Threat Database Rogue Anti-Spyware Program Windows Process Director

Windows Process Director

Threat Scorecard

Ranking: 12,068
Threat Level: 20 % (Normal)
Infected Computers: 5,194
First Seen: March 21, 2012
Last Seen: August 8, 2023
OS(es) Affected: Windows

Windows Process Director Image

Windows Process Director is one of the many fake anti-spyware programs belonging to the FakeVimes family of malware. While these rogue anti-spyware applications have been active since 2009, a large batch of clones of Windows Process Director was released in early 2012, with names such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

There are no differences between modern clones of Windows Process Director and the early versions of the FakeVimes family of malware. The newest batch of clones tends to be bundled along with a rootkit component that makes detection of Windows Process Director much more difficult than normal. While rogue security applications of the FakeVimes family tend to use file names made up of three random characters, Windows Process Director and its newest batch of clones use file names made of three random characters preceded with the string "protector-" or "inspector-". Besides these superficial differences, Windows Process Director is no different from the majority of fake security applications that are found online. Like with most rogue security programs, ESG PC security analysts recommend dealing with a Windows Process Director infection with the help of a reliable anti-malware tool, in this case, with anti-rootkit technology.

Understanding How the Windows Process Director Scam Works

The Windows Process Director scam is quite old and has existed in some form or another even before the advent of the Internet age. Basically, criminals take advantage of computer users' lack of computer security knowledge in order to make them believe that their computer system is severely infected. Then, they market Windows Process Director as a solution to the nonexistent problem on the victim's computer. Since Windows Process Director is the cause of any problems on the infected computer, paying for this fake security program is definitely not a good idea.

Some ways in which Windows Process Director tries to convince PC users to purchase for its useless "full version" include displaying large amounts of bogus security alerts, a fake system scan upon start-up and constantly directing the victim towards Windows Process Director's website. It is important to disregard all claims that Windows Process Director makes, especially those that have to do with your computer system's security. Most rogue anti-spyware programs come from fake online malware scans, so it is also advisable only to use the services of reputable, well-respected security software manufacturers (rather than suspicious advertisements).ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Windows Process Director Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Process Director may create the following file(s):
# File Name Detections
1. %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
2. %AppData%\NPSWF32.dll
3. %AppData%\result.db
4. %CommonStartMenu%\Programs\Windows Process Director.lnk
5. %Desktop%\Windows Process Director.lnk

Registry Details

Windows Process Director may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "vixwjcponh"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-22_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe

URLs

Windows Process Director may call the following URLs:

installcurrentoverlythefile.vip

Messages

The following messages associated with Windows Process Director were found:

Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Trending

Most Viewed

Loading...