Loading ...|
|
Tweet |  More |
Windows Virtual Firewall Description
ESG security researchers warn against the supposed computer security application Windows Virtual Firewall. Despite its name, Windows Virtual Firewall has no association with Microsoft or with your computer system’s firewall. Rather, Windows Virtual Firewall is part of a very common online scam designed to convince inexperienced computer users to purchase bogus security upgrades for fake security programs. This scam has been active for many years and, in the case of Windows Virtual Firewall’s family of malware it has been active since 2009. This family, known to PC security researchers as FakeVimes, has numerous fake security programs and, since 2012, has also included a dangerous rootkit component in the form of a Sirefef variant. Removing Windows Virtual Firewall and other malware in the FakeVimes family requires the use of an established anti-malware program that was designed to fight the rootkit technology. Examples of clones of Windows Virtual Firewall include Windows Web Combat, Windows Stability Guard and Windows Virtual Angel.
Understanding How Windows Virtual Firewall Enters Its Victims’ Computers
Most of the time, a social engineering strategy is used to deliver Windows Virtual Firewall and other FakeVimes rogue security programs. Some common approaches used to install Windows Virtual Firewall and its clones are listed below:
- Criminals may set up corrupted advertisements for security software. Often found on websites commonly considered unsafe (such as those associated with illegal file sharing and pornographic material,) these advertisements will use a two-pronged approach to attack the victim’s computer system. In the background they may use Flash or JavaScript exploits in order to install a downloader Trojan or Windows Virtual Firewall itself. They will also engage in social engineering by claiming that the victim’s computer system is severely infected and recommending the use of Windows Virtual Firewall to fix this supposed infection.
- Windows Virtual Firewall and other fake security programs can also be distributed in malicious email attachments. These will usually be disguised as benign image or text files while actually being compressed archives containing an executable file or malicious files designed to use known exploits to force the victim’s computer to accept a malware infection.
- One third way in which Windows Virtual Firewall is commonly delivered is through fake video codecs. These are often found on pornographic or illegal-file sharing websites with supposed streaming video. Trying to watch these videos will often result in error messages prompting the victim to download a supposed video codec. However, this ‘codec’ is actually either Windows Virtual Firewall or a downloader Trojan designed to install this malicious program on the victim’s computer system.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Virtual Firewall?
Download SpyHunter’s Detection Scanner
to Detect Windows Virtual Firewall.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
‘How Windows Virtual Firewall Infects Your Computer’ Video
Windows Virtual Firewall Removal Details
Windows Virtual Firewall has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Virtual Firewall creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
- HKEY_CURRENT_USER\Software\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
Important Article Disclaimer
Windows Virtual Firewall
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.