Threat Database Rogue Anti-Spyware Program Windows Profound Security

Windows Profound Security

By Domesticus in Rogue Anti-Spyware Program

Windows Profound Security Image

Windows Profound Security is a rogue antispyware program that pretends to be a legitimate and trustworthy security program. Windows Profound Security is distributed via bogus online antimalware scanners and unsafe downloads from malicious sources. Windows Profound Security infiltrates into a targeted computer via Trojans, which exploit security holes in web browsers. Once installed on the affected PC, Windows Profound Security starts a fictitious system scan and generates numerous malware threats to intimidate victims into thinking their computers are infected. Windows Profound Security will also display fake security notifications that state your PC is compromised and in danger; however, all scan results and warning messages created by Windows Profound Security are false and inaccurate. As a solution for getting rid of the imaginary computer infections, Windows Profound Security will offer you to buy its full version to allegedly detect and eliminate malware threats. Do not believe or purchase Windows Profound Security. ESG's malware analysts highly recommend you to uninstall Windows Profound Security by using a reputable anti-malware tool.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Windows Profound Security Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Profound Security may create the following file(s):
# File Name Detections
1. %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
2. %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
3. %AppData%\NPSWF32.dll
4. %AppData%\1st$0l3th1s.cnf
5. %AppData%\result.db

Registry Details

Windows Profound Security may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "qvnpoksgjc"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-9_7"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe

Messages

The following messages associated with Windows Profound Security were found:

Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.
Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Trending

Most Viewed

Loading...