Windows No-Risk Center

Windows No-Risk Center Description

ScreenshotWindows No-Risk Center is a fake security tool that belongs to the FakeVimes family of malware. Fake security programs in the family have been around since 2009 and are a typical example of the rogue anti-virus' scam. Windows No-Risk Center is part of a Trojan attack which will typically involve several malware threats working together to attack a computer system. Windows No-Risk Center is part of a batch of FakeVimes's clones released in 2012.

These include such malware as

Despite their different names, each of these programs is practically the same application with slight changes to the outward appearance in order to fool computer security researchers. All of these fake security applications are designed to try to convince inexperienced computer users that their computer system has become compromised due to a severe virus and Trojan infection. While the victim's computer actually is under attack – from Windows No-Risk Center itself – this fake security program detects a variety of malware threats taken straight out of a virus encyclopedia. With a constant stream of fake error messages, alarming pop-up notifications and other invasive tactics, Windows No-Risk Center does everything in its power to convince computer users that it is necessary to purchase a 'full version' of Windows No-Risk Center, so it will solve nonexistent malware infections on their computer.

A Dangerous Rootkit Component may Accompany a Windows No-Risk Center Infection

FakeVimes and its clones usually do not pose a significant challenge to PC security researchers and most legitimate security programs. This is because this family of malware has remained practically unchanged since 2009. However, the recent batch of Windows No-Risk Center clones that includes Windows No-Risk Center has been known to include a ZeroAccess rootkit component. This makes Windows No-Risk Center particularly difficult to remove and detect, since ZeroAccess has the ability to hide the presence of other malware on the victim's computer, as well as disabling the most popular anti-malware programs on the market. Because of this, ESG security analysts recommend that removal of Windows No-Risk Center should include an anti-rootkit tool or an anti-malware program with anti-rootkit technology. It is also quite rare for a Windows No-Risk Center infection to appear without other malware infecting the victim's computer. Windows No-Risk Center will usually be associated with the aforementioned rootkit component, some kind of browser hijacker, and a dropper Trojan responsible for installing Windows No-Risk Center in the first place.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows No-Risk Center infects a computer.

Windows No-Risk Center Video

Windows No-Risk Center Image 1 Windows No-Risk Center Image 2 Windows No-Risk Center Image 3 Windows No-Risk Center Image 4 Windows No-Risk Center Image 5 Windows No-Risk Center Image 6 Windows No-Risk Center Image 7 Windows No-Risk Center Image 8 Windows No-Risk Center Image 9 Windows No-Risk Center Image 10 Windows No-Risk Center Image 11 Windows No-Risk Center Image 12

Registry Details

Windows No-Risk Center creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “origkboryd”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

More Details on Windows No-Risk Center

The following messages associated with Windows No-Risk Center were found:
Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

One Comment

  • Recoveryx:

    Hi there, I discovered your website by means of Google whilst searching for a related subject, your site came up, it appears to be like great. I've bookmarked it in my google bookmarks. I'm not positive the place you're getting your info, but great topic. I needs to spend some time finding out more or working out more. Thank you for great info I was in search of this info for my mission.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.