Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program Windows Active HotSpot

Windows Active HotSpot

By ESGI Advisor in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 16
First Seen: December 2, 2013
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Active HotSpot Image

Windows Active HotSpot is a rogue security program that belongs to the FakeVimes family of threats. Malware like Windows Active HotSpot is designed to take over the victim's computer, simulating a severe malware attack, and then attempting to convince computer users to purchase a fake security program. Once Windows Active HotSpot is installed, Windows Active HotSpot changes the victim's computer's settings to ensure that Windows Active HotSpot runs automatically and displays fake system alerts and notifications. Windows Active HotSpot causes numerous symptoms on the affected computer that make the affected PC nearly unusable. Essentially, Windows Active HotSpot will try to make computer users believe that the infected computer is affected by Trojans, worms and viruses, and then try to convince them that they need to pay for a 'full version' of Windows Active HotSpot. Since Windows Active HotSpot is considered as a severe threat, security researchers strongly advise computer users to remove this threat from the affected computer.

The FakeVimes family is very large and among its members are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Some Signals that Windows Active HotSpot is Installed on Your Machine

Windows Active HotSpot causes numerous problems on the affected computer, mainly designed to trick inexperienced computer users into believing that their computer is infected severely. The following are issues that have been associated with Windows Active HotSpot:

  • Windows Active HotSpot causes the affected computer to display numerous, constant error messages and fake system alerts.
  • Windows Active HotSpot causes system performance problems. Once Windows Active HotSpot is installed, the affected computer may become much slower than normal, freeze or crash frequently.
  • Windows Active HotSpot blocks access to the victim's files and operating system. Whenever the victim tries to run a program, open a folder or carry out seemingly normal tasks on the affected computer, Windows Active HotSpot will display a bogus error message claiming that access was blocked for the victim's own protection.
  • Malware analysts have observed that Windows Active HotSpot may affect the victim's Web browser, causing browser redirects and preventing computer users from accessing certain websites.
  • Windows Active HotSpot may interfere with legitimate security software, in part because Windows Active HotSpot protects itself from detection and removal.

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Active HotSpot

File System Details

Windows Active HotSpot may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. guard-xoin.exe a4b7982a80cba4da8bc7bf69bc70deff 2
2. %AppData%\guard-[RANDOM CHARACTERS].exe
3. %AppData%\result1.db

Registry Details

Windows Active HotSpot may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
CHARACTERS].exe"
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"

Messages

The following messages associated with Windows Active HotSpot were found:

Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
c:windowssystem32iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: 127.0.0.1

Trending

Most Viewed

Loading...