Windows Advanced Security Center

Windows Advanced Security Center Description

Type: Adware

Despite its name, Windows Advanced Security Center is not associated with Microsoft Security Center nor does Windows Advanced Security Center provide legitimate security for your PC. Rather, Windows Advanced Security Center is a kind of malware infection known as a rogue security program. These kinds of malware infections will try to convince inexperienced computer users that they need to purchase a 'full version' of Windows Advanced Security Center in order to fix nonexistent problems on their computer system. This scam is among the most common types of malware scams.

There are countless different versions of the Windows Advanced Security Center scam. While some are simple fake security programs that limit themselves to pretending to be real anti-virus programs and displaying some fake error messages, some pose a severe danger to a computer system due to their intrusive practices. Unfortunately, Windows Advanced Security Center is part of this second category of malware infection. Windows Advanced Security Center will rarely attack alone and will often be associated with various Trojan and rootkit components that can wreak havoc on a computer. Because of this, apart from fake error messages a Windows Advanced Security Center infection will also be accompanied with browser redirects, system crashes, decreases system performance and the presence of other malware on the infected computer system.

Windows Advanced Security Center's Many Clones

Windows Advanced Security Center is part of a large family of malware known as Rogue:FakeVimes. Fake security programs in the FakeVimes family have been around since 2009. There are dozens of clones of Windows Advanced Security Center, for example programs like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

The FakeVimes family of malware is a well-known threat that can be removed with most security programs. However, malware in this family released after January of 2012 (including Windows Advanced Security Center) has been associated with a rootkit component that is significantly more difficult to remove than other kinds of malware. Often, removing this rootkit component requires a specialized anti-rootkit application.

The code 0W000-000B0-00T00-E0020 has proven useful in 'registering' malware in the FakeVimes family. While this will not remove Windows Advanced Security Center, it will stop many of its irritating error messages and facilitate removing this malware infection with a reliable anti-malware program. ESG security researchers strongly advise against purchasing Windows Advanced Security Center's fake "full version'; this will do nothing to remove Windows Advanced Security Center and will place your credit card information in the hands of unscrupulous criminals.

Technical Information

File System Details

Windows Advanced Security Center creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-{RANDOM 4 CHARACTERS}.exe N/A
2 %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe N/A
3 %AppData%\NPSWF32.dll N/A
4 %StartMenu%\Windows Advanced Security Center.lnk N/A

Registry Details

Windows Advanced Security Center creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.