Windows Privacy Extension

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: June 28, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Privacy Extension Image

Windows Privacy Extension is one of the many rogue anti-malware programs that are part of the FakeVimes family of malware. This family of malware has been responsible for a rise in rogue security software scams in 2012 due to the fact that criminals have started to bundle these fake security programs with rootkits in the ZeroAccess family of rootkits. If Windows Privacy Extension is installed on your machine, ESG security researchers strongly advise to disregard all of Windows Privacy Extension's messages and alerts and to delete this fake security program with the help of an established, strong anti-malware utility containing anti-rootkit capabilities.

The Modus Operandi of FakeVimes and Windows Privacy Extension

Although the FakeVimes family of malware has been active since 2009, it is only in 2012 that malware in this family has started to pose a serious threat. This is because bundling these fake security programs with a rootkit component makes them considerably more difficult to remove than standalone FakeVimes infections. Most variants in the FakeVimes family will have been bundled with this rootkit component, including Windows Privacy Extension itself. Examples of other fake security programs in the FakeVimes family that were also released in 2012 include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. All of Windows Privacy Extension's clones will carry out the same trick: attempting to persuade you that your machine is infected with malware so that you will buy a fake 'upgrade' for these fake anti-malware programs.

Keeping Your Computer Safe from a Windows Privacy Extension Attack

In most cases, Windows Privacy Extension will enter a computer system through an initial social engineering scam. This will usually take the form of a malicious advertisement or pop-up message trying to make you believe that your machine is infected with malware and offering a free anti-malware scanner in order to solve this supposed problem. However, agreeing to this or even clicking on these kinds of advertisements may install Windows Privacy Extension on your computer system. Since Windows Privacy Extension is a kind of malware infection itself, Windows Privacy Extension has no way of helping remove malware from your computer system and will instead try to fool you into registering for an expensive and useless 'upgrade.' You can register Windows Privacy Extension with the code 0W000-000B0-00T00-E0020 in order to stop Windows Privacy Extension from pestering you with error messages, but you will still need to remove Windows Privacy Extension with a reliable anti-malware tool.

SpyHunter Detects & Remove Windows Privacy Extension

Windows Privacy Extension Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Privacy Extension may create the following file(s):
# File Name MD5 Detections
1. Protector-yagp.exe 6c3b6c1bd9b6472f162fd567e9942af2 1
2. %AppData%\Protector-[RANDOM CHARACTERS].exe

Registry Details

Windows Privacy Extension may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

1 Comment

My brother suggested I might like this website. He was totally right.
This post actually made my day. You can't imagine just how much time I had spent for this information! Thanks!

Related Posts

Trending

Most Viewed

Loading...