Windows Malware Firewall

Windows Malware Firewall Description

ScreenshotDespite its name, Windows Malware Firewall is not an actual firewall and Windows Malware Firewall has no way of protecting you from malware. Basically, Windows Malware Firewall is a malware infection disguised as a legitimate security program. Applications like Windows Malware Firewall are known as rogue security programs, malicious applications designed to convince PC users that they need to waste their money purchasing fake security software. Windows Malware Firewall belongs to a particularly large family of these kinds of fake security programs known as the FakeVimes family of malware.

Windows Malware Firewall is Part of the FakeVimes Family of Fake Security Software

Malware in the FakeVimes family has been active for several years, at least since 2009. Windows Malware Firewall is a fairly typical example of malware in the FakeVimes family which means that most security programs have no problems removing Windows Malware Firewall. However, fake security software in the FakeVimes family released in 2012 will often include a rootkit component that can be quite hard to remove. Apart from Windows Malware Firewall, examples of fake anti-virus programs in the FakeVimes family released in 2012 include programs like Windows Command Processor, Windows Custom Safety, Keep Center Keeper, Windows Antibreach Module, Personal Internet Security 2011, Fake Windows Antivirus 2012, Best Antivirus Software, Smart Engine, Windows Efficiency Console, Presto TuneUp, Windows Advanced User Patch, Windows Custom Management, Windows Antibreach Tool, Windows Antivirus Suite, Extra Antivirus, Windows Antivirus Tool, Windows Component Protector, Windows Antivirus Release, Best Malware Protection, Windows Antivirus Patch, Additional Guard, Windows Efficiency Accelerator, Live Enterprise Suite, Best Virus Protection, My Security Wall, Security Master AV, Activate Ultimate Protection, Malware Protection, Windows Antivirus Rampart, Windows Antivirus Helper, Fast Antivirus 2009, Smart Anti-Malware Protection, Windows Custodian Utility, Antimalware PC Safety, Windows Daily Adviser, Windows Abnormality Checker, Windows Control Series, Advanced Antispyware Solution, PC Live Guard, Windows Antivirus Care, Windows Active HotSpot, Windows Accelerator Pro, Internet Security Suite, Windows Crucial Scanner, Windows Advanced Toolkit, Windows AntiHazard Helper, Windows Activity Debugger, Windows Defence Counsel, System Smart Security, Windows Be-on-Guard Edition, Live PC Care, Virus Melt, Anti-Malware Lab, Windows Care Taker, Internet Security Essentials, Windows Defence Unit, Windows Antivirus Adviser, Smart Internet Protection 2012, Windows Activity Booster, Windows Defence Master, Total Anti Malware Protection, Windows Advanced Security Center, Antivirus Smart Protection, Windows Antibreaking System, Volcano Security Suite, Windows AntiBreach Suite, Home Malware Cleaner, Windows Debug Center, Smart PC Cleaner, Windows Antihazard Solution, Windows AntiBreach Helper, Windows Antivirus Patrol, CleanUp Antivirus, Smart Internet Protection 2011, Windows Antivirus Machine, Windows Cleaning Tools, A-fast Antivirus, My Security Shield, Smart Security, Smart Virus Eliminator, Security Antivirus, Windows Defending Center, Windows Cleaning Toolkit, My Security Engine, Windows Basic Antivirus, Windows Anti-Malware Patch, Enterprise Suite, Windows AntiBreach Patrol, Home Safety Essentials, VirusSecurity, Windows AntiHazard Center, System Protection Tools, PC Security Guardian, Windows Antivirus Booster, Windows Daily Advisor, Personal Security Sentinel, Virus Doctor and Windows Active Guard.

The Windows Malware Firewall scam is not particularly complicated. Basically, this fake security program will do everything in its power to convince its victim that their computer system is severely infected with various kinds of viruses and Trojans. However, trying to use Windows Malware Firewall to fix these problems only results in error messages and redirects claiming that the victim must purchase a 'full version' of Windows Malware Firewall in order to fix the supposed malware infection on their computer system. Of course, since Windows Malware Firewall has absolutely no real ant-virus capabilities, paying for this fake security program is a waste of money in addition to a severe security risk.

Dealing With a Windows Malware Firewall Infection

As was mentioned before, most legitimate security programs can deal with Windows Malware Firewall, provided that you first remove its associated rootkit infection. ESG security researchers have observed that this rootkit is a variant of the infamous ZeroAccess rootkit and that it can often be removed with a specialized anti-rootkit tool or with an advanced anti-malware application with integrated anti-rootkit technology. You can pretend to register Windows Malware Firewall with the registration code 0W000-000B0-00T00-E0020; this will stop many of Windows Malware Firewall's most irritating symptoms, although it will not remove Windows Malware Firewall from your computer system.

Infected with Windows Malware Firewall? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Malware Firewall

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Malware Firewall infects a computer.

How to Detect and Remove Windows Malware Firewall

Windows Malware Firewall Image 1 Windows Malware Firewall Image 2 Windows Malware Firewall Image 3 Windows Malware Firewall Image 4 Windows Malware Firewall Image 5 Windows Malware Firewall Image 6

File System Details

Windows Malware Firewall creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Protector-ixlf.exe 2,250,752 e8efda901e1ee0c7b5af4a1bd27c2cea 65
2 %APPDATA%\Protector-dwyc.exe 2,003,456 1f6e6c2671e6dbed9a5a3bad3f7bc4ab 50
3 Windows Malware Firewall.lnk 40
4 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
5 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
6 %AppData%\result.db N/A

Registry Details

Windows Malware Firewall creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"

More Details on Windows Malware Firewall

The following messages associated with Windows Malware Firewall were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Error
Keylogger ativity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

One Comment

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 6 + 12 ?