Windows Recovery Series
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | April 29, 2012 |
| OS(es) Affected: | Windows |
Windows Recovery Series Image
Table of Contents
Windows Recovery Series – A Bogus Security Program in the FakeVimes Family
Windows Recovery Series is a malicious application disguised as a security program. Windows Recovery Series has no actual anti-virus components. Rather, Windows Recovery Series is designed to carry out a scam that involves attempting to sell useless security software to its victims. Malware applications like Windows Recovery Series are known as rogue security programs. Windows Recovery Series, in particular, belongs to a large family of rogue security programs known as the FakeSysDef family of rogue security software.
The FakeVimes family of bogus security programs has been around since 2009, and PC security analysts are well acquainted with members of this malicious group of scareware. Because of this, most security applications have the capability of dealing easily with the FakeVimes fake security programs. However, PC security researchers have detected a large number of fake security software in the FakeVimes family that was released in 2012. These newest members of the FakeVimes family are more difficult to remove than previous iterations, because of their association with a dangerous rootkit component.
Apart from Windows Recovery Series, other examples of malware in the 2012 version of FakeVimes fake security programs includes System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low, Hdd Fix.
How Windows Recovery Series Works to Steal Your Money
Windows Recovery Series is designed to make inexperienced computer users panic by scaring them with numerous misleading alerts and fake error messages (because of this, malware like Windows Recovery Series is often referred to as 'scareware'). These messages will claim that the victim's computer is severely infected with malware. While this is technically true, what Windows Recovery Series fails to tell the computer user is that Windows Recovery Series itself is part of a Trojan infection causing these fake error messages. Windows Recovery Series is also designed to prevent its victims from gaining access to websites or applications related to computer security, as well as causing other problems on the infected computer, such as system instability and decreased performance.
While our PC security analysts strongly advise against paying for Windows Recovery Series, you can still obtain a registration code in order to 'unlock' this fake security program. Simply enter the code 0W000-000B0-00T00-E0020 when prompted. While this registration code will not remove Windows Recovery Series from your computer, it will cause it to stop displaying most of its annoying fake error messages. However, this will not delete Windows Recovery Series from your computer. To do that, it is necessary to use a reliable anti-malware program with anti-rootkit capabilities. 
SpyHunter Detects & Remove Windows Recovery Series
Windows Recovery Series Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Protector-sett.exe | 18510cef2424d343a6b9905529f9c5fc | 3 |
| 2. | Protector-dogk.exe | 7d36f6d8800613a0d1a854903e34e459 | 1 |
| 3. | %AppData%\Inspector-[RANDOM].exe | ||
| 4. | %AppData%\Protector-[RANDOM].exe |
Registry Details
Messages
The following messages associated with Windows Recovery Series were found:
|
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. |
|
Error
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection. |
|
Warning
Firewall has blocked a program from accessing the Internet. Windows Media Player Resources C:Windowssystem32dllcachewmploc.dll C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning
Firewall has blocked a program from accessing the Internet. Windows Media Player Resources C:\Windows\system32\dllcache\wmploc.dll C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
| Warning! Identity theft attempt Detected |
|
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
