Windows Protection Suite

By GoldSparrow in Rogue Anti-Spyware Program

Translate To:

Threat Scorecard

Threat Level:	100 % (High)
Infected Computers:	7

First Seen:	August 27, 2009
Last Seen:	January 15, 2020
OS(es) Affected:	Windows

Windows Protection Suite Image

Windows Protection Suite is a rogue anti-spyware application that is part of an enormous family of fraudulent security software, the FakeVimes family. Windows Protection Suite infiltrates a computer without user approval or knowledge. Once active, Windows Protection Suite displays false system scanners and fabricated security alerts, in order to intimidate the user into believing that the computer is heavily infected. The user is then prompted to purchase and download the commercial version of Windows Protection Suite in order to combat these fictitious threats.

There are countless rogue security programs plaguing the Web all around the world. Some of these programs are clones of Windows Protection Suite, except that its designers had made small changes to their names and interface. The clones of Windows Protection Suite include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Panda	Suspicious file
AVG	Downloader.Generic10.AYEU
Ikarus	Trojan-Downloader.SuspectCRC
AhnLab-V3	Adware/Win32.AdMedia
AntiVir	Adware/AdMedia.or.1
DrWeb	Adware.Dodoor.330
Kaspersky	not-a-virus:AdWare.Win32.AdMedia.or
TrendMicro	TROJ_FAKEAV.DID
NOD32	Win32/Adware.VirusAlarmPro
McAfee-GW-Edition	Riskware.Fake.WPS.25
McAfee	Generic Packed.a
K7AntiVirus	Trojan.Win32.Malware.1
Ikarus	Trojan.Win32.FakeVimes
CAT-QuickHeal	Trojan.FraudPack.gen
AVG	Generic4.MBH

SpyHunter Detects & Remove Windows Protection Suite

File System Details

Windows Protection Suite may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Ulisess Seguridad 10.0.4.exe	4558da71cc394fa2e9c9e2bcffead632	4
Name: Ulisess Seguridad 10.0.4.exe MD5: 4558da71cc394fa2e9c9e2bcffead632 Size: 14.91 MB (14919098 bytes) Detections: 4 Type: Executable File Path: %USERPROFILE%\Mis documentos\ Group: Malware file Last Updated: September 29, 2011
2.	%UserProfile%\Recent\energy.dll
Name: %UserProfile%\Recent\energy.dll Type: Dynamic link library Group: Malware file
3.	%UserProfile%\Recent\kernel32.dll
Name: %UserProfile%\Recent\kernel32.dll Type: Dynamic link library Group: Malware file
4.	%UserProfile%\Recent\runddl.dll
Name: %UserProfile%\Recent\runddl.dll Type: Dynamic link library Group: Malware file
5.	%UserProfile%\Recent\std.exe
Name: %UserProfile%\Recent\std.exe Type: Executable File Group: Malware file
6.	%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
Name: %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll Type: Dynamic link library Group: Malware file
7.	%ProgramFiles%\Windows Protection Suite\Windows Protection Suite.dll
Name: %ProgramFiles%\Windows Protection Suite\Windows Protection Suite.dll Type: Dynamic link library Group: Malware file
8.	%UserProfile%\Recent\dudl.sys
Name: %UserProfile%\Recent\dudl.sys Type: System file Group: Malware file
9.	%UserProfile%\Recent\grid.sys
Name: %UserProfile%\Recent\grid.sys Type: System file Group: Malware file
10.	%UserProfile%\Recent\PE.dll
Name: %UserProfile%\Recent\PE.dll Type: Dynamic link library Group: Malware file
11.	%UserProfile%\Recent\snl2w.exe
Name: %UserProfile%\Recent\snl2w.exe Type: Executable File Group: Malware file
12.	%UserProfile%\Desktop\WindowsProtectionSuite.exe
Name: %UserProfile%\Desktop\WindowsProtectionSuite.exe Type: Executable File Group: Malware file
13.	%Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
Name: %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe Type: Executable File Group: Malware file
14.	%UserProfile%\Recent\CLSV.exe
Name: %UserProfile%\Recent\CLSV.exe Type: Executable File Group: Malware file
15.	%UserProfile%\Recent\grid.dll
Name: %UserProfile%\Recent\grid.dll Type: Dynamic link library Group: Malware file
16.	%UserProfile%\Recent\tempdoc.dll
Name: %UserProfile%\Recent\tempdoc.dll Type: Dynamic link library Group: Malware file
17.	%UserProfile%\Recent\SM.dll
Name: %UserProfile%\Recent\SM.dll Type: Dynamic link library Group: Malware file
18.	%Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe
Name: %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.exe Type: Executable File Group: Malware file
19.	%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
Name: %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll Type: Dynamic link library Group: Malware file
20.	%TempDir%\[RANDOM CHARACTERS].dll
Name: %TempDir%\[RANDOM CHARACTERS].dll Type: Dynamic link library Group: Malware file
21.	%UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite
Name: %UserProfile%\Application Data\Windows Protection Suite\cookies.sqlite Group: Malware file
22.	%UserProfile%\Recent\ANTIGEN.drv
Name: %UserProfile%\Recent\ANTIGEN.drv Type: Device Driver Group: Malware file
23.	%Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.url
Name: %Program Files%\WindowsProtectionSuite\WindowsProtectionSuite.url Group: Malware file
24.	%UserProfile%\Start Menu\WindowsProtectionSuite.lnk
Name: %UserProfile%\Start Menu\WindowsProtectionSuite.lnk Type: Shortcut Group: Malware file
25.	%UserProfile%\Start Menu\Windows Protection Suite 2009.lnk
Name: %UserProfile%\Start Menu\Windows Protection Suite 2009.lnk Type: Shortcut Group: Malware file
26.	%UserProfile%\Application Data\Windows Protection Suite 2009\Instructions.ini
Name: %UserProfile%\Application Data\Windows Protection Suite 2009\Instructions.ini Group: Malware file
27.	%Documents and Settings%\All Users\Application Data\345d567
Name: %Documents and Settings%\All Users\Application Data\345d567 Group: Malware file
28.	%Documents and Settings%\All Users\Application Data\345d567\26.mof
Name: %Documents and Settings%\All Users\Application Data\345d567\26.mof Group: Malware file
29.	%Documents and Settings%\All Users\Application Data\345d567\WINSSSys\vd952342.bd
Name: %Documents and Settings%\All Users\Application Data\345d567\WINSSSys\vd952342.bd Group: Malware file
30.	Windows Protection Suite
Name: Windows Protection Suite Group: Malware file
31.	%CommonPrograms%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk
Name: %CommonPrograms%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk Type: Shortcut Group: Malware file
32.	%Desktop%\Windows Protection Suite.lnk
Name: %Desktop%\Windows Protection Suite.lnk Type: Shortcut Group: Malware file
33.	%UserProfile%\Application Data\Windows Protection Suite
Name: %UserProfile%\Application Data\Windows Protection Suite Group: Malware file
34.	%UserProfile%\Desktop\Windows Protection Suite.lnk
Name: %UserProfile%\Desktop\Windows Protection Suite.lnk Type: Shortcut Group: Malware file
35.	%UserProfile%\Recent\PE.tmp
Name: %UserProfile%\Recent\PE.tmp Type: Temporary File Group: Malware file
36.	%UserProfile%\Start Menu\Programs\WindowsProtectionSuite
Name: %UserProfile%\Start Menu\Programs\WindowsProtectionSuite Group: Malware file
37.	%UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite Website.lnk
Name: %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite Website.lnk Type: Shortcut Group: Malware file
38.	%UserProfile%\Application Data\Windows Protection Suite 2009
Name: %UserProfile%\Application Data\Windows Protection Suite 2009 Group: Malware file
39.	%UserProfile%\Desktop\Windows Protection Suite 2009.lnk
Name: %UserProfile%\Desktop\Windows Protection Suite 2009.lnk Type: Shortcut Group: Malware file
40.	%Documents and Settings%\All Users\Application Data\WINSSSys
Name: %Documents and Settings%\All Users\Application Data\WINSSSys Group: Malware file
41.	%Documents and Settings%\All Users\Application Data\345d567\working.log
Name: %Documents and Settings%\All Users\Application Data\345d567\working.log Group: Malware file
42.	%UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk
Name: %UserProfile%\Start Menu\Programs\Windows Protection Suite.lnk Type: Shortcut Group: Malware file
43.	%CommonAppData\56a10a26-dc02-40f3-a4da-8fa92d06b367_.mkv
Name: %CommonAppData\56a10a26-dc02-40f3-a4da-8fa92d06b367_.mkv Group: Malware file
44.	%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
Name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk Type: Shortcut Group: Malware file
45.	%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
Name: %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk Type: Shortcut Group: Malware file
46.	%UserProfile%\Application Data\Windows Protection Suite\Instructions.ini
Name: %UserProfile%\Application Data\Windows Protection Suite\Instructions.ini Group: Malware file
47.	%UserProfile%\Recent\DBOLE.drv
Name: %UserProfile%\Recent\DBOLE.drv Type: Device Driver Group: Malware file
48.	%Program Files%\Mozilla Firefox\searchplugins\search.xml
Name: %Program Files%\Mozilla Firefox\searchplugins\search.xml Group: Malware file
49.	%UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite.lnk
Name: %UserProfile%\Start Menu\Programs\WindowsProtectionSuite\WindowsProtectionSuite.lnk Type: Shortcut Group: Malware file
50.	%UserProfile%\Start Menu\Programs\Windows Protection Suite 2009.lnk
Name: %UserProfile%\Start Menu\Programs\Windows Protection Suite 2009.lnk Type: Shortcut Group: Malware file
51.	%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk
Name: %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite 2009.lnk Type: Shortcut Group: Malware file
52.	%Documents and Settings%\All Users\Application Data\345d567\WINSSSys
Name: %Documents and Settings%\All Users\Application Data\345d567\WINSSSys Group: Malware file
53.	%Documents and Settings%\All Users\Application Data\345d567\WINSS.ico
Name: %Documents and Settings%\All Users\Application Data\345d567\WINSS.ico Group: Malware file
54.	%Documents and Settings%\All Users\Application Data\WINSSSys\winss.cfg
Name: %Documents and Settings%\All Users\Application Data\WINSSSys\winss.cfg Group: Malware file
55.	%ProgramFiles%\Windows Protection Suite
Name: %ProgramFiles%\Windows Protection Suite Group: Malware file
56.	%Programs%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk
Name: %Programs%\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b367_33.lnk Type: Shortcut Group: Malware file
57.	%AppData%\Windows Protection Suite
Name: %AppData%\Windows Protection Suite Group: Malware file
58.	WIfe7a.exe	e74a44e6b33cdcfb6c14e55501764d1d
Name: WIfe7a.exe MD5: e74a44e6b33cdcfb6c14e55501764d1d Size: 2.1 MB (2104832 bytes) Type: Executable File Group: Malware file
59.	WI60ed.exe	4af0d55f23586d1d0adb82fff218958e
Name: WI60ed.exe MD5: 4af0d55f23586d1d0adb82fff218958e Size: 2.18 MB (2187776 bytes) Type: Executable File Group: Malware file
60.	WIc182.exe	9deeecedfd5ac77d5ce83769ac2612f6
Name: WIc182.exe MD5: 9deeecedfd5ac77d5ce83769ac2612f6 Size: 2.34 MB (2341376 bytes) Type: Executable File Group: Malware file
61.	WI2703.exe	f09168f9f1b4a547b567867888acd999	0
Name: WI2703.exe MD5: f09168f9f1b4a547b567867888acd999 Size: 2.26 MB (2264064 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
62.	WI3e45.exe	48b04d0a88974836cb2bb33381d0c83e	0
Name: WI3e45.exe MD5: 48b04d0a88974836cb2bb33381d0c83e Size: 2.34 MB (2342912 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
63.	WIe9e2.exe	0db269fa1ddae6e0fda30d4f424924f8	0
Name: WIe9e2.exe MD5: 0db269fa1ddae6e0fda30d4f424924f8 Size: 2.26 MB (2265088 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
64.	WI2e12.exe	6f1d2d86dc08c2ed7b34aed11de78b47	0
Name: WI2e12.exe MD5: 6f1d2d86dc08c2ed7b34aed11de78b47 Size: 2.1 MB (2105344 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
65.	WI3db3.exe	e30fedc6bf53a805ec586ed1cba517fc	0
Name: WI3db3.exe MD5: e30fedc6bf53a805ec586ed1cba517fc Size: 2.35 MB (2357248 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
66.	WI7a8f.exe	c49fad15feec77235373553d4fef99b3	0
Name: WI7a8f.exe MD5: c49fad15feec77235373553d4fef99b3 Size: 2.36 MB (2360320 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
67.	WI2106.exe	734ba2ce099e740c590507c97c0f623f	0
Name: WI2106.exe MD5: 734ba2ce099e740c590507c97c0f623f Size: 2.4 MB (2400256 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
68.	ReleaseXP[1].exe	4fb10d7bb7169f0a66dbb48f8963e0fb	0
Name: ReleaseXP[1].exe MD5: 4fb10d7bb7169f0a66dbb48f8963e0fb Size: 2.39 MB (2397184 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
69.	ActivatedSetup[1].exe	4661101706083c24676642226051fdbd	0
Name: ActivatedSetup[1].exe MD5: 4661101706083c24676642226051fdbd Size: 210.43 KB (210432 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
70.	WIa744.exe	a574f606b9f985dc88ca61d03d90f863	0
Name: WIa744.exe MD5: a574f606b9f985dc88ca61d03d90f863 Size: 2.2 MB (2207232 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
71.	WIb87c.exe	741376ecccb187f4bffdcec701081daa	0
Name: WIb87c.exe MD5: 741376ecccb187f4bffdcec701081daa Size: 2.2 MB (2202112 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
72.	WI15af.exe	1a6b142bc316034f5a20402665a7ad40	0
Name: WI15af.exe MD5: 1a6b142bc316034f5a20402665a7ad40 Size: 2.17 MB (2174976 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
73.	WI7418.exe	ffcf6eb75fabd8613cb1de4011131229	0
Name: WI7418.exe MD5: ffcf6eb75fabd8613cb1de4011131229 Size: 2.17 MB (2179072 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
74.	WId2ba.exe	1e07f21d12f37814ff85d69a1c23e17a	0
Name: WId2ba.exe MD5: 1e07f21d12f37814ff85d69a1c23e17a Size: 2.19 MB (2193408 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
75.	WI7f24.exe	8713db1bd1a63855e53309fd3c5fde4f	0
Name: WI7f24.exe MD5: 8713db1bd1a63855e53309fd3c5fde4f Size: 2.1 MB (2108928 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
76.	WIac55.exe	93b7a38ff4c3a56077f0c2c8bc67d53c	0
Name: WIac55.exe MD5: 93b7a38ff4c3a56077f0c2c8bc67d53c Size: 2.35 MB (2357760 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
77.	WI81c9.exe	cc351cec273339cf100fafcd1f3bc7eb	0
Name: WI81c9.exe MD5: cc351cec273339cf100fafcd1f3bc7eb Size: 2.23 MB (2234368 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
78.	WI4ae8.exe	8e483d6c01c404506309b04cfa77b0d1	0
Name: WI4ae8.exe MD5: 8e483d6c01c404506309b04cfa77b0d1 Size: 2.1 MB (2109440 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
79.	WI577a.exe	49aa8e92c3eb273fd04c116b48d1b7ad	0
Name: WI577a.exe MD5: 49aa8e92c3eb273fd04c116b48d1b7ad Size: 2.19 MB (2191872 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
80.	WIb33d.exe	57618a38c9a1b53e53a706eda74bdc44	0
Name: WIb33d.exe MD5: 57618a38c9a1b53e53a706eda74bdc44 Size: 2.19 MB (2195456 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
81.	WId747.exe	3b1fd82d731620f60f2e75579037c658	0
Name: WId747.exe MD5: 3b1fd82d731620f60f2e75579037c658 Size: 2.17 MB (2175488 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
82.	WId1c0.exe	003ddeeb380e33646d94ace75ac89b91	0
Name: WId1c0.exe MD5: 003ddeeb380e33646d94ace75ac89b91 Size: 2.34 MB (2340352 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009

Registry Details

Windows Protection Suite may create the following registry entry or registry entries:

File name without path

Windows Protection Suite.lnk

HKEY..\..\..\..{RegistryKeys}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b367}

HKCR\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b367}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WindowsProtectionSuite"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b367_33"

Cookies

The following cookies were found:

windowsprotectionsuite

Messages

The following messages associated with Windows Protection Suite were found:

"System Alert! Malicious applications, which can contain trojans, were found on your PC and need to be immediately removed. Click here to remove these potentially harmful items using Windows Protection Suite".