Windows Expert Series

By | July 6, 2012 | 0 Comment

Windows Expert Series is a misleading security program. It will project a number of fake virus detection on your computer in order to make you believe that it is at risks. Then, it advises instant removal using the paid version of Windows Expert Series, which you can have by buying through their own web site. However, once it is obtained, computer will remain at risk. Because in reality, the endorse program is not qualified to remove viruses neither protect the computer against it.

To remove fake software such as Windows Expert Series, all you need is a genuine anti-malware program. It doesn’t have to be expensive. In fact, other company offers their free scanner and removal for public use. However, free version may not protect the PC; it may still be useful in removing Windows Expert Series.

To uninstall the fake software, start the process by reading the guide on this page. It only requires you to download a couple of malware remover. Also included is a tutorial in making you Internet browser as the first defense against malware attack. This tutorial is applicable to popular browsers like Internet Explorer, Mozilla Firefox, and Google Chrome.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Expert Series Infection?

When Windows Expert Series is present on the computer, you will notice excessive pop-up alert messages. Moreover, it will initiate a virus scan each time you run Windows. See the screenshot image of the fake scanner below.

Windows Expert Series Fake Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mjsyqtgfbct”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\njcgdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Expert Series.lnk
%Desktop%\Windows Expert Series.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *