Threat Database Rogue Anti-Spyware Program Windows Secure Workstation

Windows Secure Workstation

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: August 13, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Secure Workstation Image

Despite the fact that Windows Secure Workstation resembles a real security application, ESG malware researchers consider that Windows Secure Workstation is part of a well-known malware threat. Criminals use fake security programs like Windows Secure Workstation to convince computer users to purchase expensive, useless bogus security upgrades. Windows Secure Workstation is part of a very well known family of malware known as FakeVimes. Windows Secure Workstation poses a threat to your computer and should be deleted with the help of a strong, full-updated anti-malware utility.

The Windows Secure Workstation Attack and the FakeVimes Family of Malware

Continuously, since 2009, criminals have added new fake security programs to the FakeVimes family. Due to the fact that this family of malware has been around so long, most security programs usually have no problems removing these bogus security programs. However, starting in 2012 criminals started to bundle versions of the ZeroAccess rootkit with malware belonging to the FakeVimes family of malware. The rootkit component makes Windows Secure Workstation and other recent clones of this fake security program more difficult to detect or remove than ever before. Examples of clones of Windows Secure Workstation include programs with names such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Because of the rootkit component mentioned above, an anti-rootkit tool may be needed to remove Windows Secure Workstation and its clones.

Taking a Look at the Windows Secure Workstation Scam

Criminals profit from the Windows Secure Workstation scam by convincing the victim that they need to upgrade this fake security program to an expensive 'full version.' To do this, Windows Secure Workstation is designed to cause numerous problems on the victim's computer, including poor system performance, browser redirects and problems accessing files. Windows Secure Workstation is also designed to harass victims with numerous fake error messages, including fake system alerts and bogus notifications from the Task Bar. Despite the fact that Windows Secure Workstation claims that the victim's computer is severely infected with numerous viruses or Trojans, ESG malware analysts recommend avoiding Windows Secure Workstation's supposed 'upgrade'. Since Windows Secure Workstation's 'full version' doesn't have any way of detecting or removing malware, purchasing this malicious, bogus security application is definitely not a good idea.

The registration code 0W000-000B0-00T00-E0020 has been effective in the treatment of other FakeVimes-related infections. However, 'registering' this fake security program will not remove Windows Secure Workstation from your computer. To do that, it will still be necessary to use a reliable anti-malware tool.

SpyHunter Detects & Remove Windows Secure Workstation

Windows Secure Workstation Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Secure Workstation may create the following file(s):
# File Name MD5 Detections
1. Protector-ytky.exe 89d2b47749a39d5f29d96f38138e2f20 1
2. %AppData%\Protector-[RANDOM CHARACTERS].exe

Registry Details

Windows Secure Workstation may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeDebugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe


Most Viewed