Windows Malware Sleuth
Windows Malware Sleuth Image
ESG security researchers have observed a very large group of fake security applications that were released in the first months of 2012. Windows Malware Sleuth is one of the many clones belonging to this family of malware, known as FakeVimes. This family of malware has been around for several years, with the most recent iterations of these fake security applications containing few differences except for slight updates to the user interface and each name and appearance.
Windows Malware Sleuth has dozens of clones, with some of the most recent including such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
Windows Malware Sleuth carries out a well-known scam that tries to trick PC users that their computer is hopelessly infected and that the problem can only be solved by using Windows Malware Sleuth to scan and disinfect the computer system. However, the scam does not stop there; Windows Malware Sleuth also contains components that can paralyze a computer system and disable known security tools and applications, including Windows components like the Registry Editor or the Task Manager. Because of this, removing Windows Malware Sleuth will usually involve a known security program and starting up Windows in Safe Mode or booting from an external source.
Table of Contents
How Windows Malware Sleuth Invades Your Computer System
Windows Malware Sleuth tends to infect computers belonging to computer users that are either inexperienced or prone to visit websites containing malicious or unsafe content. Some websites that ESG security researchers tend to consider unsafe include pornographic video websites, web pages specializing in distributing pirated media and applications and shady online casinos. Often, through a malicious advertisement or disguised file download (such as a fake video codec for viewing the aforementioned pornographic videos) criminals manage to bypass a computer system's defenses in order to install Windows Malware Sleuth.
This fake security program plagiarizes the look and external appearance of Windows Security Center, often fooling inexperienced computer users into thinking that Windows Malware Sleuth is a legitimate Windows security component. Once installed, Windows Malware Sleuth will refuse to relinquish its hold on the victim's computer system until a 'ransom', in the form of payment for a 'full version of Windows Malware Sleuth' is paid. Of course, providing your credit card information to the criminals behind Windows Malware Sleuth is definitely not a good idea.
Windows Malware Sleuth Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%Protector-[RANDOM 3 CHARACTERS].exe | |
| 2. | %AppData%NPSWF32.dll | |
| 3. | %Desktop%Windows Malware Sleuth.lnk | |
| 4. | %CommonStartMenu%ProgramsWindows Malware Sleuth.lnk | |
| 5. | %AppData% esult.db |
Registry Details
Messages
The following messages associated with Windows Malware Sleuth were found:
|
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. |
|
Warning
Firewall has blocked a program from accessing the Internet C:program filesinternet exploreriexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Virus Detected
Threat detected: FTP Server Infected file: C:WindowsSystem32dllcachewmpshell.dll |
