Windows Debug Center

Windows Debug Center Description

ScreenshotESG malware analysts have received numerous reports since the beginning of 2012 of numerous clones of the FakeVimes family of malware causing problems on computers all over the world. While FakeVimes rogue security programs have been around since 2009, the batch of malware released in 2012 has been observed to include a dangerous rootkit bundled as part of the attack.

Windows Debug Center is one of these fake security programs, along with such bogus anti-virus programs as Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Windows Debug Center and its clones are not particularly unique, registering as a textbook example of how a rogue security application attempts to scam a victim. Windows Debug Center will try to convince the victim to purchase a fake registration code for a "full version" of Windows Debug Center. However, Windows Debug Center is actually a malware infection that should be treated with a real, reliable anti-malware program. ESG security analysts have uncovered a serial number that you can use, 0W000-000B0-00T00-E0020 in order to relieve in the short-term symptoms of a Windows Debug Center infection. However, take into account that this registration code will not uninstall or remove Windows Debug Center from your computer system. It will only halt the symptoms long enough to give you a chance to execute a full scan using a reliable anti-malware program.

The Windows Debug Center Scam and How It Affects Your Computer

The Windows Debug Center scam is quite simple. Basically, criminals attempt to convince their victims that their computer system is under attack and that Windows Debug Center can solve a nonexistent malware infection. However, any attempt to get Windows Debug Center to work will be met with error messages claiming that the victim needs to purchase a "full working version" of Windows Debug Center. According to ESG malware analysts, the supposed full version Windows Debug Center is just as useless as the unregistered version. Looking into this program's code, it is easy to see that Windows Debug Center has no real anti-virus capabilities. Rather, Windows Debug Center is part of a scam that was created to embezzle your money. In order to do this, Windows Debug Center resorts to more invasive tactics. Windows Debug Center has been known to cause browser redirects, a constant stream of alarming error messages and frequent crashes on the infected computer system.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Debug Center infects a computer.

Windows Debug Center Video

Windows Debug Center Image 1 Windows Debug Center Image 2 Windows Debug Center Image 3 Windows Debug Center Image 4 Windows Debug Center Image 5 Windows Debug Center Image 6 Windows Debug Center Image 7 Windows Debug Center Image 8 Windows Debug Center Image 9 Windows Debug Center Image 10 Windows Debug Center Image 11 Windows Debug Center Image 12 Windows Debug Center Image 13

File System Details

Windows Debug Center creates the following file(s):
# File Name Size MD5
1 %AppData%\Protector-[RANDOM CHARACTERS].exe
2 %StartMenu%\Programs\Windows Debug Center.lnk
3 %Desktop%\Windows Debug Center.lnk
4 %AppData%\result.db
5 %APPDATA%Protector-ddlv.exe 1,955,328 0ab700b2df47045373305f83eba0f407

Registry Details

Windows Debug Center creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

More Details on Windows Debug Center

The following messages associated with Windows Debug Center were found:
"Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites"
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:WindowsSystem32dllcachewmploc.dll"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.