

Windows Malware Firewall creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Protector-ixlf.exe 2,250,752 e8efda901e1ee0c7b5af4a1bd27c2cea 65
2 %APPDATA%\Protector-dwyc.exe 2,003,456 1f6e6c2671e6dbed9a5a3bad3f7bc4ab 50
3 Windows Malware Firewall.lnk 40
4 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
5 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
6 %AppData%\result.db N/A

Registry Details

Windows Malware Firewall creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"

More Details on Windows Malware Firewall

The following messages associated with Windows Malware Firewall were found:
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Keylogger ativity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

One Comment

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 13 + 14 ?