Windows Daily Adviser

Windows Daily Adviser Description

Type: Adware

ScreenshotDespite the fact that Windows Daily Adviser has all the external characteristics of an anti-virus program, Windows Daily Adviser is actually a cleverly disguised malware infection. Fake anti-virus programs like Windows Daily Adviser are a kind of malware infection known as rogue security programs. Rogue security applications are normally part of a multi-component malware strike including several Trojans and often a rootkit component. Windows Daily Adviser belongs to a particularly extensive group of rogue security programs known as the FakeVimes family of malware, also known as Rogue:FakeVimes.

There are many fake security applications in the FakeVimes family of programs which has been continuously updated since 2009. Most security applications can easily detect a rogue anti-virus program belonging to the FakeVimes family of malware. However, the main problem with FakeVimes malware released after 2012 is the fact that it is often bundled with the ZeroAccess, rootkit, a dangerous malware threat also known as the Sirefef rootkit. This rootkit creates a hidden file system that is used to hide Windows Daily Adviser and other malware on the victim's computer. While Windows Daily Adviser itself is not difficult to remove, steps must be taken first to remove the rootkit infection that is often associated with Windows Daily Adviser.

Protecting Your Computer System from a Windows Daily Adviser Attack

Windows Daily Adviser is just one of a large number of fake security programs belonging to the FakeVimes family of malware. Known clones of Windows Daily Adviser include fake anti-virus programs like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Even though all of these programs have different names, they share interfaces that are almost exactly the same and carry out the same scam each time. This scam consists in making the victim think that their machine is severely infected with malware and that an 'upgrade' for Windows Daily Adviser must be purchased before these nonexistent problems can be removed.

Of course, since Windows Daily Adviser has no way of dealing with malware, ESG security researchers strongly advise against purchasing or 'upgrading' Windows Daily Adviser. Instead, it is recommended to use an anti-rootkit tool to remove the ZeroAccess infection that is often included in a Windows Daily Adviser attack and then to use a reliable anti-malware program to remove Windows Daily Adviser itself. Entering 0W000-000B0-00T00-E0020 when asked for a registration code can make Windows Daily Adviser stop displaying its misleading error messages; however, it will still be necessary to remove Windows Daily Adviser from the infected computer system.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Windows Daily Adviser Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Daily Adviser creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[random 4 characters].exe N/A
2 %AppData%\Protector-[random 3 characters].exe N/A
3 %AppData%\NPSWF32.dll N/A
4 %Desktop%\Windows Daily Adviser.lnk N/A
5 %AppData%\W34r34mt5h21ef.dat N/A
6 %AppData%\result.db N/A
7 %CommonStartMenu%\Programs\Windows Daily Adviser.lnk N/A

Registry Details

Windows Daily Adviser creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

More Details on Windows Daily Adviser

The following messages associated with Windows Daily Adviser were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment