Windows Secure Surfer
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 261 |
| First Seen: | May 13, 2012 |
| Last Seen: | October 22, 2021 |
| OS(es) Affected: | Windows |
Windows Secure Surfer Image
Windows Secure Surfer will not help you surf the web more securely, and Windows Secure Surfer is not affiliated in any way with Microsoft or any legitimate security company. In fact, Windows Secure Surfer is a kind of malware infection itself, a category of malware known as rogue security programs. Windows Secure Surfer belongs to a particularly large family of rogue security software known as Rogue:FakeVimes. Malware in this family carries out a common online scam that has the objective of convincing inexperienced computer users that they need to purchase a useless fake security program.
While most reliable security programs can remove malware in the FakeVimes family, malware researchers have run into considerably more resilient malware infections in this family since early 2012. This is because the criminals behind Windows Secure Surfer and its clones have started bundling these fake security programs with the ZeroAccess rootkit, which makes removal considerably more difficult than normal. Known clones of Windows Secure Surfer include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
The Windows Secure Surfer scam is quite common and is nearly identical to the scam perpetrated by most rogue security programs. Basically, criminals use bogus security software to convince inexperienced computer users that their computer system is severely infected this malware. However, the real malware infection is the fake security program itself, along with its associated malware. Windows Secure Surfer will pretend to scan the victim's computer system and, regardless of the state of the victim's computer, Windows Secure Surfer will claim that Windows Secure Surfer has found a severe virus and Trojan infection. However, trying to fix this supposed infection with Windows Secure Surfer simply results in error messages claiming that the victim must purchase a 'full version' of Windows Secure Surfer to fix the selected problems. Of course, since Windows Secure Surfer is not a real security program, ESG malware analysts vigorously advocate against buying Windows Secure Surfer.
As part of its scam, Windows Secure Surfer can cause a number of problems in the infected computer system. These include poor system performance, browser redirects, and – the main symptom of a rogue security program infection – intrusive and misleading error messages. While a reliable anti-malware program with anti-rootkit technology is necessary to remove Windows Secure Surfer, you can temporarily stop its most annoying symptoms with the registration code 0W000-000B0-00T00-E0020.
Table of Contents
Aliases
11 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| Ikarus | Trojan.Win32.FakeAV |
| AhnLab-V3 | Dropper/Win32.Romeo |
| Kaspersky | Trojan-Dropper.Win32.Dapato.awui |
| NOD32 | Win32/Adware.WintionalityChecker.AF |
| McAfee-GW-Edition | Artemis!6C9B169944DA |
| McAfee | FakeAlert-PJ.gen.aw |
| Panda | Suspicious file |
| AntiVir | TR/Fraud.Gen8 |
| ClamAV | PUA.Packed.ASPack |
| Symantec | VirusDoctor!gen11 |
| NOD32 | a variant of Win32/Adware.WintionalityChecker.AF |
SpyHunter Detects & Remove Windows Secure Surfer
Windows Secure Surfer Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Protector-ynmo.exe | 59479eeb90e7b3837f4b280d83a718f2 | 1 |
| 2. | Protector-cubv.exe | 6c9b169944da72ab4baa95e1bd7b1b9c | 1 |
| 3. | Protector-lmsj.exe | 19e8b88e36599bd658144a35f40032a2 | 1 |
| 4. | Protector-nqtk.exe | 7002bf2c7805b903261a03e863aa3db7 | 1 |
| 5. | %AppData%\Protector-[RANDOM 4 CHARACTERS].exe | ||
| 6. | %AppData%\Protector-[RANDOM 3 CHARACTERS].exe | ||
| 7. | %AppData%\NPSWF32.dll | ||
| 8. | %AppData%\result.db | ||
| 9. | Protector-bafo.exe | 536e60a0eaaa1f73b812579d9f6032ed | 0 |
Registry Details
Messages
The following messages associated with Windows Secure Surfer were found:
|
Error
Attempt to modify Registry key entries detected. Registry entry analysis recommended. |
|
Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan. |
|
Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning
Firewall has blocked a program from accessing the Internet C:program filesinternet exploreriexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
