Windows Smart Warden

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 6
First Seen: February 20, 2012
OS(es) Affected: Windows

Windows Smart Warden Image

Although Windows Smart Warden pretends to be a legitimate security program, Windows Smart Warden belongs to a large family of fake security applications known as the FakePAV family of malware. Windows Smart Warden is designed to imitate the GUI (Graphic User Interface) of Microsoft Security Essentials. It is essential to understand that the resemblance between Windows Smart Warden and legitimate security programs like Microsoft Security Essentials is merely superficial. Underneath its authentic-looking interface, Windows Smart Warden is little more than a collection of malicious scripts and Trojans that make a coordinated attack on your computer system. The objective of a Windows Smart Warden attack is to convince its victim to purchase fake security programs in order to fix problems that are actually caused by Windows Smart Warden.

ESG security researchers recommend the use of an up-to-date anti-malware application to carry out an automatic removal of this malware threat. Usually, a computer system infected with Windows Smart Warden will have become infected with various other malware threats, including the Trojans used to deliver Windows Smart Warden itself (which will probably have been accompanied with other malware threats). While the FakeVimes family of rogue anti-malware programs can be distributed through any channels that would typically be used to deliver Trojans, these tend to be distributed using fake video codecs or media applications often found on pornographic websites or bundled along with popular movies or TV shows on file sharing websites.

Understanding the Windows Smart Warden Scam

Windows Smart Warden has dozens of clones, all of which use the same scam in order to attempt to steal their victim's money. Some examples of rogue anti-virus programs that are clones of Windows Smart Warden include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst..

All of these fake security programs will take over the victim's computer and make changes to the Windows Registry that enable them to display error messages and pop-up notifications that seem to come from the victim's computer system. Windows Smart Warden will also run a fake scan and deliver a report claiming that the victim's computer is severely infected with malware. Windows Smart Warden will also try to direct its victim to the Windows Smart Warden website constantly in order to attempt to convince the victims to enter their credit card information into its web page in exchange for a useless 'full license' of Windows Smart Warden.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Smart Warden

Windows Smart Warden Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Smart Warden may create the following file(s):
# File Name MD5 Detections
1. Protector-mon.exe ce2012c372eab62fc7167de9d40bd5fe 3
2. Protector-ykm.exe e83facc398f92c8ef4bc71afdf7d41df 1
3. Protector-hch.exe 7de2ee7e3d8e6c1f00d5559333397473 1
4. Protector-vet.exe 441b933e629c20d6b550fa8dafbd6cec 1
5. %AppData%\Inspector-[RANDOM CHARACTERS].exe
6. %AppData%\Protector-oak.exe
7. %AppData%\NPSWF32.dll
8. %CommonPrograms%\Windows Smart Warden.lnk
9. %DesktopDir%\Windows Smart Warden.lnk

Registry Details

Windows Smart Warden may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run!Inspector

Messages

The following messages associated with Windows Smart Warden were found:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Trending

Most Viewed

Loading...