Windows Ultra-Antivirus

Windows Ultra-Antivirus Description

Type: Adware

ScreenshotWindows Ultra-Antivirus is a rogue security program very similar to malware in the FakeVimes and a component of the WinWeb Security family of malware. This fake security application is created to prey on inexperienced PC users. Windows Ultra-Antivirus will basically trick computer users into purchasing an expensive 'upgrade' for this bogus security program. However, since Windows Ultra-Antivirus has no real way of removing malware from your computer, ESG malware analysts recommend against purchasing or installing this fake security application. Rather, Windows Ultra-Antivirus should be removed with the assistance of a trustworthy anti-malware application.

The characteristic symptom of malware such as Windows Ultra-Antivirus is the appearance of multiple, constant pop-up notifications and alarming error messages on the infected computer. These will try to trick the victim into thinking that the computer is severely infected with malware. Windows Ultra-Antivirus will also generate symptoms which may include the following:

  1. Windows Ultra-Antivirus may cause your computer to become slow and unresponsive.
  2. Windows Ultra-Antivirus may also cause browser redirects and other problems accessing the Internet.
  3. Windows Ultra-Antivirus may block access to certain files and applications, particularly those associated with computer security.

All of these tactics are meant to make the victim believe that their computer is in trouble. This is coupled with a fake system scan that runs at start-up. Windows Ultra-Antivirus, impersonating an actual anti-malware program, will scan the victim's computer and invariably claim to have found numerous Trojans and viruses. However, trying to use Windows Ultra-Antivirus to fix these supposed problems will result in a redirect to Windows Ultra-Antivirus' website, where the victim will be prompted to purchase a 'full version' of Windows Ultra-Antivirus to fix these nonexistent threats.

Do Not Become a Victim of Windows Ultra-Antivirus

Even though Windows Ultra-Antivirus can be removed manually, this requires knowledge of how to make changes to the Windows Registry. However, since Windows Ultra-Antivirus will rarely infect a computer by itself, ESG security analysts suggest using a fully-updated anti-virus program to remove this threat. Windows Ultra-Antivirus will often be associated with a backdoor Trojan and a rootkit infection which may be removed with a specialized anti-rootkit application. To avoid future infections by Windows Ultra-Antivirus and its many clones, it is advised to practice safe online browsing measures and to use a fully-updated anti-malware scanner and firewall.

The many clones of Windows Ultra-Antivirus include System Security, Antivirus Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, Security Shield, MS Removal Tool, Total Security, System Security 2011, Essential Cleaner, Security Shield Pro 2011, Personal Shield Pro, Security Shield 2011, Security Sphere 2012, Advanced PC Shield 2012, Futurro Antivirus.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Windows Ultra-Antivirus Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Ultra-Antivirus creates the following file(s):
# File Name Detection Count
1 %AppData%\NPSWF32.dll N/A
2 %AppData%\[RANDOM].exe N/A
3 %StartMenu%\Programs\Windows Ultra-Antivirus.lnk N/A
4 %Desktop%\Windows Ultra-Antivirus.lnk N/A

Registry Details

Windows Ultra-Antivirus creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\52fb2397ad5bf9eb\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

More Details on Windows Ultra-Antivirus

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • zokaisoft.com/payments/buynow.php?vendorId=1
The following messages associated with Windows Ultra-Antivirus were found:
Security Warning!
Your computer is not checked for viruses! System scan is recommended. Press "scan" to check.
Win32/Exploit.CVE-2010-3333.0
Win32/Exploit.CVE-2010-3333.0 is a malicious Trojan virus created by cyber-criminals to install and initiate other versions of malicious information on the victim?s PC. Win32/Exploit.CVE-2010-3333.0 will be included into a list of programs which will run automatically when Windows operating system starts up. Therefore, it is very difficult to detect manually and remove Win32/Exploit.CVE-2010-3333.0. However, it is strongly recommended to remove Win32/Exploit.CVE-2010-3333.0 immediately because Win32/Exploit.CVE-2010-3333.0is able to cause additional damages to your infected Windows system.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.