Windows PRO Scanner Description
Many computer users have reported the presence of an unwanted PC security application on their computer. Named Windows PRO Scanner, it displays a Microsoft Security Essentials knock-off with the title ‘Windows Advanced Security Center.’ However, these claims are complete lies designed to prey on vulnerable computer users by scamming them with the offer of fake security programs. Windows PRO Scanner, in particular, belongs to a large family of bogus security scanners often known as the Rogue.VirusDoctor family of malware, which includes such fake anti-malware scanners as Security Shield and Virus Doctor. The main purpose of this kind of malware is to enter a computer system without the computer user’s authorization, display numerous false positives of a severe malware infection, and then present Windows PRO Scanner as a solution to this non-existent malware problem. Do not fall for this scam! Windows PRO Scanner is part of a Trojan attack on your computer system. Instead, PC security researchers strongly advise removing Windows PRO Scanner with a reliable anti-malware application.
How Windows PRO Scanner Gets Itself into Its Victims’ Computer Systems
Most rogue security applications spread through Trojans, such as the Fake Microsoft Security Essentials Alert Trojan or the Zlob Trojan. These are often found in a variety of sources, such as fake video codecs or malicious email attachments.
Windows PRO Scanner has been known to infect computer systems through two distinct methods:
- Windows PRO Scanner has been found to be spread through attack websites. These are designed to exploit security vulnerabilities that may be present in web browsers, applications or operating systems (particularly found due to failure to update properly). Websites spreading Windows PRO Scanner can be of two varieties, either regular websites that criminals have hacked so that they will inject Trojans into visitors’ computers or websites set up explicitly for this purpose, with victims receiving links to these websites through corrupted online advertisements or embedded links in phishing scams.
- One of the most common source of a Windows PRO Scanner infection is through advertisements for online anti-malware scans claiming to check your computer for malware. These invariably result in a false positive and prompt the computer user to download and install Windows PRO Scanner to fix the nonexistent problem. Agreeing to download Windows PRO Scanner actually installs a Trojan on the victim’s computer which makes invasive changes to the Windows Registry and settings in order to ensure that the Windows PRO Scanner scam is as effective as possible.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows PRO Scanner?
Download SpyHunter’s Detection Scanner
to Detect Windows PRO Scanner.
Windows PRO Scanner Technical Report
As new Windows PRO Scanner details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Windows PRO Scanner:
The following fake error message(s) appears for Windows PRO Scanner:
Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmploc.dll
Attempt to run a potentially dangerous script detected.
Full system is highly recommended.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
‘How Windows PRO Scanner Infects Your Computer’ Video
Windows PRO Scanner Removal Details
Windows PRO Scanner has typically the following processes in memory:
- %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
Windows PRO Scanner creates the following files in the system:
- %Desktop%\Windows PRO Scanner.lnk
- %StartMenu%\Programs\Windows PRO Scanner.lnk
Windows PRO Scanner creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = 2012-2-25_1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe