Windows Remedy

Threat Scorecard

Ranking: 15,772
Threat Level: 100 % (High)
Infected Computers: 9
First Seen: March 15, 2011
Last Seen: May 6, 2024
OS(es) Affected: Windows

Windows Remedy Image

Windows Remedy is not a remedy for anything, and Windows Remedy certainly isn't a Windows product. The fact of the matter is that Windows Remedy is fake anti-virus software, which is just a clone of the same malware that has been released and re-released under different names over the past several months.

One of the distinguishing characteristics of Windows Remedy is the fact that Windows Remedy claims to be a Microsoft product or a Windows component. Nothing could be further from the truth. Windows Remedy is a scam, designed to scare you into thinking that your computer is exposed to multiple threats and that your only hope is to purchase a "license" for Windows Remedy in order to clean up the system. No matter what you do, and no matter how much money you pay, Windows Remedy is incapable of detecting or removing threats.

The Infection Pattern and Symptoms of Windows Remedy

The claims of association with Windows are even a part of the earliest stages of a Windows Remedy Infection. Windows Remedy relies on a Trojan known as the fake Microsoft Security Essentials Alert Malware in order to infiltrate computers unnoticed. Typically, the Trojan will be hidden in a fake online virus scan, or bundled with a download of some other file, such as a program update downloaded from a third-party website. Once the Trojan is on your computer, it begins generating fake alerts that pop-up from the task bar, and these alerts are made to look as though Microsoft Security Essentials is generating them. First the alerts will warn that some kind of Trojan is on your computer and that a scan is recommended; then, once the fake scan is over, you'll see another alert that claims to have identified the specific Trojan that is on your computer. This alert will have a button that you can click, ostensibly in order to download the proper anti-virus software to remove the Trojan. However, if you download the software recommended by the alerts, you are downloading Windows Remedy. Your computer will automatically reboot once the download completes, and Windows Remedy will be active as soon as Windows starts.

Windows Remedy does some things that are very disruptive, and which are meant to scare you. It all starts with the bogus user interface, which Windows Remedy will load before you even get to see the desktop or taskbar. The only way to get past the Windows Remedy interface is to wait for it to finish running Windows Remedy's fake system scan, which it will run every time Windows starts. The scans will always turn up results, and Windows Remedy will tell you that the only way to remove the threats Windows Remedy claims to have found is to go online and purchase a license for the full version of the Windows Remedy software. To that end, there is a website that claims to sell Windows Remedy, which can accept credit card payments – but because the entire thing is a scam, don't expect to get anything in return for your money.

While you try to use your computer, Windows Remedy will show the same handful of alerts over and over. One of the alerts says that Firefox is a virus, while another says that the benign (and crucial) lsass.exe service caused some kind of error in the boot process, and a third says that someone is trying to alter your computer's registry. These alerts are identical to the alerts used by all of the other malware in Window's Remedy's family. Furthermore, Windows Remedy will prevent you from running other programs – claiming that Windows Remedy is doing so to protect your computer's security – and Windows Remedy will redirect your web browser to Windows Remedy's own scam websites. In the worst cases, Windows Remedy can cause infected computers to become unstable and to crash frequently.

Windows Remedy’s History and Related Malware

As previously mentioned, Windows Remedy is not really anything new, because Windows Remedy is (with the exception of Windows Remedy's name) identical to many other rogue anti-virus programs. All of these identical fake anti-virus programs support a single scam, which has been traced back to Russia. Most other members of this malware family have names that include three words, such as Windows Optimal Settings, Windows Troubles Analyzer, and Windows Problems Solution. At present, there are at least forty fake security applications in this family. Windows Remedy appeared in the middle of March, 2011.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Remedy

File System Details

Windows Remedy may create the following file(s):
# File Name MD5 Detections
1. srsrxh.exe 53ccf7cc01eba71c36b58b5c587dc2a4 5

Related Posts


Most Viewed