Windows Privacy Extension Description
Windows Privacy Extension is one of the many rogue anti-malware programs that are part of the FakeVimes family of malware. This family of malware has been responsible for a rise in rogue security software scams in 2012 due to the fact that criminals have started to bundle these fake security programs with rootkits in the ZeroAccess family of rootkits. If Windows Privacy Extension is installed on your machine, ESG security researchers strongly advise to disregard all of Windows Privacy Extension’s messages and alerts and to delete this fake security program with the help of an established, strong anti-malware utility containing anti-rootkit capabilities.
The Modus Operandi of FakeVimes and Windows Privacy Extension
Although the FakeVimes family of malware has been active since 2009, it is only in 2012 that malware in this family has started to pose a serious threat. This is because bundling these fake security programs with a rootkit component makes them considerably more difficult to remove than standalone FakeVimes infections. Most variants in the FakeVimes family will have been bundled with this rootkit component, including Windows Privacy Extension itself. Examples of other fake security programs in the FakeVimes family that were also released in 2012 include Windows Custom Management, Windows Premium Console, and Windows Trojans Inspector. All of Windows Privacy Extension’s clones will carry out the same trick: attempting to persuade you that your machine is infected with malware so that you will buy a fake ‘upgrade’ for these fake anti-malware programs.
Keeping Your Computer Safe from a Windows Privacy Extension Attack
In most cases, Windows Privacy Extension will enter a computer system through an initial social engineering scam. This will usually take the form of a malicious advertisement or pop-up message trying to make you believe that your machine is infected with malware and offering a free anti-malware scanner in order to solve this supposed problem. However, agreeing to this or even clicking on these kinds of advertisements may install Windows Privacy Extension on your computer system. Since Windows Privacy Extension is a kind of malware infection itself, Windows Privacy Extension has no way of helping remove malware from your computer system and will instead try to fool you into registering for an expensive and useless ‘upgrade.’ You can register Windows Privacy Extension with the code 0W000-000B0-00T00-E0020 in order to stop Windows Privacy Extension from pestering you with error messages, but you will still need to remove Windows Privacy Extension with a reliable anti-malware tool.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Privacy Extension?
Download SpyHunter’s Detection Scanner
to Detect Windows Privacy Extension.
‘How Windows Privacy Extension Infects Your Computer’ Video
Windows Privacy Extension Removal Details
Windows Privacy Extension has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Privacy Extension creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe