Windows Privacy Module Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Despite the fact that this application resembles a legitimate security program, Windows Privacy Module is one of the many bogus anti-virus applications belonging to the FakeVimes family of rogue security software. Programs like Windows Privacy Module are designed to prey on inexperienced computer users, making them believe that they need to purchase a useless, fake security application. If Windows Privacy Module is installed on your computer system, ESG malware analysts strongly recommend removing Windows Privacy Module from your computer with the help of a reliable anti-malware program.

The Many Clones of Windows Privacy Module

There are dozens of clones of Windows Privacy Module, all belonging to the FakeVimes family of malware. This malware family dates back to 2009 and has been continually updated since then. While Windows Privacy Module itself is not too different from versions of this fake security program dating back to 2010, Windows Privacy Module and other FakeVimes programs that have been released in 2012 will often be bundled with a version of the ZeroAccess rootkit. This makes FakeVimes programs considerably more difficult to remove than previous members of the FakeVimes family of malware. Examples of other FakeVimes malware programs that will often be associated with this rootkit component include Windows PC Aid, Windows Safety Wizard and Windows Malware Firewall.

How Windows Privacy Module Tries to Steal Your Money

Fake security programs like Windows Privacy Module will try to persuade you that your machine is under attack. Using a fake scan and a large number of irritating error messages, Windows Privacy Module will claim that your computer is infested with numerous Trojans and viruses. This is meant to alarm you and to convince you to purchase a ‘full version’ of Windows Privacy Module. Whenever you try to use Windows Privacy Module to remove these supposed threats, you will be invited to enter a registration code in order to ‘upgrade’ Windows Privacy Module. However, Windows Privacy Module has no actual anti-virus components; Windows Privacy Module is merely designed to scare you making you be convinced that your PC is infected so you will hand over your money. ESG malware researchers have observed that the registration code 0W000-000B0-00T00-E0020 can help stop Windows Privacy Module’s symptoms. Despite the fact that ‘registering’ Windows Privacy Module will not remove Windows Privacy Module from your computer, this can help you stop its annoying error messages and browser redirects. However, it will still be necessary to remove Windows Privacy Module with a dedicated anti-malware program containing anti-rootkit capabilities.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Privacy Module?

‘How Windows Privacy Module Infects Your Computer’ Video

Windows Privacy Module Removal Details

Windows Privacy Module has typically the following processes in memory:

• %CommonAppData%\58ef5\SP98c.exe
• %AppData%\Windows Privacy Module\ScanDisk_.exe
• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Privacy Module creates the following files in the system:

• %Desktop%\Windows Privacy Module.lnk
• %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
• %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Privacy Module.lnk
• %Programs%\Windows Privacy Module.lnk
• %AppData%\Windows Privacy Module\Instructions.ini
• %StartMenu%\Windows Privacy Module.lnk
• %CommonAppData%\58ef5\SPT.ico

Windows Privacy Module creates the following registry entries:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\”Debugger” = “svchost.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\”Debugger” = “svchost.exe”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger = svchost.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\”Debugger” = “svchost.exe”

Important Article Disclaimer