Windows Malware Firewall

Windows Malware Firewall Description

ScreenshotDespite its name, Windows Malware Firewall is not an actual firewall and Windows Malware Firewall has no way of protecting you from malware. Basically, Windows Malware Firewall is a malware infection disguised as a legitimate security program. Applications like Windows Malware Firewall are known as rogue security programs, malicious applications designed to convince PC users that they need to waste their money purchasing fake security software. Windows Malware Firewall belongs to a particularly large family of these kinds of fake security programs known as the FakeVimes family of malware.

Windows Malware Firewall is Part of the FakeVimes Family of Fake Security Software

Malware in the FakeVimes family has been active for several years, at least since 2009. Windows Malware Firewall is a fairly typical example of malware in the FakeVimes family which means that most security programs have no problems removing Windows Malware Firewall. However, fake security software in the FakeVimes family released in 2012 will often include a rootkit component that can be quite hard to remove. Apart from Windows Malware Firewall, examples of fake anti-virus programs in the FakeVimes family released in 2012 include programs like Windows Efficiency Accelerator, Windows Daily Advisor, Malware Protection, Windows AntiHazard Center, Security Antivirus, Home Safety Essentials, Best Malware Protection, Smart Security, Windows Functionality Checker, Smart Anti-Malware Protection, Windows Defending Center, Windows Cleaning Toolkit, Windows AntiBreach Patrol, Windows Antivirus Adviser, Home Malware Cleaner, Windows Control Series, Windows Debug Center, Windows Care Taker, CleanUp Antivirus, Windows Antivirus Tool, Additional Guard, Windows First-Class Protector, Enterprise Suite, My Security Engine, Personal Internet Security 2011, Smart Internet Protection 2011, Activate Ultimate Protection, My Security Wall, Windows Be-on-Guard Edition, Windows Antivirus Release, Internet Security Essentials, Smart Internet Protection 2012, Windows Defence Unit, Antivirus Smart Protection, Windows Defence Counsel, Windows Activity Booster, Windows Efficiency Console, Advanced Antispyware Solution, Personal Security Sentinel, Windows Antivirus Rampart, Windows Advanced Toolkit, Windows Activity Debugger, Live PC Care, Windows Defence Master, Windows Antibreach Module, Windows Antivirus Helper, Windows Enterprise Suite, Windows Anti-Malware Patch, VirusSecurity, Windows Custodian Utility, My Security Shield, Windows Accelerator Pro, Anti-Malware Lab, Windows Custom Management, Live Enterprise Suite, Windows Expert Series, Windows Antivirus Patch, Windows Advanced User Patch, System Protection Tools, Windows Expert Console, Volcano Security Suite, Windows AntiBreach Helper, Best Antivirus Software, Windows Antivirus Booster, Windows Active HotSpot, Windows Antihazard Solution, Internet Security Suite, System Smart Security, Windows Efficiency Master, Windows Antivirus Machine, Windows Antibreach Tool, Windows Basic Antivirus, Extra Antivirus, Smart Virus Eliminator, Windows Antivirus Suite, Windows Daily Adviser, A-fast Antivirus, PC Security Guardian, Total Anti Malware Protection, Virus Doctor, Smart Engine, Windows Firewall Constructor, Windows Custom Safety, PC Live Guard, Windows Crucial Scanner, Windows AntiBreach Suite, Fast Antivirus 2009, Windows AntiHazard Helper, Keep Center Keeper, Windows Active Guard, Virus Melt, Windows Antivirus Care, Presto TuneUp, Windows Antivirus Patrol, Windows Efficiency Kit, Security Master AV, Windows Abnormality Checker and Windows Advanced Security Center.

The Windows Malware Firewall scam is not particularly complicated. Basically, this fake security program will do everything in its power to convince its victim that their computer system is severely infected with various kinds of viruses and Trojans. However, trying to use Windows Malware Firewall to fix these problems only results in error messages and redirects claiming that the victim must purchase a 'full version' of Windows Malware Firewall in order to fix the supposed malware infection on their computer system. Of course, since Windows Malware Firewall has absolutely no real ant-virus capabilities, paying for this fake security program is a waste of money in addition to a severe security risk.

Dealing With a Windows Malware Firewall Infection

As was mentioned before, most legitimate security programs can deal with Windows Malware Firewall, provided that you first remove its associated rootkit infection. ESG security researchers have observed that this rootkit is a variant of the infamous ZeroAccess rootkit and that it can often be removed with a specialized anti-rootkit tool or with an advanced anti-malware application with integrated anti-rootkit technology. You can pretend to register Windows Malware Firewall with the registration code 0W000-000B0-00T00-E0020; this will stop many of Windows Malware Firewall's most irritating symptoms, although it will not remove Windows Malware Firewall from your computer system.

Infected with Windows Malware Firewall? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Malware Firewall

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Malware Firewall infects a computer.

How to Detect and Remove Windows Malware Firewall

Windows Malware Firewall Image 1 Windows Malware Firewall Image 2 Windows Malware Firewall Image 3 Windows Malware Firewall Image 4 Windows Malware Firewall Image 5 Windows Malware Firewall Image 6

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Windows Malware Firewall outbreaks and other threats from global to local level.

File System Details

Windows Malware Firewall creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Protector-ixlf.exe 2,250,752 e8efda901e1ee0c7b5af4a1bd27c2cea 65
2 %APPDATA%\Protector-dwyc.exe 2,003,456 1f6e6c2671e6dbed9a5a3bad3f7bc4ab 50
3 Windows Malware Firewall.lnk 40
4 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
5 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
6 %AppData%\result.db N/A

Registry Details

Windows Malware Firewall creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"

More Details on Windows Malware Firewall

The following messages associated with Windows Malware Firewall were found:
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Keylogger ativity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

One Comment

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 7 + 8 ?