Windows Virtual Protector

Windows Virtual Protector Description

ScreenshotWindows Virtual Protector is a rogue anti-virus application that is part of a large family of threats called FakeVimes and used to steal money from inexperienced computer users. Windows Virtual Protector may infect computers with the Windows operating system, including Windows XP, Windows Vista, Windows 7 and Windows 8. Windows Virtual Protector will carry out a scheme that involves impersonating a security program in an effort to persuade inexperienced PC users that they need to pay in order to remove nonexistent threats on their computer. If Windows Virtual Protector is installed on your computer, ignore all of its indications and instructions. Instead, remove Windows Virtual Protector immediately with the help of a real security application.

Windows Virtual Protector – A Virtual Waste of Money

Windows Virtual Protector is used to trick computer users into paying for a fake update for this rogue security program. The following are the steps that Windows Virtual Protector will commonly take to try to steal computer users' money:

  • Windows Virtual Protector usually infiltrates a computer using threat delivery methods such as a Trojan infection, an attack website or social engineering.
  • Once Windows Virtual Protector has been installed, Windows Virtual Protector makes harmful changes to the affected computer's settings. These changes allow Windows Virtual Protector to display bogus threat scans, fake system alerts and error messages.
  • Windows Virtual Protector harasses computer users with constant error messages and notifications claiming that the affected computer was severely infected with Trojans, viruses and worms.
  • If the affected computer user tries to use Windows Virtual Protector to fix these nonexistent problems, Windows Virtual Protector displays additional error messages claiming that it is necessary to pay for a 'full version' of Windows Virtual Protector.

Malware analysts strongly advise computer users to avoid paying for Windows Virtual Protector. Doing this allows criminals to gain access to your credit card information and also represents a complete waste of money due to the fact that Windows Virtual Protector's 'full version' is just as useless as the regular version of this rogue security program

Windows Virtual Protector has numerous clones that include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Technical Information

Screenshots & Other Imagery

Windows Virtual Protector Image 1 Windows Virtual Protector Image 2 Windows Virtual Protector Image 3 Windows Virtual Protector Image 4

Registry Details

Windows Virtual Protector creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-toiy.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-fvtb.exe"

More Details on Windows Virtual Protector

The following messages associated with Windows Virtual Protector were found:
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
Internet Explorer
C:program filesinternet exploreriexplorer.exe

C:program filesinternet exploreriexplorer.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them to a remote server.
Recommended: Please click “Prevent attack” button to prevent all attacks and protect your PC
Warning! Identity theft attempt detected
Hidden connection IP:
Target: Microsoft Corporation keys

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.