Windows Instant Scanner

Windows Instant Scanner Description

ScreenshotWindows Instant Scanner is a bogus anti-malware scanner in the FakeVimes family of malware. Windows Instant Scanner is actually a kind of scamware infection, despite the fact that its interface and components appear very similar to those belonging to real security software. Known as rogue security programs, malware threats like Windows Instant Scanner carry out a common online scam.

The FakeVimes family of malware has been at work and constantly updated since 2009. There are dozens of fake security programs in the FakeVimes family of malware with new ones released almost on a daily basis. Windows Instant Scanner belongs to a particularly nasty batch of fake security software due to the fact that Windows Instant Scanner will often be bundled with some version of the ZeroAccess rootkit.

Other examples of malware in the FakeVimes family that also includes this dangerous rootkit component include fake security applications such as Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

How Criminals Use Windows Instant Scanner to Steal Your Money

Windows Instant Scanner is designed to make you believe that your computer is severely infected with malware. To do this, Windows Instant Scanner will use numerous fake error messages and an alarming, but fake, system scan. These will invariable indicate that your computer has been invaded by various Trojans and viruses. However, if you try to use Windows Instant Scanner to fix these nonexistent problems, Windows Instant Scanner will try to convince you that you need to buy the 'full version' of this fake security program. Since neither the 'free' version nor the 'full' version of Windows Instant Scanner have actual anti-malware capabilities, ESG security analysts strongly advises against paying for this fake security application.

What to Do if Your Computer Becomes Infected with Windows Instant Scanner

You can easily remove most malware in the FakeVimes family of malware with a reliable anti-malware program. However, dealing with Windows Instant Scanner and other versions of this threat that include a rootkit component may require the use of a specialized anti-rootkit application. You can also stop most of Windows Instant Scanner's most irritating symptoms by entering the registration code 0W000-000B0-00T00-E0020. However, in order to prevent relapse and other malware infections, it will still be necessary to remove this threat from your computer.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Instant Scanner infects a computer.

Windows Instant Scanner Video

File System Details

Windows Instant Scanner creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%Protector-gjrt.exe 1,938,944 ebfe32f3decca9d3f2c78962d48159b7 1
2 Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Instant Scanner creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.