Windows Express Settings

Windows Express Settings Description

ScreenshotIf you have Windows Express Settings and Windows Express Settings' weird orange windows showing up on your computer, be very careful. Windows Express Settings is malware that pretends to be anti-virus software, in order to scam PC users out of money.

Signs of a Windows Express Settings Infection

Windows Express Settings causes symptoms that are common in fake security software infections. In fact, the symptoms of a Windows Express Settings infection are identical to those caused by all of the other rogue anti-virus applications in Windows Express Settings' enormous malware family. The most noticeable signs of infection are the fake alerts and system scans that Windows Express Settings generates. Every time Windows starts after the malware installs itself, Windows Express Settings will pop up with its fake user interface, which is a really hideous bright orange. Windows Express Settings does this before the desktop even loads.

The interface uses the Windows logo and name, and Windows Express Settings has some icons that are supposed to represent your PC's security, which Windows Express Settings will always say is extremely poor. Actually, all of that is just there to make the fake scans that Windows Express Settings will run seem more believable. Windows Express Settings will run a phony scan of your system from this interface every time Windows starts, and Windows Express Settings will tell you that it has found threats that can only be removed if you pay to “activate” the Windows Express Settings software. You can pay for Windows Express Settings on its payment site, but it will not get you anything, since it is merely a scam.

It is possible to wait through the fake scan routine and get past the Windows Express Settings eventually, at least for most users. (Some people do report being unable to get past the Windows Express Settings interface in order to see the desktop.) That doesn't mean that you're in the clear, unfortunately, because Windows Express Settings will continue to generate pop-up alerts that warn you of supposedly urgent security issues. These alerts are the same on every infected computer, because they are fake and were written ahead of time. They're also rubbish, because they claim that Firefox is a virus, that lsass.exe (a vital Windows service) caused Windows to boot improperly and that someone is tampering with the “register” keys. The alerts are just another way that Windows Express Settings will prompt you to go to Windows Express Settings' payment site; they're meant to cause you to panic.

Windows Express Settings doesn't stop at trying to scare you into paying money for malware. Windows Express Settings also takes your computer hostage, by preventing other programs from running and by redirecting you to Windows Express Settings' own sites when you try to go online. That means that you can't kill Windows Express Settings with Task Manager, and you can't research Windows Express Settings to figure out how to get rid of Windows Express Settings. Don't be fooled into thinking that paying the con-artists will change any of this, because it doesn't.

How Windows Express Settings Infiltrates a Computer

In order to trick you into downloading Windows Express Settings, this rogue security software uses the fake Microsoft Security Essentials Alert Malware, which is a Trojan. This Trojan is typically hidden in software updates on third-party, malicious websites, in fake video codecs, or in files downloaded from file sharing services. Once Windows Express Settings is on your computer, it causes alerts to appear that will warn you that Windows has detected a Trojan, and Windows Express Settings will prompt you to download software to remove the supposed threat. With a single button click, you can agree to download Windows Express Settings. When you restart your computer, the Windows Express Settings malware will be active.

Windows Express Settings Related Malware

Windows Express Settings is only one member of a very large family of very closely-related fake security programs, the family, all of which are part of a scam. Some of the other rogue anti-virus applications in this family are There are literally dozens of others, and the only differences between them are their names, and occasionally, the background color of the fake scanner interface. All of them can be traced back to an origin in Russia. Windows Express Settings, in particular, showed up around the third week of February, 2011.

Technical Information

Screenshots & Other Imagery

Windows Express Settings Image 1 Windows Express Settings Image 2 Windows Express Settings Image 3 Windows Express Settings Image 4 Windows Express Settings Image 5 Windows Express Settings Image 6 Windows Express Settings Image 7 Windows Express Settings Image 8 Windows Express Settings Image 9

File System Details

Windows Express Settings creates the following file(s):
# File Name Size MD5 Detection Count
1 %AppData%rsjbtk.exe 2,600,448 bd4384d311198714f522a88c45163ab2 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.