Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Virus Program Windows Antivirus Rampart

Windows Antivirus Rampart

By Domesticus in Rogue Anti-Virus Program
Translate To:
English

Windows Antivirus Rampart Image

Windows Antivirus Rampart is one of the many fake security applications in the FakeVimes family of rogue security programs. Such malware infections mimic legitimate security programs while not having any legitimate anti-malware capabilities. Rather, Windows Antivirus Rampart and its clones are designed to carry out a scam consisting in convincing computer users that they need to purchase useless, bogus security programs. With this in mind, ESG malware analysts highly advise removing Windows Antivirus Rampart immediately with a real anti-malware application.

Windows Antivirus Rampart’s Large Family of Rogue Security Programs

Windows Antivirus Rampart's family of malware has been active since 2009, which means that most legitimate security programs can deal easily with FakeVimes fake security programs. Unfortunately, ESG malware researchers have detected that malware in the FakeVimes family released in 2012 will often be accompanied with a ZeroAccess rootkit infection. This associated malware infection makes this newest generation of malware in the FakeVimes family considerably more difficult to remove. Other examples of fake security software in the FakeVimes family of malware also released in 2012 and previous years include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

To steal your money, Windows Antivirus Rampart will try to persuade you that your PC is dangerously infected with malware. To do this Windows Antivirus Rampart uses numerous bogus error messages, both in the form of pop-up notifications and system alerts from the Task Bar. All of these messages will claim that your computer system is under attack or vulnerable in various ways. However, trying to use Windows Antivirus Rampart to remove these supposed malware problems results in more error messages claiming that you need to purchase a 'complete version' of Windows Antivirus Rampart to be able to deal with these nonexistent malware problems. Since Windows Antivirus Rampart has no real anti-malware capabilities, ESG security analysts strongly advise against purchasing this bogus security program.

Dealing with a Windows Antivirus Rampart Infection

Instead of paying for Windows Antivirus Rampart's 'full version', it is important to remove this fake security program with the help of an anti-malware application with anti-rootkit technology. However, it is not necessary to purchase Windows Antivirus Rampart in order to obtain a serial number. The registration code 0W000-000B0-00T00-E0020 can be used to 'unlock' Windows Antivirus Rampart. While this will not remove Windows Antivirus Rampart (it still needs to be removed with a reliable anti-malware tool), entering that registration number can help stop most of Windows Antivirus Rampart's irritating error messages.

Windows Antivirus Rampart Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Antivirus Rampart may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
2. %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
3. %AppData%\NPSWF32.dll
4. %CommonStartMenu%\Programs\Windows Antivirus Rampart.lnk
5. %AppData%\result.db
6. %AppData%\1st$0l3th1s.cnf
7. %Desktop%\Windows Antivirus Rampart.lnk

Registry Details

Windows Antivirus Rampart may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-29_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "yurrockari"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe

Messages

The following messages associated with Windows Antivirus Rampart were found:

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Trending

Most Viewed

Loading...