Windows Virtual Security

Windows Virtual Security Description

Type: Rogue AntiSpyware Programs

ScreenshotWindows Virtual Security is a rogue anti-spyware program which pretends to be able to remove imaginary malware infections and computer problems from your PC. When Windows Virtual Security installs itself on your PC, it states that your computer has been corrupted by an unidentified Trojan, and then urges you to execute a quick system scan. Following everything Windows Virtual Security says, you will download and install this rogueware onto your machine. Then, Windows Virtual Security will initiate fictitious system scans and report numerous nonexistent malware threats. Windows Virtual Security will also show a lot of fake security alerts claiming that your PC's security is in danger, and there are many malware threats detected on your computer system, which does not enable your computer to operate properly. Windows Virtual Security will surely slow down your PC's performance, making it seem as if this is happening because of the alleged infections which you should remove at once using Windows Virtual Security. Windows Virtual Security only aims at stealing your money. Affected users are strongly advised by ESG's malware analysts to uninstall Windows Virtual Security from your PC system as soon as possible by using a reputable malware removal tool.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Virtual Security

Windows Virtual Security Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Virtual Security creates the following file(s):
# File Name MD5 Detection Count
1 Protector-exsh.exe cf08b9819944034d24297131dce44d07 1
2 %AppData% Protector-[rnd].exe N/A

Registry Details

Windows Virtual Security creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeDebugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

More Details on Windows Virtual Security

The following messages associated with Windows Virtual Security were found:
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash"
"Trojan-PSW.Win32.launch Hack Tool:Win32/Welevate.A Adware.Win32.Fraud"
"Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites"
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:WindowsSystem32dllcachewmploc.dll"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.