Windows Virtual Angel

By ESGI Advisor in Rogue Anti-Spyware Program

Translate To:

Threat Scorecard

Ranking:	7,705
Threat Level:	20 % (Normal)
Infected Computers:	23,689

First Seen:	July 11, 2012
Last Seen:	September 2, 2023
OS(es) Affected:	Windows

Windows Virtual Angel Image

Windows Virtual Angel will not bless your computer in any way. In fact, you will quickly wish that Windows Virtual Angel had never entered your computer in the first place. Posing as a legitimate security program, Windows Virtual Angel is actually part of a common online scam. Windows Virtual Angel is part of the FakeVimes family of rogue security programs, a very large group of malware that has been continuously active since 2009. If you are receiving notifications from Windows Virtual Angel, ESG malware analysts strongly advise using a strong anti-malware program to scan your computer and remove Windows Virtual Angel and other malware associated with Windows Virtual Angel.

Table of Contents

How a Typical Windows Virtual Angel Infection Works

Windows Virtual Angel will usually be installed on your computer through a social engineering approach that either convinces the victim to install Windows Virtual Angel directly or a downloader Trojan disguised as something else (a misleading email attachment, for example). Once installed, Windows Virtual Angel will change your computer's settings so that Windows Virtual Angel launches automatically whenever Windows starts up. As soon as you log into Windows, Windows Virtual Angel will harass you with a fake malware scan that will invariably indicate that a large number of malware threats are present on your computer. If you try to fix these supposed malware problems with Windows Virtual Angel, all you will get is error messages claiming that you will need to upgrade to an expensive (and useless) 'full version' of Windows Virtual Angel. Due to the fact that Windows Virtual Angel has no real anti-malware capabilities, ESG security researchers strongly advise against purchasing this useless, fake security application.

Problems Associated with Windows Virtual Angel

Windows Virtual Angel will use numerous error messages to convince you that you need to 'upgrade.' It will also cause your computer to become unstable and behave strangely, reinforcing the lie that you need to upgrade Windows Virtual Angel. This fake security program can block your access to your own files and applications, interfere with legitimate anti-virus programs, cause browser redirects, and cause your operating system to run slowly and crash frequently.

Variants from the Sirefef family of rootkits, in particular, are often associated with Windows Virtual Angel and other FakeVimes malware infections released in 2012. Clones of Windows Virtual Angel include such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Microsoft	Adware:Win32/AdRotator
Panda	Generic Malware
Ikarus	Trojan-Dropper.Win32.Dapato
Sophos	Mal/Generic-L
K7AntiVirus	Trojan
McAfee	Generic Dropper!1wj
CAT-QuickHeal	TrojanDropper.Dapato.biww
AVG	Generic5.GDY
AntiVir	Adware/Zwangi.AKH
BitDefender	Gen:Variant.Adware.Ezula.1
Comodo	Heur.Packed.Unknown
Kaspersky	UDS:DangerousObject.Multi.Generic
McAfee	W32/Rimecud!a
AVG	Dropper.Generic6.AAWD
Fortinet	W32/Dapato.BIWW!tr

SpyHunter Detects & Remove Windows Virtual Angel

Windows Virtual Angel Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Virtual Angel may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	nsb.exe	3bfa6d51cad9d20f3b6652267049ae34	125
Name: nsb.exe MD5: 3bfa6d51cad9d20f3b6652267049ae34 Size: 5.29 MB (5296128 bytes) Detections: 125 Type: Executable File Path: %WINDIR%\system32\svdir Group: Malware file Last Updated: March 18, 2015
2.	king.exe	854eb5d1ae012c8d321283e534434e54	34
Name: king.exe MD5: 854eb5d1ae012c8d321283e534434e54 Size: 124.92 KB (124928 bytes) Detections: 34 Type: Executable File Path: %WINDIR%\S-1-5-21-0075150617-0772129065-402540000-4697 Group: Malware file Last Updated: March 31, 2014
3.	wbx.exe	40bae78163393df1b5e2e4f15d02bff7	32
Name: wbx.exe MD5: 40bae78163393df1b5e2e4f15d02bff7 Size: 15.05 MB (15056896 bytes) Detections: 32 Type: Executable File Path: %PROGRAMFILES%\WBX Group: Malware file Last Updated: August 15, 2014
4.	svcnet2.exe	0daf54185b5e34b05114a14736d60958	21
Name: svcnet2.exe MD5: 0daf54185b5e34b05114a14736d60958 Size: 438.78 KB (438784 bytes) Detections: 21 Type: Executable File Path: %WINDIR%\svcnet2 Group: Malware file Last Updated: March 21, 2016
5.	winsvc.exe	b18b6cd053fd490d8e98ba198312e975	9
Name: winsvc.exe MD5: b18b6cd053fd490d8e98ba198312e975 Size: 731.64 KB (731648 bytes) Detections: 9 Type: Executable File Path: %WINDIR%\system32\config Group: Malware file Last Updated: November 16, 2018
6.	8f6d65c8.dll	a7bba136915c6d3b453a8a8a6902de86	8
Name: 8f6d65c8.dll MD5: a7bba136915c6d3b453a8a8a6902de86 Size: 3.24 MB (3240448 bytes) Detections: 8 Type: Dynamic link library Path: C:\Windows\system32\8f6d65c8.dll Group: Malware file Last Updated: July 24, 2021
7.	Alps.exe	e76b6d1d349876630d9afec425c8fbe4	2
Name: Alps.exe MD5: e76b6d1d349876630d9afec425c8fbe4 Size: 73.21 KB (73216 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\Alps Group: Malware file Last Updated: August 6, 2012
8.	msajhywpc.exe	7baeb6702fc9660dce84de246551cc02	2
Name: msajhywpc.exe MD5: 7baeb6702fc9660dce84de246551cc02 Size: 29.18 KB (29184 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: August 6, 2012
9.	f078b911.dll	ff69cebb0bc9f4470a4521848a2b0054	1
Name: f078b911.dll MD5: ff69cebb0bc9f4470a4521848a2b0054 Size: 1.68 MB (1682944 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: August 6, 2012
10.	%AppData%\Protector-[RANDOM CHARACTERS].exe
Name: %AppData%\Protector-[RANDOM CHARACTERS].exe Type: Executable File Group: Malware file
11.	Protector-hayq.exe	0623d69f6be79d3b0233d623466cdb69	0
Name: Protector-hayq.exe MD5: 0623d69f6be79d3b0233d623466cdb69 Size: 1.84 MB (1845760 bytes) Detections: 0 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: July 12, 2012

Registry Details

Windows Virtual Angel may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

URLs

Windows Virtual Angel may call the following URLs:

x1heref1le1x.com

Messages

The following messages associated with Windows Virtual Angel were found:

Error
Attempt to modify registry key entries detected.
Registry entry analysis is recommended.

Error
Potential malware detected
It is recommended to activate the protection and perform a
thorough system scan to remove the malware.

Warning
Firewall has blocked a program from accessing
the Internet
Windows XP USER API Clien: DLL
User32.dll
User32.dll is suspended to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click "Prevent attack" button to prevent all attacks and protect your PC.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows Virtual Angel

Threat Scorecard

EnigmaSoft Threat Scorecard

How a Typical Windows Virtual Angel Infection Works

Problems Associated with Windows Virtual Angel

Aliases

SpyHunter Detects & Remove Windows Virtual Angel

Windows Virtual Angel Video

File System Details

Registry Details

URLs

Messages

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen