Windows Stability Guard Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Stability Guard is a fake security program belonging to the Rogue.FakeVimes family of rogue security programs. These kinds of infections are created to appropriate the victim’s computer system and attempt to trick the naïve PC user to purchase a fake security application with the use of fake error messages, system scans and alarming notifications. Most infections with the Rogue.FakeVimes family members as Windows Stability Guard or Windows Virtual Firewall or Windows Home Patron infections come from Trojans acquired from attack websites or through phishing scams and also from fake online malware scans. Regardless of the state of your computer system, these fake online malware scams will claim that it is severely infected and prompt the computer user to download and install Windows Stability Guard to solve this imaginary problem.

What Windows Stability Guard Does Once It is on Your Computer

Once Windows Stability Guard is downloaded and installed, Windows Stability Guard makes changes to the Windows Registry that allow Windows Stability Guard to start up automatically whenever the victim launches Windows. Upon rebooting the infected computer system, Windows Stability Guard will display Windows Stability Guard main screen, deceptively titled ‘Windows Advances Security Center.’ Windows Stability Guard then runs a fake system scan which will result in a large number of nonexistent infections. However, trying to get Windows Stability Guard to solve these supposed malware infections is useless, since Windows Stability Guard will instead try to convince you that you need to pay for a ‘full version’ of Windows Stability Guard if you want to remove these supposed problems. According to ESG security researchers, Windows Stability Guard has absolutely no way of detecting or removing malware on your computer system.

Problems Associated with Windows Stability Guard

Windows Stability Guard does not limit itself to displaying false positives. Windows Stability Guard is designed to block executable files, especially those belonging to legitimate security programs which could be used to remove Windows Stability Guard. Trying to open the Windows Registry Editor, System Restore or Windows Task Manager, will also result in Windows Stability Guard being opened instead. Windows Stability Guard effectively takes your computer hostage, refusing to give back control until you pay its ransom. ESG security analysts recommend, instead, start Windows in Safe Mode. This prevents Windows Stability Guard from launching automatically and giving you back access to your own security software. Then, it is simply a matter of using normal anti-malware techniques to remove Windows Stability Guard from your computer.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Stability Guard?

Windows Stability Guard Technical Report

As new Windows Stability Guard details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Stability Guard:

The following fake error message(s) appears for Windows Stability Guard:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:WindowsSystem32dllcachewmpshell.dll

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

‘How Windows Stability Guard Infects Your Computer’ Video

Windows Stability Guard Removal Details

Windows Stability Guard has typically the following processes in memory:

• %AppData%Protector-.exe
• %AppData%NPSWF32.dll

Windows Stability Guard creates the following files in the system:

• %Desktop%Windows Stability Guard .lnk
• %CommonStartMenu%ProgramsWindows Stability Guard.lnk
• %AppData%
  esult.db

Windows Stability Guard creates the following registry entries:

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “net” = 2012-2-28_1
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionseagle.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstvdm.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvir-help.exe
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegedit” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Inspector”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashLogV.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsa.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsspoler.exe
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsjedi.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options
  av7.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswupdt.exe

Important Article Disclaimer