Windows Privacy Extension

Windows Privacy Extension Description

Type: Rogue AntiSpyware Programs

ScreenshotWindows Privacy Extension is one of the many rogue anti-malware programs that are part of the FakeVimes family of malware. This family of malware has been responsible for a rise in rogue security software scams in 2012 due to the fact that criminals have started to bundle these fake security programs with rootkits in the ZeroAccess family of rootkits. If Windows Privacy Extension is installed on your machine, ESG security researchers strongly advise to disregard all of Windows Privacy Extension's messages and alerts and to delete this fake security program with the help of an established, strong anti-malware utility containing anti-rootkit capabilities.

The Modus Operandi of FakeVimes and Windows Privacy Extension

Although the FakeVimes family of malware has been active since 2009, it is only in 2012 that malware in this family has started to pose a serious threat. This is because bundling these fake security programs with a rootkit component makes them considerably more difficult to remove than standalone FakeVimes infections. Most variants in the FakeVimes family will have been bundled with this rootkit component, including Windows Privacy Extension itself. Examples of other fake security programs in the FakeVimes family that were also released in 2012 include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. All of Windows Privacy Extension's clones will carry out the same trick: attempting to persuade you that your machine is infected with malware so that you will buy a fake 'upgrade' for these fake anti-malware programs.

Keeping Your Computer Safe from a Windows Privacy Extension Attack

In most cases, Windows Privacy Extension will enter a computer system through an initial social engineering scam. This will usually take the form of a malicious advertisement or pop-up message trying to make you believe that your machine is infected with malware and offering a free anti-malware scanner in order to solve this supposed problem. However, agreeing to this or even clicking on these kinds of advertisements may install Windows Privacy Extension on your computer system. Since Windows Privacy Extension is a kind of malware infection itself, Windows Privacy Extension has no way of helping remove malware from your computer system and will instead try to fool you into registering for an expensive and useless 'upgrade.' You can register Windows Privacy Extension with the code 0W000-000B0-00T00-E0020 in order to stop Windows Privacy Extension from pestering you with error messages, but you will still need to remove Windows Privacy Extension with a reliable anti-malware tool.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Privacy Extension

Windows Privacy Extension Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Privacy Extension creates the following file(s):
# File Name MD5 Detection Count
1 Protector-yagp.exe 6c3b6c1bd9b6472f162fd567e9942af2 1
2 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Privacy Extension creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • kauppa:

    My brother suggested I might like this website. He was totally right.
    This post actually made my day. You can't imagine just how much time I had spent for this information! Thanks!