Windows Protection Unit
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 3,922 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 9,108 |
| First Seen: | April 16, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Windows Protection Unit Image
The year 2012 marked resurgence in the rogue security application scam. While these kinds of fake security programs were never really gone, security software had become much more effective at detecting and neutralizing these threats. The reason for this is that the largest families of rogue security programs, like the WinWebSec or FakeVimes families, have been active since 2009, thus giving PC security analysts ample time to learn all they need to know in order to remove these threats quickly. However, FakeVimes family is making a comeback. While it seems that the rogue anti-virus programs in themselves are no different from previous versions of this malware family, this recent batch includes a nasty ZeroAccess rootkit infection which makes removal of the rogue anti-virus program much more difficult.
Windows Protection Unit, along with other fake security programs, is one of the many versions of these newer iteration of the FakeVimes family of malware.l Among its many clones are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. If you detect that Windows Protection Unit is installed on your computer system, our team of malware researchers strongly advises using a reliable anti-malware program, or a specialized anti-rootkit tool, to remove Windows Protection Unit and its associated rootkit from your hard drive.
Table of Contents
Windows Protection Unit’s Scam is No Different from Previous Rogue Anti-virus Programs
Even if Windows Protection Unit contains its added rootkit component, the scam Windows Protection Unit carries out is basically unchanged since 2009. Windows Protection Unit attempts to make its victim believe that Windows Protection Unit is a real security program and that the victim's computer has become infected with viruses and Trojans. To do this, Windows Protection Unit can carry out several malicious operations, including making the victim's computer slower, more unstable, block access to the victim's files, and cause browser redirects. However, the main way in which Windows Protection Unit convinces its victims that their computer is under attack is using a large number of fake error messages and alarming security notifications that appear to come from Windows itself.
Once the victim has fallen for the scam, Windows Protection Unit will claim that the problems can only be fixed if the innocent PC user is willing to purchase a "full version" of Windows Protection Unit. Needless to say, since Windows Protection Unit is the one responsible for the problems on the victim's computer, paying for this bogus security program is definitely not a good idea.
Windows Protection Unit Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\NPSWF32.dll | |
| 2. | %AppData%\Protector-[RANDOM CHARACTERS].exe | |
| 3. | %AppData%\result.db | |
| 4. | %Desktop%\Windows Protection Unit.lnk | |
| 5. | %CommonStartMenu%\Programs\Windows Protection Unit.lnk |
Registry Details
URLs
Windows Protection Unit may call the following URLs:
| ourzitemu.com |
Messages
The following messages associated with Windows Protection Unit were found:
|
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. |
|
Error
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection. |
|
Warning
Firewall has blocked a program from accessing the Internet. Windows Media Player Resources C:Windowssystem32dllcachewmploc.dll C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
