Windows First-Class Protector

Windows First-Class Protector Description

Type: Adware

ScreenshotIf Windows First-class Protector is installed on your computer, you will need protection to get rid of this supposed protector! This is because Windows First-class Protector is not a real security program, but is, in reality, a type of malware infection named rogue anti-virus program. Rogue anti-virus programs are usually misleading applications that are installed as a result of a Trojan infection. These impersonate legitimate security programs in order to scam a computer user, convincing their victims to purchase useless, fake anti-virus software. There are dozens of versions of the Windows First-class Protector, known as clones. Criminals make these in order to make the task of PC security analysts more difficult, as keeping track of multiple versions of a threat is exponentially more difficult than dealing with a single malware application.

Some examples of Windows First-class Protector clones include fake security programs named Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Like most rogue security programs in the FakeVimes family of rogue security software, Windows First-class Protector uses files names that contain a three-letter string made up of three random letters. These are usually preceded with the string 'protector-', which is a characteristic of a large batch of FakeVimes rogue security programs released in 2012.

Dealing with a Windows First-Class Protector Attack

It is crucial to understand when dealing with a Windows First-class Protector infection, that this program is part of a scam. Windows First-class Protector makes alarming claims which can cause inexperienced computer users to panic. However, these are all lies. The next thing to understand about Windows First-class Protector is that its main objective is to get you to purchase a fake 'full version' of Windows First-class Protector. After all, the ultimate goal of any malware infection is to profit in some way from harassing computer users. Because of this, you should beware of paying any amount for Windows First-class Protector or disclosing your credit card information, regardless of how annoying the constant error messages and browser redirects become. FakeVimes rogue security programs have been around for several years, so most reliable (and, of course, real) anti-malware programs should be able to deal with Windows First-class Protector. However, members of the batch of FakeVimes clones released in 2012 are often coupled with a ZeroAccess rootkit infection, which can make removal of Windows First-class Protector more problematic. Fortunately, using a specialized anti-rootkit tool or an anti-malware program with anti-rootkit feature you should be capable to handle this problem.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows First-Class Protector

Windows First-Class Protector Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows First-Class Protector creates the following file(s):
# File Name MD5 Detection Count
1 %AppData%Protector-[RANDOM 3 CHARACTERS].exe N/A
2 %AppData%NPSWF32.dll N/A
3 %StartMenu%ProgramsWindows First-Class Protector.lnk N/A
4 %Desktop%Windows First-Class Protector.lnk N/A
5 %AppData%\result.db N/A
6 Protector-yblo.exe 3b5d18ed6417b4d7b729dee0a7944449 0

Registry Details

Windows First-Class Protector creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options[RANDOM CHARACTERS].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

More Details on Windows First-Class Protector

The following messages associated with Windows First-Class Protector were found:
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning! Identity theft attempt Detected

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.