Windows Premium Console Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Premium Console is one of the many fake security applications in the FakeVimes family of malware that have been infecting systems all over the world since early 2012. Despite its appearance, Windows Premium Console is not a real security program. Windows Premium Console is a malware infection that, as part of its attack, is disguised as a legitimate security application in order to steal its victims’ money. ESG malware analysts urge computer users to mistrust all messages and claims made by Windows Premium Console and to remove this threat with a reliable anti-malware program.

Windows Premium Console is a Particularly Nasty FakeVimes Variant

The FakeVimes family of malware has been active since at least 2009, which means that most anti-malware applications can remove FakeVimes-related malware easily. However, starting in 2012, criminals have released numerous clones in the FakeVimes family that will often be bundled with a rootkit component that makes them considerably more difficult to remove than previous variants in the FakeVimes family of malware. In the case of Windows Premium Console and other recently-released FakeVimes clones, a specialized anti-rootkit tool may be necessary for effective removal. Some other fake security programs with the same malicious rootkit component include Windows Active Defender, Windows Trojans Inspector and Windows Malware Firewall.

What You Can Do to Protect Your Computer from Windows Premium Console

Scams similar to Windows Premium Console have been around for many years and are variations on scams carried out by con men for a long time before the appearance of the Internet. Basically, Windows Premium Console is designed to make you believe that your computer was infected with numerous malware threats. However, trying to use Windows Premium Console, a malware infection itself, results in error messages claiming that you need to purchase an expensive ‘full version’ of Windows Premium Console.

Since Windows Premium Console has no actual way of removing malware from your computer, ESG security analysts strongly advise against paying to ‘register’ Windows Premium Console. Instead, you should use a reliable anti-malware application to remove Windows Premium Console and its associated malware. You can make Windows Premium Console believe that you’ve registered Windows Premium Console with the registration code 0W000-000B0-00T00-E0020. This registration code will stop many of Windows Premium Console’s most annoying symptoms, but it will not remove Windows Premium Console from your computer or do anything to protect you from future infections that may derive from its presence on your computer system.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Premium Console?

Windows Premium Console Technical Report

As new Windows Premium Console details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Premium Console:

The following fake error message(s) appears for Windows Premium Console:

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them
to a remote server.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

‘How Windows Premium Console Infects Your Computer’ Video

Windows Premium Console Removal Details

Windows Premium Console has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Premium Console creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Important Article Disclaimer