Windows AntiHazard Center

Windows AntiHazard Center Description

Type: Adware

ScreenshotWindows AntiHazard Center belongs to a large batch of rogue security programs belonging to the FakeVimes family of malware that were released in early 2012. According to ESG security analysts, FakeVimes clones have been around for a couple of years, but this recent batch of rogue security programs is particularly dangerous because they tend to be bundled along with a devastating rootkit component. File names associated with Windows AntiHazard Center's clones tend to be made up of the prefix "protector-" followed with three random characters. If you find that Windows AntiHazard Center installed on your computer, this means that your computer has become infected with dangerous malware. However, the malware that Windows AntiHazard Center will claim is on your computer is not the infection, but rather Windows AntiHazard Center itself. Because of this, ESG malware analysts recommend removing Windows AntiHazard Center and its associated malware with a real, reliable and fully-updated anti-malware program.

Windows AntiHazard Center has dozens of clones, including such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

How Windows AntiHazard Center and Its Clones Try to Steal Your Money

The Windows AntiHazard Center scam is not particularly sophisticated and is a rehash of hundreds of fake anti-virus programs that have been online for several years. Basically, Windows AntiHazard Center is designed to display multiple alarming error messages and fake system alerts. These are all designed to make its victims believe that their computers are severely infected with numerous malware and virus attackers as well as presenting severe hard drive problems. Then, Windows AntiHazard Center will prompt the victim to purchase a "full version" of Windows AntiHazard Center in order to fix these nonexistent problems.

Of course, paying for Windows AntiHazard Center does absolutely nothing to remove problems from your computer system. Because of this, ESG malware analysts strongly advise against handing over your money to the criminals behind Windows AntiHazard Center. If you have already done so, it may still be possible to contact your credit card company and to report the Windows AntiHazard Center charges as fraudulent. In the future, it is also advisable to remember that security software that appears on your computer without your authorization is most likely part of an online scam. Anti-virus programs should only be downloaded from legitimate, well-known software manufacturers and not from free online malware scans or error messages alerting you of virus problems on your computer.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows AntiHazard Center

File System Details

Windows AntiHazard Center creates the following file(s):
# File Name MD5 Detection Count
1 %AppData%NPSWF32.dll N/A
2 %AppData%Protector-.exe N/A
3 %Desktop%Windows AntiHazard Center.lnk N/A
4 %CommonStartMenu%ProgramsWindows AntiHazard Center.lnk N/A
5 %AppData% esult.db N/A
6 Protector-nhfo.exe fee16c9ff7dce49a02269aada600f44a 0

Registry Details

Windows AntiHazard Center creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableLUA" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "okanrqfdwk"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsesafe.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionspcip10117_0.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-3-22_1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmssmmc32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsutpost.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatro55en.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall[4].exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsscrscan.exe

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.