Windows Power Expansion

Windows Power Expansion Description

ScreenshotThe cybercrooks behind the malware that gets renamed and re-released every day must have decided that they needed to come up with some more macho, powerful-sounding names. Windows Power Expansion is nothing more than the same old fake security program they've been scamming people with for months. Windows Power Expansion doesn't do anything to improve the way that Windows runs, and it isn't anything special compared to the various other names that this fake security program has taken.

Windows Power Expansion will try to fool you into thinking that Windows Power Expansion is legitimate software by constantly making claims to be a Microsoft product, or a pre-installed Windows program. Even the Trojan that supports Windows Power Expansion and allows Windows Power Expansion to infect computers will try to make itself look as if Windows Power Expansion is something coming from Windows itself. In particular, the Trojan generates alerts that look just like the alerts that come from Microsoft Security Essentials, so it is commonly referred to as the Fake Microsoft Security Essentials Malware. This Trojan is frequently hidden in fake video codecs and program updates, especially on pages that come from spam or suspicious, shortened links on social networking sites. You download the Trojan without knowing it, and then Windows Power Expansion goes into action. Windows Power Expansion always follows the same pattern, so what you'll see will go like this:

  1. Alerts appear and warn you that Windows has found an UnknownWin32/Trojan on the computer. The alerts will claim that Windows is about to run a scan, as a result.
  2. Alerts appear and claim that the "threat" has been identified as Trojan.Horse.Win32.PAV.64.a.
  3. Pop-ups will offer a download of software that supposedly has been identified as capable of removing Trojan.Horse.Win32.PAV.64.a. If you click "OK," this software is downloaded, but what you're actually getting in this case is Windows Power Expansion.

When Windows Power Expansion is downloaded, it will configure itself to start when Windows boots and Windows Power Expansion will cause your computer to reboot. After the reboot, Windows Power Expansion will swing into action, and you will see the following set of symptoms:

A fake scanner interface appears before the desktop loads. Windows Power Expansion uses the Windows name and logo and rates your computer's security as very poor. This interface plays a scan progress animation and tells you that Windows Power Expansion has found numerous threats, which Windows Power Expansion can only remove if you pay for the "licensed" version of Windows Power Expansion's software. This scanner interface cannot be exited until the fake scan has completed.

Windows Power Expansion will display warning messages and security alerts pop-up, and they will say the same things over and over. They'll tell you that Firefox, lsass.exe, and your registry keys are the source of some serious security problems, and they will recommend that you "activate" Windows Power Expansion or purchase a license.

Windows Power Expansion prevents all programs except web browsers from opening, under the pretense that they are all security risks. This disables Task Manager and RegEdit.

When you try to use your web browser, you are redirected to a page that claims to sell licenses for Windows Power Expansion, or you see a fake security redirection window that ultimately links to the same purchasing site.

It is extremely important to remember that you should not pay for Windows Power Expansion, because Windows Power Expansion is completely incapable of finding or removing threats. Furthermore, if you use your credit card to purchase a phony license, you are also giving your credit card number to con-artists. Paying for a license will not cause Windows Power Expansion to deactivate and release your computer; however, on the bright side, Windows Power Expansion can be safely removed using proper anti-virus software.

Remember, Windows Power Expansion is just the same malware as countless other fake security programs, because the crooks behind this scam are just renaming it and re-releasing it to create "new" rogue anti-virus applications. So Windows Power Expansion is identical to Windows Lowlevel Solution, Windows Background Protector, Windows Simple Protector, and several dozen other fake Windows programs. Regardless of what it is called, this malware is part of a scam that is operated out of Russia, and which has been ongoing for all of 2011.

Here's a list of rogue security programs associated with Windows Power Expansion: Windows System Suite, Windows Threats Removing, Windows Troublemakers Agent, Windows Troubles Remover, Windows Universal Tool, Windows User Satellite, WindowsSystemOptimizator, Windows Troubles Analyzer, Windows Security Center, WindowsPrivacy Agent, Windows Problems Solution, Windows Processes Organizer, Windows Error Correction, Windows Background Protector, Windows Care Tool, Windows Debug System, and Windows Utility Tool.

You can help to keep your PC secure by watching out for any program that claims to offer security or anti-virus functions and which has a name that follows the pattern used by the rogue security programs in this particular scam. The names always start with "Windows," and then there are one or two other generic computing terms. (Incidentally, although you can get plenty of semi-realistic sounding security-related names, you can also get names like "Windows Privacy Remover" and "Windows Safety Eliminator!") If you come across something with a name that can be generated using similar terms of previously mentioned rogue programs, treat with extreme caution!

Twitter Trend on Windows Power Expansion

Snapshot of Search Volume for Windows Power Expansion

windows power extension search volume

Do You Suspect Your Computer May Be Infected with Windows Power Expansion & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Windows Power Expansion as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Windows Power Expansion Image 1 Windows Power Expansion Image 2 Windows Power Expansion Image 3 Windows Power Expansion Image 4 Windows Power Expansion Image 5 Windows Power Expansion Image 6 Windows Power Expansion Image 7 Windows Power Expansion Image 8 Windows Power Expansion Image 9 Windows Power Expansion Image 10 Windows Power Expansion Image 11

File System Details

Windows Power Expansion creates the following file(s):
# File Name Size MD5
1 %AppData%\Microsoft\dkjwir.exe 2,295,297 3baf809034dde51914d252fbc07bdb75

More Details on Windows Power Expansion

The following messages associated with Windows Power Expansion were found:
Suspicious software activity is detected.
Please start system files scanning for details.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.