Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program Windows High-End Protection

Windows High-End Protection

By GoldSparrow in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Ranking: 3,182
Threat Level: 10 % (Normal)
Infected Computers: 4,336
First Seen: April 30, 2012
Last Seen: September 19, 2023
OS(es) Affected: Windows

Windows High-End Protection Image

Windows High-End Protection Does Not Offer Any Protection for Your Computer System

Windows High-End Protection is a bogus anti-virus program that is part of a recognized online scam. Basically, Windows High-End Protection pretends to be a legitimate security application despite not having any anti-virus or anti-malware capabilities. The main goal of the Windows High-End Protection scam is to convince computer users to purchase useless, fake security programs. These kinds of malware infections as known as rogue anti-virus or rogue anti-malware programs. Windows High-End Protection belongs to a common family of rogue security programs known as FakeVimes.

FakeVimes bogus security programs have been active for several years. ESG malware analysts have been tracking the activities of fake security software in the FakeVimes family since 2009. Because of this, dealing with a Windows High-End Protection infection is not particularly difficult for most security programs. However, Windows High-End Protection belongs to a group of FakeVimes anti-viruses released in 2012 that often include an associated rootkit that is installed along with the rogue security program. The presence of this rootkit component, often some version of the ZeroAccess rootkit, greatly complicates removal of Windows High-End Protection and its clones.

There are numerous malicious programs like Windows High-End Protection, including such rogue anti-virus applications as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Do Not Become a Victim of the Windows High-End Protection Scam!

Malware like Windows High-End Protection is often known as scareware because of its main tactic: scaring its victims. Windows High-End Protection is designed to display numerous error messages and bogus security warnings in order to make its victims panic, scaring them into believing that their computer system has been attacked by several viruses and Trojans. Then, Windows High-End Protection will offer to fix these nonexistent problems provided that the victim is willing to spend money on a "full version" of Windows High-End Protection. Of course, since Windows High-End Protection has no real anti-virus capabilities, paying for its "full version" is not a good idea.

You can trick Windows High-End Protection into thinking that you have paid for its "full version" by entering the registration code the 0W000-000B0-00T00-E0020. ESG malware analysts have identified this registration code as an effective way to stop Windows High-End Protection from displaying its alarming error messages. However, this registration code will not remove Windows High-End Protection from your computer system. To remove Windows High-End Protection completely, it is recommended to use a reliable, fully up to date anti-malware application.

Windows High-End Protection Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows High-End Protection may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %AppData%\NPSWF32.dll
2. %AppData%\Protector-[RANDOM CHARACTERS].exe
3. %AppData%\result.db

Registry Details

Windows High-End Protection may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger

Trending

Most Viewed

Loading...