Windows Privacy Counsel Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Privacy Counsel is a rogue anti-spyware application that uses lots of scary tactics to intimidate PC users their computers are contaminated with malware, and then, encourages them to buy its bogus software product. Windows Privacy Counsel claims its “full version” can detect and remove any computer infections; however, in reality, it is a lie. Although Windows Privacy Counsel may appear to be a helpful software program, it is everything but helpful. Windows Privacy Counsel will use Trojans to get inside a targeted PC. Once installed on a corrupted machine, Windows Privacy Counsel executes a bogus system scan pretending to check your PC for possible malware threats. Then, it uses system scan reports to illustrate to PC users that their computers are riddled with malware threats. All of the notifications and system scan results rendered by Windows Privacy Counsel are false. These false positives are used as a way to get PC users to purchase Windows Privacy Counsel. ESG’s malware analysts highly recommend you to use an updated malware removal tool to eliminate Windows Privacy Counsel completely from the corrupted PC.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Privacy Counsel?

‘How Windows Privacy Counsel Infects Your Computer’ Video

Windows Privacy Counsel Removal Details

Windows Privacy Counsel has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Privacy Counsel creates the following registry entries:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\”Debugger” = “svchost.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\”Debugger” = “svchost.exe”

Important Article Disclaimer