Windows Antivirus Care

Windows Antivirus Care Description

Type: Adware

The FakeVimes family of rogue anti-virus programs is composed of dozens of dangerous scamware programs that pretend to be legitimate anti-virus applications; Windows Antivirus Care is one of these fake anti-virus programs. The main way in which Windows Antivirus Care tries to scam its victims is by making them believe that their computer is under attack. To accomplish this, Windows Antivirus Care is designed to attack the victim with a continuous stream of alarming error messages. Windows Antivirus Care also uses a GUI that is very similar to the one used by real security programs. Once a victim has fallen for the scam, Windows Antivirus Care will attempt to convince them to upgrade to the "full version" of Windows Antivirus Care in order to stop the imaginary virus attack. However, it is important to remind computer users that, despite its appearance, Windows Antivirus Care is a malware infection itself.

Apart from its scam, Windows Antivirus Care can cause many other problems on the infected computer system. Some typical symptoms of a Windows Antivirus Care include frequent system crashes, decreased system performance, browser redirects, and problems accessing files on the infected computer. These, coupled with Windows Antivirus Care's annoying error messages and fake system scans, can quickly make a computer system practically unusable. Because of this, Windows Antivirus Care is not a simple annoyance but a severe security threat that should be eliminated with a reliable anti-malware program.

A General Overview of the Windows Antivirus Care Rogue Anti-Virus Program

It is important to note that Windows Antivirus Care is not connected in any way to Windows or to Microsoft, despite the fact that Windows Antivirus Care uses trademarked logos in its GUI as well as an interface that borrows heavily from legitimate Windows security components. Windows Antivirus Care's family of malware is quite large and has been active since 2009. Windows Antivirus Care belongs to a particular batch of FakeVimes rogue anti-virus programs that have been active since January of 2012. Some other fake anti-virus applications belonging to this same batch of malware include such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Windows Antivirus Care asks for a registration code in order to supposedly upgrade to its "full version". ESG malware analysts have provided the registration code 0W000-000B0-00T00-E0020 as a possible way of stopping Windows Antivirus Care's most annoying evidences. However, it is crucial to note that this registration code will not remove Windows Antivirus Care or clean your system; it will merely stop Windows Antivirus Care from displaying error messages and browser redirects. Windows Antivirus Care should still be removed with a reliable security tool.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Antivirus Care

File System Details

Windows Antivirus Care creates the following file(s):
# File Name MD5 Detection Count
1 Protector-dila.exe 312aad289605205c7cbb6a46393b2f40 1
2 Protector-oaqg.exe cf8bad01080ea7d2d6839e8837ac6845 1
3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
4 %AppData%\Inspector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Antivirus Care creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

More Details on Windows Antivirus Care

The following messages associated with Windows Antivirus Care were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.