Windows Protection Suite Description
Type: Rogue Anti-Virus Program
Windows Protection Suite is a rogue anti-spyware application that is part of an enormous family of fraudulent security software, the FakeVimes family. Windows Protection Suite infiltrates a computer without user approval or knowledge. Once active, Windows Protection Suite displays false system scanners and fabricated security alerts, in order to intimidate the user into believing that the computer is heavily infected. The user is then prompted to purchase and download the commercial version of Windows Protection Suite in order to combat these fictitious threats.
There are countless rogue security programs plaguing the Web all around the world. Some of these programs are clones of Windows Protection Suite, except that its designers had made small changes to their names and interface. The clones of Windows Protection Suite include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst. 
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software
Detection
Panda
Suspicious file
AVG
Downloader.Generic10.AYEU
Ikarus
Trojan-Downloader.SuspectCRC
AhnLab-V3
Adware/Win32.AdMedia
AntiVir
Adware/AdMedia.or.1
DrWeb
Adware.Dodoor.330
Kaspersky
not-a-virus:AdWare.Win32.AdMedia.or
TrendMicro
TROJ_FAKEAV.DID
NOD32
Win32/Adware.VirusAlarmPro
McAfee-GW-Edition
Riskware.Fake.WPS.25
McAfee
Generic Packed.a
K7AntiVirus
Trojan.Win32.Malware.1
Ikarus
Trojan.Win32.FakeVimes
CAT-QuickHeal
Trojan.FraudPack.gen
AVG
Generic4.MBH
Technical Information
File System Details
Windows Protection Suite creates the following file(s):
| # | File Name | MD5 | Detection Count |
|---|---|---|---|
| 1 | Ulisess Seguridad 10.0.4.exe | 4558da71cc394fa2e9c9e2bcffead632 | 4 + |
| 2 | %UserProfile%\Recent\energy.dll | N/A + | |
| 3 | %UserProfile%\Recent\kernel32.dll | N/A + | |
| 4 | %UserProfile%\Recent\runddl.dll | N/A + | |
| 5 | %UserProfile%\Recent\std.exe | N/A + | |
| 6 | %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll | N/A + | |
| 7 | %ProgramFiles%\Windows Protection Suite\Windows Protection Suite.dll | N/A + | |
| 8 | %UserProfile%\Recent\dudl.sys | N/A + | |
| 9 | %UserProfile%\Recent\grid.sys | N/A + | |
| 10 | %UserProfile%\Recent\PE.dll | N/A + | |
| 11 | %UserProfile%\Recent\snl2w.exe | N/A + | |
| 12 | %UserProfile%\Desktop\WindowsProtectionSuite.exe | N/A + | |
| 13 | %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe | N/A + | |
| 14 | %UserProfile%\Recent\CLSV.exe | N/A + | |
| 15 | %UserProfile%\Recent\grid.dll | N/A + | |
| 16 | %UserProfile%\Recent\tempdoc.dll | N/A + | |
| 17 | %UserProfile%\Recent\SM.dll | N/A + | |
| 18 | %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe | N/A + | |
| 19 | %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll | N/A + | |
| 20 | %TempDir%\[RANDOM CHARACTERS].dll | N/A + | |
| 21 | %UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite | N/A + | |
| 22 | %UserProfile%\Recent\ANTIGEN.drv | N/A + | |
| 23 | %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.url | N/A + | |
| 24 | %UserProfile%\Start Menu\WindowsProtectionSuite.lnk | N/A + | |
| 25 | %UserProfile%\Start Menu\Windows Protection Suite 2009.lnk | N/A + | |
| 26 | %UserProfile%\Application Data\Windows Protection Suite 2009\Instructions.ini | N/A + | |
| 27 | %Documents and Settings%\All Users\Application Data\345d567 | N/A + | |
| 28 | %Documents and Settings%\All Users\Application Data\345d567\26.mof | N/A + | |
| 29 | %Documents and Settings%\All Users\Application Data\345d567\WINSSSys\vd952342.bd | N/A + | |
| 30 | Windows Protection Suite | N/A + | |
| 31 | %CommonPrograms%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk | N/A + | |
| 32 | %Desktop%\Windows Protection Suite.lnk | N/A + | |
| 33 | %UserProfile%\Application Data\Windows Protection Suite | N/A + | |
| 34 | %UserProfile%\Desktop\Windows Protection Suite.lnk | N/A + | |
| 35 | %UserProfile%\Recent\PE.tmp | N/A + | |
| 36 | %UserProfile%\Start Menu\Programs\WindowsProtectionSuite | N/A + | |
| 37 | %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite Website.lnk | N/A + | |
| 38 | %UserProfile%\Application Data\Windows Protection Suite 2009 | N/A + | |
| 39 | %UserProfile%\Desktop\Windows Protection Suite 2009.lnk | N/A + | |
| 40 | %Documents and Settings%\All Users\Application Data\WINSSSys | N/A + | |
| 41 | %Documents and Settings%\All Users\Application Data\345d567\working.log | N/A + | |
| 42 | %UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk | N/A + | |
| 43 | %CommonAppData\56a10a26-dc02-40f3-a4da-8fa92d06b367_.mkv | N/A + | |
| 44 | %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk | N/A + | |
| 45 | %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk | N/A + | |
| 46 | %UserProfile%\Application Data\Windows Protection Suite\Instructions.ini | N/A + | |
| 47 | %UserProfile%\Recent\DBOLE.drv | N/A + | |
| 48 | %Program Files%\Mozilla Firefox\searchplugins\search.xml | N/A + | |
| 49 | %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite.lnk | N/A + | |
| 50 | %UserProfile%\Start Menu\Programs\Windows Protection Suite 2009.lnk | N/A + | |
| 51 | %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk | N/A + | |
| 52 | %Documents and Settings%\All Users\Application Data\345d567\WINSSSys | N/A + | |
| 53 | %Documents and Settings%\All Users\Application Data\345d567\WINSS.ico | N/A + | |
| 54 | %Documents and Settings%\All Users\Application Data\WINSSSys\winss.cfg | N/A + | |
| 55 | %ProgramFiles%\Windows Protection Suite | N/A + | |
| 56 | %Programs%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk | N/A + | |
| 57 | %AppData%\Windows Protection Suite | N/A + | |
| 58 | WIfe7a.exe | e74a44e6b33cdcfb6c14e55501764d1d | N/A + |
| 59 | WI60ed.exe | 4af0d55f23586d1d0adb82fff218958e | N/A + |
| 60 | WIc182.exe | 9deeecedfd5ac77d5ce83769ac2612f6 | N/A + |
| 61 | WI2703.exe | f09168f9f1b4a547b567867888acd999 | 0 + |
| 62 | WI3e45.exe | 48b04d0a88974836cb2bb33381d0c83e | 0 + |
| 63 | WIe9e2.exe | 0db269fa1ddae6e0fda30d4f424924f8 | 0 + |
| 64 | WI2e12.exe | 6f1d2d86dc08c2ed7b34aed11de78b47 | 0 + |
| 65 | WI3db3.exe | e30fedc6bf53a805ec586ed1cba517fc | 0 + |
| 66 | WI7a8f.exe | c49fad15feec77235373553d4fef99b3 | 0 + |
| 67 | WI2106.exe | 734ba2ce099e740c590507c97c0f623f | 0 + |
| 68 | ReleaseXP[1].exe | 4fb10d7bb7169f0a66dbb48f8963e0fb | 0 + |
| 69 | ActivatedSetup[1].exe | 4661101706083c24676642226051fdbd | 0 + |
| 70 | WIa744.exe | a574f606b9f985dc88ca61d03d90f863 | 0 + |
| 71 | WIb87c.exe | 741376ecccb187f4bffdcec701081daa | 0 + |
| 72 | WI15af.exe | 1a6b142bc316034f5a20402665a7ad40 | 0 + |
| 73 | WI7418.exe | ffcf6eb75fabd8613cb1de4011131229 | 0 + |
| 74 | WId2ba.exe | 1e07f21d12f37814ff85d69a1c23e17a | 0 + |
| 75 | WI7f24.exe | 8713db1bd1a63855e53309fd3c5fde4f | 0 + |
| 76 | WIac55.exe | 93b7a38ff4c3a56077f0c2c8bc67d53c | 0 + |
| 77 | WI81c9.exe | cc351cec273339cf100fafcd1f3bc7eb | 0 + |
| 78 | WI4ae8.exe | 8e483d6c01c404506309b04cfa77b0d1 | 0 + |
| 79 | WI577a.exe | 49aa8e92c3eb273fd04c116b48d1b7ad | 0 + |
| 80 | WIb33d.exe | 57618a38c9a1b53e53a706eda74bdc44 | 0 + |
| 81 | WId747.exe | 3b1fd82d731620f60f2e75579037c658 | 0 + |
| 82 | WId1c0.exe | 003ddeeb380e33646d94ace75ac89b91 | 0 + |
Registry Details
Windows Protection Suite creates the following registry entry or registry entries:
File name without path
Windows Protection Suite.lnk
RegistryKey
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b367}
HKCR\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b367}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WindowsProtectionSuite"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"
More Details on Windows Protection Suite
The following cookies were found:
- windowsprotectionsuite
The following messages associated with Windows Protection Suite were found:
| "System Alert! Malicious applications, which can contain trojans, were found on your PC and need to be immediately removed. Click here to remove these potentially harmful items using Windows Protection Suite". |
Site Disclaimer
Enigmasoftware.com is not associated, affiliated, sponsored or owned
by the malware creators or distributors mentioned on this article. This article should NOT be
mistaken or confused in being associated in any way with the promotion or endorsement of malware.
Our intent is to provide information that will educate computer users on how to detect, and ultimately
remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on
this article.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.