Windows Secure Kit 2011

Threat Scorecard

Ranking: 9,805
Threat Level: 20 % (Normal)
Infected Computers: 14,711
First Seen: February 21, 2012
Last Seen: March 19, 2023
OS(es) Affected: Windows

Windows Secure Kit 2011 is a bogus anti-virus application with several clones, such as Apple Web Security and Windows Web Security. This family of fake anti-virus programs, the WinWeb Security family, is a relative newcomer, first emerging in 2011. According to ESG security researchers, Windows Secure Kit 2011 is commonly distributed through corrupted advertisements that take advantage of security vulnerabilities in JavaScript and Flash in order to attempt to inject malware into the victim's computer system. Like most rogue security applications, Windows Secure Kit 2011 has no way of detecting or removing malware from a computer system. Instead, Windows Secure Kit 2011 is a malware infection that, mimicking a real security program, reports constant false positives in an effort to scam its victims into purchasing a useless 'full version' of Windows Secure Kit 2011.

If you find that Windows Secure Kit 2011 is installed on your computer system, you should understand that you are the target of a well-known online scam. Ignore all of Windows Secure Kit 2011's attempts to obtain your credit card information and, instead, remove this fake security application with a legitimate security program. If you have already made the mistake of paying for Windows Secure Kit 2011, call your credit card to dispute the charges.

Clones of Windows Secure Kit 2011 include System Security, Total Security, Antivirus Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, Security Shield, MS Removal Tool, Antivirus Center, Essential Cleaner, Security Shield Pro 2011, Personal Shield Pro, Security Shield 2011, Advanced PC Shield 2012, Security Sphere 2012, System Security 2011.

How Windows Secure Kit 2011 Makes Its Way into Your Computer System

Windows Secure Kit 2011 tends to use browser exploits in order to infect a computer system. As of February of 2012, two common pathways are known through which Windows Secure Kit 2011 attempts to infiltrate a computer system:

  • One of the most common ways in which Windows Secure Kit 2011 infects a computer system is by using a browser hijacker. Basically, several browser hijackers have been known to force their victim's web browsers to display pop-up windows with Windows Secure Kit 2011 advertisements. When clicked, these malicious advertisements attempt to install Windows Secure Kit 2011 onto the victim's computer. If your web browser is creating pop-up windows, a reliable anti-malware tool should be used to scan and disinfect your hard drives. Pop-up windows associated with Windows Secure Kit 2011 have also been known to contain pornographic material.
  • ESG team of PC security analysts has also detected various malicious advertisements promoting Windows Secure Kit 2011. These can be found on websites with no relation to Windows Secure Kit 2011, often because the administrators of these websites do not do a good job monitoring the kinds of advertisements they display or because the opportunity for advertising revenue is too much to pass up. These kinds of malicious advertisements are often found at shady pornographic websites or websites dealing with pirated software. Often, these advertisements offer an attractive prize (for example, an iPod) if the victim clicks on the advertisement.

File System Details

Windows Secure Kit 2011 may create the following file(s):
# File Name Detections
1. C:\Documents and Settings\User Name\Local Settings\Temp\[RANDOM CHARACTERS].exe
2. C:\Documents and Settings\User Name\Local Settings\Temporary Internet Files\Content.IE5\4SOEDFRR\setup.exe
3. %System%\drivers\UAC[RANDOM CHARACTERS].sys
4. C:\WINDOWS\system32\02612.exe or any other random number
5. %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Secure Kit 2011.lnk

Registry Details

Windows Secure Kit 2011 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CustomizeSearch=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[site address]

1 Comment

that my computer is infected and suggested me to download a remedy program. Those were the fake notifications and I got Files Secure on my computer. The removal of this parasite wasn't so easy for me. This nasty parasite comes with trojans and what you need first of all to do is to remove the trojans from your computer and then to remove Files Secure. Because after Files Secure removal the trojans may install this parasite again. I tried several free anti-spyware programs, but they don't helped me to remove the infection. Finally the manual Files Secure removal instructions helped me.


Most Viewed