Windows Expert Series DescriptionType: Browser Hijackers
Windows Expert Series is not a real anti-spyware program, despite the fact that its appearance seems to indicate the contrary. Windows Expert Series is in fact part of a malware attack involving multiple components. Windows Expert Series in particular is part of a family of malware known as FakeVimes. This family of malware, active since 2009, had been in decline until the end of 2011. However, since early 2012, ESG security researchers have observed a strong comeback of FakeVimes-related malware. This is greatly due to the fact that criminals have started including rootkits in the FakeVimes family members such as Windows Expert Series, in malware attacks involving the ZeroAccess or Sirefef family of rootkits. This rootkit component makes Windows Expert Series and its clones considerably more difficult to remove than earlier versions of FakeVimes. ESG security researchers recommend dealing with a Windows Expert Series with the help of a program capable of removing rootkits and similar malware infections.
ESG security researchers have observed dozens of clones of Windows Expert Series, with new malware in this family being released nearly daily since early 2012. Examples of malware identical to Windows Expert Series include fake security applications such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
All of these are variants of the FakeVimes family that also contain its associated malicious rootkit component. These programs are all essentially the same, carrying out variants on the same scam. Basically, Windows Expert Series and its clones will pretend to be real anti-spyware programs and try to scare the victim claiming that their computer is severely infected with malware. However, this is all a scam designed to convince victims to purchase an expensive, and useless, security upgrade.
The main point to remember is that Windows Expert Series is not a real security program. Because of this, ESG security researchers recommend ignoring all error messages and claims made by Windows Expert Series. You can use the registration code 0W000-000B0-00T00-E0020 to make Windows Expert Series stop displaying irritating error messages and causing browser redirects. However, this will not remove Windows Expert Series. To remove this fake security program completely, you will need to use a strong, reliable, fully-updated anti-malware application with anti-rootkit capabilities.
10 security vendors flagged this file as malicious.
Screenshots & Other Imagery
Windows Expert Series Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
|#||File Name||Detection Count|
|1||%AppData%\Protector-[RANDOM 4 CHARACTERS].exe||N/A +|
|2||%AppData%\Protector-[RANDOM 3 CHARACTERS].exe||N/A +|
|5||%Desktop%\Windows Expert Series.lnk||N/A +|
|6||%CommonStartMenu%\Programs\Windows Expert Series.lnk||N/A +|
More Details on Windows Expert Series
Attempt to modify registry key entries detected. Registry entry analysis is recommended.
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.