Threat Database Rogue Anti-Virus Program Windows Virtual Protector

Windows Virtual Protector

Windows Virtual Protector Image

Windows Virtual Protector is a rogue anti-virus application that is part of a large family of threats called FakeVimes and used to steal money from inexperienced computer users. Windows Virtual Protector may infect computers with the Windows operating system, including Windows XP, Windows Vista, Windows 7 and Windows 8. Windows Virtual Protector will carry out a scheme that involves impersonating a security program in an effort to persuade inexperienced PC users that they need to pay in order to remove nonexistent threats on their computer. If Windows Virtual Protector is installed on your computer, ignore all of its indications and instructions. Instead, remove Windows Virtual Protector immediately with the help of a real security application.

Windows Virtual Protector – A Virtual Waste of Money

Windows Virtual Protector is used to trick computer users into paying for a fake update for this rogue security program. The following are the steps that Windows Virtual Protector will commonly take to try to steal computer users' money:

  • Windows Virtual Protector usually infiltrates a computer using threat delivery methods such as a Trojan infection, an attack website or social engineering.
  • Once Windows Virtual Protector has been installed, Windows Virtual Protector makes harmful changes to the affected computer's settings. These changes allow Windows Virtual Protector to display bogus threat scans, fake system alerts and error messages.
  • Windows Virtual Protector harasses computer users with constant error messages and notifications claiming that the affected computer was severely infected with Trojans, viruses and worms.
  • If the affected computer user tries to use Windows Virtual Protector to fix these nonexistent problems, Windows Virtual Protector displays additional error messages claiming that it is necessary to pay for a 'full version' of Windows Virtual Protector.

Malware analysts strongly advise computer users to avoid paying for Windows Virtual Protector. Doing this allows criminals to gain access to your credit card information and also represents a complete waste of money due to the fact that Windows Virtual Protector's 'full version' is just as useless as the regular version of this rogue security program

Windows Virtual Protector has numerous clones that include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.ScreenshotScreenshotScreenshotScreenshot

File System Details

Windows Virtual Protector may create the following file(s):
# File Name Detections
1. %AppData%\guard-fvtb.exe
2. %AppData%\results1.db

Registry Details

Windows Virtual Protector may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-toiy.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-fvtb.exe"


The following messages associated with Windows Virtual Protector were found:

System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
Internet Explorer
C:program filesinternet exploreriexplorer.exe

C:program filesinternet exploreriexplorer.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them to a remote server.
Recommended: Please click “Prevent attack” button to prevent all attacks and protect your PC
Warning! Identity theft attempt detected
Hidden connection IP:
Target: Microsoft Corporation keys


Most Viewed