Windows Defence Counsel

Windows Defence Counsel Description

Type: Adware

ScreenshotWindows Defence Counsel is one of the many fake security programs in the FakeVimes family of malware. Malware such as Windows Defence Counsel is referred to as rogue security software. Rogue security programs like Windows Defence Counsel try to carry out an online scam which consists in trying to convince the victims that it is necessary for them to purchase a useless 'full version' of its fake security program. To do this, Windows Defence Counsel will try to convince the victims that their computer is severely infected with malware. While this is technically true, what Windows Defence Counsel fails to tell you is that the severe malware infection is actually Windows Defence Counsel itself!

Understanding a Scamware Like Windows Defence Counsel

The scam that Windows Defence Counsel carries out is among the most common kinds of online scams. There are thousands of programs similar to Windows Defence Counsel. The severity of the malware attack varies from one fake security program to another. While some of these fake security programs will simply pretend to be legitimate security programs and pester their victims with fake error messages, some of the more malicious kinds of rogue security programs will actually change your computer's settings and employ a variety of Trojan and rootkit components in order to completely take over the victim's computer. Unfortunately, Windows Defence Counsel belongs to the second kind; ESG team of PC security researchers has observed that Windows Defence Counsel may cause browser redirects, a computer to become slow or unstable, and make dangerous changes to the infected computer's settings and registry.

Windows Defence Counsel and the FakeVimes Family of Malware

The FakeVimes family of malware has been active since 2009. Windows Defence Counsel belongs to a variety of malware in the FakeVimes family that was first seen in late 2011 and that has been very active in 2012. Examples of these fake security programs include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

The main danger that these variants of the FakeVimes family of malware pose is that they will often use the ZeroAccess rootkit in order to hide from detection. Because of this, ESG team of PC security analysts recommends using an anti-rootkit tool before trying to remove a Windows Defence Counsel infection. You cant trick Windows Defence Counsel into thinking that you have paid the registration fee with the code 0W000-000B0-00T00-E0020. This code will not remove Windows Defence Counsel, but will stop its most annoying symptoms while you seek a permanent solution.
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Windows Defence Counsel Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Defence Counsel creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
2 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
3 %AppData%\NPSWF32.dll N/A
4 %AppData%\result.db N/A

Registry Details

Windows Defence Counsel creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
_HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-27_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "whecqycyiq"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe

More Details on Windows Defence Counsel

The following messages associated with Windows Defence Counsel were found:
Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.