Windows Virtual Protector

Windows Virtual Protector Description

ScreenshotWindows Virtual Protector is a rogue anti-virus application that is part of a large family of threats called FakeVimes and used to steal money from inexperienced computer users. Windows Virtual Protector may infect computers with the Windows operating system, including Windows XP, Windows Vista, Windows 7 and Windows 8. Windows Virtual Protector will carry out a scheme that involves impersonating a security program in an effort to persuade inexperienced PC users that they need to pay in order to remove nonexistent threats on their computer. If Windows Virtual Protector is installed on your computer, ignore all of its indications and instructions. Instead, remove Windows Virtual Protector immediately with the help of a real security application.

Windows Virtual Protector – A Virtual Waste of Money


Windows Virtual Protector is used to trick computer users into paying for a fake update for this rogue security program. The following are the steps that Windows Virtual Protector will commonly take to try to steal computer users' money:
  • Windows Virtual Protector usually infiltrates a computer using threat delivery methods such as a Trojan infection, an attack website or social engineering.
  • Once Windows Virtual Protector has been installed, Windows Virtual Protector makes harmful changes to the affected computer's settings. These changes allow Windows Virtual Protector to display bogus threat scans, fake system alerts and error messages.
  • Windows Virtual Protector harasses computer users with constant error messages and notifications claiming that the affected computer was severely infected with Trojans, viruses and worms.
  • If the affected computer user tries to use Windows Virtual Protector to fix these nonexistent problems, Windows Virtual Protector displays additional error messages claiming that it is necessary to pay for a 'full version' of Windows Virtual Protector.

Malware analysts strongly advise computer users to avoid paying for Windows Virtual Protector. Doing this allows criminals to gain access to your credit card information and also represents a complete waste of money due to the fact that Windows Virtual Protector's 'full version' is just as useless as the regular version of this rogue security program.

Infected with Windows Virtual Protector? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Virtual Protector

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

ScreenshotScreenshotScreenshotScreenshot

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Windows Virtual Protector outbreaks and other threats from global to local level.

File System Details

Windows Virtual Protector creates the following file(s):
# File Name Detection Count
1 Windows Virtual Protector.lnk 54
2 %AppData%\guard-fvtb.exe N/A
3 %AppData%\results1.db N/A

Registry Details

Windows Virtual Protector creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-fvtb.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-toiy.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"

More Details on Windows Virtual Protector

The following messages associated with Windows Virtual Protector were found:
Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
Internet Explorer
C:program filesinternet exploreriexplorer.exe

C:program filesinternet exploreriexplorer.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them to a remote server.
Recommended: Please click “Prevent attack” button to prevent all attacks and protect your PC
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: XXXXXXXXXXXX

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 2 + 9 ?