Windows Ultra-Antivirus

Threat Scorecard

Ranking: 48
Threat Level: 20 % (Normal)
Infected Computers: 276,314
First Seen: July 27, 2012
Last Seen: September 20, 2023
OS(es) Affected: Windows

Windows Ultra-Antivirus Image

Windows Ultra-Antivirus is a rogue security program very similar to malware in the FakeVimes and a component of the WinWeb Security family of malware. This fake security application is created to prey on inexperienced PC users. Windows Ultra-Antivirus will basically trick computer users into purchasing an expensive 'upgrade' for this bogus security program. However, since Windows Ultra-Antivirus has no real way of removing malware from your computer, ESG malware analysts recommend against purchasing or installing this fake security application. Rather, Windows Ultra-Antivirus should be removed with the assistance of a trustworthy anti-malware application.

The characteristic symptom of malware such as Windows Ultra-Antivirus is the appearance of multiple, constant pop-up notifications and alarming error messages on the infected computer. These will try to trick the victim into thinking that the computer is severely infected with malware. Windows Ultra-Antivirus will also generate symptoms which may include the following:

  1. Windows Ultra-Antivirus may cause your computer to become slow and unresponsive.
  2. Windows Ultra-Antivirus may also cause browser redirects and other problems accessing the Internet.
  3. Windows Ultra-Antivirus may block access to certain files and applications, particularly those associated with computer security.

All of these tactics are meant to make the victim believe that their computer is in trouble. This is coupled with a fake system scan that runs at start-up. Windows Ultra-Antivirus, impersonating an actual anti-malware program, will scan the victim's computer and invariably claim to have found numerous Trojans and viruses. However, trying to use Windows Ultra-Antivirus to fix these supposed problems will result in a redirect to Windows Ultra-Antivirus' website, where the victim will be prompted to purchase a 'full version' of Windows Ultra-Antivirus to fix these nonexistent threats.

Do Not Become a Victim of Windows Ultra-Antivirus

Even though Windows Ultra-Antivirus can be removed manually, this requires knowledge of how to make changes to the Windows Registry. However, since Windows Ultra-Antivirus will rarely infect a computer by itself, ESG security analysts suggest using a fully-updated anti-virus program to remove this threat. Windows Ultra-Antivirus will often be associated with a backdoor Trojan and a rootkit infection which may be removed with a specialized anti-rootkit application. To avoid future infections by Windows Ultra-Antivirus and its many clones, it is advised to practice safe online browsing measures and to use a fully-updated anti-malware scanner and firewall.

The many clones of Windows Ultra-Antivirus include System Security, Antivirus Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, Security Shield, MS Removal Tool, Total Security, System Security 2011, Essential Cleaner, Security Shield Pro 2011, Personal Shield Pro, Security Shield 2011, Security Sphere 2012, Advanced PC Shield 2012, Futurro Antivirus.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Windows Ultra-Antivirus Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Ultra-Antivirus may create the following file(s):
# File Name Detections
1. %AppData%\NPSWF32.dll
2. %AppData%\[RANDOM].exe
3. %StartMenu%\Programs\Windows Ultra-Antivirus.lnk
4. %Desktop%\Windows Ultra-Antivirus.lnk

Registry Details

Windows Ultra-Antivirus may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0


Windows Ultra-Antivirus may call the following URLs:


The following messages associated with Windows Ultra-Antivirus were found:

Security Warning!
Your computer is not checked for viruses! System scan is recommended. Press "scan" to check.
Win32/Exploit.CVE-2010-3333.0 is a malicious Trojan virus created by cyber-criminals to install and initiate other versions of malicious information on the victim?s PC. Win32/Exploit.CVE-2010-3333.0 will be included into a list of programs which will run automatically when Windows operating system starts up. Therefore, it is very difficult to detect manually and remove Win32/Exploit.CVE-2010-3333.0. However, it is strongly recommended to remove Win32/Exploit.CVE-2010-3333.0 immediately because Win32/Exploit.CVE-2010-3333.0is able to cause additional damages to your infected Windows system.


Most Viewed