Windows Secure Workstation Description
Despite the fact that Windows Secure Workstation resembles a real security application, ESG malware researchers consider that Windows Secure Workstation is part of a well-known malware threat. Criminals use fake security programs like Windows Secure Workstation to convince computer users to purchase expensive, useless bogus security upgrades. Windows Secure Workstation is part of a very well known family of malware known as FakeVimes. Windows Secure Workstation poses a threat to your computer and should be deleted with the help of a strong, full-updated anti-malware utility.
The Windows Secure Workstation Attack and the FakeVimes Family of Malware
Continuously, since 2009, criminals have added new fake security programs to the FakeVimes family. Due to the fact that this family of malware has been around so long, most security programs usually have no problems removing these bogus security programs. However, starting in 2012 criminals started to bundle versions of the ZeroAccess rootkit with malware belonging to the FakeVimes family of malware. The rootkit component makes Windows Secure Workstation and other recent clones of this fake security program more difficult to detect or remove than ever before. Examples of clones of Windows Secure Workstation include programs with names such as Windows Safeguard Upgrade, Windows Shielding Utility and Windows Efficiency Reservoir. Because of the rootkit component mentioned above, an anti-rootkit tool may be needed to remove Windows Secure Workstation and its clones.
Taking a Look at the Windows Secure Workstation Scam
Criminals profit from the Windows Secure Workstation scam by convincing the victim that they need to upgrade this fake security program to an expensive ‘full version.’ To do this, Windows Secure Workstation is designed to cause numerous problems on the victim’s computer, including poor system performance, browser redirects and problems accessing files. Windows Secure Workstation is also designed to harass victims with numerous fake error messages, including fake system alerts and bogus notifications from the Task Bar. Despite the fact that Windows Secure Workstation claims that the victim’s computer is severely infected with numerous viruses or Trojans, ESG malware analysts recommend avoiding Windows Secure Workstation’s supposed ‘upgrade’. Since Windows Secure Workstation’s ‘full version’ doesn’t have any way of detecting or removing malware, purchasing this malicious, bogus security application is definitely not a good idea.
The registration code 0W000-000B0-00T00-E0020 has been effective in the treatment of other FakeVimes-related infections. However, ‘registering’ this fake security program will not remove Windows Secure Workstation from your computer. To do that, it will still be necessary to use a reliable anti-malware tool.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Secure Workstation?
Download SpyHunter’s Detection Scanner
to Detect Windows Secure Workstation.
‘How Windows Secure Workstation Infects Your Computer’ Video
Windows Secure Workstation Removal Details
Windows Secure Workstation has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Secure Workstation creates the following registry entries:
- HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
- HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Settings\ID 4
- HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeDebugger svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[RANDOM CHARACTERS].exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe