Windows Power Expansion


Windows Power Expansion Image

The cybercrooks behind the malware that gets renamed and re-released every day must have decided that they needed to come up with some more macho, powerful-sounding names. Windows Power Expansion is nothing more than the same old fake security program they've been scamming people with for months. Windows Power Expansion doesn't do anything to improve the way that Windows runs, and it isn't anything special compared to the various other names that this fake security program has taken.

Windows Power Expansion will try to fool you into thinking that Windows Power Expansion is legitimate software by constantly making claims to be a Microsoft product, or a pre-installed Windows program. Even the Trojan that supports Windows Power Expansion and allows Windows Power Expansion to infect computers will try to make itself look as if Windows Power Expansion is something coming from Windows itself. In particular, the Trojan generates alerts that look just like the alerts that come from Microsoft Security Essentials, so it is commonly referred to as the Fake Microsoft Security Essentials Malware. This Trojan is frequently hidden in fake video codecs and program updates, especially on pages that come from spam or suspicious, shortened links on social networking sites. You download the Trojan without knowing it, and then Windows Power Expansion goes into action. Windows Power Expansion always follows the same pattern, so what you'll see will go like this:

  1. Alerts appear and warn you that Windows has found an UnknownWin32/Trojan on the computer. The alerts will claim that Windows is about to run a scan, as a result.
  2. Alerts appear and claim that the "threat" has been identified as Trojan.Horse.Win32.PAV.64.a.
  3. Pop-ups will offer a download of software that supposedly has been identified as capable of removing Trojan.Horse.Win32.PAV.64.a. If you click "OK," this software is downloaded, but what you're actually getting in this case is Windows Power Expansion.

When Windows Power Expansion is downloaded, it will configure itself to start when Windows boots and Windows Power Expansion will cause your computer to reboot. After the reboot, Windows Power Expansion will swing into action, and you will see the following set of symptoms:

A fake scanner interface appears before the desktop loads. Windows Power Expansion uses the Windows name and logo and rates your computer's security as very poor. This interface plays a scan progress animation and tells you that Windows Power Expansion has found numerous threats, which Windows Power Expansion can only remove if you pay for the "licensed" version of Windows Power Expansion's software. This scanner interface cannot be exited until the fake scan has completed.

Windows Power Expansion will display warning messages and security alerts pop-up, and they will say the same things over and over. They'll tell you that Firefox, lsass.exe, and your registry keys are the source of some serious security problems, and they will recommend that you "activate" Windows Power Expansion or purchase a license.

Windows Power Expansion prevents all programs except web browsers from opening, under the pretense that they are all security risks. This disables Task Manager and RegEdit.

When you try to use your web browser, you are redirected to a page that claims to sell licenses for Windows Power Expansion, or you see a fake security redirection window that ultimately links to the same purchasing site.

It is extremely important to remember that you should not pay for Windows Power Expansion, because Windows Power Expansion is completely incapable of finding or removing threats. Furthermore, if you use your credit card to purchase a phony license, you are also giving your credit card number to con-artists. Paying for a license will not cause Windows Power Expansion to deactivate and release your computer; however, on the bright side, Windows Power Expansion can be safely removed using proper anti-virus software.

Remember, Windows Power Expansion is just the same malware as countless other fake security programs, because the crooks behind this scam are just renaming it and re-releasing it to create "new" rogue anti-virus applications. So Windows Power Expansion is identical to Windows Lowlevel Solution, Windows Background Protector, Windows Simple Protector, and several dozen other fake Windows programs. Regardless of what it is called, this malware is part of a scam that is operated out of Russia, and which has been ongoing for all of 2011.

Here's a list of rogue security programs associated with Windows Power Expansion: Windows System Suite, Windows Threats Removing, Windows Troublemakers Agent, Windows Troubles Remover, Windows Universal Tool, Windows User Satellite, WindowsSystemOptimizator, Windows Troubles Analyzer, Windows Security Center, WindowsPrivacy Agent, Windows Problems Solution, Windows Processes Organizer, Windows Error Correction, Windows Background Protector, Windows Care Tool, Windows Debug System, and Windows Utility Tool.

You can help to keep your PC secure by watching out for any program that claims to offer security or anti-virus functions and which has a name that follows the pattern used by the rogue security programs in this particular scam. The names always start with "Windows," and then there are one or two other generic computing terms. (Incidentally, although you can get plenty of semi-realistic sounding security-related names, you can also get names like "Windows Privacy Remover" and "Windows Safety Eliminator!") If you come across something with a name that can be generated using similar terms of previously mentioned rogue programs, treat with extreme caution!

Twitter Trend on Windows Power Expansion

Snapshot of Search Volume for Windows Power Expansion

windows power extension search volumeScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Power Expansion

File System Details

Windows Power Expansion may create the following file(s):
# File Name MD5 Detections
1. dkjwir.exe 3baf809034dde51914d252fbc07bdb75 0

Messages

The following messages associated with Windows Power Expansion were found:

Attention
Suspicious software activity is detected.
Please start system files scanning for details.

1 Comment

This is a test comment.

Trending

Most Viewed

Loading...