Windows Ultra-Antivirus Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Ultra-Antivirus is a rogue security program very similar to malware in the FakeVimes or WinWebSec families of malware. This fake security application is created to prey on inexperienced PC users. Windows Ultra-Antivirus will basically trick computer users into purchasing an expensive ‘upgrade’ for this bogus security program. However, since Windows Ultra-Antivirus has no real way of removing malware from your computer, ESG malware analysts recommend against purchasing or installing this fake security application. Rather, Windows Ultra-Antivirus should be removed with the assistance of a trustworthy anti-malware application.

The characteristic symptom of malware such as Windows Ultra-Antivirus is the appearance of multiple, constant pop-up notifications and alarming error messages on the infected computer. These will try to trick the victim into thinking that the computer is severely infected with malware. Windows Ultra-Antivirus will also generate symptoms which may include the following:

1. Windows Ultra-Antivirus may cause your computer to become slow and unresponsive.
2. Windows Ultra-Antivirus may also cause browser redirects and other problems accessing the Internet.
3. Windows Ultra-Antivirus may block access to certain files and applications, particularly those associated with computer security.

All of these tactics are meant to make the victim believe that their computer is in trouble. This is coupled with a fake system scan that runs at start-up. Windows Ultra-Antivirus, impersonating an actual anti-malware program, will scan the victim’s computer and invariably claim to have found numerous Trojans and viruses. However, trying to use Windows Ultra-Antivirus to fix these supposed problems will result in a redirect to Windows Ultra-Antivirus’ website, where the victim will be prompted to purchase a ‘full version’ of Windows Ultra-Antivirus to fix these nonexistent threats.

Do Not Become a Victim of Windows Ultra-Antivirus

Even though Windows Ultra-Antivirus can be removed manually, this requires knowledge of how to make changes to the Windows Registry. However, since Windows Ultra-Antivirus will rarely infect a computer by itself, ESG security analysts suggest using a fully-updated anti-virus program to remove this threat. Windows Ultra-Antivirus will often be associated with a backdoor Trojan and a rootkit infection which may be removed with a specialized anti-rootkit application. To avoid future infections, it is advised to practice safe online browsing measures and to use a fully-updated anti-malware scanner and firewall.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Ultra-Antivirus?

Windows Ultra-Antivirus Technical Report

As new Windows Ultra-Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

URLs, domains, and websites related or accessed by Windows Ultra-Antivirus (do not visit them):

• zokaisoft.com/payments/buynow.php?vendorId=1

‘How Windows Ultra-Antivirus Infects Your Computer’ Video

Windows Ultra-Antivirus Removal Details

Windows Ultra-Antivirus has typically the following processes in memory:

• %AppData%\NPSWF32.dll
• %AppData%\[RANDOM].exe

Windows Ultra-Antivirus creates the following files in the system:

• %StartMenu%\Programs\Windows Ultra-Antivirus.lnk
• %Desktop%\Windows Ultra-Antivirus.lnk

Windows Ultra-Antivirus creates the following registry entries:

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\52fb2397ad5bf9eb\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

Important Article Disclaimer