Windows Expert Series
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 16,398 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 244 |
First Seen: | July 6, 2012 |
Last Seen: | July 10, 2023 |
OS(es) Affected: | Windows |
Windows Expert Series is not a real anti-spyware program, despite the fact that its appearance seems to indicate the contrary. Windows Expert Series is in fact part of a malware attack involving multiple components. Windows Expert Series in particular is part of a family of malware known as FakeVimes. This family of malware, active since 2009, had been in decline until the end of 2011. However, since early 2012, ESG security researchers have observed a strong comeback of FakeVimes-related malware. This is greatly due to the fact that criminals have started including rootkits in the FakeVimes family members such as Windows Expert Series, in malware attacks involving the ZeroAccess or Sirefef family of rootkits. This rootkit component makes Windows Expert Series and its clones considerably more difficult to remove than earlier versions of FakeVimes. ESG security researchers recommend dealing with a Windows Expert Series with the help of a program capable of removing rootkits and similar malware infections.
ESG security researchers have observed dozens of clones of Windows Expert Series, with new malware in this family being released nearly daily since early 2012. Examples of malware identical to Windows Expert Series include fake security applications such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
All of these are variants of the FakeVimes family that also contain its associated malicious rootkit component. These programs are all essentially the same, carrying out variants on the same scam. Basically, Windows Expert Series and its clones will pretend to be real anti-spyware programs and try to scare the victim claiming that their computer is severely infected with malware. However, this is all a scam designed to convince victims to purchase an expensive, and useless, security upgrade.
The main point to remember is that Windows Expert Series is not a real security program. Because of this, ESG security researchers recommend ignoring all error messages and claims made by Windows Expert Series. You can use the registration code 0W000-000B0-00T00-E0020 to make Windows Expert Series stop displaying irritating error messages and causing browser redirects. However, this will not remove Windows Expert Series. To remove this fake security program completely, you will need to use a strong, reliable, fully-updated anti-malware application with anti-rootkit capabilities.
Table of Contents
Aliases
10 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Kaspersky | HEUR:Trojan.Win32.Generic |
Panda | Trj/CI.A |
AVG | Generic28.CCSR |
Fortinet | W32/FakeAV.AT!tr |
Ikarus | Win32.Kryptik |
GData | Win32:Kryptik-JCX |
TrendMicro | TROJ_FAKEAV.SMVP |
Kaspersky | Trojan.Win32.Jorik.Fraud.qrr |
Avast | Win32:Kryptik-JCX [Trj] |
NOD32 | a variant of Win32/Kryptik.AHJP |
Windows Expert Series Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %AppData%\Protector-[RANDOM 4 CHARACTERS].exe | |
2. | %AppData%\Protector-[RANDOM 3 CHARACTERS].exe | |
3. | %AppData%\NPSWF32.dll | |
4. | %AppData%\W34r34mt5h21ef.dat | |
5. | %Desktop%\Windows Expert Series.lnk | |
6. | %CommonStartMenu%\Programs\Windows Expert Series.lnk | |
7. | %AppData%\result.db |
Registry Details
URLs
Windows Expert Series may call the following URLs:
https://search.private-search.xyz/chrome |