Windows Antihazard Solution

Windows Antihazard Solution Description

Type: Adware

ScreenshotThe Windows Antihazard Solution is one of the many faces of the FakeVimes family of rogue security applications. The Windows Antihazard Solution scam is not different from its clones, and has remained practically unchanged since 2009. Basically, what the Windows Antihazard Solution intends is persuade the victim to purchase a useless bogus security program. The Windows Antihazard Solution is usually accompanied with a rootkit component. This family of malware, known as FakeVimes, is responsible for installing fake security programs on the victim's computer.

The Windows Antihazard Solution infection, more accurately referred to as a Trojan, is one of a recent batch of FakeVimes clones that includes such fake security software as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

ESG security analysts have found versions of the Windows Antihazard Solution that receive support and protection from the ZeroAccess rootkit. This rootkit component makes the Windows Antihazard Solution more difficult to remove, effectively hiding its location on the victim's hard drive and attempting to disable any programs, applications or Windows services capable of removing the Windows Antihazard Solution. To deal with this malware threat, ESG security analysts recommend using a reliable anti-malware utility with anti-rootkit capabilities in order to handle the associated ZeroAccess infection.

The Windows Antihazard Solution – A New Face for an Old Threat

Because FakeVimes has been around for such a long time, most security programs have no problem detecting and removing it. A Windows Antihazard Solution infection is no exception. Apart from its rootkit component, the Windows Antihazard Solution is not really difficult to remove. The main danger with a Windows Antihazard Solution infection is the fact that its authentic-looking interface may be enough to fool inexperienced computer users into believing that this bogus security program is the real thing. Computer systems infected with the Windows Antihazard Solution will display constant error messages that appear to come from the operating system itself, a bogus system scan, and alarming pop-up notifications. All of these are designed to convince the victim that it is necessary to purchase Windows Antihazard Solution in order to stop a nonexistent infection on the infected computer. Do not become a victim of the Windows Antihazard Solution; do not purchase this fake security program or believe any of its claims. Instead, remove Windows Antihazard Solution immediately.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AhnLab-V3 Trojan/Win32.Zbot
Kaspersky UDS:DangerousObject.Multi.Generic
McAfee Artemis!5D3A89B71CF2
Ikarus Trojan.Win32.Inject
AhnLab-V3 Trojan/Win32.Pakes
Sophos Troj/Ransom-IY
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!86
BitDefender Gen:Variant.Graftor.42564
Kaspersky Trojan.Win32.Inject.enoa
Panda Trj/CI.A
Fortinet W32/Zbot.HJ
Ikarus Win32.Citadel
Sophos Mal/Zbot-HJ
Comodo TrojWare.Win32.Graftor.WDKJ
BitDefender Gen:Variant.Zusy.11803

Technical Information

Screenshots & Other Imagery

Windows Antihazard Solution Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Antihazard Solution creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
2 %AppData%\NPSWF32.dll N/A
3 %CommonStartMenu%\Programs\Windows Antihazard Solution.lnk N/A
4 %Desktop%\Windows Antihazard Solution.lnk N/A
5 %AppData%\result.db N/A

Registry Details

Windows Antihazard Solution creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.