Windows Servant System

Does "Windows Servant System" sound like an unusual name for a security program? It should – Windows Servant System is a fake security program, created by crooks who have been releasing the same malware under a different, new name literally every day. Needless to say, Windows Servant System is not software that you should trust with your computer's security.

Signs of a Windows Servant System Infection

The signs of trouble will begin with the fake Microsoft Security Essentials Alert Malware that Windows Servant System uses in order to install itself. This fake alert malware is a Trojan, which can be hidden just about anywhere online where you can be tricked into downloading a malicious file without knowing. It is common for the Trojan to be disguised as a video codec, or bundled along with some other file download. Once it has downloaded the fake Microsoft Security Essentials Alert Malware, it will cause alerts to appear from the system tray, and they will look as though they are from Microsoft Security Essentials. At first, the alerts will say that Windows has detected a threat; then, they will claim to identify the threat, and suggest that you download a program to remove it. All you have to do is click "OK", and what you download is not security software – it is Windows Servant System.

The next time you start your computer after the fake alert process, Windows Servant System will be active, and doing its best to scare you into thinking that there are threats on your computer that only a licensed copy of Windows Servant System can remove. Every time Windows starts, you'll see the fake user interface for Windows Servant System, which will use the Windows logo and brand name in order to make itself seem legitimate. The interface exists in order to run bogus scans of your computer, and the Windows Servant System interface will pretend to run a scan every time Windows Servant System pops up. This will happen before Windows even loads the desktop and taskbar, and there is no way to click past it until the fake scan is complete. Windows Servant System will tell you that it has found numerous, serious infections on your PC, and Windows Servant System will prompt you to pay for a licensed copy of its software by going to the Windows Servant System website. You can pay for Windows Servant System on that site, but doing that will not get you anywhere, because Windows Servant System completely lacks the capability to detect threats or to remove them.

Once you reach the desktop, you still aren't free from the interference caused by Windows Servant System. Windows Servant System will cause frequent pop-up alerts to appear, which will always warn you that something has just been found wrong with your PC, and suggest that you purchase the full version of Windows Servant System in order to fix it. Windows Servant System uses the same fake security alerts as all of the malware related to Windows Servant System, and it will show the same alerts over and over. Windows Servant System will also show error messages when you try to run other programs, and Windows Servant System will prevent them from opening. Furthermore, you may find that Windows Servant System redirects your web browser to the Windows Servant System website, or that Windows Servant System prevents you from getting online at all. Please remember that paying for Windows Servant System will not solve these problems, because it will not cause Windows Servant System to deactivate.

The Malware Related to Windows Servant System

Windows Servant System is just another name for a piece of malware that supports a Russian scam, which has been going on for months. Every day, the con-artists behind this scam rename the same old malware and re-release it. Occasionally, they change the color of the interface. Otherwise, Windows Servant System is identical to all of the other fake security programs that this scam already uses, including Windows Error Correction, Windows Debug System, Windows Defence Center, Windows Optimal Settings, and dozens of others.

File System Details

Windows Servant System may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\[RANDOM CHARACTERS].exe
2. %AppData%\[RANDOM CHARACTERS].exe

Registry Details

Windows Servant System may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = "%AppData%\{RANDOM CHARACTERS}.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'


Most Viewed