« Packed.Generic.238
Bloodhound.Exploit.257 »

Windows Security Suite

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 837 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...

Windows Security Suite Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

Windows Security Suite is a rogue anti-spyware application designed by the creators of Antivirus System Pro and Spyware Protect 2009. Due to affiliated trojans infiltrating the computer via security exploits and activating Windows Security Suite, a false system scan displays fictitious and sometimes grossly exaggerated infection results, along with numerous fake security alerts, all in an attempt to intimidate the user into thinking the system is threatened. User is then prompted to purchase and download the fake spyware remover Windows Security Suite in order to combat this threat.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Security Suite?

 
 

Download SpyHunter’s Detection Scanner
to Detect Windows Security Suite.

 
 

Windows Security Suite Technical Report

As new Windows Security Suite details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Windows Security Suite files with its MD5s were created in the system:

File Name File Size MD5
Setup_build6_102[1].exe 203776 7e9940721aef27ed745e5f528453cd77
WIdccb.exe 2232320 4f4727e055af633f5e61e1f061f90ce8
ReleaseXP[1].exe 2232320 4f4727e055af633f5e61e1f061f90ce8
MainFAVProj.exe 2155520 81225719879bd719c50273a8b0e311fa
WIccb8.exe 2233344 24da725c26bd56a51fb1c5e60a33091a
WI5ead.exe 2173952 179230ae5de93e9d5c9f1968997a432b
WI29d7.exe 2238464 821f22e336057433065ff1eb3c7192a1
WId130.exe 2235392 09a797583aeef8476e4462c64d47d962
WI5cb3.exe 2238464 ba2e6868f4291d0990f15aacc3623348
WIf8a5.exe 2239488 b352777ece09984600e7d71b24d08fd4
WI804d.exe 2242560 cff989d4ebc3fcf1419b647f8f05d0d8
WIc746.exe 2233344 45a1f3a17c620917bfa380dba1385d49
WI84b5.exe 2233344 238c47d8a4f99cce299119f0a0c8969e
WId0bd.exe 2236416 1cb05f8803baa0c72a1d799083e72a79
WI18da.exe 2176000 92807f790b552da2e9c00ddfccfd6526
WI8581.exe 2242560 3fc56304fc818bae31122fbe10e3b721
WI3e17.exe 2238464 ee23e2bb6398e389daa94aaf97338b24
WI9660.exe 2247680 76ed3e5c10038e3b91b904f7321c8daf
WIcd7c.exe 2236416 4d5854c65b7d8b6dc3b8b8b4fa880498
WIbe98.exe 2242560 ffa8da619067723177c12693842bfce9
WIb7c8.exe 2154496 f698765f2a80561271261f76f7a70d2d
WI9ef3.exe 2236416 b7647d83369c830cd235c3213294178f
WI3714.exe 2235392 3f68543ffe8862c57bebfb8732a1e716
WI9f23.exe 2237440 61a59fcfaea7dab615b1d44fa4d98ee1
WI3da9.exe 2237440 f4d2e46af378b5183a52e337fc2c0fa7
WI3826.exe 2246656 682fb2dcf1e7275a564a523255f52c7f
WI1832.exe 2334720 659715dfd8e2d5e5036313823a688f48
WI3699.exe 2234368 d2c70603b2e612ff69f51ba64e521770
WIdee0.exe 2294784 71bce5688a6a206d4d9bdc12d87a27a6
WI5fe8.exe 2236416 2bb49d86f0e4ec23e020ed58f80ccaaf
WI2a5b.exe 2304000 5167d2559c45111ce53a3bed3fbf5ef6
WI959c.exe 2317312 44e2841cb5d67ee129f5e8ab226a8411
WI6be5.exe 2321408 73f976c53f868a417c4c5e9cd8909c5c
WI88ae.exe 2340864 f40055d0e47f475fbe5189faa5bb7073
WId27f.exe 2316288 2113319dfd058302eac719a3c078d2c3
WI9f75.exe 2254848 31d9671a3f2e58130fe9899d2230533f
WI98c4.exe 2336768 5a99d9d1e2bbc36b39b1830161f1daff
WSf11f.exe 2409472 747ea9648a5ad7c5b710e1cb21d50c95
WSef03.exe 2442240 4746b689c903ab2fc8d828f30a35edd0
MainFAVProj.exe 2417664 a75526fb76f6964d67ba4bac74a2e29a
WI2b49.exe 2338816 ebb553ff8847cd6c27f5627ed34871f6
WS68be.exe 2504704 f510ca3fee0957af196e97744b2bf91a
WSab31.exe 2648064 7bce894b77bc36e3fbf14ea1c0be7fc6
MainFAVProj.exe 2409472 b0c37e7af2a452422b5f04650949a95f
WS3116.exe 2564096 c0af8973a75457d060c69239c842e1bc
WS2e12.exe 2638848 eeca4058f8668736fc27a0d31e01908a
WSddbe.exe 2657280 113a3e8d4c07ea9945bd2ac457baf4b9
WI095b.exe 2248704 cc52e1971e969e77daee085062731c69

Windows Security Suite has typically the following processes in memory:

  • WI345d.exe
  • energy.dll
  • kernel32.dll
  • SM.dll
  • tempdoc.dll
  • sqlite3.dll
  • dudl.sys
  • grid.sys
  • runddl.dll
  • std.exe
  • mozcrt19.dll
  • CLSV.exe
  • grid.dll
  • PE.dll
  • snl2w.exe
  • WS9e6d.exe

Windows Security Suite creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “698909210803″
  • HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
  • WIdccb.DocHostUIHandler
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security Suite”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 07/7/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.