Windows Trojans Inspector Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Trojans Inspector is part of a large batch of rogue anti-spyware programs that have been plaguing computer users since January of 2012. While Windows Trojans Inspector belongs to a large family of malware that has been around since 2009 (Rogue.FakeVimes), Windows Trojans Inspector belongs to a recent batch of malware that has no substantial differences from previous incarnations of this fake security program apart from the updated GUI (Graphic User Interface). ESG security analysts recommend using a reliable anti-malware application to solve any problems related to Windows Trojans Inspector. However, this is easier said than done.

Versions of Windows Trojans Inspector have been known to include components designed to disable the most common security applications on the market as well as impeding access to Windows components that are commonly helpful when it comes to dealing with malware infections (such as the Task Manager, Windows Restore or the Windows Registry Editor). Because of this, it may be necessary to boot your computer in Safe Mode or to boot Windows from an external memory device rather than from the infected hard drive.

An Overview of the Windows Trojans Inspector Scam

Windows Trojans Inspector carries out the same tired scam that has plagued computer users for years in various different iterations. Basically, Windows Trojans Inspector will display a constant torrent of professional-looking error messages designed to make the victim believe that their computer system is infected with extremely dangerous malware. Then, Windows Trojans Inspector offers to clean this malware if the victim is willing to purchase a useless license for this fake security program. Clones of Windows Trojans Inspector, such as Windows Firewall Constructor or Windows Basic Antivirus, all work in the same way, preventing the victim from removing them through normal procedures and constantly pushing the victim into paying for Windows Trojans Inspector by providing their credit card information.

Most Windows Trojans Inspector infections are acquired through one of two means: either from attack websites set up in order to exploit known vulnerabilities and to deliver a Trojan which installs Windows Trojans Inspector or through fake anti-malware scans that are promoted in malicious advertisements often found in websites with unsafe content (such as file sharing websites or web pages with pornographic content). Regardless of the source, it is important to understand that Windows Trojans Inspector is a scam, Windows Trojans Inspector is a malware that should be removed with a competent anti-malware tool and that you should not pay for Windows Trojans Inspector under any circumstances.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Trojans Inspector?

Windows Trojans Inspector Technical Report

As new Windows Trojans Inspector details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Trojans Inspector:

The following fake error message(s) appears for Windows Trojans Inspector:

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:WindowsSystem32dllcachewmpshell.dll

Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

‘How Windows Trojans Inspector Infects Your Computer’ Video

Windows Trojans Inspector Removal Details

Windows Trojans Inspector has typically the following processes in memory:

• %AppData%NPSWF32.dll
• %AppData%Protector-[RANDOM 3 CHARACTERS].exe

Windows Trojans Inspector creates the following files in the system:

• %CommonStartMenu%ProgramsWindows Trojans Inspector.lnk
• %Desktop%Windows Trojans Inspector.lnk
• %AppData%
  esult.db

Windows Trojans Inspector creates the following registry entries:

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “UID” = “rnvjflskqa”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsldscan.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsVisthLic.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsf-prot95.exe
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Inspector”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options~1.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgemc.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscfiaudit.exe
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegedit” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “net” = 2012-3-3_1
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssigncheck.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionseowatchlog.exe
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

Important Article Disclaimer