Windows Processes Accelerator

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 12
First Seen: April 7, 2012
Last Seen: July 10, 2022
OS(es) Affected: Windows

Windows Processes Accelerator Image

Computer users have been fooled into paying for a fake security program that goes by the name of Windows Processes Accelerator. This fake security tool has an interface that closely mimics Microsoft Security Center while providing none of its actual functions. Windows Processes Accelerator has no real security functions, mainly designed to display fake security alerts and error messages in order to trick computer users into paying for a useless bogus security tool. Windows Processes Accelerator is often part of a multi-component malware attack that includes a rootkit component that protects Windows Processes Accelerator from detection and removal.

Windows Processes Accelerator itself is installed with the help of a dropper Trojan and is part of a large family of malware known as the FakeVimes family of rogue security software. Since 2009, malware in the FakeVimes family has harassed computer users into purchasing useless fake security software. Recently-discovered clones of Windows Processes Accelerator include such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

These all have identical interfaces as Windows Processes Accelerator with only slight changes to their file and application names to distinguish them from each other. If your computer system is exhibiting a higher than normal amount of security alerts and that a security program like the ones listed above has been installed, it is very likely that your computer is the target of a malware scam.

How Criminals Use Windows Processes Accelerator to Steal Your Money

Criminals use Windows Processes Accelerator to take advantage of inexperienced computer users. It will display misleading messages and fake scans of the victim's computer system claiming that it is severely infected. ESG security analysts have also found that Windows Processes Accelerator has the capacity to make your system unstable and slow as well as affecting how you access the Internet or whether you can open certain files. All of these problems add up so that an inexperienced computer user will believe the claims that Windows Processes Accelerator makes about the computer system being infected with malware. Windows Processes Accelerator will direct the victim constantly to its own website where the victim is invited to provide credit card information in order to buy a useless "full version" of Windows Processes Accelerator. Of course, since Windows Processes Accelerator has no real anti-malware capabilities, this is a waste of money at the very least.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Windows Processes Accelerator Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Processes Accelerator may create the following file(s):
# File Name Detections
1. %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
2. %AppData%\NPSWF32.dll
3. %Desktop%\Windows Processes Accelerator.lnk
4. %CommonStartMenu%\Programs\Windows Processes Accelerator.lnk
5. %AppData%\result.db

Registry Details

Windows Processes Accelerator may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-4-7_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ahwohainwk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe

URLs

Windows Processes Accelerator may call the following URLs:

pornvideoshd.xyz

Messages

The following messages associated with Windows Processes Accelerator were found:

Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

1 Comment

Father in law called me up in a panic cause thing thing had ielatlsnd itself.. luckily he hadnt paid for it DO nto wait around this thing is evil.. Kill it asap. I did a system restore to 10 days ago and then found the files and manaully deleted.. It really will not let you do anything while it runs (including task manager)

Trending

Most Viewed

Loading...