Threat Database Rogue Anti-Spyware Program Windows Protection Maintenance

Windows Protection Maintenance

Fake security programs like Windows Protection Maintenance have been active for several years but increased dramatically since early 2012. While these are among the most common kinds of malware attacks, ESG security researchers have observed that newer versions of these kinds of threats will often be associated severe rootkit infection or additional malware on the victim's computer. Windows Protection Maintenance and its many clones carry out an attack that is quite familiar to most anti-malware researchers due to the popularity of this kind of malware infection. If your computer is displaying error messages or pop-up windows supposedly associated with Windows Protection Maintenance, this is a sign that your machine has become infected with malware. Remove Windows Protection Maintenance immediately with the help of a reliable anti-malware program.

Despite the fact that Windows Protection Maintenance looks like a real anti-malware program, Windows Protection Maintenance does not have any way of detecting, removing or fixing malware infections on your computer. Windows Protection Maintenance is designed to display alarming error messages on the victim's computer in order to scare inexperienced computer users into wasting their money on a 'premium' version of Windows Protection Maintenance. Since Windows Protection Maintenance is a kind of malware infection, computer users should use a dependable anti-malware solution to scan your machine and to remove Windows Protection Maintenance and any files associated with this malware threat.

Windows Protection Maintenance will typically be installed by a Trojan infection that enters the victim's computer using a social engineering approach. Once installed, Windows Protection Maintenance alters the Windows Registry and the settings of your system, which allow Windows Protection Maintenance to start up automatically and to display error messages. Windows Protection Maintenance can also block access to your files, interfere with real security software, cause browser redirects and cause your machine to become sluggish and unresponsive. Windows Protection Maintenance will be executed every time you start up Windows and pretend to scan your computer for malware. Windows Protection Maintenance will report a large number of malware problems and pester you constantly with error messages in order to convince you to pay for a useless 'full version' of Windows Protection Maintenance. Computer users should understand the purchase of Windows Protection Maintenance's full version will do nothing to remove this threat from your computer, even if it my stop some of its error messages from appearing.

Windows Protection Maintenance belongs to the FakeVimes family and among its family members are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

File System Details

Windows Protection Maintenance may create the following file(s):
# File Name Detections
1. %AppData%/Protector-[RANDOM CHARACTERS].exe

Registry Details

Windows Protection Maintenance may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe


The following messages associated with Windows Protection Maintenance were found:

Security Warning!
Your computer is not checked for viruses! System scan is recommended. Press "scan" to check.
Win32/Exploit.CVE-2010-3333.0 is a malicious Trojan virus created by cyber-criminals to install and initiate other versions of malicious information on the victim’s PC. Win32/Exploit.CVE-2010-3333.0 will be included into a list of programs which will run automatically when Windows operating system starts up. Therefore, it is very difficult to detect manually and remove Win32/Exploit.CVE-2010-3333.0. However, it is strongly recommended to remove Win32/Exploit.CVE-2010-3333.0 immediately because Win32/Exploit.CVE-2010-3333.0is able to cause additional damages to your infected Windows system.


Most Viewed