Windows Antivirus Machine

Windows Antivirus Machine Description

Type: Rogue AntiSpyware Programs

ScreenshotThe FakeVimes family of rogue security programs has been responsible for numerous infections. Windows Antivirus Machine is one of multiple fake security applications belonging to this family of malware. It is important to remember that Windows Antivirus Machine and its many clones are not real anti-malware programs, despite the fact that they use an interface that seems to indicate that they are. This is because Windows Antivirus Machine carries out a scam that involves convincing its victims to purchase a useless upgrade for this bogus security application. Rather than paying for Windows Antivirus Machine, the recommended course of action is to remove this program with a real anti-virus application.

Windows Antivirus Machine and Other 2012 FakeVimes Variants Are Particularly Nasty

Although fake security programs in the FakeVimes family have been around since 2009, the variants released in 2012 are particularly difficult to remove. This is because these variants, which include Windows Antivirus Machine, will often be bundled with a rootkit component from the Sirefef family of malware. This rootkit component makes Windows Antivirus Machine and other malware on the victim's computer quite difficult to detect and remove with ordinary anti-malware software, and may require a more specialized anti-rootkit utility in order to be removed effectively. Other FakeVimes variants that tend to include the Sirefef rootkit include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Protecting Yourself from the Windows Antivirus Machine Scam

Fake security software scams are not new and have been used to prey on inexperienced computer users for many years. In fact, ESG security researchers note that the rogue security software scam is a simple variation of similar scams that dishonest repairmen and mechanics have been running for generations. Basically, Windows Antivirus Machine will claim that the victim's computer is severely infected through alarming error messages and fake system scans. Windows Antivirus Machine also causes other problems, such as web browser redirects and issues accessing files on the infected machine. Windows Antivirus Machine will suggest that the victim purchase an expensive upgrade for this supposed anti-malware program. However, ESG security analysts have observed that Windows Antivirus Machine has no way of removing or detecting malware. You can stop many of Windows Antivirus Machine's fake security notifications with the registration code 0W000-000B0-00T00-E0020. Although this will 'register' Windows Antivirus Machine, you will still need to annihilate this fraudulent security program from your machine with the help of a strong, fully-updated anti-malware solution.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Antivirus Machine

Windows Antivirus Machine Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Antivirus Machine creates the following file(s):
# File Name MD5 Detection Count
1 Protector-lblv.exe 82ac6547282df38f53a578ca43a95b5b 1
2 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Antivirus Machine creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.