Threat Database Rogue Anti-Spyware Program Windows ProSecure Scanner

Windows ProSecure Scanner

In 2012, PC security analysts have renewed their interest in the FakeVimes family of malware. This family of rogue security programs has been active since 2009, with new versions of its fake anti-spyware programs being released continuously since then. Windows ProSecure Scanner is one of the many fake security applications in the FakeVimes family released in 2012. The main reason for the renewed interest in this family of fake security software is the fact that malware released in this family in 2012 includes a dangerous rootkit component which appears to be a variant of the ZeroAccess rootkit. While most security programs can deal with a FakeVimes fake security program with relative ease, the presence of this rootkit component makes removal much more difficult as it interferes with legitimate security software.

Examples of clones of Windows ProSecure Scanner include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Criminals use misleading software like Windows ProSecure Scanner to carry out a common online scam. Basically, programs like Windows ProSecure Scanner are designed to convince computer users that their computer system is severely infected with malware. To do this, Windows ProSecure Scanner displays a large number of fake security alerts, creates problems on the victim's computer (such as causing browser redirects, blocking access to certain files, and causing frequent system and application crashes), and runs a fake system scan claiming that the victim's computer contains a severe virus and Trojan infection. While Windows ProSecure Scanner's interface is highly convincing, trying to use Windows ProSecure Scanner to solve the supposedly infected hard drive will only result in an error message claiming that a 'full version' of Windows ProSecure Scanner needs to be purchased. Of course, the 'full version' of Windows ProSecure Scanner is not offered for free.

ESG security researchers strongly advise against paying for Windows ProSecure Scanner. This program has absolutely no actual anti-spyware capabilities and, in fact, makes your computer system more vulnerable to malware. You can disable Windows ProSecure Scanner's error messages with the serial code 0W000-000B0-00T00-E0020 that you get when you purchase its fake full version. However, it is important to note that the serial code mentioned above does not remove Windows ProSecure Scanner from your computer system. All it does is disable its error messages and browser redirects. Removal of Windows ProSecure Scanner with a reliable anti-malware program will still be necessary.

File System Details

Windows ProSecure Scanner may create the following file(s):
# File Name Detections
1. %AppData%\Protector-{random 4 characters}.exe
2. %AppData%\Protector-{random 3 characters}.exe
3. %Desktop%\Windows ProSecure Scanner.lnk
4. %AppData%\result.db

Registry Details

Windows ProSecure Scanner may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{random}.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1

Related Posts


Most Viewed