Threat Database Rogue Anti-Spyware Program Windows Protection Suite

Windows Protection Suite

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 7
First Seen: August 27, 2009
Last Seen: January 15, 2020
OS(es) Affected: Windows

Windows Protection Suite Image

Windows Protection Suite is a rogue anti-spyware application that is part of an enormous family of fraudulent security software, the FakeVimes family. Windows Protection Suite infiltrates a computer without user approval or knowledge. Once active, Windows Protection Suite displays false system scanners and fabricated security alerts, in order to intimidate the user into believing that the computer is heavily infected. The user is then prompted to purchase and download the commercial version of Windows Protection Suite in order to combat these fictitious threats.

There are countless rogue security programs plaguing the Web all around the world. Some of these programs are clones of Windows Protection Suite, except that its designers had made small changes to their names and interface. The clones of Windows Protection Suite include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst. ScreenshotScreenshotScreenshotScreenshot

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Panda Suspicious file
AVG Downloader.Generic10.AYEU
Ikarus Trojan-Downloader.SuspectCRC
AhnLab-V3 Adware/Win32.AdMedia
AntiVir Adware/AdMedia.or.1
DrWeb Adware.Dodoor.330
Kaspersky not-a-virus:AdWare.Win32.AdMedia.or
TrendMicro TROJ_FAKEAV.DID
NOD32 Win32/Adware.VirusAlarmPro
McAfee-GW-Edition Riskware.Fake.WPS.25
McAfee Generic Packed.a
K7AntiVirus Trojan.Win32.Malware.1
Ikarus Trojan.Win32.FakeVimes
CAT-QuickHeal Trojan.FraudPack.gen
AVG Generic4.MBH

SpyHunter Detects & Remove Windows Protection Suite

File System Details

Windows Protection Suite may create the following file(s):
# File Name MD5 Detections
1. Ulisess Seguridad 10.0.4.exe 4558da71cc394fa2e9c9e2bcffead632 4
2. %UserProfile%\Recent\energy.dll
3. %UserProfile%\Recent\kernel32.dll
4. %UserProfile%\Recent\runddl.dll
5. %UserProfile%\Recent\std.exe
6. %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
7. %ProgramFiles%\Windows Protection Suite\Windows Protection Suite.dll
8. %UserProfile%\Recent\dudl.sys
9. %UserProfile%\Recent\grid.sys
10. %UserProfile%\Recent\PE.dll
11. %UserProfile%\Recent\snl2w.exe
12. %UserProfile%\Desktop\WindowsProtectionSuite.exe
13. %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
14. %UserProfile%\Recent\CLSV.exe
15. %UserProfile%\Recent\grid.dll
16. %UserProfile%\Recent\tempdoc.dll
17. %UserProfile%\Recent\SM.dll
18. %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe
19. %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
20. %TempDir%\[RANDOM CHARACTERS].dll
21. %UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite
22. %UserProfile%\Recent\ANTIGEN.drv
23. %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.url
24. %UserProfile%\Start Menu\WindowsProtectionSuite.lnk
25. %UserProfile%\Start Menu\Windows Protection Suite 2009.lnk
26. %UserProfile%\Application Data\Windows Protection Suite 2009\Instructions.ini
27. %Documents and Settings%\All Users\Application Data\345d567
28. %Documents and Settings%\All Users\Application Data\345d567\26.mof
29. %Documents and Settings%\All Users\Application Data\345d567\WINSSSys\vd952342.bd
30. Windows Protection Suite
31. %CommonPrograms%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk
32. %Desktop%\Windows Protection Suite.lnk
33. %UserProfile%\Application Data\Windows Protection Suite
34. %UserProfile%\Desktop\Windows Protection Suite.lnk
35. %UserProfile%\Recent\PE.tmp
36. %UserProfile%\Start Menu\Programs\WindowsProtectionSuite
37. %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite Website.lnk
38. %UserProfile%\Application Data\Windows Protection Suite 2009
39. %UserProfile%\Desktop\Windows Protection Suite 2009.lnk
40. %Documents and Settings%\All Users\Application Data\WINSSSys
41. %Documents and Settings%\All Users\Application Data\345d567\working.log
42. %UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk
43. %CommonAppData\56a10a26-dc02-40f3-a4da-8fa92d06b367_.mkv
44. %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
45. %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
46. %UserProfile%\Application Data\Windows Protection Suite\Instructions.ini
47. %UserProfile%\Recent\DBOLE.drv
48. %Program Files%\Mozilla Firefox\searchplugins\search.xml
49. %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite.lnk
50. %UserProfile%\Start Menu\Programs\Windows Protection Suite 2009.lnk
51. %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk
52. %Documents and Settings%\All Users\Application Data\345d567\WINSSSys
53. %Documents and Settings%\All Users\Application Data\345d567\WINSS.ico
54. %Documents and Settings%\All Users\Application Data\WINSSSys\winss.cfg
55. %ProgramFiles%\Windows Protection Suite
56. %Programs%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk
57. %AppData%\Windows Protection Suite
58. WIfe7a.exe e74a44e6b33cdcfb6c14e55501764d1d
59. WI60ed.exe 4af0d55f23586d1d0adb82fff218958e
60. WIc182.exe 9deeecedfd5ac77d5ce83769ac2612f6
61. WI2703.exe f09168f9f1b4a547b567867888acd999 0
62. WI3e45.exe 48b04d0a88974836cb2bb33381d0c83e 0
63. WIe9e2.exe 0db269fa1ddae6e0fda30d4f424924f8 0
64. WI2e12.exe 6f1d2d86dc08c2ed7b34aed11de78b47 0
65. WI3db3.exe e30fedc6bf53a805ec586ed1cba517fc 0
66. WI7a8f.exe c49fad15feec77235373553d4fef99b3 0
67. WI2106.exe 734ba2ce099e740c590507c97c0f623f 0
68. ReleaseXP[1].exe 4fb10d7bb7169f0a66dbb48f8963e0fb 0
69. ActivatedSetup[1].exe 4661101706083c24676642226051fdbd 0
70. WIa744.exe a574f606b9f985dc88ca61d03d90f863 0
71. WIb87c.exe 741376ecccb187f4bffdcec701081daa 0
72. WI15af.exe 1a6b142bc316034f5a20402665a7ad40 0
73. WI7418.exe ffcf6eb75fabd8613cb1de4011131229 0
74. WId2ba.exe 1e07f21d12f37814ff85d69a1c23e17a 0
75. WI7f24.exe 8713db1bd1a63855e53309fd3c5fde4f 0
76. WIac55.exe 93b7a38ff4c3a56077f0c2c8bc67d53c 0
77. WI81c9.exe cc351cec273339cf100fafcd1f3bc7eb 0
78. WI4ae8.exe 8e483d6c01c404506309b04cfa77b0d1 0
79. WI577a.exe 49aa8e92c3eb273fd04c116b48d1b7ad 0
80. WIb33d.exe 57618a38c9a1b53e53a706eda74bdc44 0
81. WId747.exe 3b1fd82d731620f60f2e75579037c658 0
82. WId1c0.exe 003ddeeb380e33646d94ace75ac89b91 0

Registry Details

Windows Protection Suite may create the following registry entry or registry entries:
File name without path
Windows Protection Suite.lnk
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b367}
HKCR\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b367}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WindowsProtectionSuite"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"

Cookies

The following cookies were found:

windowsprotectionsuite

Messages

The following messages associated with Windows Protection Suite were found:

"System Alert! Malicious applications, which can contain trojans, were found on your PC and need to be immediately removed. Click here to remove these potentially harmful items using Windows Protection Suite".

Trending

Most Viewed

Loading...