Windows Privacy Extension Removal Report

Windows Privacy Extension

By ESGI Advisor in Rogue Anti-Spyware Program | 161 views

Rate it:

(1 votes, average: 5.00 out of 5)

Loading ...

[+] Click Image to Enlarge

Windows Privacy Extension is one of the many rogue anti-malware programs that are part of the FakeVimes family of malware. This family of malware has been responsible for a rise in rogue security software scams in 2012 due to the fact that criminals have started to bundle these fake security programs with rootkits in the ZeroAccess family of rootkits. If Windows Privacy Extension is installed on your machine, ESG security researchers strongly advise to disregard all of Windows Privacy Extension’s messages and alerts and to delete this fake security program with the help of an established, strong anti-malware utility containing anti-rootkit capabilities.

The Modus Operandi of FakeVimes and Windows Privacy Extension

Although the FakeVimes family of malware has been active since 2009, it is only in 2012 that malware in this family has started to pose a serious threat. This is because bundling these fake security programs with a rootkit component makes them considerably more difficult to remove than standalone FakeVimes infections. Most variants in the FakeVimes family will have been bundled with this rootkit component, including Windows Privacy Extension itself. Examples of other fake security programs in the FakeVimes family that were also released in 2012 include Windows Custom Management, Windows Premium Console, and Windows Trojans Inspector. All of Windows Privacy Extension’s clones will carry out the same trick: attempting to persuade you that your machine is infected with malware so that you will buy a fake ‘upgrade’ for these fake anti-malware programs.

Keeping Your Computer Safe from a Windows Privacy Extension Attack

In most cases, Windows Privacy Extension will enter a computer system through an initial social engineering scam. This will usually take the form of a malicious advertisement or pop-up message trying to make you believe that your machine is infected with malware and offering a free anti-malware scanner in order to solve this supposed problem. However, agreeing to this or even clicking on these kinds of advertisements may install Windows Privacy Extension on your computer system. Since Windows Privacy Extension is a kind of malware infection itself, Windows Privacy Extension has no way of helping remove malware from your computer system and will instead try to fool you into registering for an expensive and useless ‘upgrade.’ You can register Windows Privacy Extension with the code 0W000-000B0-00T00-E0020 in order to stop Windows Privacy Extension from pestering you with error messages, but you will still need to remove Windows Privacy Extension with a reliable anti-malware tool.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Privacy Extension?

Download SpyHunter’s Detection Scanner
to Detect Windows Privacy Extension.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Privacy Extension Infects Your Computer’ Video

Windows Privacy Extension Removal Details

Windows Privacy Extension has typically the following processes in memory:

%AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Privacy Extension creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Important Article Disclaimer

This entry was last updated on 06/28/12 and posted on 06/28/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.