Windows Privacy Extension

Windows Privacy Extension Description

ScreenshotWindows Privacy Extension is one of the many rogue anti-malware programs that are part of the FakeVimes family of malware. This family of malware has been responsible for a rise in rogue security software scams in 2012 due to the fact that criminals have started to bundle these fake security programs with rootkits in the ZeroAccess family of rootkits. If Windows Privacy Extension is installed on your machine, ESG security researchers strongly advise to disregard all of Windows Privacy Extension's messages and alerts and to delete this fake security program with the help of an established, strong anti-malware utility containing anti-rootkit capabilities.

The Modus Operandi of FakeVimes and Windows Privacy Extension

Although the FakeVimes family of malware has been active since 2009, it is only in 2012 that malware in this family has started to pose a serious threat. This is because bundling these fake security programs with a rootkit component makes them considerably more difficult to remove than standalone FakeVimes infections. Most variants in the FakeVimes family will have been bundled with this rootkit component, including Windows Privacy Extension itself. Examples of other fake security programs in the FakeVimes family that were also released in 2012 include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst. All of Windows Privacy Extension's clones will carry out the same trick: attempting to persuade you that your machine is infected with malware so that you will buy a fake 'upgrade' for these fake anti-malware programs.

Keeping Your Computer Safe from a Windows Privacy Extension Attack

In most cases, Windows Privacy Extension will enter a computer system through an initial social engineering scam. This will usually take the form of a malicious advertisement or pop-up message trying to make you believe that your machine is infected with malware and offering a free anti-malware scanner in order to solve this supposed problem. However, agreeing to this or even clicking on these kinds of advertisements may install Windows Privacy Extension on your computer system. Since Windows Privacy Extension is a kind of malware infection itself, Windows Privacy Extension has no way of helping remove malware from your computer system and will instead try to fool you into registering for an expensive and useless 'upgrade.' You can register Windows Privacy Extension with the code 0W000-000B0-00T00-E0020 in order to stop Windows Privacy Extension from pestering you with error messages, but you will still need to remove Windows Privacy Extension with a reliable anti-malware tool.

Do You Suspect Your Computer May Be Infected with Windows Privacy Extension & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Windows Privacy Extension as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Privacy Extension infects a computer.

How to Detect and Remove Windows Privacy Extension safely

File System Details

Windows Privacy Extension creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%Protector-yagp.exe 2,233,856 6c3b6c1bd9b6472f162fd567e9942af2 1
2 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Privacy Extension creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • kauppa:

    My brother suggested I might like this website. He was totally right.
    This post actually made my day. You can't imagine just how much time I had spent for this information! Thanks!

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.