Windows No-Risk Center

By Domesticus in Rogue Anti-Virus Program

Translate To:

Windows No-Risk Center Image

Windows No-Risk Center is a fake security tool that belongs to the FakeVimes family of malware. Fake security programs in the FakeVimes family have been around since 2009 and are a typical example of the rogue anti-virus' scam. Windows No-Risk Center is part of a Trojan attack which will typically involve several malware threats working together to attack a computer system. Windows No-Risk Center is part of a batch of FakeVimes's clones released in 2012.

These include such malware as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Despite their different names, each of these programs is practically the same application with slight changes to the outward appearance in order to fool computer security researchers. All of these fake security applications are designed to try to convince inexperienced computer users that their computer system has become compromised due to a severe virus and Trojan infection. While the victim's computer actually is under attack – from Windows No-Risk Center itself – this fake security program detects a variety of malware threats taken straight out of a virus encyclopedia. With a constant stream of fake error messages, alarming pop-up notifications and other invasive tactics, Windows No-Risk Center does everything in its power to convince computer users that it is necessary to purchase a 'full version' of Windows No-Risk Center, so it will solve nonexistent malware infections on their computer.

Table of Contents

A Dangerous Rootkit Component may Accompany a Windows No-Risk Center Infection

FakeVimes and its clones usually do not pose a significant challenge to PC security researchers and most legitimate security programs. This is because this family of malware has remained practically unchanged since 2009. However, the recent batch of Windows No-Risk Center clones that includes Windows No-Risk Center has been known to include a ZeroAccess rootkit component. This makes Windows No-Risk Center particularly difficult to remove and detect, since ZeroAccess has the ability to hide the presence of other malware on the victim's computer, as well as disabling the most popular anti-malware programs on the market. Because of this, ESG security analysts recommend that removal of Windows No-Risk Center should include an anti-rootkit tool or an anti-malware program with anti-rootkit technology. It is also quite rare for a Windows No-Risk Center infection to appear without other malware infecting the victim's computer. Windows No-Risk Center will usually be associated with the aforementioned rootkit component, some kind of browser hijacker, and a dropper Trojan responsible for installing Windows No-Risk Center in the first place.

Windows No-Risk Center Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows No-Risk Center may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%AppData%\NPSWF32.dll
Name: %AppData%\NPSWF32.dll Type: Dynamic link library Group: Malware file
2.	%AppData%\Protector-[RANDOM CHARACTERS].exe
Name: %AppData%\Protector-[RANDOM CHARACTERS].exe Type: Executable File Group: Malware file
3.	%CommonStartMenu%\Programs\Windows No-Risk Center.lnk
Name: %CommonStartMenu%\Programs\Windows No-Risk Center.lnk Type: Shortcut Group: Malware file
4.	%Desktop%\Windows No-Risk Center.lnk
Name: %Desktop%\Windows No-Risk Center.lnk Type: Shortcut Group: Malware file
5.	%AppData%\result.db
Name: %AppData%\result.db Group: Malware file

Registry Details

Windows No-Risk Center may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “origkboryd”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

Messages

The following messages associated with Windows No-Risk Center were found:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

1 Comment

Recoveryx 11 years ago Reply

Hi there, I discovered your website by means of Google whilst searching for a related subject, your site came up, it appears to be like great. I've bookmarked it in my google bookmarks. I'm not positive the place you're getting your info, but great topic. I needs to spend some time finding out more or working out more. Thank you for great info I was in search of this info for my mission.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows No-Risk Center

A Dangerous Rootkit Component may Accompany a Windows No-Risk Center Infection

Windows No-Risk Center Video

File System Details

Registry Details

Messages

1 Comment

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen